GDPR Compliance

1. Introduction

At FastingTimer, we are committed to protecting the privacy and rights of our users. This GDPR Compliance statement explains how we comply with the General Data Protection Regulation (GDPR), which is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area.

2. Data Controller

FastingTimer acts as a data controller for the personal data we collect and process. As a data controller, we determine the purposes and means of processing personal data.

Our contact details are:

FastingTimer
123 Fasting Street
Health City, HC 12345
Email: privacy@fastingtimer.com

3. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this GDPR compliance statement. If you have any questions about this statement, including any requests to exercise your legal rights, please contact the DPO using the details set out below:

Data Protection Officer
Email: dpo@fastingtimer.com
Address: 123 Fasting Street, Health City, HC 12345

4. Your Rights Under GDPR

Under the GDPR, you have the following rights:

• Right to be informed: You have the right to be informed about the collection and use of your personal data.
• Right of access: You have the right to request copies of your personal data.
• Right to rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• Right to erasure: You have the right to request that we erase your personal data, under certain conditions.
• Right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• Right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
• Right to object: You have the right to object to our processing of your personal data, under certain conditions.
• Rights related to automated decision making and profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

5. How to Exercise Your Rights

You can exercise your rights by contacting our Data Protection Officer using the contact details provided above. We will respond to your request within one month. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.

If we decide not to take action on your request, we will inform you of the reasons for not taking action and of your right to lodge a complaint with a supervisory authority and to seek a judicial remedy.

6. Data Protection Principles

We adhere to the principles set out in the GDPR, which require that personal data be:

• Processed lawfully, fairly, and in a transparent manner
• Collected for specified, explicit, and legitimate purposes
• Adequate, relevant, and limited to what is necessary
• Accurate and, where necessary, kept up to date
• Kept in a form which permits identification of data subjects for no longer than is necessary
• Processed in a manner that ensures appropriate security of the personal data

7. Lawful Basis for Processing

We process personal data on the following lawful bases:

• Consent: We process some personal data based on the consent you provide when you sign up for our service or agree to our terms.
• Contract: We process personal data to fulfill our contractual obligations to you as a user of our service.
• Legitimate Interests: We process personal data for our legitimate interests, such as to improve our service, prevent fraud, and for direct marketing purposes.
• Legal Obligation: We process personal data to comply with legal obligations, such as tax laws.

8. International Transfers

We may transfer your personal data to countries outside the European Economic Area (EEA). Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
• Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
• Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.

9. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

10. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

11. Changes to This GDPR Compliance Statement

We may update our GDPR Compliance Statement from time to time. We will notify you of any changes by posting the new statement on this page and updating the "Last Updated" date at the top of this statement.

You are advised to review this statement periodically for any changes. Changes to this statement are effective when they are posted on this page.