Privacy Policy of the alloweat website and application
I. Subject of the Privacy Policy
1. This document constitutes the fulfillment of our obligations under personal data protection regulations, in particular the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC).
2. This document explains how and on what basis we process your personal data when you contact us, use our social media channels, use our website, enter into an agreement with us and become our client.
You will learn, among other things:
- why we are allowed to process your data;
- for what purposes we process it;
- whether you are required to provide us with your data;
- how long we store your data;
- whether there are other recipients of your personal data;
- whether we process your data outside the European Economic Area; and
- whether we process your data in an automated manner, including profiling.
3. This Privacy Policy consists of the following parts:
First part contains general information that we are obliged to provide to everyone, regardless of the purpose of data processing.
Second part provides information for individuals using our website alloweat.com.
Third part provides information for individuals who contact us directly via forms available on our website, through the chat functionality we provide or via email, including when reporting illegal content.
Fourth part provides information for Users who create an Account in our Application, as well as for anyone entering into an agreement with us for the provision of Services or electronic services, including participation in Webinars or joining our “Biznes Dietetyczny Bez Granic” community.
Fifth part provides information for individuals interested in our offer as a result of our marketing activities, including social media use and distribution of our marketing Newsletter.
Part I. General information for all users
Contact details of the controller of your personal data
Controller of your personal data is Utrition Sp. z o.o., with its registered office in Lublin, at ul. Gospodarcza 26, 20-213 Lublin, entered into the Register of Entrepreneurs of the National Court Register under KRS number: 0000835147, NIP (Tax ID): 9462696354, REGON: 38582983000000.
For any matters related to our services or processing of your personal data, you may contact us by phone at +48 606 114 644 or by email at hello@alloweat.com.
Where do we obtain your personal data from?
Personal data we collect via our website comes directly from you. This happens when:
You visit our social media profiles and contact us through those platforms.
You browse the content available on our website.
You send us inquiries, request offers or ask questions regarding our activities or projects.
You create an account in our application or place an order for our services.
You participate in our webinars or join our Biznes Dietetyczny Bez Granic community.
What rights do you have regarding processing of personal data?
Below, we outline your rights in connection with the protection and processing of your personal data. Specific rights you may exercise depend on the purpose and legal basis for which we process your data.
Right of access to data
You have the right to obtain information about personal data we hold about you. By submitting a request for access, you will receive details on how your data is processed, including purposes and legal grounds for processing, scope of the data we hold, recipients to whom the data is disclosed and planned retention period.
Right to rectification
You have the right to request the immediate rectification and/or completion of the personal data we hold about you. We are obligated to ensure that our communication with you is based on data that is accurate, complete and up to date.
Right to restriction of processing
You have the right to request that we restrict the processing of your personal data if you contest the accuracy of the data we hold about you, if the processing is carried out without a legal basis or if you have objected to the processing of your data.
Right to erasure
You have the right to request the erasure of your personal data stored by us, unless the continued retention of that data is necessary to ensure freedom of expression and access to information, to comply with legal obligation, for reasons of public interest, for the establishment, exercise or defence of legal claims or for the enforcement of rights under applicable laws.
Right to information
If you exercise your right to rectification, erasure or restriction of data processing, we will inform all recipients of your personal data about the rectification, erasure or restriction of processing – unless doing so proves impossible or would involve disproportionate effort.
Right to data portability
You have the right to receive a copy of personal data you have provided to us, in a structured, commonly used and machine-readable format. You may also request that such data be transferred directly to another data controller, where technically feasible. This right applies only when processing is based on your consent or performance of a contract.
Right to object
If your personal data is processed based on our legitimate interest, you have the right to object at any time to further processing. We will assess your request in accordance with applicable legal requirements.
Right to withdraw consent
If your personal data is being processed on the basis of your consent, you may withdraw that consent at any time with future effect. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.
Right to lodge a complaint with a supervisory authority
If you believe that processing of your personal data violates data protection laws or if your data protection rights have been otherwise infringed, you have the right to lodge a complaint with a supervisory authority. In Poland, the competent supervisory authority is the President of the Personal Data Protection Office (UODO), located in Warsaw at ul. Stawki 2. Before exercising this right, we encourage you to contact us first, so we can address your concerns directly.
Handling of request
If you submit a request to exercise any of the above rights, we will respond within one month of receiving it. If an extension is necessary, we will inform you of the reasons for the delay.
Our response will be sent to the email address from which the request was submitted. If the request was sent by post, we will reply by regular mail to the address you provided – unless you explicitly request a reply by email and include your email address in the letter.
Links to other websites
Where we provide links to websites operated by other entities, this Privacy Policy does not apply to those websites and we do not describe how those entities process your personal data. We encourage you to review the privacy policies of those third-party websites directly.
Cookies
Like nearly all websites, our website uses cookies.
Cookies that support functionality, security and accessibility are essential for the proper functioning of the website. These cookies also record your acceptance of our Privacy Policy and Cookie Policy. We use these based on our legitimate interest.
We also use cookies for analytical purposes. These allow us to measure the effectiveness of our website by analyzing user interactions. Such tools are used only based on your consent.
You can learn more about how we use cookies and manage your preferences through our Cookiebot banner that appears when you visit our website.
Tools provided by Google
We use tools provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website:
- Google Analytics – set of tools that allow us to collect statistical information about how you use our website, such as IP address, device type and browser type. We use this data to understand, for example, how many users visit our site. This information is processed in a way that does not directly identify any individual.
- Google Tag Manager – tool that allows us to manage so-called tags (tracking codes and related code fragments). It helps us manage our website and integrate various tools. Google Tag Manager may collect aggregated data on tag triggering to share diagnostic information about system stability, performance and installation quality. However, this data does not include users’ IP addresses or any identifiers that could be linked to a specific person.
- Google Ads – advertising tool that enables us to create advertisements and campaigns tailored to our users’ interests.
Please note that Google may process your data on servers located in the United States. In such cases, your data may be processed outside the European Economic Area (EEA), but this processing is carried out on the basis of an adequacy decision (the so-called Data Privacy Framework) or Standard Contractual Clauses (SCCs) – contractual terms between us and Google that ensure an adequate level of data protection.
If you wish to learn more about how Google processes personal data, we encourage you to review the information provided by Google here.
Meta Ads
As part of our operations, we also use Meta Ads, a tool provided by Meta Platforms Inc., headquartered at 1 Hacker Way, Menlo Park, CA 94025, USA. Meta Ads enables us to create advertising campaigns to reach our target audience.
Use of Meta Ads may involve processing your personal data outside the EEA. This processing is carried out on the basis of an adequacy decision, specifically the Data Privacy Framework, which guarantees an adequate level of data protection.
You can find more information about how Meta processes data here.
Information about profiling
Controller does not engage in profiling.
Privacy policy updates
This Privacy Policy is subject to periodic review and updates when necessary. Below you can find information about any changes made, if applicable.
This version of the Privacy Policy was published on April 1, 2025.
Part II. Data processing when using the alloweat.com website
Below we present the principles for processing personal data (including IP addresses or other identifiers and information collected via cookies or similar technologies) that apply when you use the alloweat.com website.
For what purpose do we process your data?
We process your personal data in order to provide electronic services by making the content available through the alloweat.com website, as well as for analytical and statistical purposes.
What is the legal basis for processing your data?
The legal basis for processing your personal data is:
- for the purpose of providing electronic services through access to the content available on our website – the legal basis is the necessity of processing for the performance of a contract (Article 6(1)(b) of the GDPR);
- for analytical and statistical purposes – the legal basis is your consent (Article 6(1)(a) of the GDPR);
- for the establishment, exercise or defence of legal claims or for ensuring the security of your data – the legal basis is our legitimate interest (Article 6(1)(f) of the GDPR), which is the protection of our rights.
How long do we process your data?
We will process your personal data for as long as necessary to fulfill the purposes described in this Privacy Policy, in particular to comply with our contractual and legal obligations. If the processing is based on your consent, your data will be processed until you withdraw that consent. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
Who receives your personal data?
Recipients of your personal data – that is, external entities that may be involved in the data processing – include our trusted subcontractors: providers of IT services for data hosting and business email and companies whose analytical and statistical tools we use, as specified in Part I of this Privacy Policy.
Nature of data provision
Your personal data – including your IP address, other identifiers and related information – is collected automatically when you connect to our website, via cookies or similar technologies.
You can read more about how we use cookies and how to manage your cookie preferences in the Cookiebot Banner displayed upon entering our website.
Other important information
Your personal data may be processed outside the European Economic Area (EEA) – for instance, Google may process your data on servers located in the United States. In such cases, data is processed based on adequacy decision known as the Data Privacy Framework, of which Google is a certified participant or on the basis of Standard Contractual Clauses (SCCs) included in our agreement with Google, which ensure an adequate level of data protection.
Your data may also be processed outside the EEA when using Meta tools provided by Meta Platforms Inc. This processing is also based on the Data Privacy Framework, of which Meta is a certified participant.
What are your rights?
Your rights are described in Part I of this Privacy Policy.
Part III. Information for individuals who contact us directly via website forms, chat functionality or email (including reports of illegal content)
Below we outline the rules for processing personal data that apply when you contact us directly using forms available on our website, the chat functionality we provide or via email.
For what purpose we process your data?
We process your personal data to respond to your inquiries regarding:
- our business activities, projects or opportunities for collaboration;
- details of any service order you have placed with us;
- any other inquiries you may submit.
What is the legal basis for processing your data?
The legal basis for processing your personal data is:
- to respond to your inquiry, regardless of the communication channel used – depending on the nature of your inquiry, the legal basis is either our legitimate interest (Article 6(1)(f) GDPR), which consists in providing information about our operations or the necessity of processing for the performance of a contract or to take steps prior to entering into a contract at your request (Article 6(1)(b) GDPR);
- for the establishment, exercise or defence of legal claims and to ensure the security of your data – the legal basis is our legitimate interest (Article 6(1)(f) GDPR), which consists in protecting our rights;
- to take action in connection with your report of illegal content in accordance with the Digital Services Act – the legal basis for processing is our legal obligation (Article 6(1)(c) GDPR).
How long do we process your data?
We will retain your data for as long as necessary to fulfil our legal obligations. For data provided in connection with the intention to enter into a contract, we will process your data throughout the duration of the contract, as well as for the period required by applicable laws regarding limitation of claims and retention of accounting documents.
Who receives your personal data?
Recipients of your personal data – i.e. third parties that may participate in the processing of your data – include our trusted subcontractors: IT service providers responsible for data hosting and business email services.
Your personal data may also be shared with User.com Sp. z o.o., a company headquartered at ul. Grzybowska 87, 00-844 Warsaw, Poland, which provides us with the chat tool that enables you to contact us.
Nature of data provision
Providing your data is voluntary; however, data marked as necessary for the conclusion of a contract is mandatory. Failure to provide such data may result in the inability to enter into a contract. All other data is optional.
Other important information
Your personal data will not be processed outside the European Economic Area (EEA).
What are your rights?
Your rights are described in Part I of this Privacy Policy.
Part IV. Information for users who create an account in our application and for individuals who enter into a contract with us for the provision of services, including participation in webinars or joining the “Biznes Dietetyczny Bez Granic” community
Below we provide rules for processing personal data that apply when you create an account in the application or enter into a Service Agreement with us.
For what purpose we process your data?
If you are a dietitian, we process your personal data to enable you to create an account and to provide you with account-related services, including access to all functionalities of the application.
We also process your data when you enter into an agreement with us for the provision of other electronic services – for example, when you sign up for a webinar or decide to join the BDBG (Biznes Dietetyczny Bez Granic) community platform.
If you are a dietitian’s client, the controller of your personal data with respect to account management and the functionalities of the application is, by default, the dietitian. In this regard, Utrition sp. z o.o. acts as a data processor under a separate agreement with the dietitian. Dietitian independently determines the purposes and legal basis for processing in connection with the use of the application by their clients. This Privacy Policy applies to you only to the extent that you use our electronic services directly and enter into an agreement with us for their provision.
To improve the quality of our services and for research and scientific purposes, we process anonymized data on how users (both dietitians and clients) use the application. These analyses do not involve personal data – the anonymization process is irreversible and it is not possible to identify a user from anonymized data.
What is the legal basis for processing your data?
The legal basis for processing your personal data is:
- to fulfil your order for our services – the legal basis is the necessity of processing for the performance of a contract (Article 6(1)(b) GDPR);
- to allow you to create and use an account (i.e. to provide you with account services), to enable your participation in a Webinar, or to facilitate your membership in the BDBG community, as well as to provide you with other electronic services – the legal basis is the necessity of processing for the performance of a contract (Article 6(1)(b) GDPR);
- to fulfil legal obligations incumbent upon us as a data controller, in particular those arising from tax and accounting regulations – the legal basis is our legal obligation (Article 6(1)(c) GDPR);
- to process complaints – the legal basis is our legal obligation (Article 6(1)(c) GDPR), which requires us to handle complaints;
- to establish, exercise or defend against legal claims – the legal basis is our legitimate interest (Article 6(1)(f) GDPR), which consists in protecting our rights.
How long do we process your data?
We will process your data for duration of the agreement and afterward for the period of limitation of claims, as well as for the time specified by legal regulations regarding the storage of accounting records.
Who receives your personal data?
Recipients of your personal data – i.e. third parties that may participate in the processing of your data – include our trusted subcontractors such as IT service providers (data hosting, business email services), as well as companies that support our operations, including accounting, legal, audit and consulting service providers.
Your personal data will be shared with User.com Sp. z o.o., based in Warsaw (00-844), ul. Grzybowska 87, which provides us with the CRM tool we use to manage our customer relationships.
If you join the BDBG community, your data will be shared with Mighty Software Inc., 2100 Geng Road, Suite #210, Palo Alto, CA 94303, which provides the platform we use for the community. Processing of your personal data by Mighty Software involves data transfers outside the European Economic Area, secured by standard contractual clauses, i.e. contractual terms between us and Mighty Software that ensure adequate protection of your personal data.
If you participate in a webinar we organize via YouTube, the privacy policy of that platform applies. YouTube is owned by Google LLC, so your participation in Webinars streamed via YouTube may involve processing of your data outside the EEA. More information about data processing by Google and relevant safeguards is available in Part I of this Privacy Policy.
For some webinars, we use the Zoom platform provided by Zoom Video Communications Inc., 55 Almaden Boulevard 6th Floor, San Jose, CA 95113, United States. Using Zoom may involve processing of your data outside the EEA. Zoom is part of the Data Privacy Framework, which ensures adequate protection of personal data.
When we organize meetings with our users, we use Google Meet, provided by Google LLC. Use of Google Meet may involve data transfers outside the EEA. More information is available in Part I of this Privacy Policy.
Your data may also be shared with payment service providers, if you choose to use the payment methods they offer. These providers are independent data controllers and operate in accordance with their own privacy policies. To learn how they process your data, you should refer to their respective privacy policies.
Nature of data provision
Providing your data is voluntary; however, some data is required for us to accept and process your order. Failure to provide required data will result in our inability to fulfil your order. Similarly, failure to provide data necessary to create an account will make account creation impossible. All other data is optional.
Other important information
Your data may be processed outside the European Economic Area due to the use of certain tools. Detailed information can be found in section above regarding the recipients of personal data.
What are your rights?
Your rights are described in Part I of this Privacy Policy.
Part V. Information for individuals interested in our offering through marketing activities, including use of social media and distribution of our marketing Newsletter
Below you will find information about the rules for processing personal data that apply when you interact with us through our social media profiles, including Facebook and LinkedIn (referred to as “fanpages” or “profiles”). On our fanpages, we regularly post and share content, offers and recommendations regarding our services. These rules also apply to the delivery of our marketing Newsletter.
What is the purpose of processing your data?
We process your personal data solely in connection with the management of our social media profiles, including to inform you about our activities, promote various events and services and communicate with you using functionalities available on these platforms. We process your data to the extent that you make it available on these services.
Please note that social media platforms track your activity through cookies and similar technologies whenever you interact with our fanpages or other pages on their sites. Fanpage administrators have access to aggregated statistics about your interests and demographic data (such as age, gender, region). Scope and purpose of data processing on social media platforms are defined by their respective administrators.
We also process your data for the purpose of sending you our marketing Newsletter, through which we inform you about news, interesting offers and upcoming events related to our business.
What is the legal basis for processing your data?
The legal basis for processing your personal data is:
- our legitimate interest (Article 6(1)(f) of the GDPR), which includes promoting our brand, building and maintaining a community around our brand and responding to certain inquiries;
- in the case of inquiries about possible cooperation or our services, the legal basis is taking steps at your request prior to entering into a contract or performance of a contract (Article 6(1)(b) of the GDPR);
- your consent for the creation of aggregated page statistics by social media platforms (Article 6(1)(a) of the GDPR);
- your consent to receive our marketing Newsletter (Article 6(1)(a) of the GDPR).
How long do we process your data?
We will process your personal data for as long as necessary to fulfill the purposes described in this Privacy Policy, in particular to meet our contractual and legal obligations, unless you withdraw your consent earlier. Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.
Social media platforms also process your data for their own purposes when you interact with our fanpages. This processing is outside the scope of this Privacy Policy, and we have no influence over it. For more information, please consult the privacy policies of the respective platforms:
Who receives your personal data?
The recipients of your personal data, i.e., external entities that may participate in the data processing, include our trusted subcontractors – providers of IT services such as data hosting and business email – as well as: Meta Platforms Technologies Ireland Limited, Merrion Road, Dublin 4 (administrator of Facebook and Instagram), LinkedIn Ireland Unlimited Company (administrator of LinkedIn), other administrators of social media platforms.
In relation to the Newsletter, the recipient of your data is User.com Sp. z o.o., with its registered office at ul. Grzybowska 87, 00-844 Warsaw, which provides the tool used to send our Newsletter.
Nature of data provision
Your personal data – including your IP address, device identifiers and other information – are collected when you connect to our fanpages, through cookies or similar technologies.
When you use our fanpages, the scope and purposes of processing your personal data are determined by the administrators of those platforms.
For further information, please refer to the privacy policies of individual social media platforms:
What are your rights?
Your rights are described in Part I of this Privacy Policy.
Other important information
Processing of your personal data by social media platforms may involve the transfer of your personal data outside the European Economic Area (EEA). For details on such transfers, please consult the privacy policies of the relevant social media providers.