Last Updated: November 1, 2024
Significo (“we,” “us,” or “our”) is committed to protecting your privacy and ensuring compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), and other relevant German, EU, and U.S. privacy laws. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our products and services.
1. Scope and Applicability
This Privacy Policy applies to all users of Significo’s products and services, including but not limited to Recco, Nutrition Database, and Balm (collectively, the “Products”). By using our Products, you consent to the data practices described in this Privacy Policy.
2. Data Controller and Contact Information
Significo is the data controller responsible for processing your personal data under GDPR. If you have any questions or concerns regarding your data, you may contact us at:
Data Protection Officer (DPO)
Significo GmbH
Cuvrystrasse 1, Berlin DE 10997
Email: security@significo.com
3. Types of Data We Collect
We may collect the following types of personal data:
- Identity Data (e.g., name, email, date of birth, account credentials)
- Health Data (e.g., medical history, health conditions, biometric data) [collected only with explicit consent and in compliance with HIPAA and GDPR]
- Usage Data (e.g., IP address, device information, cookies, interaction logs)
- Financial Data (e.g., billing information if applicable)
4. Legal Basis for Processing Data
We process personal data based on the following legal grounds under GDPR (Article 6 and 9):
- Consent (where required, such as for processing health data)
- Contractual Necessity (for providing our services)
- Legal Obligations (where required by law)
- Legitimate Interests (such as improving our Products and fraud prevention)
5. How We Use Your Data
We process your personal data for the following purposes:
- To provide and enhance our Products and services
- To personalize recommendations within Recco
- To manage dietary preferences via Nutrition Database
- To facilitate health interventions through Balm
- To comply with legal and regulatory obligations
- To detect and prevent fraud or security threats
6. Data Sharing and International Transfers
Your personal data may be shared with:
- Authorized third-party service providers (under strict data processing agreements)
- Regulatory authorities (where legally required)
- Partners and researchers (with anonymization or explicit consent)
If data is transferred outside the EU/EEA, we ensure appropriate safeguards, such as Standard Contractual Clauses (SCCs) or Privacy Shield (where applicable).
7. Your Rights Under GDPR
Under GDPR, you have the following rights:
- Right to Access – Request a copy of your data
- Right to Rectification – Correct inaccurate data
- Right to Erasure (“Right to be Forgotten”) – Request deletion of your data
- Right to Restriction – Limit processing under certain circumstances
- Right to Data Portability – Receive your data in a structured format
- Right to Object – Oppose processing based on legitimate interests
- Right to Withdraw Consent – If processing is based on consent
- Right to Lodge a Complaint – With a data protection authority in your jurisdiction
To exercise these rights, contact security@significo.com.
8. Data Retention
We retain personal data only as long as necessary for the purposes outlined in this policy and in compliance with applicable laws. Health data will be securely deleted or anonymized when no longer needed.
9. Security Measures
We implement technical and organizational measures to protect personal data from unauthorized access, alteration, disclosure, or destruction. These include encryption, secure storage, and access controls.
10. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to improve user experience. Users can manage cookie preferences through browser settings.
11. Children’s Privacy
Our Products are not intended for children under 16. If we learn that personal data of a child under this age has been collected, we will take steps to delete it.
12. Changes to This Policy
We may update this Privacy Policy to reflect changes in legal requirements or our practices. Updates will be posted with a revised “Last Updated” date.
13. Governing Law and Dispute Resolution
This Privacy Policy is governed by German law and applicable EU privacy regulations. Any disputes shall be resolved through binding arbitration or litigation in Berlin, unless otherwise required by law.For further inquiries, contact security@significo.com.