Nima Labs, Inc. Terms and Conditions of Use
Nima Labs, Inc. (“Nima“) welcomes you and wishes to inform you of our policies and practices regarding your use and access of our services via our website located at www.nimasensor.com or through a platform such as iTunes or Google, or one of our partners, or via our products or services.
Specifically, these Terms and Conditions (“Terms”) apply to visitors and users of (i) Nima products that monitor their wellness (“Products”), (ii) the Nima website (the “Website“), (iii) our App for your app-enabled mobile device (“App“), and (iv) any other features, content, or services offered from time to time by Nima in connection with the Products, Website or App (collectively, the “Services“).
As a result, this Terms and Conditions Agreement (“Agreement“) sets forth the legally binding terms for your use of our Services. By using Nima’s Services, you agree to be bound by this Agreement, whether you are a “Visitor” (which means that you simply browse the Website or App) or you are a “Member” (which means that you have registered with Nima and set up an Account). The term “User” refers to a Visitor or a Member. When using Nima’s Services, you also agree to be bound by Google’s Terms of Service.
THESE TERMS CONTAIN A DISPUTE RESOLUTION AND ARBITRATION PROVISION, INCLUDING CLASS ACTION WAIVER THAT AFFECTS YOUR RIGHTS UNDER THESE TERMS AND WITH RESPECT TO DISPUTES YOU MAY HAVE WITH NIMA. YOU MAY OPT OUT OF THE BINDING INDIVIDUAL ARBITRATION AND CLASS ACTION WAIVER AS PROVIDED BELOW.
You represent and warrant that you are authorized to enter into this Agreement on behalf of yourself and/or the entity that you purport to represent.
- Additional Terms. In order to participate in or receive certain Services, you may be required to download software or content and/or agree to additional terms and conditions. Unless otherwise provided by the additional terms and conditions applicable to the Services in which you choose to participate or that you choose to receive, those additional terms are hereby incorporated into this Agreement. To the extent there is a conflict between the terms in this Agreement and the terms and conditions posted for a specific area of the Website or App or in connection with a Service, the latter shall have precedence with respect to your use of that area of the Website, App or Service.
- Amendments. Nima may modify this Agreement from time to time and such modification shall be effective: (1) for Users who first use the Services after the posting, upon posting by Nima on the Website, (2) for existing Users, thirty (30) days after posting by Nima on the Website, or (3) for existing Members, if the modifications to the Agreement are material, thirty (30) days after Nima sent an e-mail containing a notification of such modifications and the continued use of the Services by the Member thereafter, which shall constitute the Member’s acceptance of the amended Agreement. If you do not agree to the modification, you must cease your use of Nima’s Services.
- Eligibility. By using our Services, you represent and warrant that: (a) all required registration information you submit is truthful and accurate; (b) you will maintain the accuracy of such information; (c) you are thirteen (13) years of age or older; and (d) your use of the Services does not violate any applicable law or regulation. Your Nima Account (the “Account“) may be deleted without warning if we believe that you are younger than thirteen (13).
- Copyright / Trademark Information. The content, trademarks, logos and designs (“Marks“) displayed on this website or any device, app, or other site are the property of Nima. You are not permitted to use these Marks without our prior written consent. We reserve all legal rights herein. Copyright © 2017, property of Nima Labs, Inc.
- Password. When you sign up to become a Member, you will be asked to choose a username and a password. You are entirely responsible for maintaining the confidentiality of your password. You agree not to use the Account, username, or password of another Member at any time. You agree to notify Nima immediately if you suspect any unauthorized use of your Account or access to your password. You are solely responsible for any and all use of your Account.
- Conditions of Sale.
- a. Fees and Charges. You agree to pay all fees and charges incurred in connection with your orders and purchases (including any taxes imposed on your orders and purchases, including, but not limited to, sales, use or value-added taxes, unless you provide Nima with sufficient evidence that the order and purchase is made solely for the resale or redistribution of the product to your customers) at the rates in effect when the charges were incurred. Nima may automatically charge and withhold such taxes for orders to be delivered to addresses within any jurisdictions that it deems is required.
- b. Geographic Areas. Currently, Nima does not support international shipments for its Products, or provide Services outside of the United States.
- c. Disputes. You must notify us in writing within seven (7) days after receiving your credit card statement, if you dispute any of our charges on that statement, or such dispute will be deemed waived. Billing disputes should be notified to the following address: firstname.lastname@example.org. If Nima does not receive payment from your credit card issuer or its agent, you agree to pay all amounts due upon demand by Nima or its agents.
- d. Returns. All sales of other products are subject to Nima’s then-current return policies, as posted on the Website.
- e. Eligibility; Credit Card Terms. To order any products, you must be at least eighteen (18) years of age or the applicable age of majority in your jurisdiction. You will be required to give us a valid credit card number (VISA, MasterCard, American Express or any other issuer then accepted by us) and associated payment information at the time you order, including all of the following: (i) your name as it appears on the card, (ii) the credit card type, (iii) the date of expiration of your credit card, (iv) billing address, and (v) any activation numbers or codes needed to charge your card. Nima currently does not accept cash, checks or any other payment form, although in the future we may change this policy. You agree that no additional notice or consent is required before Nima invoices the credit card for all amounts due and payable. By providing Nima with your credit card number and associated payment information, you agree that Nima is authorized to immediately invoice your account for all fees and charges due and payable to Nima as a result of your purchase. You agree to immediately notify Nima of any change in your billing address or the credit card used for payment hereunder. Nima reserves the right, at any time, to change its prices and billing methods for products sold, either immediately upon posting on the Website or in the App, or by e-mail delivery to you.
- f. Order acceptance policy. Your receipt of an electronic or other form of order confirmation does not signify Nima’s acceptance of your order, nor does it constitute confirmation of our offer to sell. Nima reserves the right at any time after receipt of your order to accept or decline your order for any reason. Nima further reserves the right any time after receipt of your order, without prior notice to you, to supply less than the quantity you ordered of any item. Your order will be deemed accepted by Nima upon our delivery of the products that you have ordered. We may require additional verifications or information before accepting any order.
- g. Title and Risk of Loss. Title and risk of loss to each shipment of the products sold on the Website shall pass to you upon transfer to the shipping agent.
- Release. You hereby release Nima, its officers, employees, agents and successors from claims, demands any and all losses, damages, rights, claims, and actions of any kind including, without limitation, personal injuries, death, and property damage, that is either directly or indirectly related to or arises from any interactions with other Users. If you are a California resident, you hereby waive California Civil Code Section 1542, which states:
“A general release does not extend to claims which the creditor does not know or suspect to exist in his favor at the time of executing the release, which, if known by him must have materially affected his settlement with the debtor.”
- Electronic communications. The communications between you and Nima use electronic means, whether you visit the Website or App or otherwise use the Services or send Nima e-mails, or whether Nima posts notices on the Website or App or communicates with you via e-mail. For contractual purposes, you (a) consent to receive communications from Nima in an electronic form; and (b) agree that all terms and conditions, agreements, notices, disclosures, and other communications that Nima provides to you electronically satisfy any legal requirement that such communications would satisfy if it were to be in writing. The foregoing does not affect your statutory rights.
- U.S. Export Controls. Content and software available in connection with the Services (the “Software“) is further subject to United States export controls. No Content or Software may be downloaded from the Services or otherwise exported or re-exported in violation of U.S. export laws. By downloading or using the content and Software, you represent and warrant that such download or use is not in violation of any such law. 13. Governing Law and Arbitration.
DISPUTE RESOLUTION AND ARBITRATION; CLASS ACTION WAIVER
Please Read This Provision Carefully. It Affects Your Legal Rights.
Notwithstanding the foregoing, this Provision facilitates the prompt and efficient resolution of any dispute (e.g., claim or controversy, whether based in contract, statute, regulation, ordinance, tort – including, but not limited to, fraud, misrepresentation, fraudulent inducement, or negligence – or any other legal or equitable theory, and includes the validity, enforceability or scope of this Provision (with the exception of the enforceability of the Class Action Waiver clause below) that may arise between You and Nima. Effectively, then, “dispute” is given the broadest meaning enforceable by law and includes any claims against other parties relating to services or products provided or billed to You (such as Nima’s licensors, suppliers, dealers or third-party vendors) whenever You also assert claims against Nima in the same proceeding.
This Provision provides that all disputes between You and Nima shall be resolved by binding arbitration because acceptance of These Terms constitutes a waiver of Your right to litigation claims and all opportunity to be heard by a judge or jury. To be clear, there is no judge or jury in arbitration, and court review of an arbitration award is limited. The arbitrator must follow this agreement and can award the same damages and relief as a court (including attorney’s fees). You may, however, opt-out of this Provision which means You would have a right or opportunity to bring claims in a court, before a judge or jury, and/or to participate in or be represented in a case filed in court by others (including, but not limited to, class actions). EVERYONE AGREES THAT, EXCEPT AS PROVIDED BELOW, ANY AND ALL DISPUTES, AS DEFINED ABOVE, WHETHER PRESENTLY IN EXISTENCE OR BASED ON ACTS OR OMISSIONS IN THE PAST OR IN THE FUTURE, WILL BE RESOLVED EXCLUSIVELY AND FINALLY BY BINDING ARBITRATION RATHER THAN IN COURT IN ACCORDANCE WITH THIS PROVISION.
Pre-Arbitration Claim Resolution
For all Disputes, whether pursued in court or arbitration, You must first give Nima an opportunity to resolve the Dispute which is first done by emailing to Nima at email@example.com the following information: (1) Your name, (2) Your address, (3) A written description of Your Claim, and (4) A description of the specific relief You seek. If Nima does not resolve the Dispute within 45 days after receiving Your notification, than You may pursue Your Dispute in arbitration. You may pursue Your dispute in a court only under the circumstances described below.
Exclusions from Arbitration/Right to Opt Out
Notwithstanding the above, You or Nima may choose to pursue a Dispute in court and not by arbitration if: (a) The dispute qualifies for initiation in small claims court; or (b) YOU OPT-OUT OF THESE ARBITRATION PROCEDURES WITHIN 30 DAYS FROM THE DATE THAT YOU FIRST CONSENT TO THIS AGREEMENT (the “Opt-Out Deadline”). You may opt-out of this Provision by emailing Nima at firstname.lastname@example.org the following information: (1) Your name; (2) Your address; (3) A clear statement that You do not wish to resolve disputes with Us through arbitration. Your decision to opt-out of this Arbitration Provision will have no adverse effect on Your relationship with Nima. However, Nima does have to enforce the Opt-Out Deadline so keep in mind that any opt-out request received after the Opt-Out Deadline will not be valid and You must pursue Your dispute in arbitration or small claims court.
If this Provision applies and the dispute is not resolved as provided above (Pre-Arbitration Claim Resolution) either You or Nima may initiate arbitration proceedings. The American Arbitration Association (“AAA”), www.adr.org, or JAMS, www.jamsadr.com, will arbitrate all disputes, and the arbitration will be conducted before a single arbitrator. The arbitration shall be commenced as an individual arbitration, and shall in no event be commenced as a class arbitration. All issues shall be for the arbitrator to decide, including the scope of this Provision.
For arbitration before AAA, for Disputes of less than $75,000, the AAA’s Supplementary Procedures for Consumer-Related Disputes will apply; for Disputes involving $75,000 or more, the AAA’s Commercial Arbitration Rules will apply. In either instance, the AAA’s Optional Rules For Emergency Measures Of Protection shall apply. The AAA rules are available at www.adr.org or by calling 1-800-778-7879. For arbitration before JAMS, the JAMS Comprehensive Arbitration Rules & Procedures and the JAMS Recommended Arbitration Discovery Protocols For Domestic, Commercial Cases will apply. The JAMS rules are available at www.jamsadr.com or by calling 1-800-352-5267. This Provision governs in the event it conflicts with the applicable arbitration rules. Under no circumstances will class action procedures or rules apply to the arbitration.
Because the Services and these Terms concern interstate commerce, the Federal Arbitration Act (“FAA”) governs the arbitrability of all disputes. However, the arbitrator will apply applicable substantive law consistent with the FAA and the applicable statute of limitations or condition precedent to suit.
Arbitration Award – The arbitrator may award on an individual basis any relief that would be available pursuant to applicable law, and will not have the power to award relief to, against or for the benefit of any person who is not a party to the proceeding. The arbitrator will make any award in writing but need not provide a statement of reasons unless requested by a party. Such award will be final and binding on the parties, except for any right of appeal provided by the FAA, and may be entered in any court having jurisdiction over the parties for purposes of enforcement.
Location of Arbitration – You or Nima may initiate arbitration in either California or the federal judicial district that includes Your billing address. In the event that You select the latter, Nima may transfer the arbitration to California so long as Nima agrees to pay any additional fees or costs which the arbitrator determines You incur as a result of the transfer.
Payment of Arbitration Fees and Costs – So long as You place a request in writing prior to commencement of the arbitration, Nima will pay all arbitration fees and associated costs and expenses. But, You will still be responsible for all additional fees and costs that You incur in the arbitration which include but are not limited to attorneys’ fees or expert witnesses. In addition to any fees and costs recoverable under applicable law, if You provide notice and negotiate in good faith with Nima as provided in the section above titled “Pre-Arbitration Claim Resolution” and the arbitrator concludes that You are the prevailing party in the arbitration, You will be entitled to recover reasonable attorney’s fees and costs as determined by the arbitrator.
Class Action Waiver
Except as otherwise provided in this Provision, the arbitrator may not consolidate more than one person’s claims, and may not otherwise preside over any form of a class or representative proceeding or claims (such as a class action, consolidated action or private attorney general action) unless both You and Nima specifically agree to do so following initiation of the arbitration. If You choose to pursue Your Dispute in court by opting out of the Arbitration Provision, as specified above, this Class Action Waiver will not apply to You. Neither You, nor any other user of the Services can be a class representative, class member, or otherwise participate in a class, consolidated, or representative proceeding without having complied with the opt-out requirements above.
You understand and agree that by accepting this Provision in these Terms, You and Nima are each waiving the right to a jury trial or a trial before a judge in a public court. In the absence of this Provision, You and Nima might otherwise have had a right or opportunity to bring disputes in a court, before a judge or jury, and/or to participate or be represented in a case filed in court by others (including class actions). Except as otherwise provided below, those rights are waived. Other rights that You would have if You went to court (e.g.,, the rights to both appeal and certain types of discovery) may be more limited or may also be waived.
Nima Labs, Inc.
450 Alabama Street
San Francisco, CA 94110
Attn: Privacy & Terms Team
- Force Majeure. Nima will not be liable for non-performance or delay in performance (other than of obligations regarding payment of money) caused by any event reasonably beyond the control of such party including, but not limited to wars, hostilities, revolutions, riots, civil commotion, national emergency, epidemics, fire, flood, earthquake, force of nature, explosion, embargo or any “act of God.”
Effective: 24 April 2018
- A Note About Children. We do not intentionally gather Personal Data from visitors who are under the age of 13. If a child under 13 submits Personal Data to Nima and we learn that the Personal Data is the information of a child under 13, we will attempt to delete the information as soon as possible. If you believe that we might have any Personal Data from a child under 13, please contact us at email@example.com.
All information provided will be encrypted or anonymized to align with data privacy regulations between such countries, and the service provider must agree to the GDPR requirements set forth herein if any personal data will be originating from or processed in the EU.
European Union (“EU”) General Data Protection Regulation (“GDPR”).
Nima may at times be subject to GDPR, which is the European Union’s General Data Protection Refgulation, as a controller or processor of personal data as described below:
- The GDPR considers data protection as a fundamental human right of an individual, which includes a “right to the protection” of their personal data. Anyone based in the EU, or anyone handling or targeting the personal data of an EU-based individual must have processes, technology, and automation to effectively protect such personal data.
- The GDPR applies to a controller or a processor who is based or established in the EU, or to a company not based in the EU but who offers goods or services from outside the EU borders in the EU or who monitors the behavior of personal data in the EU.
- To avoid fragmentation and ambiguity, GDPR has set a baseline for data protection by requiring anyone processing the personal data of an individual that is in the EU to follow the requirements set forth in the GDPR.
In compliance with GDPR, Nima data has implemented data security processes to ensure the following are properly identified and processed:
- Data Subject: A person who can be identified directly or indirectly by means of an identifier. For example, an identifier can be a national identifier, a credit card number, a username, or a web cookie.
- Personal Data: Any personal information, including sensitive personal information, relating to a Data Subject. For example, address, date of birth, name, location and nationality.
- Controller: A natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. For example, a controller can be an organization that works with Nima and determines the processing of personal data provided to Nima. Nima is a controller for its third-party partners when Nima determines the processing of personal data provided to the third-party.
- Processor: A natural or legal person, agency or any other body which processes Personal Data on behalf of the Controller. For example, a developer, a tester, or an analyst. A Processor can also be a cloud service provider or an outsourcing company.
- Recipient: A natural or legal person, agency or any other body to whom the personal data is disclosed. For example, an individual, a tax consultant, an insurance agent, or an agency.
- Enterprise: Any natural or legal person engaged in an economic activity. This essentially includes all organizations whether in the public or private sector, whether in the EU or outside of the EU.
- Third party: Any natural or legal person, agency or any other body other than the Data Subject, the Controller, the Processor and the persons who, under the direct authority of the Controller or the Processor, are authorized to process the data. For example, partners or subcontractors.
- Supervisory Authority: An independent public authority established by a Member State (known as the National Data Protection Authority under the current EU Data Protection Directive), or auditing agency.
Nima’s key GDPR data security requirements can be broadly classified into three categories:
- Prevention, and
The GDPR also requires compliance with the data protection principles to enhance the quality and rigor of protection of the data. This section summarizes key data security requirements discussed in the GDPR and adopted by Nima.
Assess Security Risks: Data protection impact assessments lay a foundation for preventing breaches by evaluating the gaps and risks. The GDPR mandates that Controllers perform Data Protection Impact Assessments when certain types of processing of Personal Data are likely to present a “high risk” to the data subject. Nima’s assessment includes a systematic and extensive evaluation of processes, profiles, and how these tools safeguard the Personal Data, and when applicable a data processing agreement with Controllers and Processors.
“… The controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data. A single assessment may address a set of similar processing operations that present similar high risks …” — Article 35 of GDPR
Prevent Attacks: At various places in the regulation, the GDPR reiterates the importance of preventing security breaches. The GDPR recommends several techniques to prevent an attack from succeeding:
- Encryption: The GDPR considers encryption as one of the core techniques to render the data unintelligible to any person who is not authorized to access the personal data. When applicable, Nima encrypts personal data it collects to render it unintelligible if accessed without authorization, and as applicable when processing or transferring the data to a Processor.
“… the controller, and the processor shall implement appropriate technical and organizational measures, to ensure a level of security appropriate to the risk, including inter alia, as appropriate: (a) The pseudonymisation and encryption of personal data;” — Article 32 of GDPR
The GDPR provides that in the event of a data breach, the Controller does “not” need to notify data subjects if data is encrypted and rendered unintelligible to any person accessing it, thereby removing notification costs to the organizations.
“The communication to the data subject … shall not be required if… data affected by the personal data breach, in particular those that render the data unintelligible to any person who is not authorised to access it, such as encryption …” — Article 34 of GDPR
- Anonymization and Pseudonymization: Data anonymization is the technique of completely scrambling or obfuscating the data, and pseudonymization refers to reducing the linkability of a data set with the original identity of a data subject. The GDPR states that anonymization and pseudonymization techniques can reduce the risk of accidental or intentional data disclosure by making the information un-identifiable to an individual or entity. Where applicable, Nima anonymizes and pseudonyms the personal data it processes. This includes aggregating the data to be personally unidentifiable, such that the Personal Data is rendered anonymous and unlinkable to the original identity of a data subject.
- “… The application of pseudonymisation to personal data can reduce the risks for the data subjects concerned and help controllers and processors meet their data protection obligations …” — Recital 28 of GDPR
- “… The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. This Regulation does not therefore concern the processing of such anonymous information, including for statistical or research purposes.” — Recital 26 of GDPR
- Privileged User Access Control: The GDPR implies controlling privileged users who have access to the Personal Data to prevent attacks from insiders and compromised user accounts. Nima limits access to Personal Data to specific individuals within the organizations, and with instructions as to the sensitivity of the Personal Data to prevent attacks and compromises of the Personal Data.
- Fine-grained Access Control: In addition to privileged user control, the GDPR recommends adopting a fine-grained access control methodology to ensure that the Personal Data is accessed selectively and only for a defined purpose. This kind of fine-grained access control can help organizations minimize unauthorized access to Personal Data. Nima selectively uses Personal Data for the specific purpose for which it is required.
“… Controller shall implement appropriate technical and organizational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed.” — Article 25 of GDPR
- Data Minimization: The GDPR recommends minimizing the collection and retention of Personal Data as much as possible to reduce the compliance boundary. While collecting, processing, or sharing Person Data, Controllers and Processors must be frugal and limit the amount of information to the necessities of a specific activity. Nima minimizes the Personal Data it collects by considering what is adequate and relevant to what is necessary in relation to the purposes for which they are processed.
- “Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’).” — Article 5 of GDPR
Monitor to Detect Breaches: While preventive security measures help Nima minimize the risk of attack, they cannot eliminate the possibility that a data breach may occur. Thereby Nima monitors and alerts to detect such breaches through recording or auditing of the activities on the Personal Data and maintaining it so that processors and third-parties must not be able to tamper or destroy the audit records. In the case of a Personal Data breach, Nima shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the supervisory authority of any Personal Data breach.
“Each controller …. shall maintain a record of processing activities under its responsibility.” — Article 30 of GDPR
“In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority …” — Article 33 of GDPR
The three broad categories of security guidelines (assessment, prevention, and detection) help Nima address threats from multiple angles and secure the data from unauthorized access.
In addition Nima mandates making data protection a core part of the system. Considering security during the initial design phase of our features in the technology life cycle increases the security worthiness of Nima’s system and ensures that technical security controls will perform as expected. As part of this, Nima has implemented centralized administration when dealing with security of multiple applications and systems as they help take immediate actions in case of a breach. Centralized controls also enforce uniformity across multiple targets, reduce the chances of errors on individual targets, and leverage the best practices across the enterprise. Since threats and attacks can come from multiple sources Nima, works to be prepared from all directions, and mandates protection of Personal Data in all stages of the data lifecycle such as data at-rest and in-transit.
“… The controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organizational measures, such as pseudonymization, which are designed to implement data-protection principles, such as data minimization, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects.” — Article 25 of GDPR
“The main establishment of a controller in the EU should be the place of its central administration in the EU …and should imply the effective and real exercise of management activities determining the main decisions as to the purposes and means of processing…” — Recital 36 of GDPR
“In assessing the appropriate level of security, account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.” — Article 32 of GDPR
- Types of Data We Collect. “Personal Data” means (a) data that allows someone to identify or contact you, including, for example, your name, address, telephone number, e-mail address, as well as any other non-public information about you that is associated with or linked to any of the foregoing data, and (b) Test Results that are automatically collected when you use our Products and Application(s), and any additional information (such as the name of the restaurant and the food item tested, ratings of the restaurant, etc.) that the user may add to the Test Results, to the extent that such data is associated with or linked to data that allows someone to identify or contact you (“Food Data“). “Anonymous Data” means data that can not publicly be linked or associated with your Personal Data; Anonymous Data does not, by itself, permit the identification of individual persons. We collect Personal Data, including but not limited to Food Data, and Anonymous Data, as described below.
(a) Information You Provide to Us.
- We may collect Personal Data from you, such as your first name, last name, e-mail, city, state, password, and food preference related information (e.g., foods you avoid and your food identity) when you create an account to log in to our network (“Account“).
- We will also ask you to create a public profile which will be used in public areas of our Services to identify the Food Data that you collect and any postings that you may upload to the Services (“Profile“). The name you use in your Profile can be your real name or a pseudonym. You can also decide whether or not to include additional personal information that may include but is not limited to your gender, age, food identity and foods you avoid in your Profile. Any information you include in your Profile will be available for public viewing by our other users. Once displayed on publicly viewable web pages and in the Application(s), that information can be used and collected by others. We cannot control who reads your postings or what other users may do with information that you voluntarily post or include in your Profile. Once you have posted information publicly, while you will be able to request that Nima modify or delete such information pursuant to Section 9(e) below, you will not be able to modify or delete such information to the extent it has been cached, collected, and stored elsewhere by others (e.g. search engines).
- If you tell us where you are (e.g., by allowing your mobile device to send us your location), we may store and use that information to tag the location where you tested your food and provide you with location-based information and advertising. If you want to deactivate this feature, you can deactivate GPS on your mobile device or remove permissions for the Application(s) to have access to your location.
- Our Application(s) let you store your Application preferences. We may associate these choices with your Account or the mobile device, and you can edit these preferences at any time in our Application(s).
- When you order our Products or Services on our Site, we, or our payment processors, will collect all information necessary to complete the transaction, including your name, phone number, credit card information, billing information and shipping information. This information may be shared with third parties who help process and fulfill your purchases.
- If you provide us feedback or contact us via e-mail, we will collect your name and e-mail address, as well as any other content included in the e-mail, in order to send you a reply.
- When you use our Product and upload the Sensor test results to our Application(s), we will ask you to provide information about the test (e.g., the restaurant where you tested your food, the food item tested, and a rating of the restaurant). This information, together with any information that you include in your Profile, will be made available to all users of the Application(s) in a public area of our Services.
- When you post content (i.e., text, images, photographs, messages, reviews, ratings, tips, comments or any other kind of content), the information contained in your posting will be stored in our servers. If the information is posted in a public area of the Services, other users will be able to see it, along with any other information that you include in your Profile. The information that you provide in the content you post in public areas of our Site and Application(s), and your Profile, will be visible to others, including anonymous visitors to the Site and Application(s).
- We retain information on your behalf, such as files and messages that you store using your Account.
- When you post tips and comments within the Application(s) or on our Site the information contained in your posting will be stored on our servers, and other users will be able to see it.
- When you participate in one of our surveys, we may collect additional profile information.
- If you participate in a sweepstakes, contest or giveaway on our Site or in our Application(s), we may ask you for your e-mail address and/or home number (to notify you if you win or not). We may also ask for first and last names, and sometimes post office addresses to verify your identity. In some situations we may need additional information as a part of the entry process, such as a prize selection choice. These sweepstakes and contests are voluntary. We recommend that you read the rules for each sweepstakes and contest that you enter.
- We may also collect Personal Data at other points in our Site or Application(s) that state that Personal Data is being collected.
(b) Information Collected via Technology.
- Information Collected by Our Products. If you use our Products, our Products will collect Food Data. When you sync our Sensor with our Application(s), (i) the Product will upload Food Data to our Application(s) and (ii) our Application(s) will note that you used a Capsule to test for the Food Data.
- Information Collected by Our Servers. To make our Site and Services more useful to you, our servers (which may be hosted by a third party service provider) collect information from you, including your browser type, operating system, Internet Protocol (“IP“) address (a number that is automatically assigned to your computer when you use the Internet, which may vary from session to session), domain name, and/or a date/time stamp for your visit.
- Information About Your Mobile Device. If you use our Services on your mobile device, including through our Application(s), we may collect your Sensor’s battery level, the version of iOS used by your device, the serial number and firmware version of your Sensor, the signal strength of your mobile device, notifications regarding errors related to your Sensor or mobile device, your Test Results, and other relevant diagnostics that come from syncing the Sensor with your mobile device, such as temperature and time of readings.
- Log Files. As is true of most websites and applications, we gather certain information automatically and store it in log files. This information includes IP addresses, browser type, Internet service provider (“ISP“), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information to provide, modify, or enhance the Services; analyze trends; administer the Site; track users’ movements around the Site; gather demographic information about our user base as a whole; and better tailor our Services to our users’ needs. For example, some of the information may be collected so that when you visit the Site or the Services again, it will recognize you and the information could then be used to serve advertisements and other information appropriate to your interests. We may also link this automatically collected data to your Personal Data to identify and fix errors that you experience.
- Pixel Tags. In addition, we use “Pixel Tags” (also referred to as clear Gifs, web beacons, or web bugs). Pixel Tags are tiny graphic images with a unique identifier, similar in function to Cookies, that are used to track online movements of web users. In contrast to Cookies, which are stored on a user’s computer hard drive, Pixel Tags are embedded invisibly in web pages. Pixel Tags also allow us to send e-mail messages in a format users can read, and they tell us whether e-mails have been opened to ensure that we are sending only messages that are of interest to our users. We may use this information to reduce or eliminate messages sent to a user. We do not tie the information gathered by Pixel Tags to our users’ Personal Data.
- How We Respond to Do Not Track Signals. We do not currently respond to “do not track” signals or other mechanisms that might enable consumers to opt out of tracking on our Site.
- Mobile Services. We may also collect non-Personal Data from your mobile device if you have downloaded our Application(s). This information is generally used to help us deliver the most relevant information to you. Examples of information that may be collected and used include how you use the Application(s) and information about the type of device you use. In addition, in the event our Application(s) crashes on your mobile device, we may receive information about your mobile device model software version and device carrier and associate such information with your Personal Data so that we can identify and fix bugs and otherwise improve the performance of our Application(s).
(c) Information Collected from You About Others. If you decide to invite a third party to create an Account, visit our Site, download our Application(s), or purchase any of our Products, we will collect your and the third party’s names and e-mail addresses in order to send an e-mail and follow up with the third party. We rely upon you to obtain whatever consents form the third party that may be required by law to allow us to access and upload the third party’s name and e-mail address as required above. You or the third party may contact us at firstname.lastname@example.org to request the removal of this information from our database. As part of your use of the Services, we provide you the opportunity to connect automatically with your friends. We employ various techniques in order to facilitate friends finding each other on our service, including offering contact importer tools to facilitate adding to your contacts (including contacts in your address book) so that you can more readily ask your contacts to join and communicate with you through the Services. With your permission, we will access your address book, call log and SMS log, and import your contacts’ names, e-mail addresses, phone numbers, image, and geographic location to facilitate automatic connection with your friends. We do this only for contact matching to help your friends and you find each other. Also, when you invite friends to the Services, we will access your Address Book and we will import your contacts names and phone numbers in order to facilitate the invitation. The e-mail that is sent to your friends will come from your e-mail address so that your friends know that you want to invite them to visit the Site. We do not store any passwords you provide as part of the contact import process. We also collect some settings that help us to interpret your data, such as the language and keyboard settings that you have established, and the phone’s carrier, mobile network code and mobile country code.
- Use of Your Personal Data
(a) General Use. In general, Personal Data you submit to us, including but not limited to Food Data that is collected from our Products and uploaded to our Application(s), is used to respond to requests that you make, to aid us in serving you better, and to provide the Services to you. We use your Personal Data in the following ways:
- facilitate the creation of and secure your Account on our network;
- identify you as a user in our system;
- provide improved administration of our Site, Application(s) and Services;
- provide the Services you request;
- improve the quality of experience when you interact with our Site, Application(s), and Services;
- track your purchases of our Products and the status of your supply of Capsules;
- create, and make available to users of our Site and Services, a catalog of food items that have been tested using our Products, which may include Food Data;
- send alerts, reminders, and other notifications to you (e.g., reminders to charge your mobile device or purchase more capsules when your supply runs low);
- tailor our Products and Services to your interests;
- send you a welcome e-mail to verify ownership of the e-mail address provided when your Account was created;
- send you administrative e-mail notifications, such as security, or support and maintenance advisories;
- respond to your inquiries related to employment opportunities or other requests;
- send newsletters, surveys, offers, and other promotional materials related to our Services and services made available by third parties and for other marketing purposes of Nima.
(b) User Testimonials and Feedback. We often receive testimonials and comments from users who have had positive experiences with our Services. We occasionally publish such content. When we publish this content, we may identify our users by their first and last name and may also indicate their home city. We obtain the user’s consent prior to posting his or her name along with the testimonial. We may post user feedback on the Site from time to time. We will share your feedback with your first name and last initial only. If we choose to post your first and last name along with your feedback, we will obtain your consent prior to posting you name with your feedback. If you make any comments on a blog or forum associated with our Site, you should be aware that any Personal Data you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the personally identifiable information you choose to submit in these blogs and forums.
(c) Creation of Anonymous Data. We may create Anonymous Data records from Personal Data by excluding information (such as your name) that makes the data personally identifiable to you. We use this Anonymous Data to analyze request and usage patterns so that we may enhance the content of our Services and improve Site navigation. We reserve the right to use Anonymous Data for any purpose and disclose Anonymous Data to third parties in our sole discretion.
(a) Users of our Services. When you use the Services, the Food Data you provide, together with your Profile, will be shared with all users of the Services. If you include Personal Data in your Profile, the Food Data you provide will also be Personal Data.
(b) Users. We will share your Personal Data with other users solely for the purpose of providing the Services.
(c) Third Party Service Providers. We may share your Personal Data with third party service providers to: provide you with the Services that we offer you through our Site, including fulfilling orders, processing credit card payments, or other functions necessary for our business; to conduct quality assurance testing; to facilitate creation of accounts; to provide technical support; and/or to provide other services to Nima. These third party service providers are required not to use your Personal Data other than to provide the services requested by Nima, and have appropriate contractual controls to bind such third parties.
(g) Information You Make Public. Certain portions of the Services are open to any user, such as our community forums, your Profile, and any Food Data associated with your Profile. Any information you post in these locations will be available and accessible to other users of the Services. In addition, the Services contain features that permit you to upload, post, transmit, display, perform or distribute content, information or other data, including your Personal Data. Any information that you choose to disclose by means of such features becomes public information. You should exercise caution when deciding to disclose your Personal Data by means of such features, and you agree to assume all responsibility for doing so.
(i) Information We Don’t Collect or Use. Nima does not collect any employment eligibility, promotion, or retention; credit eligibility; healthcare treatment eligibility; and insurance eligibility, underwriting, and pricing information via our Site or from Protected Information.
- Third Party Websites and Information We Receive From Partner Companies.
We may receive Personal Information about you from other sources like mobile device, tablet, internet services, public posts, third party websites or otherwise from companies that provide our services by way of a co-branded or private-labeled website (“Partner Companies“), and for some of our Services, this includes location based services applicable for certain features in the Services. If you choose to disable location based services some features of the Services may not work properly. We may add this information to the information we have already collected from you via our Website or Services in order to improve the products and services we provide.
- Your Choices Regarding Your Information. You have several choices regarding use of information on our Services:
(b) Cookies. If you decide at any time that you no longer wish to accept cookies from our Service for any of the purposes described above, then you can instruct your browser, by changing its settings, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. Consult your browser’s technical information. If you do not accept cookies, however, you may not be able to use all portions of the Service or all functionality of the Service. If you have any questions about how to disable or modify cookies, please let us know at the contact information provided above.
(c) Location Information. If you do not want location information collected by us, you can disable location services on your mobile device.
(d) SNS Information. You may also manage the sharing of certain Personal Data with us when you connect with our Services through an SNS or de-link your SNS account from our Services. Please refer to the privacy settings of the SNS to determine how you may adjust your permission settings and manage the interactivity between the Services and your SNS account.
(e) Changing or Deleting Your Personal Data. You may change any of your Personal Data in your Account by sending an e-mail to email@example.com. You may request deletion of your Personal Data by us, and we will use commercially reasonable efforts to honor your request, but please note that we may be required to keep such information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete any information, it will be deleted from the active database, but may remain in our archives. We may also retain your information for fraud or similar purposes.
(f) Push Notifications. If you wish to stop receiving push notifications for any Application(s), you can use your mobile device’s standard process to turn off push notifications by changing the application settings on your mobile device.
(g) Applications. You can stop all collection of information by the Application(s) by uninstalling the Application(s). You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network. Uninstalling the Application(s) will stop collection of any new information by the Application(s) but will not delete any prior Personal Data already collected by us (“Prior Personal Data“). If you wish to delete any Prior Personal Data, please contact us at firstname.lastname@example.org and we will delete such Personal Data in accordance with Section 9(e). If you reinstall any Application(s) at a later date, your Prior Personal Data will not be associated with any new information collected by such Application(s) until you login to your Account through such Application(s). If you login to your Account through such Application(s), to the extent your Prior Personal Data remains in our active database, your Prior Personal Data will be associated with any new Personal Data collected by such Application(s).
- To share Personal Data with third parties or to make Personal Data public.
- For secondary uses of Personal Data that are incompatible with the primary purpose of the app or service.
Express consent may be obtained through our device, app, Site or Services directly; or by a platform like Apple iTunes or other third party requesting on behalf of the device, app, Site or Services.
If Nima were to share Personal Data with a third party, Express Consent would be obtained:
- At the point of sharing;
- As part of the download or installation flow, but before data is collected; or
- Via a separate process where the individual user provides the third party with express consent to access the data.
Express consent may be withdrawn by the user at any time, without affecting the previously collected and processed covered data.
- Security. Nima is committed to protecting the security of your Personal Data. We use a variety of industry-standard security technologies and procedures to help protect your Personal Data from unauthorized or unlawful access, use, or disclosure and against accidental loss or destruction of, or damage to, such Personal Data. Nima has implemented industry-standard electronic means of protecting your Personal Data. We store Personal Data behind a computer firewall, a barrier designed to prevent outsiders from accessing our servers, and we have implemented technology to detect intrusions. We also require you to enter a password to access your account information. In addition, Nima protects your Personal Data from unauthorized physical access by storing your Personal Data in a controlled facility.
Even though Nima has taken significant steps to ensure that your Personal Data is not intercepted, accessed, used, or disclosed by unauthorized persons, you should know that Nima cannot fully eliminate security risks associated with Personal Data.
- Enforcement. Nima remains committed to implementing internal processes and procedures reasonably designed to (1) address privacy risks related to the development and management of new and existing products and services for users, and (2) protect the privacy and confidentiality of Protected Data. If you have any questions or suggestions about the security or enforcement of your Personal Data, you can contact us at email@example.com.
Nima Labs, Inc.
2121C Harrison Street
San Francisco, CA 94110
Privacy & Terms Team