1. What is GDPR
1.1 GDPR definition and purpose
GDPR stands for General Data Protection Regulation (GDPR), and it replaces the Data Protection Directive 95/46/EC.
GDPR constitutes European Union legislation and is designed to make data privacy laws more consistent across the European Union, and to grant more rights to individuals about how their personal data is handled by organizations.
1.2 When does GDPR come into effect?
The GDPR comes into effect on May 25, 2018. The policies and procedures detailed in this document will be effective from May 25, 2018 onwards.
1.3 What is personal data?
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person.
Examples may include an individual's name, email address, bank details, medical information, computer IP address, etc.
1.4. Who does GDPR apply to
The GDPR affects organizations in the European Union, and any other organization holding personal data of EU residents, or offering goods/services to EU residents regardless of the location of the organization.
2. Data processors and controllers
GDPR Article 4 defines a data processor as:
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Most of Mealplana's users, including nutritionists, dietitians, health and fitness professionals will qualify as "data controllers" under GDPR.
One of the key aspects, from the point of view of a controller looking to comply with GDPR, is to partner with "data processors" in such a way that personal data is treated in a way compatible with the regulation.
At Mealplana, we are data processors for nutritionists and dietitians that work with client/patient data. Our main goal is to allow users of our software to securely store, access, manipulate, and (when required) delete client data.
According to GDPR article 28:
Where processing is to be carried out on behalf of a controller, the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.
2.2 Mealplana's duties as a data processor
Mealplana helps users comply with GDPR by:
- Enforcing technical and administrative security measures so that data is secure (e.g. data encryption at rest and transit, data backups, logging, etc).
- Enabling the user to satisfy individuals' rights – client requests to:
- Delete all their data in Mealplana (Right to be forgotten)
- Download a copy of all their data in Mealplana in a computer format (csv and/or json)
- Download a human-readable copy of their data (e.g. meal plans)
- Breach notification within 72 hours as specified by GDPR Art. 33. Read more below.
- Other measures as detailed in this document.
Details of how Mealplana achieves/enables the points listed above are collected in this article
Mealplana will safeguard user data and not disclose it to third parties unless consent is given by the owner of the data, or unless it is in accordance to our policies. We keep the data on behalf of the user (e.g. nutritionist, dietitian, health professional) but we do not use it directly for any commercial purposes, research purposes, or for any other pursuit that would endanger the privacy/security of the data.
Processors/sub-processors can only process personal data on behalf of data controllers when authorized to do so by the controllers. That means there cannot be any initiatives for using personal data when Mealplana has no clear mandate (GDPR Article 29).
Mealplana, as a data processor, has the duty to cooperate with the supervisory authority (ICO) when asked to do so (GDPR Article 31).
Article 28 continues to underline the obligations of Processors in section 28.3(f):[The Processor is required to] assist the controller in ensuring compliance with the obligations pursuant to Article 32 – 36
2.3 Mealplana's subcontractors/partners
Another consideration with regards to GDPR compliance is that a "data processor" can outsource or delegate some of its work to yet another "data processor" (or subprocessor). The regulation mandates that this will only be permissible when the subprocessor also adheres to GDPR regulation.
At the moment, Mealplana partners mainly with Google, Microsoft, and Amazon, all compliant. We use Google for email, calendar, file storage, Analytics, Adwords, and we use Microsoft for code version control with Azure DevOps. We use AWS for hosting, and to deliver phone verification sms codes and transactional emails.
Click here to read more about Microsoft's compliance: https://www.microsoft.com/en-us/TrustCenter/CloudServices/Azure/GDPR
Click here to read about Amazon Privacy: https://www.amazon.co.uk/gp/help/customer/display.html/ref=gss?nodeId=502584
Other partners of Mealplana that may have access to a small subset of user personal data include Stripe.
Stripe is used mainly for proccessing payments for the use of Mealplana's software, and it can hold the user's billing information. Stripe is secure and we require it for billing.
3. What data does Mealplana hold and how it is used
This section describes what data Mealplana stores, where the data is shared, what is the lawful basis (Art. 5-6 GDPR) for using the data, and which third-parties may have access to it.
Mealplana stores, transmits, created or manages the following kinds of data:
- Nutritional information and other non-personal data
- User data
- User's clients' data
- Data stored in third-party services
- Cookies data
- Web visitor data
Mealplana's servers and data are located in West Europe and managed by AWS.
3.1. Non-personal data
This includes food nutrition data, recipes, meal plans, and other nutrition related data, as well as admin-related data that is not considered "personal data" under GDPR.
3.2. User data
When a user signs up to use Mealplana, we store the following data:
- User's full name
- user's email address
- user password (hashed)
- user payment token*
- user phone number, company address, company logo (if optionally provided by user)
- user settings (e.g. timezone, layout preferences, calendar preferences, and other non-personal data)
*payment token: We use Stripe in order to bill our clients for the use of our software service, Mealplana. Stripe is a leading online payments processing company that is PCI compliant and has strict security standards.
When a user enters their billing information in Mealplana, this data is send securely to Stripe. Then, Stripe stores this data securely and returns a payment token to Mealplana. This payment token is a unique identifier that links the user at Mealplana with their corresponding Stripe account.
Using the payment token system means that Mealplana does not have access to a user's card number, or CVC/CVV code. This sensitive information is stored securely by Stripe.
All user data mentioned above is provided explicitly by the user when they register to use Mealplana. The user provides this information directly, by filling a form.
The user's name, email, password, and billing information (payment token) are required to use the service and manage billing - this constitutes the lawful basis for collecting this information. On the other hand, the phone number, company address, and logo are optionally provided by the user in a form. A user's company address may be used in invoices if necessary.
We only use the phone of the user if there is a need to communicate an urgent concern regarding their account (e.g. if we suspect there has been a security incident), for occasional technical support if required, or to verify a user's identity in some instances when the user requests an important change to their account (e.g. changing their email). Crucially, we do not use phone numbers/addresses for marketing purposes, such as cold-calling or mailing offers to users unless we have gained explicit permission from the user. A user's phone number can be provided optionally.
We share the user's name, email address, billing information, and company address with Stripe in order to manage the user's billing. For more information about Stripe's security policies, please check https://support.stripe.com/
Data held in Stripe is also used for accounting purposes and to comply with tax laws. In the event of sharing billing information with an accountant or financial advisor, we will always share the minimum amount of information required for the purposes of accounting/tax or other financial-related tasks to be carried out by a professional.
We don't share a user's data with any other third parties, unless explicit permission is provided by the user or unless the specific case is covered in our policies. Some of our subcontractors may delegate some of their tasks/services to yet other subcontractors, but our subcontractors are contractually bound to maintain security and data privacy.
Users can access their data by login in with their email/password at any time. Users can also download all their data in bulk at any time, or request the permanent deletion of all their data.
3.3. User's clients' data
Mealplana allows users (typically nutritionists and dietitians) to store data about their own clients or patients.
Mealplana users have the freedom to create and manage any kind of data in the system. Mostly, data will be entered in the form of plain text, formatted text, images, or links to websites, although it could include voice recordings and media in some instances.
The above said, the most noteworthy kinds of personal data users typically create in Mealplana will include:
- patient name, gender, date of birth
- patient height, weight, and other anthropometric measurements
- contact numbers, addresses, email
Mealplana has security measures and processes in place to ensure data entered by users is secure. Some of these measures include encryption, data backups, redundancy, firewalls, etc.
Mealplana acts as a processor and stores data entered by the user on their behalf. Mealplana does not use personal client/patient data entered by users of any ends other that safely storing the data and making it available to the user. Mealplana staff can only access a user's clients' data when permission is given by the user so that a technical support issue can be investigated (e.g. a particular client record or component of the software is not loading properly, or a data backup must be restored for a particular client).
It is the responsibility of the user to obtain proper consent from their own clients/patients to enter their data into Mealplana (or any other system for that matter). In the case of children, the user should receive consent from the parents or legal guardian before processing a child's data. In case of doubt, the user should seek professional legal advice and consult the GDPR legislation.
To facilitate the user's compliance with GDPR, Mealplana easily allows users to access, create, edit, and delete their client's data. For instance, Mealplana software easily allows users to amend or edit any of their client's details if they are incorrect or if the client requests it. The user can also readily download a copy of all of their client's data or permanently delete all data associated with a particular client – this is typically referred to as the right to be forgotten).
3.4 Data stored in third-party services
3.4.1 Google Analytics and Adwords
We use "Google Analytics", a web analytics service provided by Google LLC. (“Google”). Mealplana uses Google Analytics in most of the web pages under the Mealplana.com domain. Google Analytics collects statistical information about the website by using cookies. This data is used by Mealplana to learn about how users interact with the website, e.g.:
- which pages receive more traffic
- which buttons in the website are clicked more often
- from which countries does the traffic come from
Mealplana also uses Google Adwords to show Google Search ads for specific keywords. E.g. when someone searches in Google for "meal planning software", Mealplana may show up as an ad in the Google search results. Mealplana only keeps track of anonymized data via Analytics and Adwords:
- websites visited
- countries where the traffic originates
- conversion tracking (when certain webpages are visited an anonymous conversion is recorded)
Mealplana uses Google Analytics and Adwords in a way that is compliant with GDPR because Mealplana does not collect any personally identifiable (PII) data via Google Analytics or Adwords. Since GDPR grants rights to individuals with regards to their PII, these rights do not apply in the case of Google Analytics or Adwords data for Mealplana.
Mealplana ensures IP anonymization is enabled before sending data from Mealplana to Google Analytics. This is a process where the IP address of a visitor to Mealplana's website (which could constitute PII) is modified so that it cannot be used to identify an individual. The following page explains this process in detail: https://support.google.com/analytics/answer/2763052?hl=en
Mealplana is the sole operator of the Google Analytics and Adwords accounts we use to keep track of the data described in this section. We do not work with any agencies to take care of our Google Analytics or Adwords accounts. The only personnel that has access to the Google Analytics and Adwords accounts is Mealplana's top management.
You can prevent the installation of cookies by changing the settings of your browser. Please note, however, that this may prevent some of our services’ feature from working correctly. Alternatively you can prevent the collection of the cookie data and your website usage data (including your IP address) by Google and the processing of such data by Google by downloading and installing a browser plugin available at: http://tools.google.com/dlpage/gaoptout.
Other ways in which we ensure there is no PII sent to Google Analytics and Adwords are:
- We periodically audit the data in Google Analytics and Adwords to ensure no personal information is being collected
- We keep it simple, we mostly just track statistical information such as the number of visits to pages within Mealplana and the number of times some buttons in the page are clicked
- We don't send names, emails, usernames, user ids, phone numbers to Google Analytics or Adwords or any other pieces of data that could constitute PII.
Mealplana has accepted all relevant data protection agreements and contracts related to GDPR with Google.
Google Analytics' Data Collection for Advertising Features options are switched off for Mealplana's Google Analytics account. This means Google Analytics is configured to not track remarketing data in our account.
Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
The data collected by Google associated to cookies, user IDs oder advertising IDs will be deleted automatically after 14 months.
You can also learn about online advertising in this website: http://www.youronlinechoices.com/
Mealplana websites can contain embedded Youtube videos, typically for providing demos of the software. Whenever Mealplana embeds a Youtube video, the privacy-enhanced mode is always enabled.
Quoting from Google:
When you turn on privacy-enhanced mode, YouTube won’t store information about visitors on your website unless they play the video.
For more information, please check: https://support.google.com/youtube/answer/171780
Youtube is owned and operated by Google. As mentioned previously, Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
3.4.3 Amazon Web Services (AWS)
Mealplana uses AWS to host the servers and databases that contain the code and data required to run the platform. Security and privacy measures are in place to ensure the safety and confidentiality of the data and systems.
Mealplana uses AWS to send sms codes in order to verify the phone number of users. Amazon may receive other basic web data for debugging/security purposes (e.g. the clients' browser version, operating system, time of the day, preferred language, ip address, etc).
We may also use AWS SES (simple email service) to deliver transactional emails from the application to users or clients. The minimum required amount of data for this functionality to work is sent over to Amazon.
3.5 Cookies data
Cookies are small files stored on a user's computer/device. When you visit most websites, your device will automatically download and store cookies.
In the context of a website, the purpose of cookies is to hold data that is specific to the visitor. Typically, this will allow servers to send a tailored website to each user, or to show/hide relevant information automatically based on the data contained in the cookies.
Cookies can be separated into essential and non-essential. Essential cookies are required in order to provide the user with the information they have requested from the website. For example, in order to login for most online services, cookies will typically be required.
You can check our cookies policy at https://docs.mealplana.com/hc/en-us/articles/5575460075921-Cookies-Policy to learn more.
3.6 Web visitor data
When any user visits Mealplana's websites, our systems automatically record some data that the web browser sends us, including:
- IP address
- browser used
- operative system
- pages visited
- referrer website
- time spent in website
This data is automatically logged and stored securely in Mealplana's systems. We typically only use web visitor data to investigate technical support issues upon request. We also need to track this data to investigate potential cyberattacks, spam attacks, or any other harmful/suspicious activity that may happen in our website.
4. Individuals' Rights and requests
GDPR grants individuals the following rights (Art. 15-21 GDPR) with regards to their personal data:
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object;
- the right not to be subject to automated decision-making including profiling.
Mealplana informs its users via its public policies and documents, as well as other information in its website. Details on how to download or delete data can be found in our docs at https://docs.mealplana.com/
Almost all data access, rectification, deletion, and portability can be achieved in a self-service manner by the use of the Mealplana software. For those instances where the user cannot take one of the actions listed above regarding their data, the user can always contact email@example.com to ask for help. The user can expect to obtain a reply within 72 hours (GDPR allows a period longer than this), and for their query to be addressed in a timely manner.
When it comes to a user's clients' data, Mealplana acts as a data processor on behalf of the user. It is the responsibility of the user to grant their own clients/patients rights in compliance with GDPR. Mealplana provides tools so that the user can easily rectify, download, erase and access any particular client's data.
So, for example, if a user's client asks for all their data in Mealplana to be deleted (a right that GDPR grants individuals) the user can click a few buttons in their Mealplana dashboard to achieve this task.
When data is downloaded/exported from Mealplana, it is typically in a common computer format. Currently, csv, json, and/or html.
Mealplana will provide the right for download/erasure of data as described in this section free of charge, as long as requests are not excessive or abusive from part of an individual or organization.
Mealplana will not comply with any requests for handling data as described in this section unless the identity of the person requesting the data can be verified (typically by email sender, or by the user being authenticated to the software). This is to prevent unauthorized access/modification of data by third parties.
Finally, the user has the right to complain to the ICO (in the UK) or to the corresponding organization in their own country or the corresponding European body if there are any concerns in the way Mealplana handles data, or if there are any suspicions that Mealplana may be using the data it collects in an unfair way. More details below.
It is the responsibility of the user to obtain proper consent from their clients/patients when entering their data in Mealplana.
When it comes to children data, it is the user's responsibility to obtain consent from the child's parents or legal guardian(s) before entering their data in Mealplana.
As a general rule, data can only be accessed with explicit consent from the individual.
6. Data Protection Officer
The data protection officer at Mealplana is Diego Oliveira Sanchez. Diego can be contacted at firstname.lastname@example.org for any queries regarding GDPR.
7. Data breaches
Mealplana will endeavor to its best efforts to make sure the right procedures are in place to detect, report and investigate a personal data breach.
Data breaches which may pose a risk to individuals must be notified to the DPA within 72 hours and to affected individuals without undue delay (GDPR Art. 33).
Some examples of a data breach that could pose a risk to individuals include: a breach that could result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage.
You can read Mealplana's GDPR breach policy at the following link: https://docs.mealplana.com/hc/en-us/articles/5580647088913-Mealplana-GDPR-Breach-Policy
8. Data Protection by Design and by Default
Data protection, privacy, and security, are priorities for our software development team. Whenever a new feature or improvement is designed or planned, data protection implications are considered first.
For example, there has been a few instances in the past where some practical features for the software were considered, but there were not implemented due to lack of enough guarantee of security. Even if a feature would be nice to have in Mealplana, we won't implement it unless we have enough certainty that it will protect data privacy and security.
Prior to GDPR, many companies failed to prioritize security and privacy, and thought of privacy considerations afterwards. This approach can lead to many more security incidents, breaches, and policy violations.
At Mealplana, we consider security and privacy first when introducing any substantial change or new feature to the software.
Mealplana shall take measures to ensure sufficient level of security processing (GDPR Article 32).
9. Complaints and queries
If you have any question about your data, your privacy rights, or the contents of this article, you can contact email@example.com to ask.
If you have any complaints about the way your data is handled, or about your privacy rights with regards to Mealplana, you have the right to file a complaint with the Information Commissioner's Office (ICO) (Art. 77 GDPR). Mealplana is a registered organization with ICO.
Mealplana carries out activities on several EU member states, but our main establishment is in the United Kingdom. As such, our lead data protection supervisory authority is the UK's ICO.
Call our helpline on 0303 123 1113 (local rate – calls to this number cost the same as calls to 01 or 02 numbers).
If you're calling from outside the UK, you may not be able to use our 03 number, so please call +44 1625 545 700.
Our normal opening hours are Monday to Friday between 9am and 4:30pm (excluding bank holidays).
10. Security and privacy training
Mealplana staff and subcontractors undergo security and privacy training upon joining the company.