Privacy Policy

Effective date: March 25, 2025

This Privacy Policy explains how personal data is processed by Arcaisoft s.r.o. in connection with the Nutrixo website and mobile application, and describes your rights under the GDPR (Regulation (EU) 2016/679).

1. Controller

Arcaisoft s.r.o.

  • Tax ID: CZ09669990
  • Registered address: Mahenova 164/2, Košíře, 150 00 Prague
  • Company registration: C 340107/MSPH, Municipal Court in Prague
  • Contact email: ondrej.kokes@arcai.cz

2. What data we process

We process data you provide through the mobile application or web interface, and information entered into the software about users/clients/participants and their nutritional intake.

Examples of personal data may include

  • Identification and contact details (e.g., name, address, date of birth/age, phone, email).
  • Nutritional and related records (e.g., food intake, allergies/intolerances, and related notes).
  • Meal photos uploaded voluntarily for dietary tracking/analysis.

3. Purposes and legal bases

A. Nutritional analysis and client/participant management

We process data to provide nutritional analysis and enable use of the application features.

  • Legal basis: performance of a contract and/or pre-contract steps; legitimate interests in providing and improving services.
  • Special category data (e.g., health-related): processed where applicable based on explicit consent and/or lawful bases for research/scientific purposes with appropriate safeguards.
  • Retention: typically for as long as the account/cooperation is active and for a reasonable period afterward (e.g., up to 2 years), unless longer retention is required by law.

B. Legal obligations

We may process data to comply with legal duties (e.g., accounting and tax requirements).

  • Legal basis: compliance with legal obligations.
  • Retention: as required by applicable law (often 5–10 years depending on the obligation).

C. Legitimate interests

We may process data for purposes such as protecting legal rights, service improvement, and continuity of client relationships.

  • Legal basis: legitimate interests.
  • Retention: commonly up to 3 years after the end of cooperation or last meaningful contact (e.g., for dispute handling or renewed cooperation).

D. Consent

Where processing is based on consent, you can withdraw consent at any time. Withdrawal does not affect processing carried out before withdrawal. If some processing is based on another legal basis (as above), we may continue processing for those specific purposes.

4. Sharing data with third parties

We share personal data only with trusted processors necessary to operate the service and meet contractual/legal obligations. Processors are bound by appropriate agreements and process data on our instructions.

Current recipients (examples)

  • OpenAI – for voluntary meal image analysis via API (role: processor; purpose: AI-powered meal photo analysis).
  • Vedos – hosting/cloud infrastructure provider (role: processor; purpose: secure hosting and storage).

We may also disclose data to public authorities where required by law (e.g., inspections, audits, investigations). If we add new processors in the future, we will update this policy accordingly.

5. Your rights

Under GDPR, you may exercise these rights by contacting ondrej.kokes@arcai.cz:

  • Right of access (confirmation and access to your data and information about processing)
  • Right to rectification (correction of inaccurate/incomplete data)
  • Right to erasure (“right to be forgotten”, subject to legal exceptions)
  • Right to restriction of processing
  • Right to data portability
  • Right to object (especially where processing is based on legitimate interests; marketing objections always stop marketing processing)
  • Right to withdraw consent (where consent is the basis)

6. Complaints

If you believe your rights have been violated, you can lodge a complaint with the supervisory authority: Czech Office for Personal Data Protection (ÚOOÚ).

7. Contact

If you have questions about this policy or how data is processed, contact: ondrej.kokes@arcai.cz

This page is provided for informational purposes and reflects the content of the privacy policy document.