1. Introduction

This Data Protection Regulation outlines the principles and procedures for handling user data within the Booonjour App ("the App"). It ensures compliance with global data protection laws such as the General Data Protection Regulation (GDPR) and other relevant privacy frameworks.

2. Data Collection

We collect and process user data to provide personalized nutrition recommendations. The data collected includes:

• Personal Information: Name, age, gender, height, weight.
• Health Data: Dietary preferences, allergies, medical conditions (if provided).
• Usage Data: App interactions, session duration, and analytics.
• Device Information: IP address, device ID, OS version.

3. Purpose of Data Processing

The collected data is used for the following purposes:

• Providing personalized nutrition recommendations.
• Analyzing user health trends to improve services.
• Enhancing user experience through tailored content.
• Complying with legal and regulatory requirements.

4. Legal Basis for Processing

Data is processed based on:

• User Consent: Explicit consent is obtained before collecting and processing personal and health-related data.
• Legitimate Interest: Data processing is necessary for app functionality and service improvement.
• Compliance with Legal Obligations: Adherence to applicable laws and regulations.

5. Data Storage and Security

• All user data is encrypted both in transit and at rest.
• Data is stored in secure cloud infrastructure with restricted access.
• Multi-factor authentication (MFA) and role-based access control (RBAC) are implemented for data access.
• Regular security audits and vulnerability assessments are conducted.

6. Data Sharing and Third-Party Services

• User data is not shared with third parties without explicit consent.
• Third-party integrations (e.g., payment gateways, analytics) comply with data protection laws.
• Anonymized data may be used for research and statistical purposes.

7. User Rights

Users have the following rights regarding their data:

• Access: Request a copy of their stored data.
• Correction: Modify incorrect or incomplete data.
• Deletion: Request the removal of personal data.
• Data Portability: Obtain their data in a structured, machine-readable format.
• Withdraw Consent: Stop further data processing at any time.

8. Data Retention Policy

• Personal data is retained only as long as necessary for service provision.
• Health-related data is deleted upon user request or after account inactivity of 12 months.
• Backups are securely stored and automatically purged after 30 days.

9. Children’s Privacy

• The App is not intended for users under 16 years of age.
• Parental consent is required for data processing if applicable.

10. Policy Updates and User Notification

• This policy is reviewed periodically and updated as necessary.
• Users are notified of significant changes through in-app notifications or email.