This notice sets out the basis on which we collect, use, and share any personal data relating to you, or that you provide to us in relation to your use of our app ‘Able’ (“App”).
Who are we?
Ruby Labs has a global presence with legal entities in different
territories. The entities covered by this notice are set out below and
references to "we", "our" or "us" are references to these entities:
Rlabs
America Inc, with company number 4311809, and registered office at
North Franklin Street, Wilmington, Delaware 19802, USA.
For personal data collected from residents in California, we are the business with respect to your personal data. This means we are responsible for the purposes and means of processing your personal data. “Personal data” as used in this notice shall have the meaning ascribed to it under data protection laws and may also be defined as “personal information” or “personally identifiable information.”
If you have any questions about this privacy notice, please submit a request to our Help Center at help.ableapp.com, or by emailing us at [email protected]. Our privacy official is Ana Handley, Director of Customer Service, and can be emailed using our support email: [email protected]. If you are a Nevada resident or a California resident, please see additional disclosures at the end of this notice.
Who does this privacy notice apply to?
This privacy notice applies to all users of the App. It does not form part of our contract to provide services. By using the App, you agree to our EULA. If you do not agree to our EULA or with our collection, use, and disclosure practices as described in this notice, discontinue the use of the App.
Personal data we collect
When you register with our App you will be asked to provide information about yourself including your goals, habits, and body profile. This information is required to enable the App features to function properly and so that the lifestyle suggestions provided to you in the App are relevant to you and your goals. Our App is not a healthcare or medical app but some of the information you will be asked to provide may be considered data concerning your health (such as your weight). We’ll ask for your express consent to use this data for the purposes of the App. We’ll also ask you for the necessary information for account login and administration purposes. Passwords are hashed for security. In addition, we will collect the following types of data where we ask you for them and you then provide such data to us: contact data such as first and last name, email address, and street address, and demographic data, such as gender.
Information is collected by third-party SDKs (i.e. software development kits) on the App and our website providers, rather than being collected by us directly. This includes the following categories of data: identifiers (such as user IDs and device IDs); usage data (such as your interactions with the App); diagnostics (such as crash logs); contact information (such as your name and email); and health and fitness information (which you input into the App). This information is shared to allow the App to operate, for analytics and product personalization purposes and to run efficient marketing campaigns. To see how they use this information please refer to their privacy policies. We have provided links to these. For California residents, see additional rights you may have with respect to this sharing of information in the “Additional disclosures for California residents” section below.
Analytics & Tracking providers
Other third-party service providers
SDKs related to advertising
Where you purchase a subscription directly from us (or our group companies) on our website, you may be asked for your credit card, PayPal details, or details of other payment methods that we permit from time to time. We don’t have access to your credit card data. Credit card data is tokenized for security and processed by our third-party Payment Card Industry Data Security Standard (PCI DSS) certified payment processors.
Interactions with Other Parties. The App includes links that hyperlink to websites, platforms, and other services not operated or controlled by us. We may embed an SDK to allow you to “like” or “share” content through social media. We may also offer our content through social media. Any information you provide to us when you engage with us through social media (such as our brand page or chat function) will be treated in accordance with this Privacy Notice. Also, if you publicly reference our App on social media (e.g., by using a hashtag associated with the App in a tweet or post), we may use your reference on or in connection with our App. Please note that when you interact with other parties, including when you leave our App, those parties may independently collect information about you and solicit information from you. The information collected and stored by those parties remains subject to their own policies and practices, including what information they share with us, your rights and choices on their services and devices, and whether they store information in your country of residence or elsewhere. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.
Our lawful basis or business purposes for using your personal data and PHI
In accordance with applicable data protection law, we will only process your personal data where we have a lawful basis for doing so or for our business and commercial purposes. In respect of your personal data, these bases are: (i) where it is necessary to provide services to you under the performance of the contract we have with you; (ii) where we are required to do so in accordance with legal or regulatory obligations; (iii) where you have given your consent; and, (iv) where it is in our legitimate interests to process your personal data, provided that none of these prejudice your own rights, freedoms, and interests.
The following is a list of the "Purposes" for which we (including any of our agents, processors, and/or employees) process your personal data and the lawful basis on which we carry out such processing:
Purpose
Lawful Basis
To set up, administer, and manage your account
Necessary for the performance of a contract
To confirm your valid subscription to our App
Necessary for the performance of a contract
To receive and respond to your communications and requests
Necessary for the performance of a contract where such communication relates specifically to our services, otherwise legitimate interests so that we can respond to your query
To notify you about updates to our App and services, including updates to this privacy notice and any terms we have with you
Necessary for the performance of a contract
To carry out market research campaigns
Legitimate interests so that we can better understand the products and services that our customers most enjoy
To prepare statistics relating to the use of our App by you and other customers
Legitimate interests so we can understand the use of, and therefore improve, our App and services
To keep you informed of offers and promotions relating to our services
Legitimate interests where the offers relate to similar or identical goods and services to those you subscribe to and we have offered you an option to opt-out. Consent for any other type of marketing and we will offer an option to opt-in.
To record communications with our customer services representatives for training purposes
Legitimate interests so that we improve our customer services
To send you push notifications on mobile devices where you have agreed to this
Consent
To prevent and address fraud, breach of policies or terms, and threats of harm
Legitimate interests to prevent fraud, breaches of our agreements, and threats of harm
To improve the App and our other websites, apps, marketing efforts, products and services
Legitimate interests so that we can better provide the products and services that our customers most enjoy
In addition to the above Purposes, we will use the information we have collected about you to fulfill any other purpose at your direction or where we have provided you with notice and received your consent. Where we allow third parties to collect and use your personal data in respect of analytics and advertising (including permitting such third parties to access your device advertiser identifier or link data collected from the App with other data for advertising purposes), we will only do so if permitted in your device system settings. You can change this setting as detailed below.
Notwithstanding the above, we may use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we use information about you, please see “Your rights over your personal data” below.
If you don’t provide the personal data we have asked for
Where we have stated that your personal data is used in order to carry out a contract with you or to take steps to enter into that contract, we will need you to provide the personal data requested. If you don’t provide that personal data when we ask for it (or you later request we delete it), we may not be able to respond to you, enter into a contract with you, or meet our obligations to you under that contract. The functionality of certain features of our App depends on us collecting certain personal data so if you do not provide the information required we will be unable to provide the App to you. For example, the information we ask for during onboarding is central to the functionality of the App. You will not be able to use the App without it. If you have any concerns about whether you need to provide your personal data please contact us here.
Where you provide us with health-related data, we will ask for your consent to use that information. You have a right under data protection law to withdraw your consent at any time. We cannot remove part of your profile data. You can contact us using the details from here to ask us to delete your whole profile.
If you use the chat functionality in our App, our coaches will have access to your profile information for the purpose of providing lifestyle and food suggestions to help you reach your goals but you do not have to provide any other specific information about yourself to them, even if prompted. It is your choice what further information you disclose during the course of a chat.
Automated decision-making and profiling
We do not use your personal data to make automated decisions about you. We do use the information you enter into the App to generate a general profile about you based on the information you input into the App from which general lifestyle and food choice suggestions are made. However, this information is guidance only and is based on advice applicable to people who fall into your general demographic and should not be used by you as the basis for any important legal or similarly significant decision. You should always seek professional medical advice before making any significant changes to your diet and exercise practices and in respect of any underlying medical conditions you may have.
Circumstances when we can change the purpose for which we use your personal data
We will only use your personal data for the purposes set out above or for a new reason that is compatible with those original purposes. If we change the purpose for which we use your personal data we will update this privacy notice. If you would like an explanation as to how the new purpose is compatible with the original purpose please contact us.
If we would like to use your personal data for an unrelated purpose, we will notify you and we will explain the new purpose and legal basis which allows us to do this.
HIPAA Compliance Statement:
Ruby Labs is committed to complying with the Health Insurance Portability and Accountability Act (HIPAA). We ensure the confidentiality, integrity, and availability of all PHI we create, receive, maintain, or transmit.
Use and Disclosure of PHI:
We use PHI only for treatment, payment, healthcare operations, or as otherwise authorized or required by law. We will obtain your written authorization for uses and disclosures that are not identified by this notice or permitted by applicable law.
Patient Rights:
You have the right to access and control your PHI. This includes requests to inspect and copy your health information, request amendments, and receive an accounting of disclosures.
Right to File a Complaint:
You have the right to file a complaint if you feel your rights are violated. A complaint can be filed with the U.S. Department of Health and Human Services Office for Civil Rights electronically through the Office for Civil Rights Complaint Portal, available at https://ocrportal.hhs.gov/ocr/portal/lobby.jsf, or by mail or phone at: U.S. Department of Health and Human Services, 200 Independence Avenue, SW, Room 509F, HHH Building, Washington, D.C. 20201, 1-800-368-1019, 800-537-7697 (TDD). Filing a complaint with the U.S. Department of Health and Human Services will not negatively affect the services we provide to you.
Minimum Necessary Use:
We use and disclose the minimum necessary PHI required for the purpose of the use or disclosure.
Business Associate Agreements:
We enter into Business Associate Agreements with third-party service providers to ensure they protect the PHI.
Privacy Officer:
We have designated a HIPAA Privacy Officer responsible for overseeing HIPAA compliance.
Employee Training and Management:
All employees undergo training in HIPAA compliance and are required to follow our privacy policies and procedures.
Data Security:
We implement stringent security measures to protect PHI, in compliance with the HIPAA Security Rule.
Breach Notification:
We have procedures in place to handle any PHI breaches and will notify affected individuals and necessary entities as required by law.
Complaints:
Complaints about our privacy practices can be made to our HIPAA Privacy Officer.
Changes to Privacy Policy:
This policy will be reviewed and updated regularly and changes will be effective immediately upon posting.
Contact Information:
For any privacy concerns, contact our HIPAA Privacy Officer at [email protected]
Acknowledgment of Privacy Practices:
We obtain acknowledgment from patients/customers that they have received and understood this privacy notice.
How long we keep your personal data
We will only keep your personal data for as long as is necessary for the purposes set out in this Notice.
We retain information relating to your contract with us and your use of the App for so long as you use the App. Your profile information will remain active until you delete it. Please note that deleting your profile or the App will not result in an automatic unsubscribe request.
Once you unsubscribe we will retain your personal data for a period of time afterward to satisfy any legal, accounting, and reporting obligations we are under and in order to ensure we have effective data backup systems in place, which will generally not be more than six years. In such cases, we will ensure that your personal data will continue to be treated in accordance with this Notice.
Who do we share your personal data with
We share your personal data with personnel who need to know the information to perform their role (such as our coaches) and other trusted service providers who support our App (such as designing our App infrastructure and customer support service). When we do this, we put in place a contract with them that requires them to only process your personal data in accordance with our instructions which require that your personal data is treated in accordance with data protection laws.
We may disclose your personal data in the following circumstances but only where we determine that doing so is permitted under applicable data protection law:
We may also share information with notice to you and with your consent. Notwithstanding the above, we may share information that does not identify you (including information that has been aggregated or de-identified) except as prohibited by applicable law. For information on your rights and choices regarding how we share information about you, please see the “Your rights over your personal data” section below.
Sharing your personal data for analytics and advertising purposes
We share information with our advertising and analytics partners to deliver personalized advertisements to you (via a device identifier) and to help us understand how users access and use the App. As part of this process, we may incorporate tracking technologies into our App (including our emails) as well as into our ads displayed on other websites and services. Some of these tracking technologies may track your activities across time and services for purposes of associating the different devices you use and delivering relevant ads and/or other content to you (“Interest-based Advertising”).
We also use audience matching services to reach people (or people similar to people) who have visited our App or are identified in one or more of our databases (“Matched Ads”). This is done by us uploading a customer list to another party or incorporating a pixel or SDK from another party into our own App, and the other party matching common factors between our data and their data or other data sets. For instance, we incorporate the Facebook SDK on our App and may share your email address with Facebook as part of our use of Facebook Custom Audiences.
If you would like to prevent this sharing then please change your settings.
How we keep your personal data secure
We take appropriate security measures designed to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and service providers (see above) who have a business need-to-know.
We have put procedures in place to deal with any suspected or actual data security breach and where required by applicable data protection laws, we will notify you and any applicable regulator of a suspected or actual breach where the breach may cause a risk to you.
Our security procedures mean that we may occasionally request proof of identity before we are able to disclose personal data to you.
Your rights over your personal data
Data protection laws grant you certain rights in relation to your personal data and our processing. Your exact rights will vary depending on the jurisdiction, but data subjects generally have the following rights in relation to their personal data:
If you are unsure about your rights or are concerned about how your personal data may be processed, please feel free to contact us at [email protected]. In your request letter please specify which right/s you’d like to exercise. For California and Nevada residents, please see the additional disclosures regarding your rights and choices below.
If you would like to exercise any of your rights then you can do so by contacting us using the details given below. Please be aware that while we will try to accommodate any request you make in respect of your rights, they are not absolute rights. This means that we may have to refuse your request or may only be able to comply with it in part.
Where you make a request in respect of your rights we will require proof of identification. We may also ask that you clarify your request. We will aim to respond to any request within one month of verifying your identity. If we receive repeated requests or have reason to believe requests are being made unreasonably, we reserve the right not to respond.
In addition, you also have the following rights and choices regarding the information we collect about you:
The companies we work with to provide you with targeted ads are required by us to give you the choice to opt-out of receiving targeted ads. Most of these companies are participants of the Digital Advertising Alliance (“DAA”) and/or the Network Advertising Initiative (“NAI”). To learn more about the targeted ads provided by these companies, and how to opt-out of receiving certain targeted ads from them, please visit: (i) for website targeted ads from DAA participants, https://www.aboutads.info/choices; (ii) for app targeted ads from DAA participants, https://www.aboutads.info/appchoices; and (iii) for targeted ads from NAI participants, https://www.networkadvertising.org/choices/. Opting out only means that the selected participants should no longer deliver certain targeted ads to you, but does not mean you will no longer receive any targeted content and/or ads (e.g., in connection with the participants’ other customers or from other technology services).
To opt-out of us using your data for Matched Ads, please contact us as set forth in the “How to contact us” section below and specify that you wish to opt-out of Matched Ads. We will request that the applicable party not serve you Matched Ads based on the information we provide to it. Alternatively, you may directly contact the applicable party to opt-out.
You may also limit our use of information collected from or about your mobile device for purposes of serving targeted ads to you by going to your device settings and selecting “Limit Ad Tracking” (for iOS devices) or “opt-out of Interest-Based Ads” (for Android devices).
Please note that if you opt-out using any of these methods, the opt-out will only apply to the specific browser or device from which you opt-out. We are not responsible for the effectiveness of, or compliance with, any opt-out options or programs, or the accuracy of any other entities’ statements regarding their opt-out options or programs.
Please note that your opt-out is limited to the email address, device, or phone number used and will not affect subsequent subscriptions.
Our policy toward children
Our App is intended for a general audience, not directed to children, and we do not knowingly collect personal data or personal information (as defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) from children. You must be 18 years old to use the App.
If you are a parent or guardian and believe we have collected personal information in violation of COPPA, Submit a request at help.ableapp.com. We will remove the personal information in accordance with COPPA. We do not knowingly “sell,” as that term is defined under the CCPA, the personal information of minors under 16 years old who are California residents.
Changes to this privacy notice
We keep our privacy policy under regular review. Any changes we make to our privacy policy in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy policy. Any changes will be effective immediately upon posting of the revised privacy policy. If changes are material, we may provide you additional notice, such as to your email address.
How to contact us
If you have any questions about this privacy notice or about the ways we use your personal data, you can contact our support team at our Help Center by visiting help.ableapp.com and clicking “Submit a request” within the Help Center.
This privacy notice has been designed to be accessible to people with disabilities. If you experience any difficulties accessing the information here, please contact us at help.ableapp.com
Additional disclosures for Nevada residents
Nevada law (NRS 603A.340) requires each business to establish a designated request address where Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please contact us via our Help Center.
Additional disclosures for California residents
These additional disclosures apply only to California residents. The California Consumer Privacy Act of 2018 (“CCPA”) provides additional rights to know, delete, and opt-out, and requires businesses collecting or disclosing personal information to provide notices and means to exercise rights.
A. Notice of Collection.
In the past 12 months, we have collected the following categories of personal information enumerated in the CCPA:
For further details on the information we collect, including the sources from which we receive information, review the “Personal data we collect” section above. We collect and use these categories of personal information for the business purposes described in the “Why we use your personal data and our lawful basis” section above, including to manage our App.
We do not generally sell information as the term “sell” is traditionally understood. To the extent “sale” under the CCPA is interpreted to include the activities set out in this notice, such as those disclosed in the “Sharing your personal data for analytics and advertising purposes” section above, we will comply with applicable law as to such activity. We disclose the following categories of personal information for commercial purposes: identifiers, characteristics, commercial or transaction information, App activity, geolocation data, and inferences drawn. Please review the “Sharing of Information” section above for further details about the categories of parties with whom we share information.
B. Right to Know and Delete.
You have the right to know certain details about our data practices in the past 12 months. In particular, you may request the following from us:
In addition, you have the right to delete the personal information we have collected from you.
To exercise any of these rights, please submit a request to our Help Center or by emailing us at [email protected]. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete.
C. Right to Opt-Out.
To the extent we sell your personal information as the term “sell” is defined under the CCPA, you have the right to opt-out of the sale of your personal information by us to third parties at any time. You may submit a request to opt-out by emailing us at [email protected].
D. Authorized Agent.
You can designate an authorized agent to submit requests on your behalf. However, we may require signed written proof of the agent’s permission to do so and verify your identity directly.
E. Right to Non-Discrimination.
You have the right not to receive discriminatory treatment by us for the exercise of any of your rights.
F. Shine the Light.
Customers who are residents of California may request (i) a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To exercise a request, contact us as set out in the “How to contact us” section above and specify that you are making a “California Shine the Light Request.” We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.
Able App Groups.
When accepting to join an Able group or Challenge in the Able App, you acknowledge and agree with the following: