Meta Flow Ltd. d/b/a Lumen (“Meta Flow,” “Company,” “we” or “us”) is committed to protect the privacy of the users of our website located at lumen.me (the “Website”) and of the users of the Lumen device (the “Lumen Device”) and of the services we provide in connection with use of the Lumen Device through the Lumen mobile application (respectively: “User(s)” or “you”; the “Lumen Services” and the “Lumen App”), in compliance with applicable privacy and personal data laws and regulations. The Website, the Lumen Device, the Lumen Services and the Lumen App shall be together referred to hereunder as the “Services”.

This Privacy Policy (the “Privacy Policy”) is intended to describe our practices regarding the information we may collect from you when you use the Services, the ways in which we may use such information, and the options and rights available to you. This Privacy Policy supplements and should be read in conjunction with our Terms of Use (the “TOU”), which provides additional information on the Services. Capitalized terms which are not defined herein, shall have the meaning ascribed to them in our TOU or in applicable privacy and personal data laws and regulations.

1. Types of Information we collect from our Users and how we collect It

Personal Information, information that identifies an individual or may, with reasonable effort, identify an individual, either alone or in combination with other information, all unless anonymized. The Collection of Personal Information varies dependent on the Services that you use, according to the specification below:

1. Personal information you provide us when you use our Services. Generally, this category refers to Personal Information you actively and voluntarily create or provide through our Services such as:

• Contact information: such as your name, email, physical address, birthdate, username or telephone number that you provide through the Services when you fill out an online form or register for an account with us or when you update your account details. If you choose to log in, access or otherwise connect to the Services through a third-party service (such as Apple, Google, etc.), we collect your user ID and username associated with that service, as well as any information you make public using that service or that the service allows us to access.
• Payment Information: Information you provide during a transaction you perform through the Services, or other transaction-based content that you generate related to such transaction. For example, if you pay with a credit card or bank transfer, we will collect your card information or bank account details.
• Health-related information: information you provide us in the scope of your use of the Lumen Services and corresponds to a measurement of your physical/mental objective and/or subjective state and nutrition data, such as height, weight, sleep habits, food, caffeine and water intake, heart rate, breath data, real-time assessment of carbohydrate availability and metabolic fuel use as measured via use of the Lumen Device and through the Lumen App, daily diet, exercise routine, emotional and mental state, perceived sense of viability, as well as ongoing feedback that you provide us regarding your satisfaction from the diet plans, the difficulty to follow-up with the plans, as well as body activity data, such as types of exercise, number of steps, speed and distance and any Personal Information we derive from such information. More information about how we collect and use your health-related information can be found in our Consumer Health Data Privacy Policy.
• Shipping information: Shipping, delivery, postage, billing, and other information used to transact and deliver through the Services, as well as, where applicable, information required to clear customs (such as Tax ID or other identification numbers).
• Communication information: the contents of your interaction with our customer support or sales departments, which may include text/video/audio recordings, and transcripts of such communications including information you enter in our “Contact Us” online form or any similar input.
• Lumen community: Our community feature ("Lumen Community") allows you to share information, photos, and videos ("Content") and interact with other members of the Lumen Community and the Content they share. If you participate in the Lumen Community, we will collect the Content you share as well as information about your interactions with other community members and the Content they share.

2. Personal information we collect automatically when you use our Services. In other words, we are aware of your usage of the Services and Website and may gather, collect and record the information relating to such usage, including by using our third party service providers as detailed in Section 5 (sharing information with third parties) below, and by using “cookies” and other tracking technologies, as further detailed in Section 9 (Local Storage and Third Party Software/Service, Cookies and other Tracking Technology) below. We collect information about your interaction with and use of our Services, including in certain cases about your impressions of and reactions to our advertisements, and information related to our communications with you. This is the information we receive from devices (including mobile devices) and software you use when you access our Services. This information could include the following: mobile device geo-location, mobile devices motion, Device ID or unique identifier, device type, ID for advertising, unique device token, operating system, information regarding your clicks and “clicks stream”, views and engagement with our advertisement and Services, information concerning your traffic to and from the Website, your referral URL to and from our Website, ad data, your IP address, your web login information, and location information as can be derived from your IP address. We collect and process Personal Information that is derived from other Personal Information we collect or obtain from you. This means that we process Personal Information in order to provide you with the output of our Lumen Services such as recommendations, suggested analysis, and other insights we may offer through the use of the Lumen Services. Please take into consideration that certain portions of such above mentioned information may also be collected from your device or software, when the Lumen App is running in the background, i.e., when it has been launched but not used. Please keep in mind - that most mobile devices and auxiliary software, allow you to control or disable the use of certain collectible information including location services, by any application, in the device's settings menu.

3. Personal information collected from third parties. When using the Lumen Services, you may choose to connect your Account with certain other third party accounts you hold with such third party applications and platforms (such as Apple Health Kit, Android Fit, etc.), and thereby providing us with access to information available on such accounts. To the extent that information is linked or connected to your identity, we will treat that information as your Personal Information.

4. Social Media - We allow you to share information with social platforms or use social platforms to create your Account or to connect your Account with the respective social platforms. Those social platforms may give us automatic access to certain Personal Information retained by them about you (e.g., content viewed by you, content liked by you, your public profile, other profiles you are associated with, and information about the advertisements you have been shown or have clicked on, etc.). You control the Personal Information you allow us to have access to through the privacy settings on the applicable social platforms and the permissions you give us when you grant us access to the Personal Information retained by the respective social platforms about you. We may also collect Personal Information concerning you, from third parties who have assured us that they have obtained your consent for such provision of information or that you have freely and publicly provided and those third parties have established an adequate legal basis for the processing and sharing of such information. For example, we may collect and use demographic and other information that is publicly available in an applicable jurisdiction, additional contact information, as allowed by applicable national laws. By associating your Account with your social platform account or other third party accounts and authorizing us to have access to information maintained by such third party accounts, you agree that we can collect, use and retain such information in accordance with this Privacy Policy.

‍Non-personal Information - non-identifying and without reference to the identity of any User, such as technical data that is necessary for the performance of the Services, for example, app analytics, taps and inputs, Wi-Fi network information, operating system, mobile device type, Lumen Device technical information, browser and keyboard language, the 'click-stream' and activities on the Services, and the period of time the Services were used and related timestamps. 

For purposes of this Privacy Policy, we will treat any User Personal Information that is anonymized and deidentified in a way that such User can no longer be personally identified as Non-personal Information and may use or share this information in aggregated form for statistical, research or other lawful purposes.

For the avoidance of doubt, we will treat any Non-personal Information connected or linked to any Personal Information as Personal Information as long as such connection or linkage exists.

2. The Purposes and Legal Basis of the Processing of Information

Legal Basis for processing: We process your Personal Information, which is adequate, relevant and limited to what is necessary in relation to the purposes described in this Privacy Policy, based at least on one of the following legal grounds:

• In Performing an agreement with you: We process your Personal Information in order to provide you with the Services, following your acceptance of this Privacy Policy and pursuant to the TOU; and to personalize the Services in order for you to get a better user experience.
• With your consent: When required, we may ask for your consent and approval to collect and process certain Personal Information for the purposes set forth in this Privacy Policy and you have the right to withdraw your consent at any time.
• Legitimate interest or compliance with legal obligations: We process your Personal Information for our legitimate interests while applying appropriate safeguards that protect your privacy and provided that such processing will not prejudice your interests, fundamental rights, and freedom. This means that we process your information for things like detecting, preventing, or otherwise addressing fraud, abuse, security, usability, functionality, or technical issues with our Services, protecting against harm to the rights, property, or safety of our properties, or our users, or the public as required or permitted by law; enforcing legal claims, including investigation of potential violations of this Privacy Policy; defending a legal claim made by you or on your behalf against us, in order to comply and/or fulfill our obligation under applicable laws, regulation, guidelines, industry standards, and contractual requirements, legal process, subpoena or governmental request, as well as our TOU. We may also use Personal Information to develop new services and features for our Users. Additional examples of us processing your Personal Information in accordance with legitimate interests would include: (i) where we disclose your Personal Information to any one or more of our associate/subsidiary companies following a restructure or for internal administrative purposes; or (ii) sharing Personal Information with our advisers and professional services providers (such as auditors).

Purpose of use. We may use the Personal Information that we collect about you for the following purposes:

• To provide, operate and improve the Services.
• To verify the identity of our Users
• To personalize the Services and content provided to you, to customize and improve your use experience of the Services, and to enable you to retrieve your information.
• To be able to contact Users for the purpose of providing them with technical assistance, support, handle requests and complaints and collect feedback
• To send you updates, notices, notifications, and additional communications regarding the Services.
• To study and analyze the information on an aggregated, statistical basis to discover patterns and anomalies, to study complications and treatment methods and improvements, and other health related research and development.
• To enable us to further develop, customize and improve the Services based on Users’ common preferences, uses, third party services, features and functionalities, statistical and research purposes, attributes and anonymized data etc.
• To prevent, detect, mitigate, and investigate fraud, security breaches or other potentially prohibited or illegal activities.
• To display or send to you marketing and advertising material and general and personalized content and advertisement via the Services, the Website, email, postal mail, telephone, mobile devices and/or when you visit other sites.
• To perform functions or services as otherwise described to you at the time of collection.
• To comply with any applicable rule or regulation, to protect our legal interests and/or respond to or defend against (actual or potential) legal proceedings against us or our affiliates.

We may also collect, use and disclose your Personal Information for other purposes with your consent or authorization or as otherwise permitted by law.

3. Sharing Information with Third Parties

We may share, disclose or otherwise allow access to any Personal Information we collect third parties, as described below:

a. Law enforcement, legal proceedings, protecting rights and safety and as authorized by law:  We may disclose Personal Information to satisfy any applicable law, regulation, legal process, subpoena, or governmental request. We may also share Personal Information to enforce this Privacy Policy and/or the TOU, including investigation of potential violations thereof; to detect, prevent, or otherwise address fraud, security ,or technical issues; to respond to claims that any content available on the Services or the Website violates the rights of third-parties; or otherwise if we believe in good faith that this will help protect the rights, property or personal safety of Meta Flow, any of our Users, or any member of the general public.

b. Our Affiliated Companies:  We may share Personal Information internally with our affiliated companies for the purposes described in this Privacy Policy. In addition, when we or any of our affiliated companies is undergoing any change in control, including by means of merger, acquisition, or purchase of all or substantially all of its assets, we may share Personal Information with the parties involved in such event. If we believe that such change in control might materially affect your Personal Information then stored with us, we will notify you of this event and the choices you may have via e-mail and/or prominent notice on our Website or Services.

c. Third Party Service Providers: We are partnering with several selected service providers, whose services and solutions complement, facilitate and enhance our own. Such third party service providers may have access to, or process on our behalf Personal Information that we collect, hold, use, analyze, process and/or manage. These Service Providers include hosting, database, and server co-location services, payment processors, data analytics services, session replay records for app analytic purposes such as crashes, functionality and usability, and our business, legal and financial advisors. We remain responsible for any Personal Information processing done by Third Party Service Providers on our behalf not in accordance with the terms hereof, except for events outside of its reasonable control and except for such Third Party Service Providers with whom you have a direct contractual relationship.

d. Your known health care providers, care management services or health care payers. In some instances, we will be working with you in conjunction with your own health care providers, care management services, or healthcare payers (insurance companies) (any such party is one of “Your Health Service Providers”). To the extent your relationship with us originates from one of Your Service Providers, we may provide your Personal Information to that party for its use in connection to the services it provides to you. Any Personal Information we provide back to Your Health Service Providers will be subject to Your Service Providers own privacy policies and practices, and you should confer with Your Health Service Providers if you have any questions regarding their own usage and treatment of your Personal Information.

e. Lumen Community members. If you participate in the Lumen Community, other people who are also logged-in to the Lumen Community will be able to see you some details which you agreed to be public such as your username and profile picture. In addition, other Lumen community members are able to see any Content shared by you in the Lumen Community.

In the 12 preceding months, we have collected and/or disclosed the following categories of Personal Information:

In the 12 preceding months, we have collected Personal Information from the following categories of sources:

• Consumer directly.
• Your Lumen Device when using it.
• Your mobile device and web browser when accessing our mobile app or Website
• Third party applications and platforms (including social media) you chose to connect your Lumen account with.
• Your Health Service Providers, to the extent your relationship with us originates from one of them.
• Drawn from other information we collect.

We do not Sell or Share your Personal Information.

2. Storage, Transfer and Retention of your Information

Information regarding the Users will be maintained, processed, and stored by us and our authorized affiliates and service providers in the United States, EU and in Israel, and as necessary, in secured cloud storage provided by our third party service providers. While the data protection laws in the above jurisdictions may be different from the laws of your residence or location, please know that we, our affiliates and our service providers that store or process your Personal Information on our behalf are each committed to keeping it protected and secured, pursuant to this Privacy Policy and industry standards, regardless of any lesser legal requirements that may apply in their jurisdictions. 

Specifically, if you reside in the EU or the UK, each of our Third Party Service Providers who stores or processes your Personal Information outside the EEA or the UK, either: (i) assured us, including through contractual means, that it provides adequate safeguards to protect your rights to privacy; or (ii) holds and processes such information on our behalf in a jurisdiction which has been determined to ensure an adequate level protection by the EU Commission or the UK government. We retain the Personal Information we collect only for as long as legitimately needed and to the extent required for the achievement of the purposes listed in this Privacy Policy. We then either delete the information from our systems or anonymize it without further notice to you. Unless you notify us of your request to delete your Account, we may maintain your inactive Account including all data and reports therein, in order to allow you to reactivate the Account if you choose to renew your Subscription at a later stage.

3. Your Data Subject Rights

Depending on the jurisdiction in which you reside, you may have certain rights under relevant applicable laws regarding the collection and processing of your Personal Data. To the extent these rights apply and concern you, you can contact us via the contact details available below and ask to exercise the following rights:

• Receive confirmation as to whether or not Personal Information concerning you is being processed, and access your stored Personal Information, together with certain supplementary information.
• Receive Personal Information you directly volunteer to us in a structured, commonly used and machine-readable format.
• Request rectification of your Personal Information that is in our control.
• Request erasure of your Personal Information.
• Object to the processing of Personal Information by us.
• Request to restrict processing of your Personal Information by us.
• Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly effects to you.
• Ask to withdraw any consent you have previously provided us in connection with our use and processing of your Personal Information.
• Limit the collection of your sensitive Personal Data, to that use which is necessary to perform our Services.
• Receive equal service and price and not be discriminated against for exercising any of your rights.

However,  please note that these rights are not absolute, and may be subject to our own legitimate interests and regulatory requirements. Also, the exercise of some of these rights may make it impossible for us to continue to provide you with some or all of our Services.

If you wish to exercise any of these rights or raise a complaint on how we have handled your Personal Information, please contact us at: support@lumen.me. When handling these requests, we may ask for additional information to confirm your identity and your request. Please note, upon request to delete your Personal Information, we may retain such data in whole or in part to comply with any applicable rule or regulation and/or response or defend against legal proceedings versus us or our affiliates, or as we are otherwise permitted under such law applicable to you. If you have additional concerns, you can also lodge a complaint with your local data protection authority.

You can use an authorized agent to make a request to exercise your rights on your behalf if:

• The authorized agent is a natural person or a business entity; and
• You sign a written declaration that you authorize the authorized agent to act on your behalf. If you use an authorized agent to submit a request to exercise your right, please provide us with a certified copy of your written declaration authorizing the authorized agent to act on your behalf using the contact information below.

The request must:

• Provide sufficient information to allow us to reasonably verify you are the person about whom we collected Personal Information or an authorized agent. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you; and
• Describe your request with sufficient details to allow us to properly understand, evaluate, and respond to it.

We will only use Personal Information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request. Making a verifiable consumer request does not require you to create an account with us.

4. Minors

To open an Account on our Services, you must be over the age of 18. Without relieving you of your responsibility to comply with the TOU and the terms hereof we reserve the right (without obligation) to request proof of age at any stage so that we can verify that persons under the age of 18 are not using our Services. In the event that it comes to our knowledge that a person under the age of 18 is using our Services, we will prohibit and block such User from accessing our Services and will make all efforts to promptly delete any Personal Information (as such term is defined in herein) with regard to such User.

5. Cookies

We use cookies and other technologies in our related services, including when you visit our site or access our Services. 

A "cookie" is a small piece of information that a website assigns to your device while you are viewing a website. Cookies are very helpful and can be used for various different purposes. These purposes include allowing you to navigate between pages efficiently, enable automatic activation of certain features, remembering your preferences and making the interaction between you and our Services quicker and easier. Cookies are also used to help ensure that the advertisements you see are relevant to you and your interests and to compile statistical data on your use of our Services. 

Our website and mobile app use cookies in order to provide you with Services, identify you for repeat visits, (for example to allow us to store your preferences for the next sign-in), and monitor and analyze our web access.

You may remove the cookies by following the instructions of your device preferences; You can find more information about cookies at www.allaboutcookies.org; however, if you choose to disable cookies, some features of our Service may not operate properly and your online experience may be limited.

6. Direct Marketing

Subject to the applicable laws in your jurisdiction, we or our affiliated representatives may send you promotional content or messages by e-mail, marketing calls, and similar forms of communication. If you wish not to receive such promotional messages or calls, you may inform us by sending a written notice by email to the following address: support@lumen.me or by pressing the “Unsubscribe” link contained in the promotional communications you receive. Please note that we may also contact you with important information regarding your use of our Services and/or Website. For example, we may notify you (through any of the means available to us) of changes or updates to our Services, payment issues, service maintenance, etc. You will not be able to opt-out of receiving such service messages. 

7. How We Protect Personal Information

We maintain administrative, technical and physical safeguards designed to protect Personal and Health Information we obtain through our Services against accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure or use. Our Services, or parts thereof, are hosted using data hosts, which provide advanced security features. We employ industry standard security procedures, including secured transmission protocols, SSL and advanced authentication. 

However, we do not and cannot guarantee that unauthorized access will ever occur. We urge you to use the strongest password combination available on your mobile device and employ reasonable physical security means to protect unauthorized access. To the extent your local jurisdiction’s laws require us to notify you or local authorities of any breach of the security of your Personal Information, we will comply with such laws.

8. Changes to the Privacy Policy

We reserve the right to change this Privacy Policy at any time. The most current version will always be posted through our Services (as reflected in the “Last Revised” heading). You are advised to check for updates regularly. By continuing to access or use our Services after any revisions become effective, you agree to be bound by the updated Policy.

9. Have Any Questions?

If you have any questions (or comments) concerning this Privacy Policy, you are welcome to send us an email at: support@lumen.me and we will try to reply within a reasonable timeframe.

Meta Flow Ltd.
Address: 30 Ha’arba’a Street, Tel Aviv, Israel.

General Data Protection Regulation (GDPR) - European Representative
Pursuant to Article 27 of the GDPR, we have appointed European Data Protection Office (EDPO) as our GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:
-by using EDPO’s online request form: https://edpo.com/gdpr-data-request/ 
-by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium.

UK General Data Protection Regulation (GDPR) - UK Representative
Pursuant to Article 27 of the UK GDPR, we have appointed EDPO UK Ltd as our UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:
-by using EDPO’s online request form: https://edpo.com/uk-gdpr-data-request
-by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom.

By contacting us, you warrant and agree that you are free to do so, and that you do not provide us with information that violates any third-party intellectual rights (the “Information”). Without derogating from the aforesaid, all rights, including intellectual property rights, arising from your communication with us will be owned by Meta Flow and will be considered as our confidential material. It is clarified that any use of the Information will be at our sole discretion, and we are not obligated to use all or any part of such Information.