Privacy Policy of Nostressdiet

PRIVACY POLICY OF NOSTRESSDIET
 Last updated: 2025-07-01
Version:1

Notice about the content of this document: This Privacy Policy of NoStressDiet is a document drafted in accordance with European Economic Area and United States privacy laws. This document constitutes part of our Terms and Conditions. Please read this Privacy Policy carefully when you are provided with a reference to it while we are collecting consent from you. Also, you may review this Privacy Policy at https://nostressdiet.com/privacy-policy/
 SECTION 1. INTRODUCTION.  
‍1.1.     Purpose of this policy. This Privacy Policy is a document explaining to you how and on which basis we Process your Personal Data. It also explains purposes of Personal Data collection, lawful basis for collection, and statutory rights that you have under Privacy Laws, as well as how you can execute these rights.
1.2.     Applicability. This Privacy Policy applies to any individual visiting, using or browsing our website nostressdiet.com or subscribing to our email newsletter.
1.3.     Contact Information. If you have any questions regarding this Privacy Policy, our platform, or our terms please use the following web form to contact us.
1.4.    Updates. We may update this Privacy Policy from time to time. Upon update we shall publish notification on our Website. We also may notify you if you provided us with email. Please take into account that our emails regarding this Privacy Policy are not marketing communication, but important updates regarding Processing of your Personal Data.
‍SECTION 2. DEFINITIONS
‍2.1.     “Controller” means a legal person, entity, or organization that determines the purposes and means of processing personal data or personal information. For the purposes of Section 10 of this Privacy Policy, Controller includes the definition of “business” under US Privacy Laws.
2.2.   “Data Subject” means any natural person whose data is Processed by us. For the purposes of Section 10 of this Privacy Policy, the term “Data Subject”  refers to a resident of the US subject to US Privacy Laws.
2.3.     “European privacy laws” means the unified legal framework governing Personal Data protection and privacy across the European Economic Area (EEA),and the United Kingdom including the GDPR,UK GDPR, Swiss FADP, and the Norwegian Personal Data Act.
2.4.     “Personal Data” means any information relating to or capable of identifying an individual, whether directly or indirectly including identifiers such as a name, identification number, location data, online identifier, or factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity. For the purposes of Section 10 of this Privacy Policy, definition of Personal Data also includes information that relates to or can be associated with a particular consumer or household being subject to US Privacy Laws.
2.5.    “Privacy Policy” means this Privacy Policy of NoStressDiet located at https://nostressdiet.com/privacy-policy/ .
2.6.    “Privacy Laws” means collectively European Privacy laws and US Privacy laws.
2.7.    “Processor” means a legal person, entity, or organization that processes Personal Data on behalf of the Controller.
2.8.  “Processing” or “Process” means any operation or set of operations performed on Personal Data, whether by automated means or otherwise, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction. For the purposes of Section 10 of this Privacy Policy, definition of “processing” also includes actions related to the sale, sharing, or deletion of personal information.
2.9.    “Service” means service offered by us via Terms of NoStressDiet.2.10.  “US Privacy laws” refers to the patchwork of state and federal laws that regulate the collection, use, and sharing of Personal Data  in the United States, including state-level laws such as CCPA/CPRA (California),VCDPA (Virginia), CPA (Colorado), CTDPA (Connecticut), and UCPA(Utah)
2.11.  “Website” means our website located at NoStressDiet.com.
2.12.  “You” or “your” means any individual visiting our Website, User, or any other individual whose Personal Data is Processed by us pursuant to this Privacy Policy.
‍SECTION 3. DATA CONTROLLER AND PROTECTION AUTHORITY
‍3.1.     Claro LT, UAB, company registration code 304932072, VAT number LT100011941119, address - Skirmanto g.21-11, LT-48351 Kaunas, Lithuania ( “we”, “us”, “our”) shall be data controller of your Personal Data.3.2.     Data Protection Office (Valstybinė duomenų apsaugos inspekcija) for Lithuania shall be supervising authority for us. Supervising authority contact information:
●     Address -  A. Juozapaviciaus str. 6 LT-09310 VilniusLithuania
●     Phone: +370-5-2791445
●     Email: ada@ada.lt
SECTION 4. DATA THAT WE COLLECT Information collected from Website visitors.
‍We may collect following Personal Data when you are browsing, visiting our Website, or contact us via different web forms, except account registrationwebform:

SECTION 5. PROCESSING PRACTICES
5.1.    We do not utilize automated decision-making Processing, including profiling. All decisions related to the Service and Users, the Processing of Personal Data, and interactions with our Users are made with human involvement.
5.2.   If our practices change in the future and we implement automated decision-making, we will ensure compliance with applicable Privacy Laws, including Article 22 of the GDPR, and provide clear notice to affected individuals, including the automated decision-making logic involved, the significance, and potential consequences of such Processing.
5.3.    We do not Process any sensitive Personal Data, such as information regarding your race, ethnicity, religious or philosophical beliefs, sexual orientation, sex life, political views, trade union membership, health status, or genetic and biometric data.
‍SECTION 6. DATA SHARING
‍6.1.     We engage third-party service providers for various essential operations, including hosting, and website usage analytics. These providers Process aforesaid Personal Data on our be half in compliance with Privacy Laws.
6.2.     Additionally, we may share Personal Data to comply with legal obligations under Article 6(1)(c) of the GDPR, such as providing information to authorities for tax reporting, fraud investigations, or other regulatory requirements.
6.3.     Standard data sharing also occurs with trusted service providers, including legal advisors, auditors, and accounting firms, to support legitimate business operations and ensure compliance with applicable laws and regulations. All third-party providers are subject to strict contractual obligations to protect the confidentiality and security of Personal Data they Process.
6.4.     We use trusted third-party service providers (“sub processors”) to help us deliver and maintain our Services. These sub processors process limited Personal Data on our behalf in accordance with Article 28 of the GDPR. The key sub processors we engage include:
●     Get Response S.A. - with its registered office in Gdańsk (80-309),Grunwaldzka 413, entered in the Register of Enterprises of the National Court Register kept by the District Court for Gdańsk-Północ in Gdańsk, 7th Commercial Division of the National Court Register, at KRS No. 0000942075, with NIP No.9581468984, REGON No. 192998251, with a share capital of PLN 5.559.840,00. We use GetResponce for landing page and emails newsletters subscription and management.
●     Google Ireland Limited  – with registered office at Gordon House, Barrow Street, Dublin 4, Ireland, VAT ID IE6388047V, provides analytics and marketing tracking tools, including Google Analytics and Google Ads. Each subprocessor is contractually bound to follow appropriate security and privacy safeguards. Where applicable, we implement Standard Contractual Clauses or other transfer mechanisms for international data transfers.
‍SECTION 7. RETENTION ANDSECURITY
‍7.1.     Personal data, is retained only for as long as necessary to fulfill legal, regulatory, and legitimate business requirements in compliance with Article5(1)(e) of the GDPR.  Once the retention period expires or the Personal Data is no longer needed for the repurposes, it is securely deleted or anonymized in accordance with best data protection practices.
7.2.     We rely on our third-party service provider, GetResponse S.A., to collect, store, and process personal data associated with newsletter subscriptions, email communications, and landing page interactions. GetResponse implements industry-standard technical and organizational security measures to safeguard personal data against unauthorized access, disclosure, alteration, or loss. According to GetResponse’s published documentation and data processing agreement, data is transmitted using secure protocols (e.g., HTTPS with SSL/TLS encryption), and their infrastructure is regularly monitored, tested, and updated to address security vulnerabilities.
‍SECTION 8. DATA SUBJECTRIGHTS UNDER EUROPEAN PRIVACY LAWS
‍Under European Privacy Laws you have the following rights:
8.1.     Access and correction. You have the right to request access to your Personal Data retained by us and to receive a copy of this Personal Data. If any inaccuracies are identified, you may request corrections or updates to ensure your Personal Data is accurate and up to date.
8.2.     Right to be forgotten. You may request the deletion of your Personal Data where it is no longer necessary for the purposes for which it was collected, where consent has been withdrawn (where applicable), or where Processing is unlawful. The right to deletion may be subject to exemptions, such as when Personal Data must be retained for compliance with legal obligations.
8.3.     Right to object. You can object to the Processing of your Personal Data based on our legitimate interests, including for purposes of direct marketing. Where such an objection is made, we will cease Processing your Personal Data unless compelling legitimate grounds are demonstrated, or the Processing is necessary for protection of our interests.
8.4.     Right to data portability. You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format and to request that this Personal Data be transferred directly to another Controller where technically feasible.
8.5.     Right to complaint. If you believe that your rights have been violated, you have the right to lodge a complaint with the appropriate supervisoryauthority. For residents in Lithuania, this is the Lithuanian Data Protection Office (Valstybinė duomenų apsaugos inspekcija).
8.6.     Restriction of Processing. In certain circumstances, you may request that the Processing of your Personal Data be restricted. This may occur if you contest the accuracy of the Personal Data, objects to the Processing, or where the Processing is unlawful but you oppose deletion.8.7.     Right to withdraw consent. Where Processing is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing conducted prior to the withdrawal.8.8.     Right to object automated decision-making and profiling. You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects on them. As mentioned in Section 5 we do not utilize automated decision-making and profiling in our Processing activities.
‍SECTION9. DATA SUBJECT RIGHTS UNDER US PRIVACY LAWS
‍If you are resident of the United States, and subject to US Privacy Laws, you have the following rights:
9.1.     Right to access. You have the right to access the Personal Data that we have collected about you. This includes the categories of Personal Data collected, the specific pieces of Personal Data, the purposes for which it is used, and any third parties with whom the data is shared.
9.2.     Right to delete. You can request the deletion of Personal Data that we hold about you, subject to certain exceptions. These exceptions may include compliance with legal obligations, completion of transactions, or maintaining security.
9.3.     Right to correct (Rectification). You can request the correction ofinaccuracies in the Personal Data that we store.
9.4.     Right to data portability. You have the right to request theirPersonal Data in a portable, readily usable format that allows them to transferthe information to another entity.
9.5.     Right to opt-out of data sales and targeted advertising. You have the right to optout of the sale of your Personal Data and the Processing of your Personal Datafor targeted advertising purposes. Additionally, under CCPA/CPRA Californiabased consumers can opt out of the sale or sharing of personal data, includingfor cross-context behavioral advertising.
9.6.     Right to limit the use of sensitive data. You can limit how sensitivedata, such as health, biometric, or financial information, is processed ordisclosed. As mentioned in Section 5 we do not collect any sensitive data.9.
7.     Right to appeal. Consumers may appeal a business's decision to deny their privacy-related requests.9.8.     Right to non-discrimination. You are protected from discrimination for exercising their privacy rights. We cannot deny goods or services, charge different prices, or provide a different level of service based solely on the exercise of your privacy rights.
‍SECTION 10. EXECUTION OFRIGHTS UNDER PRIVACY LAWS
‍10.1.  How to File a Request. If you wish to exerciseyour privacy rights, you may submit a request by contacting our email: info [@]nostressdiet.com10.2.  To ensure we canprocess your request efficiently, please include the following information inyour submission:
‍●     your full nameand contact details (e.g., email address, phone number);
‍●    specific data privacy right(s) you wish toexercise (e.g., access, deletion, correction, portability) and specific sectionof our privacy you are referring to;
‍●    any relevant details about the Personal Data inquestion (e.g., type of data or context in which it was collected).
‍10.3.  Verification of Identity. To protect yourPersonal Data and comply with legal requirements, we may need to verify youridentity before processing your request. Depending on the nature of therequest, we may ask for:
‍●     Proof of identity(e.g., a government-issued ID or other identifying information).
‍●    Additional information to match the Personal Datawe hold with your identity.If you are submitting a request on behalf of someone else,you must provide a valid power of attorney or other legal documentationauthorizing you to act on their behalf. In such cases, we may also verify youridentity and the identity of the individual whose data is being requested.
‍10.4.  Term of response and extension. We will respondto your request within 30 calendar days of receipt (if submitted under Europeanprivacy laws), or within 45 calendar days (if submitted under US privacy laws).If
necessary, we may extend this period for an additional 30 calendar days (ifsubmitted under European privacy laws), or for 45 calendar days (if submittedunder US privacy laws). We may request extension in case your request isexcessive, complex, or you submitted multiple requests. If an extension isrequired, we will notify you within the period specified above, providing thereason for the delay.
‍10.5.  Response Fees. We will Process yourrequest free of charge in most cases. However, if your request is deemedexcessive, repetitive, or manifestly unfounded, we reserve the right to chargea reasonable fee to cover administrative costs or refuse the request inaccordance with applicable laws. In such cases, we will notify you of any feesin advance and provide justification for our decision.
‍SECTION11. DATA TRANSFERS
‍We may transfer Personal Data outside the European Economic Area (EEA) tojurisdictions that may not have the same level of data protection as thosewithin the EEA. Such transfers are only conducted when necessary for thepurposes outlined in this Privacy Policy, such as engaging with third-partyservice providers or global operations. To ensure adequate protection for yourPersonal Data during such transfers, we implement appropriate safeguards,including but not limited to:
●    Standard Contractual Clauses (SCCs) approved by the European Commission.
●    Transfers to countries recognized by the European Commission as providing an adequate level of data protection under Article 45 of the GDPR
●     Other legally acceptabletransfer mechanisms, as permitted under Chapter V of the GDPR.
‍SECTION12. CHILDREN'S PERSONAL DATA
‍Our Website is not intended for use by individuals under the age of 18 years (or the age of majority in your jurisdiction). We do not knowingly Process Personal Data of children. If we will identify any PersonalData related to children we will remove it from our Website.
SECTION 13. COOKIES AND TRACKING TECHNOLOGIES We use cookies and similar technologies to enhance yourexperience, analyze site usage, and deliver personalized content andadvertising.
SECTION 14. DO NOT TRACK SIGNALS Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they “do not track” your online activities. At this time, we do not honor such signals, but we currently do not use automated data collection technologies to collect information about your online activities over time and across third party websites or other online services (behavioral advertising).

SECTION 15. CHANGES TO THIS PRIVACY POLICY
‍We may update this Privacy Policy to reflect changes in law, our services, or how we process personal data. Updated versions will be published on this page with the revised date. If changes are significant, we will notify you as required by Lithuanian law. Weencourage you to review this policy periodically. Continued use of our services after changes means you accept the updated terms.