ModernBalance Contact
ModernBalance Legal Privacy Policy

Privacy Policy

This policy explains how ModernBalance collects, uses and protects your personal data in accordance with UK GDPR and the Data Protection Act 2018.

Last updated: 15 May 2026

1. Data controller

Suma y Sube S.L.U.
NIF / VAT: ES B98803620
Registered office: Avenida Jaime I, 36, 4º, 12, 46650 Canals (Valencia), España
Commercial register: Inscrita en el Registro Mercantil de Valencia, Tomo 10078, Libro 7359, Folio 154, Sección 8, Hoja V 169300.
Email: contacto@sumaysube.com
Phone: +34 644 01 03 47

The data controller is responsible for your personal data under this policy.

2. Privacy contact

For rights requests and privacy enquiries: contacto@sumaysube.com.

3. Data we process

We may process the following categories of personal data to provide our services:

  • Identity and contact details: name, email address, telephone number and delivery address where applicable.
  • Service information: plan or menu choices, preferences and delivery instructions where relevant.
  • Allergies and dietary preferences: only where you provide them, so we can deliver the service safely and appropriately.
  • Communications: messages, contact forms and customer support requests.
  • Technical data: IP address, browser type and usage data via cookies. See our cookie policy.

4. Purposes of processing

We process personal data to:

  • provide and support our nutrition plans and related services,
  • communicate with you about your account, orders or enquiries,
  • improve quality, security and service performance (including analytics where permitted),
  • comply with legal and regulatory obligations,
  • send marketing only where you have given consent, where applicable.

5. Legal bases

Depending on the activity, we rely on one or more of the following lawful bases under UK GDPR:

  • Contract (Article 6(1)(b)) — to perform our agreement with you or take steps at your request before entering a contract.
  • Legal obligation (Article 6(1)(c)) — where we must process data to comply with the law.
  • Legitimate interests (Article 6(1)(f)) — where processing is necessary for our legitimate interests and your rights do not override those interests.
  • Consent (Article 6(1)(a) and, where relevant, Article 9(2)(a)) — for optional processing such as certain health-related dietary information or marketing.

6. Retention periods

We keep personal data only for as long as necessary for the purposes described in this policy or as required by applicable law.

Category Retention Basis
Customer and support communications For the duration of the relationship and up to 24 months thereafter Service delivery and legitimate interests
Billing and accounting records As required by UK tax and company law (typically up to 6 years) Legal obligation
Allergies and dietary preferences For as long as needed to provide the service or until you withdraw consent Consent, where applicable
Marketing Until you withdraw consent or unsubscribe Consent
Contact form messages Up to 12 months Service delivery

7. Recipients and sharing

We share personal data only with parties that need it to operate our service, such as:

  • IT, hosting and email providers, to the extent required,
  • analytics and advertising partners only with your consent, where applicable,
  • professional advisers (accountants, lawyers) where necessary.

Where these parties process data on our behalf, they act as processors under a written agreement and may only use the data on our instructions and for agreed purposes.

8. International transfers

We prefer providers located in the UK or countries recognised as providing adequate protection. If personal data is transferred outside the UK, we implement appropriate safeguards such as the UK International Data Transfer Agreement or UK Addendum to EU Standard Contractual Clauses, unless an exception applies under UK data protection law.

9. Security

We apply technical and organisational measures to protect personal data, including:

  • encryption in transit (TLS),
  • access controls based on need to know,
  • secure storage and backup procedures.

10. Your rights

Under UK GDPR, you have the right to:

  • Access your personal data.
  • Rectify inaccurate data.
  • Erase data in certain circumstances.
  • Restrict processing in certain circumstances.
  • Object to processing based on legitimate interests or for direct marketing.
  • Data portability where processing is based on consent or contract and carried out by automated means.
  • Withdraw consent at any time, where we rely on consent (without affecting prior lawful processing).
  • Lodge a complaint with a supervisory authority.

To exercise your rights, contact contacto@sumaysube.com. We may ask for reasonable information to verify your identity. We usually respond within one month.

You may lodge a complaint with the Spanish Data Protection Agency (AEPD): aepd.es. If you are in the UK, you may also contact the ICO: ico.org.uk.

11. Changes to this policy

We may update this policy when our services or the law change. The date at the top of this page shows when it was last revised.

12. Contact

For questions about this privacy policy:
contacto@sumaysube.com