Effective: 28th of January 2019

Your right to privacy is important for us. In this this Privacy Policy, we describe in detail how we collect, use and disclose your personal data when you use GrowBig, and what choices you have with respect to your personal data. Please read this Privacy Policy carefully. If, after reading the Privacy Policy, you still have any questions, please contact us so that we can address your concerns.

Table of Contents

1.        GENERAL PROVISIONS        


3.        NON-PERSONAL DATA        

4.        CONSENT        


6.        RETENTION PERIOD        



9.        SECURITY        

10.        EXERCISING YOUR RIGHTS        

11.        CHILDREN        

12.        COOKIES        


14.        CONTACT INFORMATION        


  1. Applicability of the Privacy Policy. This privacy policy (the “Privacy Policy”) governs the processing, including collection, usage, storage, and disclosure, of personal data obtained from individual users through the mobile application Grow Big (the “App”) and the related website (the “Website”) (collectively, “GrowBig”). This Privacy Policy does not apply to any third-party applications or software that integrate with GrowBig or any other third-party products, services or businesses.
  2. Responsible entity (data controller). The entity that is responsible for processing personal data through GrowBig is MTLabs OOD, having a registered business address at Vitosha Park - Simeonovo, bl.Roza, vh.A, et.2, Sofia 1000, Bulgaria (“we”, “us”, and “our”).
  3. About GrowBig. The App is a mobile application allowing you to create, schedule, and share fitness programs. The Website provides information about the App and contains articles in the field of fitness.
  4. Definitions. In this Privacy Policy, you will encounter recurrent terms. For your convenience, we would like to explain what such terms mean:
  1. Third-party websites and widgets. GrowBig may contain links to other external websites that do not fall under our domain. We are not responsible for the privacy practices or the content of such external websites. If you choose to follow such links to external websites, you do so at your risk.


  1. We sometimes may ask you to submit personal data in order to provide our services. The personal data that we collect adheres to the principle of minimization and is necessary to ensure your usage of GrowBig and provision of our services. We do not collect any personal data that is not strictly required by the nature of our services.
  2. We process your personal data only for specified and legitimate purposes explicitly mentioned in this Privacy Policy. In short, we will use your personal data only for the purposes of enabling you to use GrowBig, maintaining GrowBig, conducting research about our business activities, administrative purposes, and replying to your enquiries. The detailed description of the purposes and legal basis for processing of your personal data are provided in the table below.
  3. What personal data we collect and for what purposes we use it? The situations in which we collect your personal data, the types of collected personal data, the purposes for which it is used, and legal basis on which we rely are provided in the table below (the mandatory personal data is marked with *).


Personal Data


Legal basis

When you sign up for the App

- Name*

- Email address*

- Photo (image)

- To maintain your user profile

- To enable your use of the App

- To provide you with requested services

- To send you important information regarding your use of the App

- To conduct business analytics

- Performing a contract with you

- Pursuing our legitimate business interests (i.e., to grow, analyze, and improve our business)

- Your consent (for optional personal data)

When you contact us by email

- Name*

- Email address*

- Any information you decide to provide us

- To reply to your email

- To provide you with the requested information

- To perform operations requested by you

- Pursuing our legitimate business interests (i.e., to expand and promote our business)

- Your consent (for optional personal data)

When you subscribe to a newsletter

- Email address*

- To deliver you our newsletter

- Your consent

When you post a comment on the Website

- Name*

- Email address*

- Website

- To feature you comment on the Website

- To contact you, if necessary, regarding your comment

- Your consent

When you enable geo-location functionality in the App

- Geo-location data of your sport club

- To display your workout

- Your consent

  1. Additional data. We may receive certain additional data if you participate in a focus group, contest, activity or event, request support, interact with our social media accounts or otherwise communicate with us. Please note that the provision of such data is optional and you may choose what personal data you would like to share with us.

  2. Sensitive Data. We DO NOT collect, under any circumstances, any special categories of personal data (“sensitive data”) from you, such as your health information, opinion about your religious and political beliefs, racial origins, membership of a professional or trade association, or information about your sexual orientation.

  3. Failure to provide personal data. If you fail to provide us with the personal data when requested, we may not be able to perform the requested operation and you may not be able to use the full functionality of GrowBig, receive the services provided through GrowBig, or get our response. 


  1. Technical data. When you use GrowBig, we may automatically collect certain technical non-personal data about your use of GrowBig. Such technical data does not allow us to identify you in any manner. The non-personal data collected by us includes information about: (i) the type of your device; (ii) operating systems and browsers used by you; (iii) your browsing patterns; (iv) URL addresses of websites clicked to and from GrowBig; (v) crash report data; and (vi) your other online behavior data. 
  2. Fitness data. While using the App, you can log your fitness-related data, including (i) exercises performed, (ii) repetitions, (iii) duration, (iv) weights used, (vi) rest time, (vii) age, (viii) your weight, (ix) your body measurements, (x) LBN, and (xi) gender. We will use such non-personal fitness data to enable you to use the full functionality of the App, e.g., calculate the calories burned during a workout and visualize your fitness progress.
  3. Your feedback. If you contact us, we may keep records of any questions, complaints or compliments made by you and the response, if any. Where possible, we will de-identify your personal data. Please note that de-identified personal data is also considered to be non-personal data.
  4. Purposes of non-personal data. We will use non-personal data in furtherance of our legitimate interests in operating GrowBig, conducting our business activities, and developing new products. More specifically, we collect the non-personal data for the following purposes:

  1. Aggregated data. In case your non-personal data is combined with certain elements of your personal data in a way that allows us to identify you, we will handle such aggregated data as personal data. If your personal data is aggregated or de-identified in a way that it can no longer be associated with an identified or identifiable natural person, it will not be considered personal data and we may use it for any business purpose.


  1. Your use of GrowBig is subject to this Privacy Policy. Before you start using the App, we will ask you to review this Privacy Policy. We also encourage you to review the Privacy Policy before browsing the Website and submitting any personal data to GrowBig. By using the App, you agree to be bound by the terms of our Privacy Policy, applicable laws, and Internet policies.
  2. In some cases (where required by the applicable law), we may seek to obtain your consent for the processing of your personal data. For example, we may seek your prior consent for the following purposes:

  1. NEWSLETTERS AND Marketing communication

  1. Marketing messages. From time to time, we may send you marketing-related messages, such as newsletters, brochures, promotions and advertisements informing you about our new services. Please note that you will receive such marketing messages or be contacted by us for marketing purposes only if:
  1. Informational notices. From time to time, we may send you informational notices, such as service-related, technical or administrative emails, information about GrowBig, your privacy and security, and other important matters. Please note that we will send such notices on an “if-needed” basis and they do not fall within the scope of direct marketing communication that requires your prior consent.

  1. Retention Period

  1. Retention of personal data. We will store your personal data in our systems only for as long as such personal data is required for the purposes described in this Privacy Policy, you request us to delete your personal data, or until your user account is deleted - whichever comes first. After your personal data is no longer necessary for its purposes and there is no other legal basis for storing it (e.g., we are not obliged by law to store your personal data), we will immediately delete your personal data from our systems.
  2. Retention of non-personal data. We may retain non-personal data pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include keeping non-personal data after you have deactivated your account for the period of time needed for us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.
  3. Retention as required by law. Please note that, in some cases, we may be obliged by law to store your personal data for a certain period of time. In such cases, we will store your personal data for the time period stipulated by the applicable law and delete the personal data as soon as the required retention period expires.

  1. SharING And DisclosING Data

  1. We do not sell available personal data to third parties. In some instances, we are obliged to comply with court orders and government requests and provide personal data or parts of it to authorized bodies. We may also disclose or access personal data whenever we believe in good faith that the law so requires, such as to comply with a litigation, or that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or if we otherwise consider it necessary to do so to maintain service and improve our products and services.
  2. Sharing personal data. In some circumstances, we disclose your personal data to third party service providers (data processors) and other third parties. For example, we may share your personal and non-personal data with entities that provide certain technical support services to us, such as web analytics, data processing, advertising, email distribution, and developing services, or if you explicitly request us to disclose the personal data. The disclosure of your personal data is limited to the situations when such data is required for the following purposes:
  1. Data processors. We will share your personal data only with the third parties that agree to ensure an adequate level of protection of personal data that is consistent with this Privacy Policy and the applicable data protection laws. The third parties (data processors) that may have access to your personal data include, but are not limited, to:
  1. Sharing of non-personal data. We may disclose or use non-personal data and de-identified data for any purpose. For example, we may share it with prospects or partners for business or research purposes, for improving GrowBig, or developing new products and services.

  2. Legal requests. If necessary, we will respond to lawful requests from public authorities to disclose information about the users of GrowBig to the extent necessary for pursuing a public interest objective, such as national security or law enforcement.
  3. Successors. In case our business is sold partly or fully, we will provide your personal data to a purchaser or successor entity and request the successor to handle your personal data in line with this Privacy Policy.

  1. Transfer of personal data outside the EU

Some of the third parties listed in Section 7 of this Privacy Policy are located outside the European Union (EU) and, if you reside in the EU, we may need to transfer your personal data to jurisdictions outside the EU. In case it is necessary to make such a transfer, we will make sure that the jurisdiction in which the recipient third party is located guarantees an adequate level of protection for your personal data (e.g., the country in which the recipient is located is white-listed by the European Commission or the recipient is a Privacy-Shield certified entity) or we conclude an agreement with the respective third party that ensures such protection (e.g., a data processing agreement based on the Standard Contractual Clauses provided by the European Commission).

  1. Security

  1. Our security measures. We endeavor to maintain appropriate physical, procedural and technical security measures with respect to our offices and information storage facilities so as to prevent any loss, misuse, unauthorized access, disclosure, or modification of personal data, which also applies to our disposal or destruction of personal data. The security measures taken by us include secured networks, limited access to your personal data by our staff, and anonymization of personal data (when possible). We keep the personal data we collect about you strictly confidential. Only authorized personnel have access to such data. All data related to GrowBig, including personal data, is stored on a third party storage service provider whose security measures and policies are of a highest standard. In order to ensure the security of your personal data, we kindly ask you to use GrowBig through a secure network only.
  2. Handling security breaches. Although we put our best efforts to protect your personal data, given the nature of communications and information processing technology and the Internet, we cannot be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your personal data caused by circumstances that are beyond our reasonable control. In case a personal data breach occurs, we will inform our local data protection authority, namely, the Bulgarian Commission for Personal Data Protection, without undue delay and immediately take reasonable measures to mitigate the breach, as required by the applicable law. Our liability for any security breaches will be limited to the highest extent permitted by the applicable law.

  1. EXERCISING Your Rights

  1. What rights do you have? Individuals located in certain countries, including the EU, have certain statutory rights in relation to their personal data. Subject to any exemptions provided by law, you may ask us to:

  1. How to exercise your rights? If you would like to exercise your rights listed above, please contact us by email at and explain in detail your request. In order verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information, so that we would be able to identify you in our system. We will answer your request within a reasonable timeframe but no later than 2 weeks. Your requests can be submitted free of charge once per calendar year. If you submit your requests more than once per year, we reserve the right to charge a small administrative fee for providing the requested information.

  2. How to launch a complaint? If you would like to launch a complaint about the way in which we handle your personal data, we kindly ask you to contact us first and express your concerns. After you contact us, we will investigate your complaint and provide you with our response as soon as possible. If you are a resident of the EU and you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.



GrowBig is intended for a general audience and is not targeted at children. We take children’s online safety very seriously, and we do not knowingly collect children’s personal data. If we ever learn that the personal data collected by us belongs to a person under the age of 16, we will immediately remove such personal data, unless it is provided with the verifiable parental consent and is otherwise in compliance with relevant laws.


  1. Do we use cookies? GrowBig uses cookies. In this section, you can find information about the types of cookies that we use and the purposes for which the cookies are used. If you do not agree with our use of cookies, please disable your cookies as described in the section “How to disable cookies?”. Please note that the full functionality of GrowBig may not be available without cookies.
  2. What is a cookie? A cookie is a small piece of data, typically consisting of letters and numbers. When you visit a website, the website may send a cookie to your browser. Subsequently, the browser may store the cookie on your computer or mobile device. Cookies are designed to allow the recognition of user’s device and collection of certain information about the use of a website. Thus, over time, cookies allow websites to “remember” your actions and preferences. There are two types of cookies, namely, (i) persistent cookies, which remain valid until their expiration date, unless deleted by the user before that date, and (ii) session cookies that are stored on a web browser and remain valid until the moment the browser is closed. Cookies may also be (i) first-party cookies (set by the website itself) and (ii) third-party cookies (placed by third-party websites).
  3. What cookies do we use? The table below provides an overview of the cookies used by us, including their purposes and expiration time.






First-party Google Analytics session cookie

1 minute

Used to throttle request rate


First-party Google Analytics cookie

2 years

Distinguishes users


First-party Google Analytics cookie

24 hours

Distinguishes users


Third-party Facebook targeting/remarketing cookie

End of session

Delivers advertising on Facebook to people who have already visited GrowBig


First-party essential cookie

End of session

Ensures security and prevents CSFR attacks


First-party essential cookie

2 hours

Tracks the session, identifies unique users and keeps logged in credentials.

  1. For what purposes do we use cookies? We use cookies for the following purposes:  

  1. Cookie consent. When you use GrowBig for the first time, we may ask you to provide us with your consent to our use of cookies.
  2. How to disable cookies? If you would like to refuse our use of cookies on the Website, you can do it at any time by declining cookies in your browser or device (please check your browser’s or device’s “help” functionality for more information) or visiting for further information. Please be aware that some parts of the Website may not function properly without cookies. If you would like to disable cookies in the Application, please consult the “settings” section of your device.
  3. Google Analytics. We use Google Analytics, the service provided by Google, Inc. (“Google”) to analyze your use of GrowBig. Google Analytics generates statistical and other information by means of cookies and we use its services to create reports about your use of GrowBig. Google Analytics cookies are anonymous first-party cookies. Such cookies include cookies entitled “_gat”, “_gid”, and “_ga”. Please note that the use of Google Analytics cookies is anonymous and does not allow us to identify you in any manner. The information generated by cookies about your use of GrowBig (including your IP address) will be transmitted to and stored by Google on servers in the United States. Please note that your IP address will be anonymized and Google will not combine your IP address with other information Google holds about you. Thus, Google will not be able to identify you. In certain cases (e.g., when required by law or when third parties conduct services on behalf of Google), Google may transfer the information to third parties. For more information about Google Analytics’ privacy practices, please visit
  4. Opting-out from Google Analytics. If you would like to opt out from Google Analytics, you can do so by installing a Google Analytics opt-out browser add-on available at For more information on opting-out from advertising features on your device, please visit


  1. This Privacy Policy enters into force on the effective date indicated at the top of the Privacy Policy and remains valid until terminated or updated by us.
  2. We reserve the right to change our Privacy Policy at any time with or without prior notification to you. The current version of Privacy Policy is available on the Website indicating the effective date. If the changes to the Privacy Policy are significant in nature, we will notify you by e-mail (if it is available) or through the App, prior to the changes becoming effective. Where necessary, we will seek your prior consent to the amended Privacy Policy. You are encouraged to periodically check our Privacy Policy.


If you have any questions regarding our Privacy Policy and how your personal data is handled, or you wish to access, amend, or update your personal data or exercise your other rights, please feel free to contact us by email at or Our postal address is:


Vitosha Park - Simeonovo

bl.Roza, vh.A, et.2

Sofia 1000