Effective Date: January 1, 2020
It is important that you take the time to read
Please also refer to our terms www.integrativenutrition.com/lp/privacypolicy (“Terms of Service”), which are incorporated as if fully recited herein. Defined terms not defined herein shall have the same definition as in the Terms of Service.
· What personally identifiable information is collected by Institute for Integrative Nutrition or by any third party through our website;
· How Institute for Integrative Nutrition uses this information;
· With whom Institute for Integrative Nutrition may share this information;
· What choices are available to you as a user of our website with respect to collection, use and distribution of the information; and
· What types of security procedures are in place to protect the loss, misuse or alteration of information under our control.
1. Information Collection and Use
IIN collects two different types of information through our website: anonymous information and personally identifiable information. IIN collects information that you provide to us under various circumstances, including when you complete a form, enroll in a course, join a Facebook group, enter a promotion, enroll in the Ambassador Network, or otherwise communicate with IIN.
Anonymous Information. We may collect and store anonymous, aggregate information (such as internet protocol (IP) addresses and the general physical location derived from it, browser types, search engines, internet service provider (ISP), referring/exit pages, platform/browser type, date/time stamp, and number of clicks) from all visitors to our website. You may search our website for general information provided through our website without ever submitting your name, email address or any other personally identifiable information. The anonymous information that we do collect from your visit is never linked to any of your personally identifiable information until you voluntarily submit that personal information, in which case some otherwise anonymous information may be connected to your website activity and personal account. Otherwise, the anonymous information is only used in the aggregate to analyze trends, administer the website, diagnose any problems, track a visitor’s movement in the aggregate, and gather broad demographic information for aggregate use. We may provide this anonymous information in aggregate form to other parties or use it for our own insight or marketing purposes. Our ability to use this information is not restricted in any way.
We also use “cookies” and “image tags” to collect certain usage information from all visitors to our website. A “cookie” is a small text file that a website can place on your computer’s hard drive or on your mobile device’s memory in order to collect information about your activities on our website. Our Sites use first and third party cookies. An “image tag,” also known as a clear GIF or web beacon, works together with cookies and is a small image file that may be located in various areas of our website. Most browsers automatically accept cookies, but you have the option to change your browser setting to decline them.
Accepting cookies in no way gives us access to your computer or any personal information about you, since cookies are not used to identify anonymous website visitors. Our cookies enable you to proceed smoothly through our website, offer you a more personalized experience, and know whether you’ve used it before, so as to eliminate some steps that apply to new visitors. Cookies also give us usage and analytics data like how often you visit, where you go on our website, and what you do while here.
Some browsers have a “do not track” feature that lets you tell websites that you do not want to have your online activities tracked. These features are not yet uniform, so we are not currently set up to respond to those signals.
2. Our Use Restrictions on Your Personally Identifiable Information
IIN does not sell, rent, or share personally identifiable information to or with any third party not affiliated with or owned by Institute for Integrative Nutrition, except service providers who may assist us in such areas as our promotions and data storage (See “Agents and Vendors,” below). Institute for Integrative Nutrition will never give or sell your personally identifiable information to unaffiliated third parties to be used for the purposes of sending you unsolicited commercial offers, such as spam. We may, however, use your personal information to send you information in e-mails from Institute for Integrative Nutrition.
3. Third Party Information about You
4. Our Agents and Vendors
5. Disclosure of Personal Information as Required By Law or Otherwise
We will disclose personal information when required by law, or if we have a good-faith belief that such action is necessary to (a) comply with a current judicial proceeding, a court order or legal process served on us or to comply with the request of a law enforcement agency, (b) protect and defend our rights, (c) protect the rights, property, and other interests of our users or others, or (d) operate our systems properly.
IIN takes commercially reasonable precautions to protect your personally identifiable information. However, given the nature of the Internet and the fact that network security measures are not perfect, we cannot guarantee the absolute security of your information. If we are required to provide notice to you of a data security breach, the notice will be provided in electronic form.
8. Your Consent and Notification of Changes
9. California Privacy Rights
A. Description of a California Consumer’s Rights under the CCPA
The CCPA applies to our practices with respect to PII of California residents. Under the CCPA, Consumers have certain rights regarding their Personal Information.
California consumers have the right to request that we disclose Personal Information we have collected about them in the previous 12 months including, but not limited to, the categories of information collected by us, the source(s) of such information by category, and the purpose for collecting such information. This right may not be exercised more than twice in a 12 month period. In the previous 12 months, we have collected the following categories of Personal Information about consumers:
Identifiers. Identifiers can be your name, mailing address, social security number, unique personal identifiers (device identifier, IP Address, cookies, beacons, pixel tags, mobile ad identifiers), account names, and similar information; We collect the identifiers from the consumers themselves, third parties, and automatic means;
Personal Information Under the California Customer Records Law (Cal. Civ. Code §1798.80) (“CCRLPI”);
Characteristics of Protected Classes. These characteristics can be your race, age, religion, ethnic origin, sexual orientation, gender, physical/mental disability, and similar information;
Commercial Information. Commercial information includes records of personal property, products or services purchased, obtained or considered, or other purchased or consuming histories or tendencies;
Internet/Network Activity. Internet Activity Information includes browsing history, cookies, search history and a consumer’s interaction with a website;
Geolocation Data. Geolocation Data includes GPS data; and
Inferences drawn from any other category of personal information.
We collect Personal Information in the above categories from the consumers themselves and by automatic means for the purposes described above, and as required to comply with applicable law.
As a California consumer, you also have the right to request that we tell you which of your Personal Information we have disclosed for a business purpose, or sold, in the previous 12 months. With respect to Personal Information being disclosed for a business purpose, the consumer shall receive the categories of information disclosed and the types of entities they have been disclosed to. This right may not be exercised more than twice in a 12 month period. For Personal Information being sold, this includes the categories of information being sold and the categories of third parties to whom it is being sold.
In the past 12 months, we have disclosed personal information falling under the following categories of Personal Information: Identifiers; CCRLPI; Characteristics of Protected Classes; Commercial Information; Geolocation Data; and Internet/Network Activity.
We disclose Personal Information in the preceding categories to the consumers themselves, to third parties as the consumer may direct, our service providers, and government/law enforcement agencies for the purpose it was provided/provision of Services, to comply with applicable law, and as otherwise described above.
If we were selling any of your Personal Information, you would have the right to opt out of the sale of your Personal Information.
You also have the right to request the deletion of the Personal Information that we have collected from you at any time. However, we may not be required to comply with such request under several circumstances including, but not limited to, when the data is necessary for the underlying transaction, to comply with applicable law, to detect security incidents, to debug glitches, and for our internal purposes.
In the event that you exercise one of your rights under the CCPA, you will not be discriminated by us in any way, including by the denial of goods or services, providing you a different level of goods or services, or charging you different prices or rates for the goods or services, unless the change in price is reasonably related to the value you receive from your personal information.
B. How do you exercise your rights under the CCPA?
Because we offer the Services exclusively online, you may submit your requests to exercise your rights under the CCPA by emailing us at email@example.com, please include “Request for Privacy Information” in the subject line.
We will do our very best to respond within 45 calendar days of receipt of your request, and in no event will our response come more than 90 days after receiving your request. If we are unable to provide our response within the first 45 day window, we shall notify you as soon as we become aware of the possible delay and provide an explanation of why additional time is needed to respond.
Before we respond to any CCPA based requests relating to your personal information, we will take steps to reasonably verify the identity of the person making the request (“Requestor”) to make sure it’s you, or your authorized agent. We do this to this avoid disclosing your information to third parties and bad actors, not to inconvenience you in any way. To do this, we will ask the Requestor to confirm at least two pieces of information that we have in our files. As the sensitivity of the information being requested goes up, we will ask the Requestor to confirm more pieces of information. If an agent is acting on behalf of the consumer, we will need to also verify the agent’s identity and their authority to act on the consumer’s behalf. For requests to delete information, after verification, we will confirm the consumer’s desire to delete one final time before actually deleting the information. If the identity of the Requestor cannot be reasonably verified, either as the consumer or their agent, then in order to protect that consumer, we shall not disclose the personal information requested.
10. Personal Data of UK, Northern Ireland, EU, and Swiss Residents
Our website is controlled and operated from the United States, and is not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States. We do not represent or warrant that the site or any part thereof is appropriate or available for use in any particular jurisdiction other than the United States. In choosing to access our website, you do so on your own initiative and at your own risk, and you are responsible for complying with all local laws, rules and regulations. We may limit our website’s availability, in whole or in part, to any person, geographic area or jurisdiction we choose, at any time and in our sole discretion.
Nevertheless, for users who are located in the United Kingdom, Northern Ireland, the European Union and Switzerland, all processing of such users’ personal data by us will be performed in accordance with privacy rights and regulations following the GDPR. Our legal bases for using and otherwise processing your PII are for the performance of a contract, where it is necessary for our legitimate interests, where we need to comply with a legal obligation, and where we have obtained your consent.
Under the GDPR you have a number of important rights. In summary, those include rights to:
• Fair processing of information and transparency over how we use your use personal information;
• Require the correction of any mistake in the personal information that we hold about you;
• Require the erasure of personal information concerning you in certain situations;
• Receive the personal information concerning you that you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to a third-party in certain situations;
• Object at any time to the processing of your personal information for direct marketing;
• Object to decisions being taken by automated means that produce legal effects concerning you or similarly significantly affect you;
• Object in certain other situations to our continued processing of your personal information; and
• Otherwise restrict our processing of your personal information in certain circumstances.
For further information on each of those rights, including the circumstances in which they apply, guidance is available from applicable data protection authorities. For example, the UK Information Commissioner’s Office (the “ICO”) has issued guidance on individuals’ rights under the GDPR: https://ico.org.uk/for-organisations/guide-to-the-general-data-protectio...
If you would like to exercise any of these rights, please:
• Email us at firstname.lastname@example.org;
• Provide enough information to identify you (e.g., name, email address);
• Provide proof of your identity and address (a copy of your driver’s license or passport and a recent utility or credit card bill); and
• Provide the information to which your request relates.
11. Opting Out
If for any reason you would like to be removed from our customer list, simply send an email to email@example.com or mail to 1133 Broadway, New York, NY 10010.
13. Children and Young People’s Information
We do not knowingly collect any information from any minors, and we comply with all applicable privacy laws including the GDPR, the CCPA, the USA Children's Online Privacy Protection Act (“COPPA”), and associated Federal Trade Commission (“FTC”) rules for collecting personal information from minors. Please see the FTC's website (www.ftc.gov) for more information. If you have concerns about this Site, wish to find out if your child has accessed our services, or wish to remove your child's personal information from our servers, please contact us at firstname.lastname@example.org. Our Site will not knowingly accept personal information from anyone under 13 years old in violation of applicable laws, without consent of a parent or guardian. In the event that we discover that a child under the age of 13 has provided PII to us, we will make efforts to delete the child’s information in accordance with the COPPA. If you believe that your child under 13 has gained access to our Site without your permission, please contact us at email@example.com.