This policy will be effective starting October 22, 2018
We will strive to process your personal information lawfully, fairly, and in a transparent manner. Your personal information will be collected for specified, explicit and legitimate purposes that align with the services you have requested and not further processed in a manner that is incompatible with the requested services. Our processing of your information shall be limited to that which is adequate, relevant and limited to what is necessary to provide you the requested services. Once we have processed or stored your information we will use reasonable efforts to assure your personal information is accurate, up to date, and eliminate inaccuracies we find or you notify us exist. We do not, however, assert, claim, or ensure the personal information you provide or is provided by others to us is accurate. We will use industry standard practices to for no longer than is necessary to provide you with requested services, or personal information may be stored for longer periods insofar as the personal information will be required for financial or legal reasons, or remains part of our normal archiving process when such information shall remain offline and not available to the public, or processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with GDPR Article 89(1). We implement industry standard practices to provide security and protect the confidentiality of your personal information against unauthorized or unlawful processing and against accidental loss, destruction or damage. We periodically update our standard practices which can be obtained upon request.
We will process your personal information when you provide consent in compliance with all State and Federal laws, when the processing is necessary to provide you the service you requested, to protect your vital interests or that of someone else, when necessary to accomplish a task in the public interest, and when necessary for us to perform standard business and technical processes where such processes do not override your rights or that of a minor. If we must process or store your personal information for any other reason we will notify you and request your consent if such consent is required.
1. Information You Provide to Us.
We store information you provide directly to us. For example, we collect information when you become a member; create an online account or profile; use the interactive areas and features of our Services; sign up for or participate in contests, promotions, surveys, or mailing lists, and when you provide information via email, phone calls, or otherwise communicate with us.
The types of information we may store include your name, address, phone number, fax number, email address, zip code, photos, videos, social media usernames, payment information, health information you provide or we collect from you related to diabetes management such as, but not limited to, blood sugar levels, insulin doses, meal consumption and reaction data, and other health history data (for example, previous A1C levels and lipid profiles among other data), information about your interests and preferences, and any other information you, at your sole discretion, choose to provide.
We will process and store your personal information while you continue to use the requested services. Upon termination of your use of the services, we will, through the normal course of business and IT processes, erase your personal information from active repositories and erase your personal information from archives and backup storage. The length of time the information is kept will be within industry standards for information purging and retention.
During our normal course of business we do not collect, process, or store personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric information for the purpose of uniquely identifying a natural person, health information, or information concerning a natural person’s sex life or sexual orientation. Should such personal information come into our possession or be processed by us from other sources, including you providing such information, we will erase this type of information upon your request or maintain such information upon your request with explicit consent by you. Only with your consent or for compelling reasons enumerated in GDPR Chapter 2 Article 2(2) or as compelled by law will we collect, store, or process such information.
We may share your personal information with third-parties, such as social media, payment processing, and software support service providers which will provide you with their privacy policies and terms and conditions for use. You will be prompted to provide opt-in consent for such sharing.
You understand and acknowledge that providing personal information may be a statutory or contractual requirement, or a requirement necessary to enter into a contract with us, as well as whether you are obliged to provide the personal information and the user of the site, services, or software may be denied as the result of a failure to provide such information.
2. Information We Collect Automatically.
In some cases, we may also collect information about you provided by other members of DugalHealth, such as when you receive a gift card from someone and we deliver it electronically or another member purchases products for you. Information may be captured based on your user profile and your interaction in the site and such information may be utilized by algorithms to enhance your user experience or supplement personal information. We will use this information to fulfill the request(s) and will not share such information with any third parties or use such information for marketing communications to you or your contacts unless you or they explicitly provide opt-in consent to receive these types of communications from us.
We may also automatically collect information about you when you access or use the Services or transact business with us. However, if such information is uniquely linked to you, we will present you with a clear and concise opt-in choice for such collection which will include specifying what information we will collect, which may include:
· Transaction Information: When you purchase a product, we collect information about the transaction, such as product details and the date and location of the purchase/return.
· Log Information: We obtain information about your use of our websites, including the type of browser you use, access times, pages viewed, your IP address and the page you visited before navigating to our Services.
· Device Information: We collect information about the computer or mobile device you use to access our Services, such as the hardware model, operating system and version, unique device identifiers, mobile network information, and browsing behavior.
· Location Information: We may collect information about your location when you access or use one of our mobile applications or otherwise consent to the collection of this information. For more details, please see "Your Choices" below.
We may use automated processing, including artificial intelligence, machine learning, and other techniques to process your information. We will not use any type of automated processing if such processing produces legal effects concerning you or similarly significantly affects you unless such processing is: (i) necessary for entering into, or performance of, a contract between the you and us; or (ii) authorized by the State of Montana or US or international law to which we are subject and which also establishes measures to safeguard the your rights, freedoms, and legitimate interests; or results from your explicit consent. In the case of (i) or (iii), we will implement reasonable measures to safeguard your rights, freedoms, and legitimate interests, and, where and when possible, involve human intervention on our part to express your point of view and to contest the decision. In the case of the most sensitive information, such as race, ethnicity, gender, and the like, we will provide industry standard measures to safeguard your rights, freedoms, and legitimate interests.
3. Our Use of Information for Internal Purposes.
We use the information we collect about you for a variety of purposes, for example, to:
· administer your membership and communicate with you about member benefits;
· provide and deliver products and services, process and complete transactions and send you related information, including purchase confirmations, invoices, updates, and support and administrative messages;
· provide, maintain, and improve the Services;
· investigate and prevent fraudulent transactions and other illegal activities;
· respond to your comments and questions and provide customer service;
· communicate with you about the Site and partner products, services, offers, promotions, news, upcoming events, and other information we think will be of interest to you;
· monitor and analyze trends, usage and activities;
· personalize the Services and provide advertisements, content, or features that are targeted toward your interests;
· process and deliver contest or sweepstakes entries and prizes;
· link or combine with other information we receive from third parties to help understand your needs and provide you with better service; and
· carry out any other purpose for which the information was collected.
We are based in the United States and the information we collect is governed by United States of America law. By accessing or using our Services or otherwise providing information to us, you consent to the processing and transfer of information in and to the U.S.
4. Our Disclosure of Personal Information to Third Parties.
We may share personal information about you outside of the Site, but only with your consent gained when we notify you. Some of this information sharing is required to process your request and provide you with service which means that withholding consent may prevent us from processing your request. Such information may include sharing for the following reasons:
· allow third parties to complete transactions or perform services on our behalf;
· to selected companies we believe may offer products and services of interest to you, which we allow to contain you after we gain your consent in advance;
· with various third parties who help us provide, maintain and improve the Website and the services we provide and the services and products we offer and sell;
· with third parties where you sign up for and participate in the interactive areas of our Services (certain information about you may be displayed publicly on our Services and on third-party sites, such as your photos, stories, posts, product reviews, wish lists and other information you choose to provide);
· during negotiations of a corporate business transaction such as a merger or acquisition of all or a portion of our business to another company, joint venture, corporate reorganization, insolvency or bankruptcy, financing or sale of company assets but such sharing in these instances will be done under a Non-Disclosure Agreement that prevents your personal information from be obtained or retained by the other party;
· where a request for information is made in accordance with any applicable law, regulation or legal process, or as otherwise required by any applicable law, rule or regulation;
5. Our Disclosure of Non-Personal Information to Third Parties.
We may disclose non-personal Information, in aggregate and anonymized form or format, to potential strategic partners, advertisers, investors, customers, and others. You may opt-out of the sharing of this information if the information shared uniquely identifies you or you desire not to be included in the anonymized data.
6. Third Party Advertising, Analytics and Services.
7. Social Sharing Features.
The Services may offer social sharing features or other integrated tools, which let you share actions you take on the Services with other media, and vice versa. The use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the third party that provides the social sharing feature. For more information about the purpose and scope of information collection and processing in connection with social sharing features, please visit the privacy policies of the third parties that provide these features.
8. Control Over Your Information.
You have the right to request from us access to and rectification or erasure of personal information or restriction of processing concerning your personal information as well as the right to data portability. You may update or correct your online account information by logging into your online account and updating your information or by calling Customer Service. You may also email us at firstname.lastname@example.org if you wish to deactivate your online account but note that we may retain information about you for legitimate business purposes or as required by law. You have the right to obtain from us without undue delay rectification of inaccurate personal information concerning you. Taking into account the purposes of our processing of your information and our regular business and technical processes, you have the right to supply incomplete personal information, including by means of providing a supplementary statement.
You have the right to obtain from us the erasure of personal information concerning you without undue delay and we will have the obligation to erase personal information without undue delay when: (i) your personal information is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (ii) you withdraw your consent on which the processing is based providing there is no other legal ground for the processing or retaining of your personal information; (iii) you object to the processing and there are no overriding legal or legitimate grounds for the processing; (iv) we have inadvertently or unlawfully captured or processed your personal information; (v) your personal information must be erased in order to comply with a legal order issued by a court of proper jurisdiction or to comply with a statute to which we are subject; (vi) your personal information has been collected in relation to the offer of information society services referred to in GDPR Article 8(1). Where we have made your personal information public and are obligated to erase the personal information, we will, after taking account of available technology and the cost of implementation, take reasonable steps, including technical measures at our disposal, inform others which are processing or storing your personal information that you have requested the erasure by such others of any links to, or copy or replication of, your personal information. You acknowledge that such public information may never be completely erased despite our efforts. We may not be able to erase your information, specifically when continued processing or storage is necessary for: (i) exercising the right of freedom of expression and information; (ii) compliance with a legal obligation which requires processing or storage where such legal obligation stems from a legal order issued by a court of proper jurisdiction or compliance with a statute to which we are subject; (iii) reasons of public interest in the area of public health as specified in the GDPR; (iv) archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with those specified in the GDPR; (v) or to assert, exercise, or defend legal claims. We will act within one month unless the complexity and number of requests is excessive, in which case the time period may be extended up to two additional months but in such case, we will inform you.
If we intend to further process the personal information for any purpose other than that for which the personal information was obtained, we will provide you with information on that other purpose and with any relevant further information prior to the further processing. You may restrict us from processing your personal information if you inform us that you contest the accuracy of the information, or the processing is unlawful , you do not want the information erased, and you request restriction of the processing, or we no long require the personal information to provide the services for which the personal information was obtained but are required by you for the establishment, exercise, or defense of legal claims, or we have legitimate grounds that override your grounds for requesting restriction. If processing is restricted at your request, your personal information will only be processed with your consent, or for the establishment, exercise, or defense of legal claims, or to protect the rights of another natural or legal person for reasons of compelling public interest as deemed by the State of Montana or the U.S. Under all circumstances we will inform you prior to resuming the processing of your personal information. You will have the right to obtain from us information as to whether your personal information is being processed, and if so, (i) be informed of the purpose of the processing; (ii) be informed of the categories of personal information processed; (iii) be informed of the recipients or categories of recipient to whom the personal information have been or will be disclosed, if any; (iv) be aware, if possible, of the time period for which the personal information will be stored, or, if not possible, the criteria used to determine that time period; (v) be afforded the existence of the right to request from us, or a third-party, rectification or erasure of personal information or restriction of processing of your personal inform, or object to such processing; (vi) have the right to submit a complaint to us or the appropriate third-party; (vii) have the right to request the source of any information not collected directly from you; (viii) be notified if your personal information is utilized by algorithms to enhance your user experience or supplement personal information; and (ix) the right to obtain a copy of the personal information undergoing such processing and you agree to pay a reasonable fee if requested for a copy of your personal information being so processed providing obtaining such a copy does not adversely affect the rights and freedoms of others.
You will have the right to obtain from us information as to whether your personal information is being processed, and if so, (i) be informed of the purpose of the processing; (ii) be informed of the categories of personal information processed; (iii) be informed of the recipients or categories of recipient to whom the personal information have been or will be disclosed, if any; (iv) be aware, if possible, of the time period for which the personal information will be stored, or, if not possible, the criteria used to determine that time period; (v) be afforded the existence of the right to request from us, or a third-party, rectification or erasure of personal information or restriction of processing of your personal inform, or object to such processing; (vi) have the right to submit a complaint to us or the appropriate third-party; (vii) have the right to request the source of any information not collected directly from you; (viii) be notified if your personal information is utilized by algorithms to enhance your user experience or supplement personal information; and (ix) the right to obtain a copy of the personal information undergoing such processing and you agree to pay a reasonable fee if requested for a copy of your personal information being so processed providing obtaining such a copy does not adversely affect the rights and freedoms of others
You have the right to object to the processing of your personal information if such processing is performed in the public interest, or in the exercise of official authority vested us, or for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal information, in particular where the personal information is of, about, or in contains information about a child. If we process your personal information for direct marketing we will notify you prior or concurrent to such processing and you may object to processing of your personal information for such purpose. Where your personal information are processed for scientific or historical research purposes, or statistical purposes pursuant to GDPR Article 89(1), you may, on grounds relating to his or her particular situation, object to processing of your personal information, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
We will inform you and any third-parties when your personal information has been rectified or erased or is subject to a restriction of processing. We will inform you as to which third-parties we have contracted with as well.
You have the right to receive your personal information you provided to us in a structured, commonly used and machine-readable format of our choice and have the right to provide such information to any party of your choosing without restriction or hindrance from us. If practicable, and at our sole discretion, we may provide your personal information to a third-party upon your request. Receiving your information has no impact or relationship to decisions you may make regarding erasure of your personal information nor adversely affect the rights of others.
9. Promotional Communications.
You may opt out of receiving promotional communications from the Site by following the instructions in those communications or changing your preferences via your account preferences. If you opt out of receiving promotional communications, we may still send you non-promotional emails, such as emails about your purchases, account, membership or our ongoing business relations.
10. Location Information.
You also have the ability to turn location-based services on and off by adjusting the settings of your Internet browser or mobile device. You can also stop our collection of location information in connection with our mobile applications by following the standard uninstall process and removing all DugalHealth applications from your mobile device.
11. Mobile Push Notifications/Alerts.
With your consent, we may send promotional and non-promotional push notifications or alerts to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.
12. How We Protect Your Personal Information.
We consider protecting the security of your personal information as very important. We follow generally accepted industry standards to protect personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we do not guarantee absolute security. We are not responsible for the unauthorized acts of others and we assume no liability for any disclosure of information due to errors in transmission, unauthorized third-party access (such as through hacking) or other acts of third-parties or acts or omissions beyond our reasonable control.
13. Changes to this Policy.
The Site may change this Policy from time to time. If we make changes, we will notify you by revising the Effective Date above and, in some cases, we may provide you with more prominent notice (such as adding a statement to our homepage or sending you a notification). We encourage you to review the Policy to stay informed about our information practices and the ways you can help protect your privacy.
14. Contact Us.
If you have any questions, comments or concerns about this Policy or about our privacy practices, please send an email message to email@example.com . Should you wish to have your information erased or corrected, contact us as firstname.lastname@example.org with the subject line “Attention Data Protection Officer” and will then engaged the Office in responding to your request. You may also direct your privacy-related comments or questions to the following address: DugalHealth, 1146 South Spruce Drive, Bozeman, MT 59715.