Last Updated: September 23, 2018
Your privacy is important to us.
– We’ll refer to all the services we provide (including the Site, the App, and other health, fitness and nutrition services), individually and collectively, as the “Services”.
– We’ll refer to Garten as “Garten” or “we” or “us” or “our”.
– We’ll refer to you, the person or entity accessing our Site, as “you” or “your”.
What is a Data Controller? For general data protection regulation purposes, the “Data Controller” means the organization who decides the purposes for which, and the way in which, any Personal Information is processed. Our customers are the Data Controllers.
What is a Data Processor? A “Data Processor” is an organization which processes Personal Information for a Data Controller. We are the Data Processor for our customers. As a Data Processor, we are bound by the requirements of the General Data Protection Regulations (the “GDPR”).
What is Data Processing? Data processing is any operation or set of operations (whether automated or not) performed upon Personal Information. Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organizing, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction.
What is Personal Information? Personal information is any information which is about you, from which you can be identified. Personal Information includes information such as an individual’s name, address, telephone number, or e-mail address. Personal Information also includes information about an individual’s activities, such as information about his or her activity on Site or our Services, and demographic information, such as date of birth, gender, geographic area, and preferences, when any of this information is linked to personal information that identifies that individual. Personal Information does not include “aggregate” or other non-personally identifiable information. Aggregate information is information that we collect about a group or category of products, services, or users that is not personally identifiable or from which individual identities are removed.
How do we collect Personal Information?
All of the information and data we collect from you will be referred to collectively as “Personal Information.” Our primary goals in collecting information are to provide, and improve, our Site and our Services. In our service as a Data Processor, we collect Personal Information from Data Controllers in several ways:
• Information that you provide to us. This may include:
o Your first and last name, username and email address
o Your company’s name
o Your (and/or your company’s) physical address.
o Other information about you which you choose to provide us through our Services (including, for example, your birthdate and/or phone number, your picture, your food preferences, etc.)
o Other information about your company which you choose to provide us through our Services (including, for example, inventory, product requests, equipment, etc.)
• Information that third parties may provide to us.
o Customers who elect to connect their payment processors to us using their payment processor’s official integrations allow us to collect relevant data directly from the payment processor if it exists.
• Aggregate information about the use of our Site and our Services (“Log Data”).
o Log Data could include information such as your Internet Protocol (IP) address (the unique numerical address assigned to a computer as it logs on to the internet), browser type, operating system, the web page that you were visiting before accessing our Site, the pages or features of our Site which you browsed and the time spent on those pages or features, search terms, the links on our Site that you clicked on and other statistics. We use Log Data to administer our Site and our Services, and we analyze (and may engage third parties to analyze) Log Data to improve, customize and enhance our Site and our Services by expanding their features and functionality and tailoring them to your (and other users’) needs and preferences.
o If you access our Site using a mobile device, we may collect information such as a device identifier, user settings and the operating system of your device, as well as information about your use of our Services. When you use our App, we may collect and store information about your location by converting your IP address into a rough geo-location or by accessing your mobile device’s GPS coordinates or coarse location if you enable location services on your device. We may use location information to improve and personalize our Services for you. If you do not want us to collect location information, you may disable that feature on your mobile device.
• We may also permit third-party online advertising networks to collect information (through Cookies or similar tracking technology) about your and others’ use of our Services and any of your mobile or web applications, in order to allow those third-party networks to display ads that may be relevant to your interests on our Services as well as on other websites or apps.
o You may be able to opt-out from allowing those third-party online advertising networks to collect information; please see the “Your Choices” section below.
Please note that if you decide not to provide us with the information we request, you may not be able to access all of the features of our Site or Services.
What do we use your Personal Information for?
– To operate, maintain, and provide to you the features and functionality of the Services.
– To compile statistics and analysis about your and other customers’ use of our Site and our Services.
– To personalize your experience — your Personal Information helps us to better respond to your individual needs.
– To improve our Site and our Services — we continually strive to improve our site offerings based on the information and feedback we receive from you.
– To improve customer service — your Personal Information helps us to more effectively respond to your customer service requests and support needs.
– To send periodic emails — the email address you provide may be used to send you information, notifications that you request about changes to our Services, to alert you of updates, and to send periodic emails containing information relevant to your account.
– If you purchase our Services, then to enable you to purchase, renew and appropriately use our Services.
– We may also use Personal Information you provide to contact you regarding products, services, and offers that we believe you may find of interest. We allow you to opt-out from receiving marketing communications from us as described in the “Your Choices” section below.
We may also use your Personal Information where necessary for us to comply with a legal obligation, including to share information with government and regulatory authorities when required by law or in response to legal process, obligation, or request. See further information below under “Do we disclose any information to outside parties?”
We will request your consent before we use or disclose your Personal Information for a materially different purpose than those set forth in this Policy. Consent may be obtained by any legally sufficient method. For example, depending on the circumstances and applicable laws, consent may be obtained by providing you with notice and the opportunity to opt-out.
Your Choices About Your Personal Information
In addition, you may opt out of allowing third-party online advertising networks to collect information from our Site by adjusting the browser “settings” on your computer or mobile device. Please refer to your mobile device or browser’s technical information for instructions on how to delete and disable cookies, and other tracking/recording tools. Depending on your type of device, it may not be possible to delete or disable tracking mechanisms on your mobile device. Note that disabling cookies and/or other tracking tools prevents Garten or its business partners from tracking your browser’s activities in relation to the Service, and for use in targeted advertising activities by third parties. However, doing so may disable many of the features available through the Services. If you have any questions about opting out of the collection of cookies and other tracking/recording tools, you can contact us directly.
How do we protect your Personal Information?
Garten cares about the security of your Personal Information. To help protect your privacy and security, we take reasonable steps (such as requesting a unique password to verify your identity before granting you access to your account), and we use commercially reasonable safeguards to preserve the integrity and security of all information collected through the Services. Garten cannot, however, ensure or warrant the security of any information you transmit to Garten or guarantee that information on the Services may not be accessed, disclosed, altered, or destroyed. And you are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to your communications from Garten. Your privacy settings may also be affected by changes to the functionality of third-party sites and services that you add to the Garten Service, such as social networks. Garten is not responsible for the functionality or security measures of any third party. Upon becoming aware of a breach of your Personal Information, we will notify you as quickly as we can and will provide timely information relating to the breach as it becomes known in accordance with any applicable laws and regulations or as you may reasonably request.
Who at Garten may access your Personal Information?
Designated members of our staff may access Personal Information to help our customers with any questions they have, including help using our Services, investigating security issues, or following up on bug fixes with a customer. This activity is logged in our system for compliance, and we maintain different levels of access for its employees depending on their role in our company.
Do we disclose any information to outside parties?
– We may share your Personal Information with other companies owned by or under common ownership as Garten, which also includes our subsidiaries (i.e., any organization we own or control).
– We may disclose your Personal Information to third-party service providers (for example, payment processing and data storage and processing facilities, or identifying and serving targeted advertisements, content or service fulfillment, or providing analytics services) that assist us in our work.
o We limit the Personal Information provided to these service providers to that which is reasonably necessary for them to perform their functions, and we require them to agree to maintain the confidentiality of such Personal Information.
– We may contract with third-party service providers to assist us in better understanding our Site visitors.
o These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.
– We may also release your Personal Information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our or others’ rights, property, or safety.
– If you ask us to do so, we may share your Personal Information with the public and other users of the Services. Any information or content that you voluntarily disclose for public posting to the Service, such as user-generated content, becomes available to the public. If you remove information that you posted to the Services, copies may remain viewable in cached and archived pages of the Service, or if other users of the Services have copied or saved that information.
– We may also share certain information such as your location, browser and cookie data and other data relating to your use of our Services with our business partners to deliver advertisements (“ads”) that may be of interest to you.
– Your Personal Information may also be transferred to another company in the event of a transfer, change of ownership, reorganization or assignment of all or part of our businesses or assets.
o This will occur if the parties have entered into an agreement under which the collection, use and disclosure of the information is limited to those purposes of the business transaction, including a determination whether or not to proceed with the business transaction. You will be notified via email or prominent notice on our websites for thirty (30) days of any such change in ownership or control of your personal information or as otherwise may be required or permitted by law.
How do we handle global transfers and processing of your Personal Information?
Principle of Onward Transfer
In the context of an onward transfer of data to a third party, a Privacy Shield organization has responsibility for the processing of Personal Data it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. We shall remain liable under the Principles if its agent processes such Personal Data in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.
Retention of your Personal Information
We retain your Personal Information for as long as we need to fulfill our Services. In addition:
• We may keep data linked to cookies and other online identifiers up to three years.
• If we are involved in litigation or a governmental or regulatory investigation, then we keep data throughout the period of litigation or investigation and for 5 years after that. If a settlement means that we have to keep data for longer, then we keep data for the period required to administer the settlement. If we provide data to law enforcement agencies, then we keep a record of this for one year beyond the end of the investigation.
Children’s Online Privacy Protection Act Compliance
Our Site, products and services are all directed to people who are at least 18 years old or older. We strive to comply with the requirements of COPPA (Children’s Online Privacy Protection Act). If this server is in the United States, and you are under the age of 13, do not use this site. We do not knowingly collect personal information from children under the age of 18 or your country’s age of minority. If you nevertheless believe that your child has provided us with their personal information, please contact us and we will delete it.
Other rights you have include the rights to:
– Ask for a copy of your Personal Information.
o This is known as a Subject Access Request. If you would like a copy of some or all your Personal Information, please email firstname.lastname@example.org.
– Ask us to correct your Personal Information.
o It is your right to lodge an objection to the processing of your Personal Information if you believe that the legal ground “relating to your particular situation” applies. The only reasons we will be able to deny your request is if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defense of a legal claims.
– Ask us to transfer your Personal Information to other organizations.
– Ask us to erase certain categories or types of information.
o If you choose to remove your Personal Information, you acknowledge that we may retain archived copies of your Personal Information in order to satisfy our legal obligations, or where we reasonably believe that we have a legitimate reason to do so.
– Ask us to restrict certain processing.
o You have the right to object to processing of Personal Information. Where we have asked for your consent to process information, you have the right to withdraw this consent at any time.
– “Opt out” of certain sharing of Personal Information.
o You may limit or “opt out” of our sharing your Personal Information with third parties.
In compliance with the Privacy Shield Principles, we are committed to resolving any complaints about our collection or use of your Personal Information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact our Privacy Officer as follows: Garten, Inc., Attn: Privacy Officer, 1845 Rollins Road, Burlingame, CA 94010; or email@example.com. If we are unable to satisfactorily resolve any complaint relating to the Privacy Shield, or if we fail to acknowledge your complaint in a timely fashion, you can submit your complaint to TRUSTe, which provides an independent third-party dispute resolution service based in the United States. TRUSTe has committed to respond to complaints and to provide appropriate recourse at no cost to you. To learn more about TRUSTe’s dispute resolution services or to refer a complaint to TRUSTe, visit here. If neither we nor TRUSTe resolves your complaint, you may pursue binding arbitration through the Privacy Shield Panel. To learn more about the Privacy Shield Panel, visit here.
California Residents’ Additional Rights
If you are a California resident, you may request and obtain from us, once a year, free of charge, a list of third parties, if any, to whom we have disclosed Your Information for direct marketing purposes during the preceding calendar year, and the categories of Your Information shared with those third parties. If you are a California resident and wish to obtain that information, please submit your request by sending us an email at firstname.lastname@example.org with “California Privacy Rights” in the subject line or by writing to us at 1845 Rollins Road, Burlingame, CA 94010.
Attn: Privacy Issues
1845 Rollins Road
Burlingame, CA 94010