This Policy applies to our “Service” which includes:
Your use of our Service indicates your acknowledgement of the practices described in this Policy.
We provide the Service and process information on behalf of organizations that have entered into a services agreement with us (our “Clients”). When our Service is provided pursuant to a Client agreement, we may process Personal Data (defined below) relating to a Client’s internal users of the Service, as well as registered or public users of the Service (“Users”).
In order to provide our Service, we may collect and process information that relates to identified or identifiable individuals (“Personal Data”). For example, we may collect Personal Data such as:
We typically collect Personal Data and other data from you, and use that information in the following ways and as otherwise communicated to you from time to time:
If you are browsing menu information on our Service, you may generally do so anonymously, and are not required to create an account or provide any Personal Data unless you wish to use the Service to provide feedback or place online orders for food. You may be presented with the option to register for an account in order to have the Service store or remember your preferences, favorite locations, payment information, to enable ordering, to enable or integrate other services, or for other similar purposes. If you do not register for an account and choose to browse menus anonymously, our Client Sites will still collect some of the information described in the “Cookies and Similar Technologies” section. If you elect to create an account, we may also collect the information described in the “Registration” and “Payments” section.
During account registration, we typically collect Personal Data such as your name, email, phone number, the name of Clients or food service locations that you regularly interact with (such as a local school, cafeteria or cafe), and any other information included on the registration form. We and our Clients use this information primarily to manage and support your account, to provide the Service, and for other internal account and customer management purposes.
Our Service may allow you to log in or register using a third-party single sign-on service such as Facebook or Google. This ‘single sign-on’ feature allows us to conveniently create an account for you and allows you to log in using familiar credentials. Through this process, we may collect your name, email, and other information provided to us by the single sign-on partner that align with account information we would collect without the service. We do not collect your contacts list or utilize other data or features from the third-party service beyond the basic information which facilitates account registration and single sign-on. We will not collect your password for that third-party service, so if you forget your password, please coordinate with the appropriate third party.
In the event you use a portion of the Service that requires payment, we may collect relevant payment information from you. The information we collect may vary depending on the Client and form of payment. For example, in the event we work with a prepaid account balance system, we may collect information such as your account number, name, and other required verification information; for an ACH bank transaction we would collect your bank account number and routing information. In the event we process a credit/debit card payment for purchases, we may collect your payment card number, expiration date, name, security code, address & zip code, and other information which may be requested by the card issuer or processor. Regardless of the information we collect, we will use this information only to process your payments or charge your account for purchases you make through our Service. Security for payment information is described in Information Security section below.
Depending on how you use and access our Service, we may collect certain information relating to your dining and diet preferences, order(s) you place through the Service, and similar information. We use this information so that we can provide our Service, process your orders, provide value to our Client(s), and better tailor our Service and the presentation of Clients’ information to your preferences in order to provide You with better convenience, information, transparency, and interactivity with respect to your dining experiences.
Through our Service, we may request your name, email address, phone number, organization/location, and/or other useful information from users of our Service who contact us for support or information through optional “contact us” forms or similar interfaces, or who sign up for updates about our product or our Clients’ services.
Generally, we present and process the same information through the Mobile App as we do on a Client Site website (e.g., with respect to payment information, account registration, feedback, etc.). Additionally, if you use our Mobile App, we may collect some additional device information so that we can ensure you have an optimal and consistent experience using the Mobile App.
In either the Mobile App or Client Site, we may request your consent to receive and process your location information to help you find a dining location, or to provide directions and wayfinding services. We do not permanently store your precise geolocation information on our servers. We may anonymously aggregate imprecise location information (e.g., town, state, country, etc.) in order for us and our Clients to analyze and better understand how people are using the Services and in order to improve it.
We may process information that you voluntarily provide in an optional account sign-up, contact form, order, or other form, such as your name, email address, and certain information about the device you use when you sign up for an account, for marketing communications from us or on behalf of our Clients, or from our Clients through our platform. We generally use this data or provide it to Clients to facilitate marketing communications such as emails or texts, and in order to tailor those communications to individuals’ preferences and requests. Additionally, we may process additional data about devices or software receiving those marketing communications to understand whether our emails are opened or other aspects of engagement with those communications. We acknowledge that your marketing communication preferences may change, and respect your rights to withdraw consent. See the “Your Choices” section below. We do not sell or share any contact information that you provide us with any third parties whose intent or interest may be in marketing services or products to you other than those provided by Us or the Client. See the “Data Sharing” section below.
Please note that some communications that are transactional in nature (e.g., receipts, confirmations, status updates, etc. related to your account or orders) may also include information that has a marketing purpose. These transaction-related communications are a necessary part of using the ordering features of the Services.
In order to obtain parental consent under the Children’s Online Privacy Protection Act (“COPPA”) and other privacy laws, we may collect the name and email address of a child and his/her parent(s) in order to send the parent a consent form or similar request for consent. This information will be used only in connection with the parental consent process, and will be deleted after a reasonable time if such consent is not received. Alternatively, if a Client is a qualified K-12 educational institution, we may rely on the Client to administer the services to children along with its representation to have obtained such consent prior to the minor using the Services, to the extent permitted by law.
We, and certain third parties who we have engaged for purposes below, may process technical data about you and your device (such as IP address, operating system information, web browser and version number, ISP or wireless internet provider, and other information about your connection to the Services or the device you are using) when you interact with cookies and similar technologies on our Corporate Site or a Client Site. We may also receive this data from third party partners to the extent allowed by the applicable partner. Please note that the privacy policies of the applicable third parties may apply to these technologies and information collected. We generally use this information as follows:
Note: Some of these technologies can be used by us and/or our third-party partners to identify you across services, devices, sites, and services. To understand how you can avoid or opt-out of such services, see the “Your Choices” section below.
If we process Personal Data in connection with our Service in a way not described in this Policy, this Policy will still apply generally (e.g. with respect to your rights and choices) unless otherwise stated when you provide it. Note that we may, without your consent, also process your Personal Data on certain public interest grounds. For example, we may process Personal Data as necessary to fulfill our legal obligations, to protect the vital interests of any individuals, or otherwise in the public interest. Please see the “Data Sharing” section which follows for more information about how we disclose Personal Data in both typical and extraordinary circumstances.
Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which that information was provided. We generally transfer data to the following categories of recipients:
Our business is to provide a platform for our Clients, who are food service providers, to market their program and foods, interact, and transact with their customers. When you access a Client Site, you are viewing content and information managed by the Client. We process data on behalf of Clients, and Clients may access Personal Data that you provide through the Service.
Like most modern web-based software platforms, Nutrislice uses cloud service providers such as Amazon Web Services and Salesforce/Heroku to operate and host the Services. Similarly, Nutrislice partners with reputable payment processing service providers to process payment information. In connection with our general business operations, product/service improvements, to enable certain features, and other legitimate business interests, we may transmit any technical data or Personal Data to service providers or subprocessors who we have engaged to provide data services, storage, and/or processing on our behalf.
In order to streamline certain business operations and develop products and services that better meet the interests and needs of our Clients and Users, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies.
Any Personal Data may be shared confidentially with the necessary parties in the event that we go through a business transition, such as a merger, acquisition, liquidation, assignment, or sale of all or a portion of our assets. For example, Personal Data may be part of the business assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential merger or acquisition.
We may disclose any Personal Data in accordance with your consent, or on certain public interest grounds. For example, we may process information as necessary to fulfill our legal obligations, to protect the vital interests of our Client(s) or any individuals, or other matters in the public interest.
Subject to our rights to limit or deny access/disclosure under applicable law, you have the following rights in your Personal Data. We may require that you provide additional Personal Data to exercise these rights, e.g. information necessary to prove your identity. Note: we are unable to directly fulfill rights requests regarding Personal Data controlled by Clients. Please contact the Client directly for data rights requests that relate to Client-controlled information, and we will assist the Client to the extent necessary in the fulfillment of your request as it pertains to data that we store. You may exercise your rights by contacting us using the information in the “Contact Us” section.
You may receive a list of your Personal Data that we process to the extent required and permitted by law.
You may correct any Personal Data that we hold about you to the extent required and permitted by law. You may be able to make changes to much of the information you provided directly via the Service via your account settings menu.
To the extent required by applicable law, you may request that we delete your Personal Data from our systems.
To the extent required by applicable law, we will send you a copy of your Personal Data in a common portable format of our choice.
Residents of California (and other states and provinces to the extent required by applicable law) may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year.
Subject to our right to continue to process your Personal Data to the extent allowed under applicable law, you have the following choices regarding the Personal Data we process:
If you consent to processing you may withdraw your consent at any time, to the extent required by law. You may be required to delete or close your account in order to withdraw consent where your consent is necessary to perform essential aspects of the Service or where consent may not be programmatically toggled on or off.
You have the choice to opt-out of or withdraw your consent to marketing communications. You may have a legal right not to receive any messages from third-parties in certain circumstances, in which case, you will only receive direct marketing communications if you consent. You may exercise your choice via any available links in the Services or communications, or by contacting us re: direct marketing.
We implement and maintain reasonable security measures to safeguard the Personal Data you provide us and strive to work with reputable cloud services providers who have suitable information security procedures and systems in place, and to have our own systems evaluated by 3rd party security experts. However, we sometimes share Personal Data with third parties in the circumstances noted above, and we do not have control over third parties’ security processes.
Except as permitted by the Children Online Privacy Protection Act (“COPPA”), we do not collect information from children under the age of 13 without first obtaining verifiable parental consent. Prior to obtaining such consent, we or our Client may collect the name and email address of a child and parent or guardian for the purposes of verifying consent to collect additional information from the child. To access our consent form, please contact us at the email address below with the words “COPPA consent form” in the subject line. If consent is not obtained within a reasonable time, we will delete the Personal Data related to the request from our records.
Please note, consistent with COPPA, we may respond to your child’s request made through our Service, provided we contact your child only once in response to the question and delete your child’s Personal Data afterwards.
We do not collect any more Personal Data than reasonably necessary or required by our Clients to participate in any given activity. Parents and guardians may request Personal Data we hold about their children, request deletion of such data, and may revoke their consent to collection of Personal Data from their children at any time. If we allow sharing of a child’s Personal Data with any third party other than Client, parents or guardians may elect to disallow sharing while allowing our collection and use of their child’s information. Please contact us at the address below to exercise any of the rights granted to you as a parent or guardian under COPPA.
To the extent required by California Law, we permit minors under the age of 18 to request the deletion of any content or information that the minor has posted or made publicly available through our Service (if any). To request that information you have made available on our Service be removed, please send a letter or email to the address below with (i) your name, (ii) a complete description of the content you would like removed, and (iii) the web address(es) of the content you would like removed. Please be aware that our fulfillment of this request does not ensure complete or comprehensive removal of the content or information you have posted on our Site.
If you are accessing our Service from outside of the United States, any information provided will be transferred to and stored by us or our service providers in the United States. Regardless of where your information is collected or transferred, the information will be treated in accordance with this Policy. You consent to such transfer through your use of the Service.
We will remove or anonymize Personal Data after a reasonable time following account deletion, (i) when we believe it is no longer necessary to retain the Personal Data for the purpose it was originally collected, (ii) at the request of the user or Client, or (iii) in accordance with any laws, rules, or agreements to which we are bound, except where the burden or expense of deleting information based on an individual’s request would be disproportionate to the risks to the privacy of the individual in the case in question or where rights or obligations of persons other than the individual would be violated. Unless otherwise required by law, backup copies of databases that include Personal Data which has been removed will be deleted after a reasonable retention period for such backups per our records retention policies; notwithstanding, it may not be feasible to extract or remove individual Personal Data from such backups prior to deletion of the backups themselves.