Nutrislice

PRIVACY POLICY

Last Revised and Effective: 02.08.2021 | Download

Welcome to Nutrislice!

This Privacy Policy (the “Policy”) describes how we collect, use, and share your personal data, as well as your choices and rights with respect to that personal data.

Who We Are

This is the Privacy Policy of Nutrislice, Inc. (“Nutrislice,” “us,” “our,” or “we”). You can contact us and our Data Protection Coordinator, using the information in the “Contact” section below.

Applicability

This Policy applies to the Nutrislice software platform, pages, and services (collectively, the “Service”), including:

This Policy also applies to Nutrislice’s marketing website (the “Marketing Site”), located at https://nutrislice.com. Additional privacy information and policies, applicable only to the Marketing Site, are found here, which apply and are incorporated into this Privacy Policy if (and only if) you are using the Marketing Site. Some information in this Privacy Policy may explicitly or contextually only apply to Client Sites/Mobile App(s) and not to the Marketing Site.

Agreement

This Policy is incorporated into the Terms of Use governing your use of our Service. The Terms of Use that are applicable to a given Client Site (including Client Sites presented in a Mobile App) are generally presented along with this Privacy Policy for acknowledgment when you first visit the site, and are available via a link in the Client’ Site’s page footer. Any capitalized term not defined in this Policy will have the definition (if any) provided in our Terms of Use.

Please read this Privacy Policy carefully to understand how we handle your Personal Data. Following notice to you or your acknowledgement of this Privacy Policy (including any updates), your continued use of any of our Services indicates your consent to the practices described in this Privacy Policy.

Clients and Third Parties

Nutrislice provides our Service to and processes information on behalf of organizations (typically foodservice providers) that have entered into an agreement with us (our “Client(s)”) to do so. When our Service is provided on behalf of a Client, we may process Personal Data (defined below) relating to the Client’s internal users of the Service as well as registered or public users of the Service (“User(s)”). A Client will typically have direct access to Personal Data that is collected through the contracted Nutrislice Client Site(s) that they administer.

This Policy reflects only how we process Personal Data through our Service. This Policy does not apply to Nutrislice’s Clients’ own processing of information outside of the Service, which they may collect from the Service or independently. For more information on a Client’s privacy policies and practices, please contact the Client directly and/or request their privacy policy. A Client’s contact information can typically be found in the “Contact” section (or equivalent) of the Client Site. Similarly, this Policy does not apply to information received or processed by other third party website or services that you may visit outside of the Nutrislice Service, including any links to third party websites or content that a Client may include or embed in a Client Site. Please review any third parties’ privacy policies for information on their privacy practices.

Personal Data We Collect

We may collect and process information that relates to identified or identifiable individuals (“Personal Data”). We collect and process the following categories of Personal Data (note, specific Personal Data elements listed in each category are only examples and may change):

Identity Data

Personal Data about you and your identity, such as your name, ID number, username, and other Personal Data you may provide on registration, as part of an account profile, or during the checkout process for an order placed through the Service.

Order / Transaction Data

Personal Data we collect in connection with an order or purchase, including the details of your order or purchase, pickup or delivery times, and other similar information.

Contact Data

Personal Data used to contact an individual, e.g. email address(es), physical address(es), phone number(s), or social media or communications service usernames/handles, as well as a name or other salutation.

Financial Data

Personal Data relating to financial accounts or services, e.g. a credit card or other financial or billing account number, and other relevant information you provide in connection with a financial transaction.

Device/Network Data

Personal Data relating to your device, browser, or application e.g. IP addresses, MAC addresses, application ID/AdID/IDFA, identifiers from cookies, session navigation history and similar browsing metadata, and other data generated through applications and browsers, including cookies and similar technologies.

Preference Data

Personal Data relating to your preferences and interests, such as the types of food you may like or commonly order, dietary preferences or food selection criteria, or favorite locations/menus.

Client-Specific Data

Data collected from form fields that are customizable by our Client, which may include any category of Personal Data (and non-personal data) that Client otherwise configures the Service to collect from Users in order to fulfill an order or communicate with You regarding their services and products.

Freeform Data

Unstructured/free-form data that may include any category of Personal Data (and non-personal data), e.g. data that you give us in free text fields such as survey responses, feedback forms, or emails/comments to us or the Client.

Sources of Personal Data

We collect Personal Data in various ways, which vary depending on the context in which we process that Personal Data, as described below.

Data you provide to us

You may provide us or our Clients with Personal Data directly. We may collect any of the above categories of Personal Data when you submit it through our Service, for example, as part of account registration or when you place an order.

Data provided by third parties

We may receive certain Personal Data—including Identity Data, Contact Data, or Financial Data—from our Clients or from other third-party systems that we or a Client uses, integrates with, or imports data from in conjunction with the Nutrislice Service, for example, payment processing systems, point-of-sale systems, accounting systems, menu production systems, etc.

Data we create or infer

We (or third parties operating on our behalf) create and infer Personal Data, i.e. Inference Data or Aggregate Data, based on our observations or analysis of other Personal Data processed under this Privacy Policy, and we may correlate this data with other data we process about you.

Data collected automatically

We, our Clients, or third parties with whom we’ve contracted to provide specific systems or functions may collect certain Personal Data automatically, for example, Device/Network Data is typically collected automatically in server logs and through the use of cookies and similar technologies.

Processing of Personal Data

We typically collect Personal Data and other data from you, and use that information in the following ways, and for the general business and commercial purposes described below, or as otherwise communicated to you from time to time.

User Accounts

If you are only viewing menus or other information on the Service, you are typically not required to create an account. You may be prompted or required to register for an account in order to place orders for food, store and remember account information and preferences, or for other similar purposes. If you do not register for an account, our Client Sites will still collect the information described in the “Cookies and Similar Technologies” section. If you create an account, the Service will also collect the information described in the “Registration and Single Sign-on” section.

Registration and Single Sign-on

During account registration, the Service typically collects Personal Data including Identity Data, Contact Data, and Order/Transaction Data and any other information included on the registration form. Nutrislice and our Client use this information primarily to manage and support your account, to facilitate orders, transactions, and communication between you and the Client, to provide our Service, to support Client’s operations, and for other internal account management and customer support purposes.

If enabled, the Service may allow you to register, log in, and/or otherwise authenticate your identity using pre-existing account credentials for a third-party website or service. This optional service (may not be available on all Client Sites) is referred to as “single sign-on” or “SSO”. When you register or authenticate using SSO, we may collect Identity Data, Contact Data, and any other relevant information provided to us via the SSO partner. (We will not collect your password for that third-party service, so if you forget your password, please coordinate with the appropriate third party.)

Payments

In the event you use functionality of the Service that requires payment, we may collect relevant Identity Data and Financial Data from you. The specific information we collect may vary depending on the form of payment. For example, in the event we work with a third-party prepaid account system such as a campus card, we may collect information such as your account number, PIN, name, and/or other required verification information and/or have you authenticate directly with the third-party system. In the event we process a payment card for an ordering transaction, we, or the payment processor with which we have integrated, may collect your payment card number, expiration date, name, security code, zip code/address, and other information which may be required to verify your identity by your card issuer in order to process the payment and remember your payment card for future transactions. Regardless of the information we or our payment processing integration partners collect, we will use this information only to process your payments or charge your account for purchases you make through our Service.

Meal and Ordering Information

Depending on how you use and access our Service, and which features of the Service are enabled for a given Client, we may collect certain Order/Transaction Data relating to your order, as well as other information about your food and dietary preferences, previous orders, and similar information. We use this information so that we can provide our Service, place your order, recommend suitable meals, and better tailor our Service to your preferences.

Please note: we strive to make dietary information as accurate as possible, however, we cannot guarantee that this information is correct or that any food is free of particular ingredients or allergens.

“Contact Us” forms and Support Chat

If you contact Nutrislice through a “contact us” form, support chat, or through other communication channels provided in the Service, we may request your name, email address, phone number, organization name and/or any other information that enables us to provide you or our Client with effective service.

User Surveys/Feedback

We or our Client may optionally conduct periodic surveys via the Service or a linked or embedded third-party service, to request feedback or other information from you (e.g., about the software, food, service, etc.). The information that is collected may include your name and email, information about your preferences and opinions, and/or other information. If permitted, we or the Client may contact you directly with questions about your feedback or survey responses. The collected information, recipient(s), and intended uses may vary, so please review surveys and feedback forms carefully when providing Personal Information. If a third-party service is used for surveys or feedback, we do not directly receive or control the data you submit and the privacy policies of such third-party would apply.

Mobile App(s)

Generally, we process information through our Mobile App in the same way we do on a Client Site (with respect to account information, payments, etc.). Additionally, if you use a Mobile App that we provide, we may collect some additional Device Data so that we can ensure you have a consistent experience using the Mobile App and to enable additional mobile platform-specific functionality such as push notifications. Further, we may request access to and process your location information in the event you opt to use a Mobile App to locate a dining location or get directions. We do not permanently store your precise geolocation information outside the Mobile App, and we do not track location in the background (i.e., when you aren’t using specific location-enabled functions of the Mobile App.)

Transactional and Account-related Communications

We collect and process Personal Data and other information through our Service for use in connection with communications to you from us and/or our Client regarding your account, orders, or other business transactions and interactions you engage in through the application.

Marketing Communications

In accordance with applicable law, we may collect and process information such as your name, email address, and certain information about the device you use when you sign up for, or open, marketing communications from us or on behalf of our Clients. We generally use this data as necessary to provide marketing communications such as emails and in order to tailor those communications to individuals’ preferences and requests. Additionally, we may process additional data about devices receiving those marketing communications to understand whether our emails are opened or other aspects of engagement with those communications.

Parental Consent

In situations where we are required to obtain parental consent under the Children’s Online Privacy Protection Act (“COPPA”) or other privacy laws, we may collect the name and email address of a child and his/her parent(s) in order to send the parent a consent form or similar request for consent. This information will be used only in connection with the parental consent process and will be deleted after a reasonable time if such consent is not received. See the “Children’s Data and COPPA Compliance” section below for additional information regarding our child privacy policies and practices.

Cookies and Similar Tracking Technologies

We, and certain third party service provider partners that we have engaged to provide or enable functionalities of the Service, may process data about you and your device (such as IP address, operating system information, web browser and version number, ISP or wireless internet provider, and other information about your connection to the internet or the device you are using) when you interact with cookies and similar technologies. Please note that the privacy policies of such third parties may apply to these technologies and information collected. We generally use this information as follows:

  1. for “essential” or “functional” purposes, such as to enable certain features of the Service, or in order to maintain your logged-in state and session;

  2. for “analytics” and “personalization” purposes, consistent with our legitimate interests in how the Service is used or performs, how Users engage with and navigate through the Service, what sites “refer” a user to the Service, how often Users visit the Service, understand behaviors and characteristics of Users in certain locations, and other similar information, as well as to personalize and customize the Service based on geographic location or other information previously received from a User.

Note: Some of these technologies can be used by us and/or our third-party service provider partners to identify you across services, devices, sites, and services.

SMS (Text Messages) and Push Notifications

We may process Personal Data in order to send text messages and push notifications, for which you have opted in, to your personal device(s).

Other Uses of Personal Data

If we process Personal Data in connection with our Service in a way not described in this Policy, this Policy will still apply generally (e.g. with respect to your rights and choices) unless otherwise stated when you provide it. Note that we may, without your consent, also process your Personal Data on certain public interest grounds. For example, we may process Personal Data as necessary to fulfill our legal obligations, to protect the vital interests of any individuals, or otherwise in the public interest. Please see the “Data Sharing” section for more information about how we disclose Personal Data in extraordinary circumstances.

Business and Commercial Purposes of Processing

We process Personal Data for common business and commercial purposes, as described below:

Service Provision and Contractual Obligations

We process any Personal Data as is necessary to provide our Service, authenticate users and their rights to access the Service, or various data, features, or functionality, and as otherwise necessary to fulfill our contractual obligations to you and to our Client(s), and provide you and our Clients with requested information, features, and services.

Internal Processes and Service Improvement

We may use Personal Data we process through our Service as necessary in connection with our business interests in improving the design of our Service, for customer service purposes, in connection with logs and metadata relating to Service use, and for ensuring the security and stability of the Service. Additionally, we may use this data to understand what parts of our Service are most relevant to Users, how Users interact with various aspects of our Service, how our Service performs, etc., or we may analyze use of the Service to determine if there are specific activities that might indicate an information security risk to the Service, our Users or our Clients. We may also use this information in connection with the provision of new features, products, and analytics tools to be used by other Clients. This processing is subject to Users' rights and choices applicable to processing performed in accordance with our legitimate business interests.

Service Analytics

We use Personal Data processed through our Service to create aggregate analytics relating to Service Use. For example, we use Guest Users’ Personal Data to create aggregate analytics relating to trends in how Guests interact with our Clients, such as food and drink orders, product choices, common preferences, and other similar information. Service Analytics will not contain information from which an individual may be individually identified. These analytics may be made available to our Clients. This processing is subject to Users' rights and choices applicable to processing performed in accordance with our legitimate business interests and commercial uses of Personal Data.

Personalization

We process Personal Data in connection with our legitimate business interest in personalizing the Service. For example, the Service may be customized to you so that it displays your name, reflects service preferences, to suggest orders, or to display items that you have ordered or interacted with in the past, etc. This processing may involve the creation and use of Inference Data relating to your preferences. This processing is subject to Users' rights and choices applicable to processing performed in accordance with our legitimate business interests.

Transactional and Account-related Communications

We use Personal Data processed through our Service to communicate with you regarding transactions and account-related functions. Some transactional communications (for example, push notifications, and text messages for order status updates) are optional, and you may opt-in or opt-out of these. Other communications (for example, emails sent for email verification, password reset, and order confirmations) are mandatory if you wish to use the associated processes and functionalities provided by the Service.

Marketing Communications

We use Personal Data processed through our Service in connection with our, and with our Clients’ marketing communications. You may opt-in to these communications, or consistent with our legitimate business interests, we may send you marketing and promotional communications if you communicate with us about our Service, register for an account, or where otherwise permitted by law. We may also process Device/Network Data and Contact Data when you interact with our communications in connection with our interest in understanding communication response and open rates. This processing is subject to Users' rights and choices applicable to processing performed in accordance with our legitimate business interests.

Note: On occasion, Clients may independently engage third parties to conduct marketing campaigns outside of— but potentially in conjunction with—the Clients’ use of the Service, where incentives may be offered as inducements to enroll in Client programs, make purchases from the Client(s) via the Service, complete surveys, or take other actions. In such cases where we did not engage the third party and have no control over their activities, requests directed to Nutrislice to opt out of further communications may not be effective. Please contact the third party or our Client directly if this appears to be happening in your case.

Compliance, Health, Safety & Public Interest

Note that we may, without your consent or further notice to you, and to the extent required or permitted by law, process any Personal Data for purposes determined to be in the public interest, required by law, or as necessary in connection with the establishment or defense of our legal rights. For example, we may process information as necessary to fulfil our legal obligations, to protect the vital interests of any individuals, to establish claims for violations of applicable contracts, for authorized medical or public health purposes, or as otherwise in the public interest or required by a public authority. Please see the data sharing section for more information about how we disclose Personal Data in extraordinary circumstances.

Other Processing of Personal Data

If we process Personal Data in connection with our Service in a way not described in this Privacy Notice, this Privacy Notice will still apply generally (e.g. with respect to Users' rights and choices) unless otherwise stated when you provide it.

Data Sharing

Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which that information was provided. We generally transfer data to the following categories of recipients:

Clients

Nutrislice provides the Service, which processes data on behalf of our Clients, and any Personal Data you provide through the Service may inherently be shared with our Client who has engaged Nutrislice to host a given Client Site.

Service Providers

In connection with hosting the Service, our general business operations, product/service improvements, to enable certain features, and in connection with our other legitimate business interests or other business purposes, we may share your Personal Data with service providers or subprocessors who provide certain services or process data on our behalf or our Client’s behalf. As examples: we may use cloud-based hosting providers to host our Service; we may integrate analytics tools to provide business insights to our team or our Clients; we may integrate with a third party transactional system such as a payments processor to enable transaction processing or with a point-of-sale provider to enable a Client’s fulfillment operations.

Affiliated Entities

In order to streamline certain business operations and develop products and services that better meet the interests and needs of our Clients and Users, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies.

Business Transitions

Any Personal Data may be shared in the event that we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.

Legal Disclosures

In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime (including in connection with law enforcement or national security investigations), to investigate violations of our Terms of Use, or when in the vital interests of us or any person. Note that where applicable, these disclosures may be made to governments with jurisdiction over the Service or data, that do not ensure the same degree of protection of your Personal Data as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties.

Other Disclosures

We may disclose any Personal Data in accordance with your consent, or on certain public interest grounds. For example, we may process information as necessary to fulfill our legal obligations, to protect the vital interests of any individuals, or other matters in the public interest.

Your Rights

Subject to our rights to limit or deny access/disclosure under applicable law, you have the following rights in your Personal Data. We may require that you provide additional Personal Data to exercise these rights, e.g. information necessary to prove your identity.

Note: we are unable to directly fulfill rights requests regarding Personal Data controlled by Clients. Please contact the Client directly for data rights requests that relate to Client-controlled information, and we will assist the Client to the extent necessary in the fulfillment of your request.

You may exercise your rights by contacting our Data Protection Coordinator at privacy@nutrislice.com.

Access

You may receive a list of your Personal Data that we possess/process to the extent required and permitted by law.

Rectification

You may correct any Personal Data that we hold about you to the extent required and permitted by law. You may be able to make changes to much of the information you provided directly via the Service via your account settings menu, or may contact using the contact information in the “Contact” section below.

Erasure

To the extent required by applicable law, you may request that we delete your Personal Data from our systems.

Data Export

To the extent required by applicable law, we will send you a copy of your Personal Data in a common portable format of our choice.

Regulator Contact

You have the right to contact or file a complaint with regulators about our processing of Personal Data. In the U.S., you can contact the Federal Trade Commission. In the EU and elsewhere, please contact your local data protection or consumer protection authority.

California Rights

Additional information about individual’s rights and choices under California are described in the “Your California Privacy Rights” section below.

Your Choices

Subject to our right to continue to process your Personal Data to the extent allowed under applicable law, you have the following choices regarding the Personal Data we process:

Consent

If you consent to processing, you may withdraw your consent at any time, to the extent required by law. You may be required to close your account in order to withdraw consent where your consent is necessary to perform essential aspects of the Service.

Direct Marketing

Although Nutrislice does not generally conduct direct marketing communications to end Users, we may provide services or functionality to Clients to that end. You may have a legal right not to receive such messages in certain circumstances, in which case, you will only receive direct marketing communications if you consent. You have the choice to opt-out of or withdraw your consent to any direct marketing communications. You may exercise your choice via the links in such communications or by contacting us or our Client (as applicable) re: direct marketing.

Digital Communications

Email – some email communications are optional, and you have a choice to opt-out or unsubscribe via the links in the email. Other email (e.g., emails sent for email verification, password reset, order confirmation, order cancellation, etc.) are mandatory if you use the associated processes and functionalities of the Service.

SMS messages sent by the Service (e.g., order status notification messages) are typically optional and you have a choice to receive them or not. If SMS functionality is enabled on a given Client Site, users are generally presented with the choice to opt-in to receive them during account creation or order checkout. You generally have the choice to opt-out of SMS communications via the account management section of the Service. Additionally, if you have received an SMS message from the Service, you may opt-out of any future messages by replying directly to the text message with one of the following words: “STOP”, “QUIT”, “UNSUBSCRIBE”, or “CANCEL”.

Push Notificationssent by the Service via the Mobile App(s) are generally optional. When enabled, app users typically are presented with a choice to grant the Mobile App the permission to receive push notifications on their personal device. You have the choice to opt-out of any Push Notifications if they have previously been enabled. This is typically accomplished through the system settings of your mobile device’s operating system.

Cookies & Similar Tech

If you do not want information collected through the use of cookies and similar technologies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu. You must opt out of third-party services directly via the third party. For example, to opt-out of Google’s analytic and marketing services, visit Google Analytics Terms of Use, the Google Policy, and/or Google Analytics Opt-out. To learn more about how to opt out of Google’s use of cookies for advertising or retargeting, visit Google’s Ads Settings, here. Please note that the Service is unlikely to function properly if the transmission of cookies is altogether rejected or disabled. Additionally, at this time, the technology platform(s) used on our Site may not be enabled to respond to browsers’ implementations of “do-not-track”.

Children’s Data and COPPA Compliance

Nutrislice’s educational Clients often use Nutrislice and our Service as a direct agent to communicate with and/or receive data from their students, and they do so under blanket authority granted them by law or under a general pre-authorization from the students’ parents. In these situations (where Nutrislice and the Service are used directly by an authorized educational institution to engage their students), the following provisions regarding COPPA may not be applicable.

Except as noted in the previous paragraph or otherwise permitted by the Children Online Privacy Protection Act (“COPPA”), we do not collect information from children under the age of 13 without first obtaining verifiable parental consent. Prior to obtaining such consent, we may collect the name and email address of a child and parent or guardian for the purposes of verifying consent to collect additional information from the child. Please contact us for a consent form or other information. If consent is not obtained within a reasonable time, we will delete the Personal Data from our records.

Please note, consistent with COPPA, we may respond to your child’s request made through our Service, provided we contact your child only once in response to the question and delete your child’s Personal Data afterwards.

In this context, we do not collect any more Personal Data than reasonably necessary to participate in any given activity. Parents and guardians may access and delete the Personal Data we hold about their children and may revoke their consent to collection of Personal Data from their children at any time. If we allow sharing of a child’s Personal Data, parents or guardians may elect to disallow sharing while allowing our collection and use of their child’s information. Please contact us at the address below to exercise any of the rights granted to you as a parent or guardian under COPPA.

To the extent required by California Law, we permit minors under the age of 18 to request the deletion of any content or information that the minor has posted or made publicly available through our Service (if any). To request that information you have made available on our Service be removed, please send a letter or email to the address below with (i) your name, (ii) a complete description of the content you would like removed, and (iii) the web address(es) of the content you would like removed. Please be aware that our fulfillment of this request does not ensure complete or comprehensive removal of the content or information you have posted on our Site.

International Transfers

If you are accessing our Service from outside of the United States, any information provided will be transferred to us or our service providers in the United States. Regardless of where your information is collected or transferred, the information will be treated in accordance with this Policy. You consent to such transfer through your use of the Service.

Data Retention

We will remove or anonymize Personal Data after a reasonable time if it is not associated with an active Customer account or (i) when we believe it is no longer necessary to retain the Personal Data for the purpose it was originally collected, (ii) at the request of the user or our Client, or (iii) in accordance with any terms and conditions to which we are bound, except where the burden or expense of deleting information based on an individual’s request would be disproportionate to the risks to the privacy of the individual in the case in question or where rights of persons other than the individual would be violated. To the extent permitted by law, we reserve the right to securely retain encrypted backup copies of our database(s) for up to one year, which may contain Personal Data that has been removed from the Service until the backup(s) are automatically deleted.

Changes to this Policy

This policy may change from time to time. We will post the most current version of this policy on our website with the effective date. Your continued use of the Service means you consent to the terms of any new Policy.

Contact

For questions regarding an order you’ve placed or other questions related to food service, please contact the food service provider.

If you have questions or concerns regarding Nutrislice’s privacy practices or policies, or you wish to submit a privacy-related request with respect to your Personal Data, please contact our Data Protection Coordinator using the following contact information:

privacy@nutrislice.com
--or--
Nutrislice, Inc.
Attn: Data Protection Coordinator
295 Interlocken Blvd. #100
Broomfield, CO 80021

For general support issues with the Nutrislice software, contact support@nutrislice.com.

Your California Privacy Rights

Under the California Consumer Privacy Act (“CCPA”) and other California laws, California residents may have the following rights in addition to those set forth in the Rights & Choices section above, subject to your submission of an appropriately verified request (see below for verification requirements):

Right to Know

You may request any of the following, for the 12 month period preceding your request: (1) the categories of Personal Data we have collected about you, or that we have sold, or disclosed for a commercial purpose; (2) the categories of sources from which your Personal Data was collected; (3) the business or commercial purpose for which we collected or sold your Personal Data; (4) the categories of third parties to whom we have sold your Personal Data, or disclosed it for a business purpose; and (5) the specific pieces of Personal Data we have collected about you.

Right to Delete

You have the right to delete or require us to delete certain Personal Data that we hold about you, subject to exceptions under applicable law.

Right to Non-Discrimination

You have the right to not to receive discriminatory treatment as a result of your exercise of rights conferred by the CCPA.

Direct Marketing

You may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes (if any) during the preceding calendar year. Please note that at this time, we do not provide any of your Personal Data collected via the Service to third parties for direct marketing purposes (other than to the Client who has engaged Nutrislice to host a Client Site on their behalf) and have no expectations of doing so.

Opt-Out of Sale

If we engage in sales of data (as defined by applicable law), you may direct us to stop selling your Personal Data to third parties. Please note that at this time, we do not sell Personal Data and have no plans to do so in the future.

Submission of Requests

You may submit requests for any of the following actions or disclosures by emailing us at privacy@nutrislice.com (see below for summary of required verification information):

Right to Know

Please provide your email address, phone number and address we have on file for you along with your desire to know what Information we have on you.

Right to Delete

Please provide your email address, phone number and address we have on file for you along with a statement of your request to have Personal Data deleted.

Direct Marketing

You may request a list of any relevant direct marketing disclosures (if we have made any) at privacy@nutrislice.com.

Verification of Requests

To reduce fraud and to ensure the security of Personal Data, all requests to which a user is entitled must be pre-verified to ensure that the individual making the request is authorized to make that request. We may require that you provide the email address we have on file for you and verify that you can access that email account and/or to provide an address, phone number, or other data we have on file, in order to verify your identity. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf.

Data Processing

Categories of Personal Data Disclosed for Business Purposes

For purposes of the CCPA, we may disclose to Service Providers for “business purposes” the following categories of Personal Data as defined above: Identity Data; Order/Transaction Data; Contact Data; Financial Data; Device/Network Data; Inference Data; User Content.

Data Sale

For purposes of the CCPA, we do not “sell” your Personal Data.

Right to Know

Category of Data Category of Sources Business and Commercial Purposes Categories of Recipients
Identity Data Data you provide to us; Data provided by third parties Service Provision and Contractual Obligations; Internal Processes and Service Improvement; Service Analytics; Personalization; Marketing Communications; Compliance, Health, Safety & Public Interest Clients; Service Providers; Affiliates; Business Transitions; Legal Disclosures; Other
Order/Transaction Data Data you provide to us; Data provided by third parties; Data we create or infer Service Provision and Contractual Obligations; Internal Processes and Service Improvement; Service Analytics; Personalization; Marketing Communications; Compliance, Health, Safety & Public Interest Clients; Service Providers; Affiliates; Business Transitions; Legal Disclosures; Other
Contact Data Data you provide to us; Data provided by third parties; Service Provision and Contractual Obligations; Internal Processes and Service Improvement; Service Analytics; Personalization; Marketing Communications; Compliance, Health, Safety & Public Interest Clients; Service Providers; Affiliates; Business Transitions; Legal Disclosures; Other
Financial Data Data you provide to us; Data provided by third parties; Data we create or infer Service Provision and Contractual Obligations; Internal Processes and Service Improvement; Service Analytics; Personalization; Marketing Communications; Compliance, Health, Safety & Public Interest Clients; Service Providers; Affiliates; Business Transitions; Legal Disclosures; Other
Device/Network Data Data you provide to us; Data provided by third parties; Data collected automatically Service Provision and Contractual Obligations; Internal Processes and Service Improvement; Service Analytics; Personalization; Marketing Communications; Compliance, Health, Safety & Public Interest Service Providers; Affiliates; Business Transitions; Legal Disclosures; Other
Inference Data Data you provide to us; Data we create or infer Service Provision and Contractual Obligations; Internal Processes and Service Improvement; Service Analytics; Personalization; Marketing Communications; Compliance, Health, Safety & Public Interest Clients; Service Providers; Affiliates; Business Transitions; Legal Disclosures; Other
Client-Specific Data, Freeform Data Data you provide to us; Data provided by third parties; Data we create or infer; Data collected automatically Service Provision and Contractual Obligations; Internal Processes and Service Improvement; Service Analytics; Personalization; Marketing Communications; Compliance, Health, Safety & Public Interest Clients; Service Providers; Affiliates; Business Transitions; Legal Disclosures; Other

Additional Rights and Disclosures: EU, EEA & Switzerland, Countries with Analogous Legislation

International Transfers of Personal Data

If you are located outside the US, your Personal Data may be transferred to and/or processed in a location outside of the European Economic Area (EEA).

Your Personal Data may also be processed by staff operating in the United States or outside the EEA working for us or third-party data processors. Such staff may be engaged in, among other things, the provision of our Services to you, the processing of transactions and/or the provision of support services.

Some countries outside the EEA do not have laws that protect your privacy rights as extensively as those in the EEA. However, if we do transfer your Personal Data to other territories, we will put in place appropriate safeguards to ensure that your Personal Data are properly protected and processed only in accordance with this Privacy Policy. We may transfer Personal Data from the EEA to the US using the EU standard contractual clauses, the EU-U.S. Privacy Shield Program, under Binding Corporate Rules, or other lawful mechanisms. You can obtain more information about the safeguards we put in place by contacting us.

Your Rights & Choices

Under the GDPR and analogous legislation, you may have the following rights in addition to those set forth in the Rights & Choices section above, subject to your submission of an appropriately verified request. You may exercise any of these rights by sending an email to privacy@nutrislice.com.

Access You may have a right to know what information we collect, use, disclose, or sell, and you may have the right to receive a list of that Personal Data and a list of the third parties (or categories of third parties) with whom we have received or shared Personal Data, to the extent required and permitted by law.
Rectification You may correct any Personal Data that we hold about you to the extent required and permitted by law.
Delete To the extent required by applicable law, you may request that we delete your Personal Data from our systems. We may delete your data entirely, or we may anonymize or aggregate your information such that it no longer reasonably identifies you. Contact us as part of your request to determine how your Personal Data will be erased in connection with your request.
Data Export To the extent required by applicable law, we will send you a copy of your Personal Data in a common portable format of our choice.
Objection You may have the right under applicable law to object to our processing of your Personal Data that we undertake without your consent in connection with our legitimate business interests (including any processing specified as such, or processed under this Policy for a Business Purpose). Note that we may not be required to cease, or limit processing based solely on that objection, and we may continue processing where our interests in processing are balanced against individuals’ privacy interests.
You may also object to processing for direct marketing purposes. We will cease processing upon your objection to such processing.
Regulator Contact You may have the right to file a complaint with regulators about our processing of Personal Data. To do so, please contact your local data protection or consumer protection authority.