Nutrislice

PRIVACY POLICY

Welcome to Nutrislice!

This Privacy Policy (the “Policy”) describes how we collect, use, and share your personal data, as well as your choices and rights with respect to that personal data.

Who We Are

This is the Privacy Policy of Nutrislice, Inc. (“Nutrislice,” “us,” “our,” or “we”). You can contact us using the information in the “Contact Us” section below.

Applicability

This Policy applies to our “Service” which includes:

Agreement

This Policy is incorporated into the Terms of Use governing your use of our Service. If you are using the Nutrislice Services to order food and/or view menu information from a particular foodservice provider, please reference the Terms of Use that are linked to from within that provider’s home page (e.g., in the footer or splash page) of the Nutrislice Services. Any capitalized term not defined in this Policy will have the definition provided in our Terms of Use.

Your use of our Service indicates your acknowledgement of the practices described in this Policy.

Third Parties

We provide the Service and process information on behalf of organizations that have entered into a services agreement with us (our “Clients”). When our Service is provided pursuant to a Client agreement, we may process Personal Data (defined below) relating to a Client’s internal users of the Service, as well as registered or public users of the Service (“Users”).

This Policy reflects only how we, Nutrislice, process Personal Data through our Service. However, this Policy does not apply to our Clients’ own processing of your information if they download or transfer it from the Nutrislice platform or if you provide it to them directly. Please contact the Client to request their privacy policy for more information—contact information for each Client is generally provided in the Terms of Use and/or application menu of the Client Site. Similarly, this Policy does not apply to information processed by other third parties, for example, when you visit a third-party website or interact with third-party services that may be linked to, referenced by or embedded in the Service, unless we process information from those parties. Please review any third parties’ privacy policies for information on their privacy practices.

How do we process Personal Data?

In order to provide our Service, we may collect and process information that relates to identified or identifiable individuals (“Personal Data”). For example, we may collect Personal Data such as:

We typically collect Personal Data and other data from you, and use that information in the following ways and as otherwise communicated to you from time to time:

Viewing Menus

If you are browsing menu information on our Service, you may generally do so anonymously, and are not required to create an account or provide any Personal Data unless you wish to use the Service to provide feedback or place online orders for food. You may be presented with the option to register for an account in order to have the Service store or remember your preferences, favorite locations, payment information, to enable ordering, to enable or integrate other services, or for other similar purposes. If you do not register for an account and choose to browse menus anonymously, our Client Sites will still collect some of the information described in the “Cookies and Similar Technologies” section. If you elect to create an account, we may also collect the information described in the “Registration” and “Payments” section.

Registration

During account registration, we typically collect Personal Data such as your name, email, phone number, the name of Clients or food service locations that you regularly interact with (such as a local school, cafeteria or cafe), and any other information included on the registration form. We and our Clients use this information primarily to manage and support your account, to provide the Service, and for other internal account and customer management purposes.

Our Service may allow you to log in or register using a third-party single sign-on service such as Facebook or Google. This ‘single sign-on’ feature allows us to conveniently create an account for you and allows you to log in using familiar credentials. Through this process, we may collect your name, email, and other information provided to us by the single sign-on partner that align with account information we would collect without the service. We do not collect your contacts list or utilize other data or features from the third-party service beyond the basic information which facilitates account registration and single sign-on. We will not collect your password for that third-party service, so if you forget your password, please coordinate with the appropriate third party.

Payments

In the event you use a portion of the Service that requires payment, we may collect relevant payment information from you. The information we collect may vary depending on the Client and form of payment. For example, in the event we work with a prepaid account balance system, we may collect information such as your account number, name, and other required verification information; for an ACH bank transaction we would collect your bank account number and routing information. In the event we process a credit/debit card payment for purchases, we may collect your payment card number, expiration date, name, security code, address & zip code, and other information which may be requested by the card issuer or processor. Regardless of the information we collect, we will use this information only to process your payments or charge your account for purchases you make through our Service. Security for payment information is described in Information Security section below.

Meal and Ordering Information

Depending on how you use and access our Service, we may collect certain information relating to your dining and diet preferences, order(s) you place through the Service, and similar information. We use this information so that we can provide our Service, process your orders, provide value to our Client(s), and better tailor our Service and the presentation of Clients’ information to your preferences in order to provide You with better convenience, information, transparency, and interactivity with respect to your dining experiences.

Please note: Nutrislice does not control, review, or assume responsibility for the marketing and dietary information presented by our Clients within the Nutrislice software. While our experience has been that Clients generally strive to provide dietary information that is accurate and up to date, we cannot guarantee that the dietary information is correct or complete or that any food is free of particular ingredients or allergens. If you have a food-related allergy or medical condition, please review the additional disclaimers in the Terms of Use, and discuss your situation with your medical provider and our Client’s food service staff in order to understand the risks and options for consuming the food that is marketed by a Client in our Services.

Contact Us Form and User Surveys/Feedback

Through our Service, we may request your name, email address, phone number, organization/location, and/or other useful information from users of our Service who contact us for support or information through optional “contact us” forms or similar interfaces, or who sign up for updates about our product or our Clients’ services.

We may also present periodic surveys or feedback/rating forms, which are voluntary, where you can use the Service or a third-party tool to rate or submit feedback about your experience with our Services or a Client’s food and service. When we do so, we may collect your name, email address, and/or phone number, and other information about your feedback, preferences and opinions, and other information requested in the form or survey. Note this information may vary, so please review the survey or form carefully when providing such information. This type of information is typically used to improve our Services and/or to provide to the Client so they can improve their products, services, or implementation of the Services. If a third-party tool is utilized, we do so only to facilitate the collection of the information, but it is your responsibility the review the privacy policy of any such tool. If permitted, we may contact you directly with questions or information following completion of a Contact Us form, survey, or feedback/rating form.

GeoLocation & Mobile Apps

Generally, we present and process the same information through the Mobile App as we do on a Client Site website (e.g., with respect to payment information, account registration, feedback, etc.). Additionally, if you use our Mobile App, we may collect some additional device information so that we can ensure you have an optimal and consistent experience using the Mobile App.

In either the Mobile App or Client Site, we may request your consent to receive and process your location information to help you find a dining location, or to provide directions and wayfinding services. We do not permanently store your precise geolocation information on our servers. We may anonymously aggregate imprecise location information (e.g., town, state, country, etc.) in order for us and our Clients to analyze and better understand how people are using the Services and in order to improve it.

Marketing Communications

We may process information that you voluntarily provide in an optional account sign-up, contact form, order, or other form, such as your name, email address, and certain information about the device you use when you sign up for an account, for marketing communications from us or on behalf of our Clients, or from our Clients through our platform. We generally use this data or provide it to Clients to facilitate marketing communications such as emails or texts, and in order to tailor those communications to individuals’ preferences and requests. Additionally, we may process additional data about devices or software receiving those marketing communications to understand whether our emails are opened or other aspects of engagement with those communications. We acknowledge that your marketing communication preferences may change, and respect your rights to withdraw consent. See the “Your Choices” section below. We do not sell or share any contact information that you provide us with any third parties whose intent or interest may be in marketing services or products to you other than those provided by Us or the Client. See the “Data Sharing” section below.

Please note that some communications that are transactional in nature (e.g., receipts, confirmations, status updates, etc. related to your account or orders) may also include information that has a marketing purpose. These transaction-related communications are a necessary part of using the ordering features of the Services.

Parental Consent

In order to obtain parental consent under the Children’s Online Privacy Protection Act (“COPPA”) and other privacy laws, we may collect the name and email address of a child and his/her parent(s) in order to send the parent a consent form or similar request for consent. This information will be used only in connection with the parental consent process, and will be deleted after a reasonable time if such consent is not received. Alternatively, if a Client is a qualified K-12 educational institution, we may rely on the Client to administer the services to children along with its representation to have obtained such consent prior to the minor using the Services, to the extent permitted by law.

Cookies and Similar Tracking Technologies

We, and certain third parties who we have engaged for purposes below, may process technical data about you and your device (such as IP address, operating system information, web browser and version number, ISP or wireless internet provider, and other information about your connection to the Services or the device you are using) when you interact with cookies and similar technologies on our Corporate Site or a Client Site. We may also receive this data from third party partners to the extent allowed by the applicable partner. Please note that the privacy policies of the applicable third parties may apply to these technologies and information collected. We generally use this information as follows:

Note: Some of these technologies can be used by us and/or our third-party partners to identify you across services, devices, sites, and services. To understand how you can avoid or opt-out of such services, see the “Your Choices” section below.

Other Sources of Personal Data

If we process Personal Data in connection with our Service in a way not described in this Policy, this Policy will still apply generally (e.g. with respect to your rights and choices) unless otherwise stated when you provide it. Note that we may, without your consent, also process your Personal Data on certain public interest grounds. For example, we may process Personal Data as necessary to fulfill our legal obligations, to protect the vital interests of any individuals, or otherwise in the public interest. Please see the “Data Sharing” section which follows for more information about how we disclose Personal Data in both typical and extraordinary circumstances.

Data Sharing

Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which that information was provided. We generally transfer data to the following categories of recipients:

Clients

Our business is to provide a platform for our Clients, who are food service providers, to market their program and foods, interact, and transact with their customers. When you access a Client Site, you are viewing content and information managed by the Client. We process data on behalf of Clients, and Clients may access Personal Data that you provide through the Service.

Service Providers

Like most modern web-based software platforms, Nutrislice uses cloud service providers such as Amazon Web Services and Salesforce/Heroku to operate and host the Services. Similarly, Nutrislice partners with reputable payment processing service providers to process payment information. In connection with our general business operations, product/service improvements, to enable certain features, and other legitimate business interests, we may transmit any technical data or Personal Data to service providers or subprocessors who we have engaged to provide data services, storage, and/or processing on our behalf.

Affiliated Business Entities

In order to streamline certain business operations and develop products and services that better meet the interests and needs of our Clients and Users, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies.

Corporate Events

Any Personal Data may be shared confidentially with the necessary parties in the event that we go through a business transition, such as a merger, acquisition, liquidation, assignment, or sale of all or a portion of our assets. For example, Personal Data may be part of the business assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential merger or acquisition.

Legal Disclosures

In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we reasonably believe such disclosure is legally required, to prevent or respond to a crime (including in connection with law enforcement or national security investigations), to investigate violations of our Terms of Use, in response to a subpoena, or when in the vital interests of us, a Client, or any person. Note, if you are outside of the US, these disclosures may be made to governments that do not ensure the same degree of protection of your Personal Data as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties.

Other Disclosures

We may disclose any Personal Data in accordance with your consent, or on certain public interest grounds. For example, we may process information as necessary to fulfill our legal obligations, to protect the vital interests of our Client(s) or any individuals, or other matters in the public interest.

Your Rights

Subject to our rights to limit or deny access/disclosure under applicable law, you have the following rights in your Personal Data. We may require that you provide additional Personal Data to exercise these rights, e.g. information necessary to prove your identity. Note: we are unable to directly fulfill rights requests regarding Personal Data controlled by Clients. Please contact the Client directly for data rights requests that relate to Client-controlled information, and we will assist the Client to the extent necessary in the fulfillment of your request as it pertains to data that we store. You may exercise your rights by contacting us using the information in the “Contact Us” section.

Access

You may receive a list of your Personal Data that we process to the extent required and permitted by law.

Rectification

You may correct any Personal Data that we hold about you to the extent required and permitted by law. You may be able to make changes to much of the information you provided directly via the Service via your account settings menu.

Erasure

To the extent required by applicable law, you may request that we delete your Personal Data from our systems.

Data Export

To the extent required by applicable law, we will send you a copy of your Personal Data in a common portable format of our choice.

California Rights

Residents of California (and other states and provinces to the extent required by applicable law) may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year.

Your Choices

Subject to our right to continue to process your Personal Data to the extent allowed under applicable law, you have the following choices regarding the Personal Data we process:

Consent

If you consent to processing you may withdraw your consent at any time, to the extent required by law. You may be required to delete or close your account in order to withdraw consent where your consent is necessary to perform essential aspects of the Service or where consent may not be programmatically toggled on or off.

Direct Marketing

You have the choice to opt-out of or withdraw your consent to marketing communications. You may have a legal right not to receive any messages from third-parties in certain circumstances, in which case, you will only receive direct marketing communications if you consent. You may exercise your choice via any available links in the Services or communications, or by contacting us re: direct marketing.

Cookies & Similar Tech

If you do not want information collected through the use of cookies and similar technologies, you can manage/deny cookies (and certain other storage technologies) using your browser’s settings menu. You must opt out of third party services directly via the third party. For example, to opt-out of Google’s analytic and marketing services, visit Google Analytics Terms of Use, the Google Policy, or Google Analytics Opt-out. To learn more about how to opt out of Google’s use of cookies for advertising or retargeting, visit Google’s Ads Settings here. Please note, at this time, some Services may not respond to various browsers’ implementation of “do-not-track” requests. Also note that, as described above, Client Sites utilize cookies for essential, required functionality, and sites may not operate if Cookies are disabled.

Information Security

We implement and maintain reasonable security measures to safeguard the Personal Data you provide us and strive to work with reputable cloud services providers who have suitable information security procedures and systems in place, and to have our own systems evaluated by 3rd party security experts. However, we sometimes share Personal Data with third parties in the circumstances noted above, and we do not have control over third parties’ security processes.

Children’s Data and COPPA Compliance

Except as permitted by the Children Online Privacy Protection Act (“COPPA”), we do not collect information from children under the age of 13 without first obtaining verifiable parental consent. Prior to obtaining such consent, we or our Client may collect the name and email address of a child and parent or guardian for the purposes of verifying consent to collect additional information from the child. To access our consent form, please contact us at the email address below with the words “COPPA consent form” in the subject line. If consent is not obtained within a reasonable time, we will delete the Personal Data related to the request from our records.

Please note, consistent with COPPA, we may respond to your child’s request made through our Service, provided we contact your child only once in response to the question and delete your child’s Personal Data afterwards.

We do not collect any more Personal Data than reasonably necessary or required by our Clients to participate in any given activity. Parents and guardians may request Personal Data we hold about their children, request deletion of such data, and may revoke their consent to collection of Personal Data from their children at any time. If we allow sharing of a child’s Personal Data with any third party other than Client, parents or guardians may elect to disallow sharing while allowing our collection and use of their child’s information. Please contact us at the address below to exercise any of the rights granted to you as a parent or guardian under COPPA.

To the extent required by California Law, we permit minors under the age of 18 to request the deletion of any content or information that the minor has posted or made publicly available through our Service (if any). To request that information you have made available on our Service be removed, please send a letter or email to the address below with (i) your name, (ii) a complete description of the content you would like removed, and (iii) the web address(es) of the content you would like removed. Please be aware that our fulfillment of this request does not ensure complete or comprehensive removal of the content or information you have posted on our Site.

International Transfers

If you are accessing our Service from outside of the United States, any information provided will be transferred to and stored by us or our service providers in the United States. Regardless of where your information is collected or transferred, the information will be treated in accordance with this Policy. You consent to such transfer through your use of the Service.

Data Retention

We will remove or anonymize Personal Data after a reasonable time following account deletion, (i) when we believe it is no longer necessary to retain the Personal Data for the purpose it was originally collected, (ii) at the request of the user or Client, or (iii) in accordance with any laws, rules, or agreements to which we are bound, except where the burden or expense of deleting information based on an individual’s request would be disproportionate to the risks to the privacy of the individual in the case in question or where rights or obligations of persons other than the individual would be violated. Unless otherwise required by law, backup copies of databases that include Personal Data which has been removed will be deleted after a reasonable retention period for such backups per our records retention policies; notwithstanding, it may not be feasible to extract or remove individual Personal Data from such backups prior to deletion of the backups themselves.

Changes to this Policy

This policy may change from time to time. We will post the most current version of this policy on our website and Client Sites with the effective date. Your continued use of the Service means you consent to the terms of any new or revised Policy, regardless of whether you are actually notified or aware of such changes—so we recommend periodically reviewing this document for updates to the Last Revision Date above. If you do not consent to this policy, or any revision thereof, you must not use the Services.

Contact

-or-

Version 2.0
Latest Revision Published on: December 19, 2018