Last updated May 18, 2018
This privacy notice, together with our website Terms and Conditions and any other documents referred to in it, provides you with details of how we collect and process your personal data through your use of our sites www.hemochromatosishelp.com and www.myhemochromatosishelp.com.
By providing us with your data, you warrant to us that you are over 13 years of age.
What information do we collect about you?
We collect personal information from you when you place an order, send us an email, join our newsletter, or participate in any other site feature during which you give us your information.
For example, when ordering a product, we may ask you for your name, email address, mailing address, phone number, credit card information or other information in order to process your transaction.
Personal data means any information capable of identifying an individual. It does not include anonymised data.
We may process certain types of personal data about you as follows:
- Identity Data may include your first name, last name, username, marital status, title, date of birth and gender.
- Contact Data may include your billing address, delivery address, email address and telephone numbers.
- Financial Data may include your bank account and payment card details.
- Transaction Data may include details about payments between us and other details of purchases made by you.
- Technical Data may include your login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.
- Profile Data may include your username and password, purchases or orders, your interests, preferences, feedback and survey responses.
- Usage Data may include information about how you use our website, products and services.
- Marketing and Communications Data may include your preferences in receiving marketing communications from us and your communication preferences.
Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data, and information about criminal convictions and offences.
We do not collect sensitive data with the exception being health data. This health data is only collected when freely given (i.e. if you send us an email and voluntarily tell us about your health status, or if you have an email consultation and consent to sharing health information). This health data also helps us understand our customers better, allowing us to keep our site updated and relevant, to develop our business, and to inform our marketing strategy.
How do we collect your personal data?
We collect data about you through a variety of different methods including:
Direct interactions: You may provide data by filling in forms on our site (or otherwise) or by communicating with us by post, phone, email or otherwise, including when you:
- order our products or services;
- create an account on our site;
- interact in a ‘members only‘ forum
- subscribe to our service or publications;
- request resources or marketing be sent to you;
- enter a competition, prize draw, promotion or survey; or
- give us feedback.
How do we use your personal data?
We will only use your personal data when legally permitted. The most common uses of your personal data are:
- Where we need to perform the contract between us.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
We do not share your personal data with any third party for marketing purposes.
You will receive marketing communications from us if you have requested to be added to our email newsletter list through a form on either website or through social media such as Facebook. You must positively opt-in to receive marketing and you may unsubscribe at any time.
If you would no longer like to receive promotional email from us, please select “unsubscribe” at the bottom of email newsletters you have received. You should stop receiving email from us at that time. If for some reason you do continue to receive email, please contact us and we will assist you in removing your email address from our newsletter list.
Where you opt out of receiving our marketing communications, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions. For example, you will still receive transactional emails such as tracking information and order receipts for purchases made.
How do we protect visitor information?
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
If there is a suspected personal data breach we will notify you and any applicable regulator of a breach where we are legally required to do so.
Examples of security measures implemented to maintain the safety of your personal information:
- Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential.
- We have ensured that our 3rd party apps, software providers, and payment processors are all GDPR-compliant and we have signed updated Data Processing Agreements where appropriate. These include (but are not limited to):
- ConvertKit (email marketing; database management)
- HelpScout (helpdesk software)
- Shopify (e-commerce shopping cart solution, order management)
- Bold Apps (e-commerce feature applications)
- PayPal (payment processor)
- Authorize.net (payment processor)
Do we use “cookies”?
Do we disclose the information we collect to outside parties?
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless we provide you with advance notice, except as described below. The term “outside parties” does not include our parent company, Lewis Family Natural Health, Inc.
It also does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. Examples include our legal, accounting, and banking partners. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.
Non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses, such as through Google Analytics.
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located at or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
What are your policies on data retention and the right to erasure (EU/UK only)?
When you place an order through the sites, we will maintain your order information for our records unless and until you ask us to delete this information. We are required to keep some basic information about our customers including transaction data for tax and legal purposes and therefore there is some information that cannot be deleted.
If you are a resident of the EU or UK and fall under the rules of GDPR, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us.
Under GDPR you have the right to erasure (or the right to be forgotten), meaning you can request that we delete all of your personal data from our systems. This is an additional step beyond unsubscribing from the newsletter. If your concern is wanting to stop receiving email, then unsubscribing should be adequate and full erasure might not be necessary. Please contact us if you have questions.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Third Party Links
In an attempt to provide you with increased value, we may include third party links on our site. These linked sites have separate and independent privacy policies. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Questions and Feedback
We welcome your questions, comments, and concerns about privacy. Please send us any and all feedback pertaining to privacy, or any other issue.
Terms and Conditions
Please also visit our Terms and Conditions section establishing the use, disclaimers, and limitations of liability governing the use of our website.
HemochromatosisHelp.com and MyHemochromatosisHelp.com are operated by Lewis Family Natural Health, Inc., located at 16 Sterling Street, Asheville, NC 28803 USA.
You may contact us here.