Privacy Policy

Updated December 14, 2022

I. ABOUT THIS PRIVACY POLICY AND USING OUR SITE AND TOOLS

This Privacy Policy applies to websites provided by Medifast, Inc., and OPTAVIA LLC and their subsidiaries and affiliates (“OPTAVIA” “Company” or “we” or “our” or “us”). Within this Privacy Policy, the term “Company Websites” pertains to any websites hosted or operated by the Company, including co-branded, product, and divisional Company Websites that link to this Privacy Policy. This Privacy Policy describes how we collect, use, share, disclose, or otherwise process personal data in the course of our business operations and providing our services to you.

The Company Websites contain links to other sites. Once you enter another website, be aware that the Company is not responsible for the privacy practices of other sites not associated with the Company. We encourage you to look for and review the privacy statements of each website that you visit through links on the Company Websites. We hope that reading our Privacy Policy gives you a clear idea of how we manage information about you.

While you may use some of the functionality of the Company Websites without registering for an account, many of the specific tools and services on the Company Websites require registration. If you choose to register with the Company Websites for certain services, we require you to submit personal data. The type of personal data we may collect from you will depend on the tool or service you have selected. For additional information, please see the section titled “Information We Collect About You.”

You are responsible for ensuring the accuracy of the personal data you submit to the Company Websites. Inaccurate information may affect the information you receive when using the Company Websites and tools and our ability to contact you as contemplated in this Privacy Policy. For example, your email address should be kept current because that is how we communicate with you.

Your access to the Company Websites and any products or services provided by OPTAVIA is subject to this Privacy Policy, unless explicitly stated otherwise. By using or purchasing services, you acknowledge and accept the terms of this Privacy Policy; if you are using the Company Websites or services on behalf of someone other than yourself, you represent that you are authorized by that individual to act on their behalf and that the individual acknowledges and accepts the terms of this Privacy Policy.

II. INFORMATION WE COLLECT ABOUT YOU

Depending on how you interact with our Company Website and services, we may collect certain categories of personal data about you, including but not limited to:

  • Identifiers, such as your name, postal address, phone number, email address, account name, or other similar identifiers;
  • Demographic information, such as your gender, age, race, or other protected classifications under applicable law;
  • Commercial information, such as products or services purchased, or other purchasing or consumption histories or tendencies;
  • Internet or other electronic network activity information, such as browsing history, network activity, IP addresses, search history, or information regarding your interaction with the Company Websites, mobile applications (“apps”), emails, or advertisements;
  • Financial Information, necessary to facilitate our relationships with employees and contractors and as a facilitator for payment card information that is collected by a trusted third-party vendor on behalf of the Company;
  • Medical, such as biometrics, weight, health conditions, weight metrics, water consumed, steps per day, integration into Health Apps, BMI metrics, goal weight, and medications;
  • Geolocation information, such as location tracked as part of Firebase and Telium integrations;
  • Photos, such as profile photos you submit to us;
  • Inferences regarding preferences or other characteristics, such as weight loss goals and progress, medical and dietary restrictions, income, personal habits (e.g., eating, sleeping, drinking, and exercise), and language preferences; and
  • Professional, employment, and education Information, such as occupation, title, undergraduate and graduate degrees, and professional licenses.


We collect this information from the following categories of sources:

  • Your device or browser;
  • Directly from you when you provide information through your use of the Company Website, services, and when you communicate with us;
  • From your OPTAVIA app; and
  • From Connect


Below we describe how we collect this information.

Automatically Collected Information

A. Cookies
We collect information about your use of the Company Websites and your use of the websites of selected sponsors and advertisers through the use of cookies. The Company Websites and our sponsors’ or advertisers’ websites assign every computer a different cookie. The information collected by cookies (i) helps us dynamically generate advertising and content on webpages or in newsletters, and (ii) allows us to statistically monitor how many people are using the Company Websites and selected sponsors’ and advertisers’ websites, how many people open our emails, and for what purposes these actions are being taken. We may use cookie information to target certain advertisements to your browser or to determine the popularity of certain content or advertisements. Cookies are also used to facilitate a user’s login, as navigation aids, and as session timers, but not to retain personal health information about you.

Your browser software can be set to reject all cookies. Browsers offer instructions on how to reset the browser to reject cookies in the “Help” section of the toolbar. If you reject our cookies, certain of the functions and conveniences of the Company Websites may not work properly but you do not have to accept our cookies to productively use the Company Websites.

We and our service providers also use cookies to collect information from you over time and across the Company Websites and other websites to provide you with and improve the performance of our advertising that our service providers deliver to you on other websites. You may opt-out of receiving future commercial emails by clicking on the “unsubscribe” link at the end of commercial e-mails or following instructions on how to unsubscribe from the mailing list.

Some of our service providers may offer the ability to opt out of their use of your information for the placement of targeted advertisements. To opt out of these service providers’ use of your information for the placement of targeted advertisements, please visit http://optout.aboutads.info. We do not currently respond to web browser “do not track” signals or other mechanisms that provide a method to opt out of the collection of information across the networks of websites and online services in which we participate. For more information about “do not track” signals, visit http://www.allaboutdnt.org.

B. Web Beacons
We also use Web Beacons to collect information about your use of the Company Websites and the websites of selected sponsors and advertisers, and your use of special promotions or newsletters. The information collected by Web Beacons allows us to statistically monitor your usage of the Company Websites.

We do not link information from Web Beacons to your personal details without your permission and do not use Web Beacons to collect or store personal health information you may provide.

C. Third Party Web Beacons
We use Third-Party Web Beacons to help analyze where visitors go and what they do while visiting the Company Websites. We allow search engines to use web beacons on the Company Websites to collect information about your visits to this and other websites to improve our products and services and provide advertisements about goods and services of interest to you.

Information You Provide

We collect personal data that you provide to us when you register as a user of the Company Websites or when you update your user profile. Specifically, we may collect information from you when you:

  • Use our Company Websites and apps;
  • Register for an account with the Company;
  • Apply for a position with the Company;
  • Contact us via the Company Websites or email;
  • Use or purchase our products and services; or
  • Participate in our online services.


Additionally, if you act as an independent OPTAVIA Coach, employee, job applicant, or contractor, we collect the following personal data about you as an independent contractor for the Company:

  • Identifiers, such as name, address, telephone number, email address, and other government identifiers, account identifier, social media identifier, and device or online identifiers.
  • Demographic information, such as date of birth and marital status.
  • Financial information such as commissions and tax information.
  • Health information
  • Characteristics of protected classifications under state or federal law, such as gender and age.
  • Internet, mobile app, and network activity, such as browser visits.
  • Geolocation information.
  • Audio, visual, and other sensory information, such as profile photos.
  • Professional information, such as education, occupation, title, licenses and professional memberships, [and background and criminal information].
  • Individual preferences and characteristics, such as inferences related to [social networks and marketing behaviors].


We may be required by law to collect certain personal data about you or because of any contractual relationship we have with you. Failure to provide this information may prevent or delay the fulfillment of these obligations.

D. Emails You Send to the Company Websites
This Privacy Policy does not protect you when you send content, business information, ideas, concepts or inventions to the Company Websites by email. If you want to keep content or business information, ideas, concepts, or inventions private or proprietary, do not send them in an email to any of the Company Websites.

E. Website Registration and Interactive Tools on the Company Websites
After you have registered as a user of the Company Websites, you may choose to use certain interactive content, tools, and services that may ask you to voluntarily provide other types of information about yourself including personal health information.

F. Children
The Company Websites are not intended or directed to anyone under the age of 18. We do not sell products for purchase by children, and we do not collect personal data from anyone we know to be under the age of 18. If you are under the age of 18, you may only use this site with the involvement of a parent or a guardian, and you should not submit any personal data to us. If you become aware that your child or an individual under 18 has provided their personal data through the Company Websites, please contact us at the contact information provided in the “Contact Us” section below.

G. Market Research
From time to time, the Company or a third-party vendor acting on behalf of the Company may conduct online research surveys to gather feedback about the Company Websites through email invitations, pop-up surveys or online focus groups. When participating in a survey, we may ask you to submit personal data. This personal data is used for research purposes and is not used for sales solicitations. When an external party sponsors a survey, information from the survey results is reported to the sponsor. Personal data collected through market research will only be used by the Company and our third-party vendors will not be given or sold to an external party without your consent.

III. USE OF YOUR INFORMATION

We use the personal data that we collect to:

  • Create and maintain your account;
  • Respond to your questions, as it is in our legitimate interest to provide you appropriate responses;
  • Verify your identity when you access and use our services, and ensure the security of your personal data, so we can comply with our contractual obligations to you;
  • Provide you the specific services you select, so we can comply with our contractual obligations to you;
  • Analyze how you use our services and improve our services, as it is in our legitimate interest to understand any issues with our services and improve them;
  • Conduct research and development;
  • Send you emails about website maintenance and updates, and inform you of significant changes to this Privacy Policy, as it is in our legitimate interest to provide you with notices about our services;
  • Communicate with you about offers, products, and services that may be of interest to you, as it is in our legitimate interest to make the messages we send more relevant and interesting. Where required by law, we will obtain your consent first;
  • Exercise our rights where it is necessary to do so, for example to detect, prevent, and respond to fraud, intellectual property infringement, or violations of law or contract; and
  • Comply with our legal and regulatory obligations.


We may de-identify your information and use, create, and sell de-identified information, or any business or other purpose not prohibited by applicable law.

IV. DISCLOSURE OF YOUR INFORMATION

Except as set forth in this Privacy Policy or as specifically agreed to by you, the Company will not disclose any personal data it gathers from you through the Company Websites. You may optout of your personal data being sold or shared that you provide to us through the Company Websites by writing a letter or sending an email to the addresses listed in Section XII. For purposes of this Policy, “sell” means the sale, rental, release, disclosure, dissemination, availability, transfer, or other oral, written, or electronic communication of your personal data to an outside party for monetary or other valuable consideration, subject to certain exceptions in applicable law.

We may disclose the following categories of your personal data for business purposes:

  • Identifiers;
  • Protected characteristics;
  • Commercial information;
  • Internet or other electronic network activity information;
  • Financial, medical, or health information;
  • Inferences drawn from any of the above information categories; and
  • Educational information.


We disclose these categories of personal data for business purposes as described below.

We may disclose personal data: (1) to comply with valid legal requirements such as a law, regulation, search warrant, subpoena, or court order, or (2) in special cases, such as a physical threat to you or others. In the event that we are legally compelled to disclose your personal data to an external party, we will attempt to notify you unless doing so would violate the law or court order. Additionally, we may disclose or share your personal data where disclosure is necessary to: (1) protect our rights or property, (2) protect the interests of users of the Company Website, (3) in connection with a corporate change or event (such as a merger, acquisition, sale, or dissolution of our business), and (4) as otherwise permitted by law and this Privacy Policy.

If you are a Client of OPTAVIA, to provide you with the products and services you have requested, we may share your personal data, including, your name, contact information (such as e-mail, address, and phone number), as well as product order history, with your personal independent OPTAVIA Coach and other independent OPTAVIA Coaches in your personal independent OPTAVIA Coach’s upline organization. However, any payment information you may give to the Company in the course of ordering our products will only be disclosed to the Company’s Client Success Team or Coach Success Team members and will not be available to any third parties for any reason except to comply with valid legal requirements. Coaches who receive your information have agreed not to share your information with any third parties and are obligated to observe the intent of this Privacy Policy under the terms of their Independent OPTAVIA Coach Agreement with the Company.

If you are an OPTAVIA Coach, you may receive advice and information from your own sponsoring Business Coach and your Business Coach’s upline organization. To allow communication, we may share your personal data as well as other data related to your business with your Business Coach and Coaches in your Business Coach’s upline organization. In the ordinary course of supporting your business, information about you, as well as product order history may also be shared with your Business Coach and your Business Coach’s upline organization. Coaches who receive your information have agreed not to share your information with any third parties and are obligated to observe the intent of this Privacy Policy under the terms of their Independent OPTAVIA Coach Agreement with the Company.

We also share your information in limited form with third-party vendors who need to use that information in the course of their provision of products or services to the Company. These third parties include vendors and suppliers that provide us with technology, services, or content related to better operation and maintenance of the Company Websites. Access to your personal data by these third-party vendors is limited to the information reasonably necessary for the contractor to perform its limited function for the Company Websites. We also contractually require that our operations and maintenance third-party vendors:

  1. Protect the privacy of your personal data consistent with this Privacy Policy; and
  2. Not use or disclose your personal data for any purpose other than providing the Company with products and services.


We periodically share this information, including your personal improvement and weight-loss related information, with Company partners. This includes companies that are controlled by or are under common control with the Company and OPTAVIA Coaches. These partners use your information to make predictions about your interests and reach out to you with special offers, promotions, advertisements, newsletters, and other materials. Where required by law, we will obtain your consent prior to sharing.

We may disclose personal data that you have authorized the Company to share if you have enabled features or functionality that connect the services to a third-party vendor or social media network (such as by logging in to the services using your account with the third-party, providing your application programming interface (API) key or similar access token for the services to a third-party, or otherwise linking your account with the services to a third-party’s services). Note that we do not control the third-party’s use of your personal data and you should familiarize yourself with their privacy policies.

V. HOW COMPANY HANDLES PRIVACY AND SECURITY INTERNALLY

 Listed below are some of the security procedures the Company uses to protect your privacy:

  • Requires both an email address and a password in order for users to access their personal data, including personal health information.
  • Uses encryption technology to protect your personal data, including credit card information, as it is transmitted to us.
  • Uses firewalls and other intrusion detection and prevention technologies to protect information stored on our servers.
  • Closely monitors the limited number of Company employees who have potential access to your personal data.
  • Requires all Company employees to abide by our Privacy Policy and be subject to disciplinary action if they violate it.
  • Systems back-ups to protect the integrity of your personal data.
  • Provides secure messaging within the Company Websites so that information related to your personal health is sent through a secure, encrypted connection.


Despite Company efforts to protect your personal data, including personal health information, there is always some risk that an unauthorized third-party may find a way around our security systems or that transmissions of your information over the Internet will be intercepted.

VI. YOUR RIGHTS

You may have certain rights available to you with regard to the collection and use of your personal data. Depending on where you reside, there may be laws or regulations that list these rights specifically.

The above-entitled sections “Information We Collect About You” and “Use of Your Information: describe the categories of personal data we may have collected about you in the preceding 12 months and how that information is used.

We may send you marketing emails in connection with our products and services; you may opt out of receiving those emails by clicking the link to opt out in the email message itself. Note that even if you opt out of receiving marketing email messages, we will still send you transactional email messages related to your registration with the Company and your use of our products and services where applicable.

In addition, you may have certain rights regarding your personal data, subject to local law. These include the following rights to:

  • Access your information;
  • Request that we rectify or update the information we hold about you;
  • Request that we erase or delete your information;
  • Request that we restrict our use of your information;
  • Object to our use of your information;
  • Receive your information in a usable electronic format and, to the extent technically feasible, transmit it to a third-party vendor (right to data portability);
  • Learn more about the sources from which we collect information, the purposes for which we collect and share information, the information we hold, and the categories of parties with whom we share your information;
  • Exercise rights without fear of discrimination and being denied goods or services;
  • Lodge a complaint with your local data protection authority; and
  • Where the processing of your information is based on your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.


Although we will do our best to honor your request in connection with the rights above, we may not be able to do so in certain situations where your data is needed or required (for example, if you provide an incorrect email address, it will slow our ability to comply with legal process, record-keeping requirements, or facilitating a transaction requested by you or your ongoing use of our Services). Note that, if you choose to exercise the rights listed above, we may ask you for additional information to confirm your identity and for security purposes. With respect to updating your personal data, the Company Websites’ pages that collect and store self-reported data allow you to correct, update or review information you have submitted by going back to the specific page, logging-in and making the desired changes.

Upon your request and in connection with the rights listed above, we may automatically collect information about your precise geolocation when you access the Company Websites or Applications to the extent permitted by applicable law. We may also collect information about your general location using your IP address and your postal code. You can opt out of precise geolocation tracking by sending a written letter or email to the addresses in Section XII below.  

If you would like to discuss or exercise the rights listed above, you may either (a) fill in this form which will allow us to validate your identity and fulfill your request, (b) call us at 1-888-678-2842 (OPTAVIA), or (c) email us at USPrivacy@optavia.com. Our customer service department will forward your request to the appropriate internal Company department for a response or resolution. You may also write us at:

Attn: Privacy Officer
100 International Drive
18th Floor
Baltimore, MD 21202

VII. California Privacy Rights 

In addition to the rights listed in Section VI, if you live in California as a consumer or as a current or former Company employee, job applicant, OPTAVIA Coach, and/or an independent contractor (“Personnel”), you have further rights and may make the following requests with respect to your personal data in accordance with applicable law: 

  • Right to Limit Use and Disclosure of Sensitive Personal Data – You can limit the use and disclosure of “sensitive personal information,” which includes: (1) precise geolocation data; (2) racial or ethnic origin; (3) union membership; (4) contents of certain employee email and text messages; and (5) biometric information. 
  • Shine the Light Inquiry – You have the right to ask us one time each year if we have shared personal data with third parties for their direct marketing purposes. In your request to us, please indicate that you are a California resident making a “Shine the Light” inquiry.


California residents can exercise their rights by
sending us a written request by letter or email to the addresses set out Section XII below. We may deny certain requests, or fulfill a request only in part, based on our legal rights and obligations. For example, we may retain personal data as permitted by law, such as for tax or other record-keeping purposes, to maintain an active account, and to process transactions and facilitate customer requests. For purposes of California residents exercising these rights, the information we collect about you is listed above in Section II.

California residents may designate an authorized agent to make a request on their behalf. When submitting the request, please ensure the authorized agent is identified as an authorized agent and ensure the agent has the necessary information to complete the verification process.

VIII. NEVADA PRIVACY RIGHTS

In addition to the rights listed in Section VI, if you are a Nevada resident, you can request that we not “sell” your “covered information” (as defined in applicable Nevada law).  To make such a request, email us using the information set forth in Section XII below. Please use “Nevada Do Not Sell” in the subject line.

IX. VIRGINIA, COLORADO, AND CONNECTICUT PRIVACY RIGHTS

Right to Appeal – In addition to the rights listed in Section VI, Virginia, Colorado, and Connecticut consumers have the right to appeal a Company data privacy request decision made in response to your data privacy request. If you make a request to exercise any of the above data access rights listed in Section VI, and we are unable to comply with your request, you may request to appeal our decision. To appeal any data privacy request decision, please contact us by emailing USPrivacy@optavia.com with the subject line “Data Access Request Appeal.” If after you complete the appeal process with us, you are still unsatisfied with our response, you may contact your Attorney General to file a complaint. Below are the contact information for the appropriate entity where you can inquire about filing an appeal: 

Virginia residents:
Office of the Attorney General
202 North 9th Street
Richmond, Virginia 23219
Phone: (804) 786-2071
https://www.oag.state.va.us/

Colorado residents:
Office of the Attorney General
Colorado Department of Law
Ralph L. Carr Judicial Building
1300 Broadway, 10th Floor
Denver, CO 80203
(720) 508-6000
https://coag.gov/

Connecticut residents:
Office of the Attorney General
165 Capitol Ave
Hartford, CT 06106
(860) 808-5318
https://portal.ct.gov/AG

X. DATA RETENTION POLICY

We will keep your personal data for as long as we have a relationship with you for the purposes of providing our services. When deciding how long to keep your information after our relationship with you has ended, we take into account our legal obligations and regulators’ expectations. We may also retain records to investigate or defend potential legal claims.

XI. CHANGES TO THIS PRIVACY POLICY

Just as our business changes constantly, this Privacy Policy may also change. Company retains the right to update this Privacy Policy at its general discretion according to the needs of the business, its consumers or in accordance with the mandates of federal and state law. If we update this Privacy Policy, we will notify you by posting a new Privacy Policy on this page. To assist you in accessing the most recent Privacy Policy available, this Policy has an effective date set out at the beginning of this document. 

XII. CONTACT US

If you have questions, comments, or requests regarding this Privacy Policy, please contact us at:

Attn: Privacy Officer
100 International Drive
18th Floor
Baltimore, MD 21202

Additionally, you may email us at USPrivacy@optavia.com.