While you may use some of the functionality of the Company Websites without registering for an account, many of the specific tools and services on the Company Websites require registration. If you choose to register with the Company Websites for certain services, We require you to submit Personal Data. Depending on the tool or service you have selected, the Personal Data we collect may include Personal Health Information such as your weight, health conditions, and medications, among other information. “Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’) (or under certain laws, an identified or identifiable household or legal entity where such information is protected similarly); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, email address, mailing address or phone number or an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
II. INFORMATION WE COLLECT ABOUT YOU
Even if you do not register with the Company Websites, We collect information about your use of the Company Websites, special promotions and newsletters. We collect the following specific categories of Personal Data:
- Identifiers, such as your name, postal address, email address, account name, or other similar identifiers;
- Protected characteristics, such as your gender, age, race, or other protected classifications under applicable law;
- Commercial information, such as products or services purchased, or other purchasing or consumption histories or tendencies;
- Internet or other electronic network activity information, such as browsing history, search history, or information regarding your interaction with the Company Websites;
- Financial, medical, or health insurance information, such as weight, health conditions, and medications;
- Inferences regarding preferences or other characteristics; and
- Education Information such as undergraduate and graduate degrees and professional licenses.
We collect this information from the following categories of sources:
- From your device or browser;
- Directly from you when you provide information; and
- From your Habits of Health application.
Below we describe how we collect this information.
Automatically Collected Information
Your browser software can be set to reject all Cookies. Most browsers offer instructions on how to reset the browser to reject Cookies in the “Help” section of the toolbar. If you reject Our Cookies, certain of the functions and conveniences of the Company Websites may not work properly but you do not have to accept Our Cookies in order to productively use the Company Websites.
Some of Our service providers may offer the ability to opt out of their use of your information for the placement of targeted advertisements. To opt out of these service providers’ use of your information for the placement of targeted advertisements, please visit http://optout.aboutads.info. We do not currently respond to web browser “do not track” signals or other mechanisms that provide a method to opt out of the collection of information across the networks of websites and online services in which We participate. For more information about “do not track” signals, visit http://www.allaboutdnt.org
B. Web Beacons
We also use Web Beacons to collect information about your use of the Company Websites and the websites of selected sponsors and advertisers, and your use of special promotions or newsletters. The information collected by Web Beacons allows us to statistically monitor your usage of the Company Websites.
We do not link information from Web Beacons to your personal details without your permission and do not use Web Beacons to collect or store Personal Health Information about you.
C. Third-Party Web Beacons
We use third-party web beacons to help analyze where visitors go and what they do while visiting the Company Websites. We allow search engines to use web beacons on the Company Websites to collect information about your visits to this and other websites in order to improve its products and services and provide advertisements about goods and services of interest to you.
Information You Provide
We collect Personal Data that you provide to us when you register as a member of the Company Websites and/or when you update your member profile.
We may be required by law to collect certain Personal Data about you or as a consequence of any contractual relationship we have with you. Failure to provide this information may prevent or delay the fulfillment of these obligations.
D. Emails You Send to the Company Websites
E. Website Registration and Interactive Tools on the Company Websites
After you have registered as a member of the Company Websites, you may choose to use certain interactive content, tools and services that may ask you to voluntarily provide other types of information about yourself including Personal Health Information.
The Company Websites do not sell products for purchase by children. We sell products for purchase by adults. If you are under 18, you may only use the Company Websites with the involvement of a parent or guardian. In this case, a parent or guardian is solely responsible for providing supervision of the minor’s use of the Company Websites. The parent or guardian assumes full responsibility for ensuring that the registration information is kept secure and that the information submitted is accurate. The parent or guardian also assumes full responsibility for the interpretation and use of any information or suggestions provided through the Company Websites for the minor. If you become aware that your child has provided their Personal Data through the Company Websites, please contact us at the contact information provided below.
G. Market Research
From time to time the Company marketing department, or operations contractors acting on its behalf, may conduct online research surveys in order to gather feedback about the Company Websites through email invitations, pop-up surveys or online focus groups. When participating in a survey, We may ask you to submit Personal Data. This Personal Data is used for research purposes, and is not used for sales solicitations. When an external party sponsors a survey, information from the survey results is reported to the sponsor. Personal Data collected through market research will only be used by Company and its operations contractors and will not be given or sold to an external party without your consent.
III. USE OF YOUR INFORMATION
We use the Personal Data that you provide to:
- respond to your questions, as it is in Our legitimate interest to provide you appropriate responses;
- verify your identity when you access and use our services, and ensure the security of your Personal Data, so We can comply with Our contractual obligations to you;
- provide you the specific services you select, so We can comply with Our contractual obligations to you;
- analyze how you use our services and improve our services, as it is in Our legitimate interest to understand any issues with our services and improve them;
- communicate with you about offers, products, and services that may be of interest to you, as it is in Our legitimate interest to make the messages we send more relevant and interesting-where required by law, we will obtain your consent first;
- exercise our rights where it is necessary to do so, for example to detect, prevent, and respond to fraud, intellectual property infringement, or violations of law or contract; and
- comply with our legal and regulatory obligations.
IV. DISCLOSURE OF YOUR INFORMATION
We may disclose the following categories of your Personal Data for business purposes:
- Protected characteristics;
- Commercial information;
- Internet or other electronic network activity information;
- Financial, medical, or health information;
- Inferences drawn from any of the above information categories; and
- Educational information.
We disclose these categories of Personal Data for business purposes as described below:
We disclose Personal Data: (1) to comply with valid legal requirements such as a law, regulation, search warrant, subpoena or court order; or (2) in special cases, such as a physical threat to you or others. In the event that We are legally compelled to disclose your Personal Data to an external party, We will attempt to notify you unless doing so would violate the law or court order.
We also share your information in limited form with third party operations and maintenance contractors who need to use that information in the course of their provision of products or services to the Company. These contractors include vendors and suppliers that provide us with technology, services, and/or content related to better operation and maintenance of the Company Websites. Access to your Personal Data by these contractors is limited to the information reasonably necessary for the contractor to perform its limited function for the Company Websites. We also contractually require that Our operations and maintenance contractors:
- not use or disclose your Personal Data for any purpose other than providing us with products and services.
We periodically share this information, including your personal improvement and weight-loss related information, with Company partners. This includes companies that are controlled by, or are under common control with Medifast Inc., Independent Medifast Weight Control Centers, Medifast independent distributors and “OPTAVIA Coaches”. These partners use your information to make predictions about your interests and reach out to you with special offers, promotions, advertisements, newsletters, and other materials. Where required by law, we will obtain your consent prior to such sharing.
V. HOW COMPANY HANDLES PRIVACY AND SECURITY INTERNALLY
Listed below are some of the security procedures that Company uses to protect your privacy:
- Requires both an email address and a password in order for users to access their Personal Data, including Personal Health Information.
- Uses encryption technology to protect your Personal Data, including credit card information, as it is transmitted to us.
- Uses firewalls and other intrusion detection and prevention technologies to protect information stored on our servers.
- Closely monitors the limited number of Company employees who have potential access to your Personal Data.
- Systems back-ups to protect the integrity of your Personal Data.
- Provides secure messaging within the Company Websites so that information related to your personal health is sent through a secure, encrypted connection.
Despite Company efforts to protect your Personal Data, including Personal Health Information, there is always some risk that an unauthorized third party may find a way around Our security systems or that transmissions of your information over the Internet will be intercepted.
VI. UPDATING YOUR INFORMATION AND CONTACTING COMPANY
A. Updating Your Personal Data
The Company Websites’ pages that collect and store self-reported data allow you to correct, update or review information you have submitted by going back to the specific page, logging-in and making the desired changes.
B. Removing your Personal Data
If you have a complaint or problem, including a request to access or to remove your personal data from Our systems, please open this link and fill in this form which will allow Us to validate your identity and fulfil your request or call us at 1-888-678-2842 (OPTAVIA). Our customer service department will forward your request to the appropriate internal Company department for a response or resolution. You may also write us at:
Attn: Privacy Officer
100 International Drive
Baltimore, MD 21202
C. Limitations on Removing or Changing Information
Upon your request, We will delete your Personal Data from Our active databases and where feasible from Our back-up media. You should be aware that it may not be possible to remove each and every record of the information you have provided to the Company Websites from Our servers.
In addition, you may have certain rights regarding your Personal Data, subject to local law. These include the following rights to:
- access your information;
- rectify the information we hold about you;
- erase your information;
- restrict Our use of your information;
- object to Our use of your information;
- receive your information in a usable electronic format and transmit it to a third party (right to data portability);
- learn more about the sources from which we collect information, the purposes for which we collect and share information, the information we hold, and the categories of parties with whom we share your information;
- exercise rights without fear of being denied goods or services;
- lodge a complaint with your local data protection authority; and
- where the processing of your information is based on your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Please note that we will likely require additional information from you in order to honor your requests.
If you would like to discuss or exercise such rights, please contact us at the details provided above.
VII. DATA RETENTION POLICY
We will keep your Personal Data for as long as we have a relationship with you for the purposes of providing Our services. When deciding how long to keep your information after Our relationship with you has ended, we take into account Our legal obligations and regulators’ expectations. We may also retain records to investigate or defend potential legal claims.