Updated December 14, 2022
While you may use some of the functionality of the Company Websites without registering for an account, many of the specific tools and services on the Company Websites require registration. If you choose to register with the Company Websites for certain services, we require you to submit personal data. The type of personal data we may collect from you will depend on the tool or service you have selected. For additional information, please see the section titled “Information We Collect About You.”
II. INFORMATION WE COLLECT ABOUT YOU
Depending on how you interact with our Company Website and services, we may collect certain categories of personal data about you, including but not limited to:
- Identifiers, such as your name, postal address, phone number, email address, account name, or other similar identifiers;
- Demographic information, such as your gender, age, race, or other protected classifications under applicable law;
- Commercial information, such as products or services purchased, or other purchasing or consumption histories or tendencies;
- Internet or other electronic network activity information, such as browsing history, network activity, IP addresses, search history, or information regarding your interaction with the Company Websites, mobile applications (“apps”), emails, or advertisements;
- Financial Information, necessary to facilitate our relationships with employees and contractors and as a facilitator for payment card information that is collected by a trusted third-party vendor on behalf of the Company;
- Medical, such as biometrics, weight, health conditions, weight metrics, water consumed, steps per day, integration into Health Apps, BMI metrics, goal weight, and medications;
- Geolocation information, such as location tracked as part of Firebase and Telium integrations;
- Photos, such as profile photos you submit to us;
- Inferences regarding preferences or other characteristics, such as weight loss goals and progress, medical and dietary restrictions, income, personal habits (e.g., eating, sleeping, drinking, and exercise), and language preferences; and
- Professional, employment, and education Information, such as occupation, title, undergraduate and graduate degrees, and professional licenses.
We collect this information from the following categories of sources:
- Your device or browser;
- Directly from you when you provide information through your use of the Company Website, services, and when you communicate with us;
- From your app; and
- From Connect
Below we describe how we collect this information.
Automatically Collected Information
Your browser software can be set to reject all cookies. Browsers offer instructions on how to reset the browser to reject cookies in the “Help” section of the toolbar. If you reject our cookies, certain of the functions and conveniences of the Company Websites may not work properly but you do not have to accept our cookies to productively use the Company Websites.
Some of our service providers may offer the ability to opt out of their use of your information for the placement of targeted advertisements. To opt out of these service providers’ use of your information for the placement of targeted advertisements, please visit http://optout.aboutads.info. We do not currently respond to web browser “do not track” signals or other mechanisms that provide a method to opt out of the collection of information across the networks of websites and online services in which we participate. For more information about “do not track” signals, visit http://www.allaboutdnt.org.
B. Web Beacons
We also use Web Beacons to collect information about your use of the Company Websites and the websites of selected sponsors and advertisers, and your use of special promotions or newsletters. The information collected by Web Beacons allows us to statistically monitor your usage of the Company Websites.
We do not link information from Web Beacons to your personal details without your permission and do not use Web Beacons to collect or store personal health information you may provide.
C. Third Party Web Beacons
We use Third-Party Web Beacons to help analyze where visitors go and what they do while visiting the Company Websites. We allow search engines to use web beacons on the Company Websites to collect information about your visits to this and other websites to improve our products and services and provide advertisements about goods and services of interest to you.
Information You Provide
We collect personal data that you provide to us when you register as a user of the Company Websites or when you update your user profile. Specifically, we may collect information from you when you:
- Use our Company Websites and apps;
- Register for an account with the Company;
- Apply for a position with the Company;
- Contact us via the Company Websites or email;
- Use or purchase our products and services; or
- Participate in our online services.
Additionally, if you act as an independentCoach, employee, job applicant, or contractor, we collect the following personal data about you as an independent contractor for the Company:
- Identifiers, such as name, address, telephone number, email address, and other government identifiers, account identifier, social media identifier, and device or online identifiers.
- Demographic information, such as date of birth and marital status.
- Financial information such as commissions and tax information.
- Health information
- Characteristics of protected classifications under state or federal law, such as gender and age.
- Internet, mobile app, and network activity, such as browser visits.
- Geolocation information.
- Audio, visual, and other sensory information, such as profile photos.
- Professional information, such as education, occupation, title, licenses and professional memberships, [and background and criminal information].
- Individual preferences and characteristics, such as inferences related to [social networks and marketing behaviors].
We may be required by law to collect certain personal data about you or because of any contractual relationship we have with you. Failure to provide this information may prevent or delay the fulfillment of these obligations.
D. Emails You Send to the Company Websites
E. Website Registration and Interactive Tools on the Company Websites
After you have registered as a user of the Company Websites, you may choose to use certain interactive content, tools, and services that may ask you to voluntarily provide other types of information about yourself including personal health information.
The Company Websites are not intended or directed to anyone under the age of 18. We do not sell products for purchase by children, and we do not collect personal data from anyone we know to be under the age of 18. If you are under the age of 18, you may only use this site with the involvement of a parent or a guardian, and you should not submit any personal data to us. If you become aware that your child or an individual under 18 has provided their personal data through the Company Websites, please contact us at the contact information provided in the “Contact Us” section below.
G. Market Research
From time to time, the Company or a third-party vendor acting on behalf of the Company may conduct online research surveys to gather feedback about the Company Websites through email invitations, pop-up surveys or online focus groups. When participating in a survey, we may ask you to submit personal data. This personal data is used for research purposes and is not used for sales solicitations. When an external party sponsors a survey, information from the survey results is reported to the sponsor. Personal data collected through market research will only be used by the Company and our third-party vendors will not be given or sold to an external party without your consent.
III. USE OF YOUR INFORMATION
We use the personal data that we collect to:
- Create and maintain your account;
- Respond to your questions, as it is in our legitimate interest to provide you appropriate responses;
- Verify your identity when you access and use our services, and ensure the security of your personal data, so we can comply with our contractual obligations to you;
- Provide you the specific services you select, so we can comply with our contractual obligations to you;
- Analyze how you use our services and improve our services, as it is in our legitimate interest to understand any issues with our services and improve them;
- Conduct research and development;
- Communicate with you about offers, products, and services that may be of interest to you, as it is in our legitimate interest to make the messages we send more relevant and interesting. Where required by law, we will obtain your consent first;
- Exercise our rights where it is necessary to do so, for example to detect, prevent, and respond to fraud, intellectual property infringement, or violations of law or contract; and
- Comply with our legal and regulatory obligations.
We may de-identify your information and use, create, and sell de-identified information, or any business or other purpose not prohibited by applicable law.
IV. DISCLOSURE OF YOUR INFORMATION
We may disclose the following categories of your personal data for business purposes:
- Protected characteristics;
- Commercial information;
- Internet or other electronic network activity information;
- Financial, medical, or health information;
- Inferences drawn from any of the above information categories; and
- Educational information.
We disclose these categories of personal data for business purposes as described below.
We also share your information in limited form with third-party vendors who need to use that information in the course of their provision of products or services to the Company. These third parties include vendors and suppliers that provide us with technology, services, or content related to better operation and maintenance of the Company Websites. Access to your personal data by these third-party vendors is limited to the information reasonably necessary for the contractor to perform its limited function for the Company Websites. We also contractually require that our operations and maintenance third-party vendors:
- Not use or disclose your personal data for any purpose other than providing the Company with products and services.
We periodically share this information, including your personal improvement and weight-loss related information, with Company partners. This includes companies that are controlled by or are under common control with the Company andCoaches. These partners use your information to make predictions about your interests and reach out to you with special offers, promotions, advertisements, newsletters, and other materials. Where required by law, we will obtain your consent prior to sharing.
We may disclose personal data that you have authorized the Company to share if you have enabled features or functionality that connect the services to a third-party vendor or social media network (such as by logging in to the services using your account with the third-party, providing your application programming interface (API) key or similar access token for the services to a third-party, or otherwise linking your account with the services to a third-party’s services). Note that we do not control the third-party’s use of your personal data and you should familiarize yourself with their privacy policies.
V. HOW COMPANY HANDLES PRIVACY AND SECURITY INTERNALLY
Listed below are some of the security procedures the Company uses to protect your privacy:
- Requires both an email address and a password in order for users to access their personal data, including personal health information.
- Uses encryption technology to protect your personal data, including credit card information, as it is transmitted to us.
- Uses firewalls and other intrusion detection and prevention technologies to protect information stored on our servers.
- Closely monitors the limited number of Company employees who have potential access to your personal data.
- Systems back-ups to protect the integrity of your personal data.
- Provides secure messaging within the Company Websites so that information related to your personal health is sent through a secure, encrypted connection.
Despite Company efforts to protect your personal data, including personal health information, there is always some risk that an unauthorized third-party may find a way around our security systems or that transmissions of your information over the Internet will be intercepted.
VI. YOUR RIGHTS
You may have certain rights available to you with regard to the collection and use of your personal data. Depending on where you reside, there may be laws or regulations that list these rights specifically.
The above-entitled sections “Information We Collect About You” and “Use of Your Information: describe the categories of personal data we may have collected about you in the preceding 12 months and how that information is used.
We may send you marketing emails in connection with our products and services; you may opt out of receiving those emails by clicking the link to opt out in the email message itself. Note that even if you opt out of receiving marketing email messages, we will still send you transactional email messages related to your registration with the Company and your use of our products and services where applicable.
In addition, you may have certain rights regarding your personal data, subject to local law. These include the following rights to:
- Access your information;
- Request that we rectify or update the information we hold about you;
- Request that we erase or delete your information;
- Request that we restrict our use of your information;
- Object to our use of your information;
- Receive your information in a usable electronic format and, to the extent technically feasible, transmit it to a third-party vendor (right to data portability);
- Learn more about the sources from which we collect information, the purposes for which we collect and share information, the information we hold, and the categories of parties with whom we share your information;
- Exercise rights without fear of discrimination and being denied goods or services;
- Lodge a complaint with your local data protection authority; and
- Where the processing of your information is based on your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Although we will do our best to honor your request in connection with the rights above, we may not be able to do so in certain situations where your data is needed or required (for example, if you provide an incorrect email address, it will slow our ability to comply with legal process, record-keeping requirements, or facilitating a transaction requested by you or your ongoing use of our Services). Note that, if you choose to exercise the rights listed above, we may ask you for additional information to confirm your identity and for security purposes. With respect to updating your personal data, the Company Websites’ pages that collect and store self-reported data allow you to correct, update or review information you have submitted by going back to the specific page, logging-in and making the desired changes.
Upon your request and in connection with the rights listed above, we may automatically collect information about your precise geolocation when you access the Company Websites or Applications to the extent permitted by applicable law. We may also collect information about your general location using your IP address and your postal code. You can opt out of precise geolocation tracking by sending a written letter or email to the addresses in Section XII below.
If you would like to discuss or exercise the rights listed above, you may either (a) fill in this form which will allow us to validate your identity and fulfill your request, (b) call us at 1-888-678-2842 ( ), or (c) email us at USPrivacy@optavia.com. Our customer service department will forward your request to the appropriate internal Company department for a response or resolution. You may also write us at:
Attn: Privacy Officer
100 International Drive
Baltimore, MD 21202
VII. California Privacy Rights
In addition to the rights listed in Section VI, if you live in California as a consumer or as a current or former Company employee, job applicant,Coach, and/or an independent contractor (“Personnel”), you have further rights and may make the following requests with respect to your personal data in accordance with applicable law:
- Right to Limit Use and Disclosure of Sensitive Personal Data – You can limit the use and disclosure of “sensitive personal information,” which includes: (1) precise geolocation data; (2) racial or ethnic origin; (3) union membership; (4) contents of certain employee email and text messages; and (5) biometric information.
- Shine the Light Inquiry – You have the right to ask us one time each year if we have shared personal data with third parties for their direct marketing purposes. In your request to us, please indicate that you are a California resident making a “Shine the Light” inquiry.
California residents can exercise their rights by sending us a written request by letter or email to the addresses set out Section XII below. We may deny certain requests, or fulfill a request only in part, based on our legal rights and obligations. For example, we may retain personal data as permitted by law, such as for tax or other record-keeping purposes, to maintain an active account, and to process transactions and facilitate customer requests. For purposes of California residents exercising these rights, the information we collect about you is listed above in Section II.
California residents may designate an authorized agent to make a request on their behalf. When submitting the request, please ensure the authorized agent is identified as an authorized agent and ensure the agent has the necessary information to complete the verification process.
VIII. NEVADA PRIVACY RIGHTS
In addition to the rights listed in Section VI, if you are a Nevada resident, you can request that we not “sell” your “covered information” (as defined in applicable Nevada law). To make such a request, email us using the information set forth in Section XII below. Please use “Nevada Do Not Sell” in the subject line.
IX. VIRGINIA, COLORADO, AND CONNECTICUT PRIVACY RIGHTS
Right to Appeal – In addition to the rights listed in Section VI, Virginia, Colorado, and Connecticut consumers have the right to appeal a Company data privacy request decision made in response to your data privacy request. If you make a request to exercise any of the above data access rights listed in Section VI, and we are unable to comply with your request, you may request to appeal our decision. To appeal any data privacy request decision, please contact us by emailing USPrivacy@optavia.com with the subject line “Data Access Request Appeal.” If after you complete the appeal process with us, you are still unsatisfied with our response, you may contact your Attorney General to file a complaint. Below are the contact information for the appropriate entity where you can inquire about filing an appeal:
Office of the Attorney General
202 North 9th Street
Richmond, Virginia 23219
Phone: (804) 786-2071
Office of the Attorney General
Colorado Department of Law
Ralph L. Carr Judicial Building
1300 Broadway, 10th Floor
Denver, CO 80203
Office of the Attorney General
165 Capitol Ave
Hartford, CT 06106
X. DATA RETENTION POLICY
We will keep your personal data for as long as we have a relationship with you for the purposes of providing our services. When deciding how long to keep your information after our relationship with you has ended, we take into account our legal obligations and regulators’ expectations. We may also retain records to investigate or defend potential legal claims.
XII. CONTACT US
Attn: Privacy Officer
100 International Drive
Baltimore, MD 21202
Additionally, you may email us at USPrivacy@optavia.com.