Last Modified on December 5, 2018
Last Modified on October 2018
We ask that you read this privacy notice carefully, as it contains important information on who we are, how and why we collect, store, use, and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
Who we are
OPTAVIA, LLC (“OPTAVIA,” “We,” or “Us”) collects, uses and is responsible for certain personal information about you, as part of OPTAVIA’s “Habits of Health” mobile application (the “Service”).
For EU citizens accessing the Service, we are regulated under the General Data Protection Regulation and we are responsible as controller of that personal information for the purposes of those laws. Please see the section entitled “For EU Citizens” below for more information about your rights.
The Personal Information we collect and use
Information collected by us: In providing you with the Service, we collect the following personal information when you provide it to us:
- Your name, email address, date of birth, profile photo, username, and password (your “Account Information”) collected through a registration form when you sign up on the Service.
- Your Service access times, duration, device information, operating system, performance information, behavior within the Habits of Health app, and other analytic information (your “Analytic Information”).
Information shared with us: In providing you with the Service, third parties may share the following personal information with us:
- Social media services that you connect to the Service may share your name, email address, date of birth, profile photo, and social media information (also “Account Information”).
- Apple Health and other connected services may share data such as your height, weight, and activity information such as the number of steps you take, daily activity and exercise, and calories and food consumed (your “Health Information”).
How we use your Personal Information: We use your personal information as follows:
- Technical Support: OPTAVIA may use your Account Information to communicate with you regarding any customer or technical support issues when you contact us through a contact form on the Service or via the email address you provide.
- Marketing Communications: OPTAVIA may use your Account Information to communicate with you regarding newsletters and other promotional materials sent from time to time, either through the Service or to the email address or other contact information you provide.
- Your Account Profile: OPTAVIA may use your Account Information, along with your Health Information and any data entered into the Service by you (including, for example, the number of hours you slept, meals you ate, glasses of water you drank, etc.) in order to create a personalized health habits profile connected with your account.
Who we share your Personal Information with: We share your Personal Information with certain third parties as part of our operation of the Service. This data sharing enables us to provide you with the Service in the optimal way.
We share your Personal Information with the following third parties:
- Analytics: In order to improve the Service and better understand our customers, OPTAVIA may share your Analytic Information with our mobile analytics service providers to better understand usage of the Service and how we can improve it.
- Sharing of Anonymized Data: Additionally, we may analyze certain Personal Information in anonymized and aggregate form (the “Anonymized Data”) to operate, maintain, manage, and improve the Service and related products and services. This Anonymized Data does not identify you personally. We may share or license this Anonymous Data to our affiliates, agents, business partners, and other third parties for their business and analytic purposes.
- Other Sharing: We will share your Personal Information if we have a good faith belief that (i) access, use, preservation or disclosure of such information is reasonably necessary to satisfy any applicable law, regulation, legal process, such as a court order or subpoena, or a request by law enforcement or governmental authorities, (ii) such action is necessary to detect, prevent, or otherwise address fraud, security or technical issues associated with the Service, or (iii) such action is appropriate to protect the rights, property or safety of OPTAVIA, its employees, clients, or users of the Service.
How long your Personal Information will be kept: We will keep your Personal Information for the length of time required to provide you with the Service, unless a longer retention period is required by law. Afterwards, we delete all aforementioned data in our possession within a reasonable timeframe. We do not verify the correctness of personal data that we collect or you provide.
Please note that some data may be retained if necessary to resolve disputes, enforce OPTAVIA user agreements, and comply with technical and legal requirements and constraints related to the security, integrity and operation of the Service.
Children’s Privacy: We do not knowingly collect any personal information from children under the age of 13, allow them to create accounts or use the Service. In addition, we may limit how we collect, use, and store some of the information of EU users between 13 and 16. OPTAVIA takes children’s privacy seriously and encourages parents to play an active role in their children’s online experience at all times. We urge parents to instruct their children never to give out their real names, addresses, or phone numbers, without parental permission, when online. If you have any concerns about your child’s personal information, please contact us at firstname.lastname@example.org.
Keeping your Personal Information secure
We have taken steps to put appropriate security measures in place to prevent personal information from either being accidentally lost or used and accessed in an unauthorized way.
- We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorized manner.
- Our servers are located in a secured data center, with state-of-the-art redundant power management and fire suppression systems.
- Passwords are secured with SHA-256 encryption, and data is secured using SSL encryption.
- We use UUID token authentication, which refreshes every time you log out or into the Service.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
However, no server, computer or communications network or system, or data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect user information, we cannot ensure or warrant the security of any information you transmit to us or through the Service and you acknowledge and agree that you provide such information and engage in such transmissions at your own risk. Once we receive a transmission from you, we will endeavor to maintain its security on our systems.
For EU Citizens
OPTAVIA and the Service are based in the United States. No matter where you are located, you consent to the processing, transfer and storage of your information in and to the U.S., and other countries, in accordance with the privacy policies of third parties with whom we share your Personal Information. The laws of the U.S. and other countries governing data collection and use may not be as comprehensive or protective as the laws of the country where you live.
Reasons we can collect and use your Personal Information: The laws in some jurisdictions require that we notify you of the lawful basis for collecting your Personal Information.
To the extent that such laws apply, we rely on the following as the lawful basis on which we collect and use your personal information:
- Consent: At times we may collect, process, store, transfer or disclose your personal data on the basis of your implied or explicit consent.
- To fulfill our contractual obligations: In order to fulfill our contractual obligations to you, we must collect, process, and store your personal data and information.Additionally, we may at times have to transfer or receive your personal data to or from third parties, in order to fulfill other contractual obligations to you.
- Furtherance of legitimate interests: We may collect, process, store, transfer or disclose your personal data in furtherance of those legitimate interests of ours which are not overridden by your interests or fundamental rights and freedoms as set forth in the applicable laws. These legitimate interests include, but are not limited to, (i) providing you with the Service, (ii) protecting our users, staff, and property from fraud and other harm, (iii) collecting information on how you use the Service in order to optimize the design and functionality of the Service, and (iv) communicating with you via e-mail for communications you have explicitly opted into (e.g., notifications about new products and services) or for important communications with you regarding the Service.
- Legal compliance: We may collect, process, store, transfer or disclose your personal data to comply with our legal obligations.
Under the laws of some jurisdictions, including the General Data Protection Regulation in the EEA, EU Citizens have a number of important rights with regard to your Personal Information.
- By law, you can ask us what information we hold about you, and you can ask us to correct it if it is inaccurate. If we have asked for your consent to process your personal data, you may withdraw that consent at any time.
- If we are processing your personal data for reasons of consent or to fulfill a contract, you can ask us to give you a copy of the information in a machine-readable format so that you can transfer it to another provider.
- If we are processing your personal data for reasons of consent or legitimate interest, you can request that your data be erased.
- You have the right to ask us to stop using your information for a period of time, if you believe we are not doing so lawfully.
- Finally, in some circumstances, you can ask us not to reach decisions affecting you using automated processing or profiling.
If you would like to exercise any of those rights, please email us at email@example.com. We may ask for additional verification information, such as your name and other information required to be sure that you are the owner of that data.
How to complain
If you have a complaint about OPTAVIA’s use of your information, we would prefer for you to contact us directly in the first instance so that we can address your complaint. Please contact us via the methods listed below in the section entitled “How to contact us” to let us know about any of your questions or concerns, and we will get back to you to resolve the issue.
If you are an EU citizen, the General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live, or where any alleged infringement of data protection laws occurred.
Changes to this Privacy Notice
This privacy notice was last updated on October 2018.
We may change this privacy notice from time to time. When we do, we will inform you via email to the email address you have provided us with through your account, or by posting a message about the change on the Service.
How to contact us
Please contact us if you have any questions about this privacy notice or the information we hold about you.
If you wish to contact us, please send an email to firstname.lastname@example.org, call us at 1-888-OPTAVIA, or send us postal mail at 11444 Cronhill Drive, Owings Mills, MD 21117.