FROM BETRAYAL TO HEALING
Last Updated October 2018
COMMITMENT TO PRIVACY
Your privacy is very important to Dr. Carol Erb, LLC (the “COMPANY”). COMPANY is committed to protecting your privacy. We use the information we collect about you to process orders and personalize your experience at www.drcarolerb.com and any other domains that the COMPANY may use (the “SITE”).
Part of the operation of this site involves the collection and use of information about you.
This privacy notice provides you with details of how we collect and process your personal data through your use of our SITE, including any information you may provide through our site when you purchase a product or service, subscribe to our newsletter or request a free resource. This privacy notice may change from time to time, so please check it often.
By using this SITE, you give your express consent to the COMPANY’s privacy notice.
CHILDREN’S ONLINE PRIVACY PROTECTION ACT COMPLIANCE
COMPANY is in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act), COMPANY doesn’t collect any information from anyone under 13 years of age. SITE, products, and services are all directed to people who are 13 years of age and older.
By providing us with your data, you warrant to us that you are at least 13 years of age.
CALIFORNIA ONLINE PRIVACY PROTECTION ACT COMPLIANCE
We value your privacy and have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We will not distribute your personal information to outside parties without your consent.
TYPES OF DATA COLLECTED
In general, you can visit this SITE without identifying who you are, or revealing any information about yourself.
Information collected online is categorized as anonymous or personally identifiable. COMPANY collects information when you purchase a product or service, subscribe to our newsletter, or request a free resource.
Anonymous data is information that cannot be connected to the identity of a specific individual.
Personal data is information that specifically identifies a particular user, such as but not limited to:
Identity data may include your first name, last name, and gender.
Contact data may include your billing address, delivery address, email address and telephone numbers.
Financial data may include your bank account and payment card details.
Transaction data may include details about payments between us and other details of purchases made by you.
Technical data may include your login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.
Profile data may include your username and password, purchases or orders, your interests, preferences, feedback and survey responses.
Marketing and Communications data may include your preferences in receiving marketing communications from us and our third parties and your communication preferences.
An example of anonymous data: this SITE may record the number of visits to a particular page that occur in a given period of time, but it does not necessarily tell the COMPANY the names or other identifying information of every visitor. Many users of this SITE choose not to provide any personally identifiable information; therefore, those individuals are anonymous to the COMPANY, and any data collected about their use of this SITE is anonymous information.
When you place an order, request a service, or otherwise voluntarily ask COMPANY to send a good and or service to you, you will voluntarily need to provide the COMPANY with, but not limited to, your name, e-mail address, billing address, shipping, address, and or payment information. This personal data allows COMPANY to process and fulfill your order and to notify you of your order status.
We do not collect any Sensitive data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offenses.
HOW THE COMPANY COLLECTS YOUR PERSONAL DATA
We collect data about you through a variety of different methods including:
Direct interactions: You may provide data by filling in forms on our site (or otherwise) or by communicating with us by email or otherwise, including when you:
order our products or services
create an account on our site
subscribe to our service or publications
request resources or marketing be sent to you
give us feedback
Automated technologies or interactions: As you use our SITE, we may automatically collect technical data about your equipment, browsing actions and usage patterns. We collect this data by using cookies, server logs and similar technologies. We may also receive technical data about you if you visit other websites that use our cookies.
Third parties or publicly available sources: We may receive personal data about you from various third parties and analytics providers such as Google.
COMPANY’S USE OF PERSONAL DATA
We will only use your personal data when legally permitted. The most common uses of your personal data are:
To process transactions
To personalize your experience. Your information helps us to better respond to your individual needs.
To improve our website. We continually strive to improve our website offerings based on the information and feedback we receive from you.
To improve customer service. Your information helps us to more effectively respond to your customer service requests and support needs.
To administer a contest, promotion, survey, or other SITE feature.
To send periodic emails.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.
Generally, we do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by emailing us at hello [at] drcarolerb [dot] com.
The COMPANY collects personal data only for providing the services you voluntarily request, generating statistical studies, conducting marketing research, improving products and services, sending you surveys, or notifying you of new products and any other changes to the SITE and or services that may affect you.
When you voluntarily submit personal data to the COMPANY, you understand that you are agreeing to allow COMPANY to access, store, and or use that information for those purposes.
The COMPANY will not sell or give any personal data to any third parties. Your information whether public or private will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested.
The COMPANY may be required by law enforcement and or judicial authorities to provide personal data to the appropriate governmental authorities. If requested by law enforcement or judicial authorities, the COMPANY will provide this information on its receipt of the appropriate legal documentation.
COMPANY’s PURPOSES FOR PROCESSING YOUR PERSONAL DATA
Set out below are the categories and descriptions of the ways we intend to use your personal data and the legal grounds on which we will process such data. We have also explained what our legitimate interests are where relevant.
Communication Data that includes any communication that you send to us whether that be through the contact form on our website, through email, text, social media messaging, social media posting or any other communication that you send us. We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defense of legal claims. Our lawful ground for this processing is our legitimate interests which in this case are to reply to communications sent to us, to keep records and to establish, pursue or defend legal claims.
Customer Data that includes data relating to any purchases of goods and/or services such as your name, title, billing address, delivery address email address, phone number, contact details, purchase details and your card details. We process this data to supply the goods and/or services you have purchased and to keep records of such transactions. Our lawful ground for this processing is the performance of a contract between you and us and/or taking steps at your request to enter into such a contract.
User Data that includes data about how you use our website and any online services together with any data that you post for publication on our website or through other online services. We process this data to operate our website and ensure relevant content is provided to you, to ensure the security of our website, to maintain back- ups of our website and/or databases and to enable publication and administration of our website, other online services and business. Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business.
Technical Data that includes data about your use of our website and online services such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. The source of this data is from our analytics tracking system. We process this data to analyze your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our advertising. Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business and to grow our business and to decide our marketing strategy.
Marketing Data that includes data about your preferences in receiving marketing from us and our third parties and your communication preferences. We process this data to enable you to partake in our promotions such as competitions, prize draws and free give-aways, to deliver relevant website content and advertisements to you and measure or understand the effectiveness of this advertising. Our lawful ground for this processing is our legitimate interests which in this case are to study how customers use our products/services, to develop them, to grow our business and to decide our marketing strategy.
We may use Customer Data, User Data, Technical Data and Marketing Data to deliver relevant website content and advertisements to you (including Facebook adverts or other display advertisements) and to measure or understand the effectiveness of the advertising we serve you. Our lawful ground for this processing is legitimate interests, which is to grow our business. We may also use such data to send other marketing communications to you. Our lawful ground for this processing is either consent or legitimate interests (namely to grow our business).
Our lawful ground of processing your personal data to send you marketing communications is either your consent or our legitimate interests (namely to grow our business).
Under the Privacy and Electronic Communications Regulations, we may send you marketing communications from us if (i) you made a purchase or asked for information from us about our goods or services or (ii) you agreed to receive marketing communications and in each case you have not opted out of receiving such communications since. Under these regulations, if you are a limited company, we may send you marketing emails without your consent. However you can still opt out of receiving marketing emails from us at any time.
Before we share your personal data with any third party for their own marketing purposes we will get your express consent.
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by emailing us at hello [at] drcarolerb [dot] com at any time.
If you opt out of receiving marketing communications this opt-out does not apply to personal data provided as a result of other transactions, such as purchases, warranty registrations etc.
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to find out more about how the processing for the new purpose is compatible with the original purpose, please email us at hello [at] drcarolerb [dot] com.
If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground of processing.
We may process your personal data without your knowledge or consent where this is required or permitted by law.
TRANSFER OF CUSTOMER INFORMATION
Customer lists and information are properly considered assets of a business. Accordingly, if we merge with another entity or if we sell our assets to another entity, our customer lists and information, including personal data you have provided us, would be included among the assets that would be transferred.
Prior to such a transfer of assets, you will be provided the opportunity to opt-out or unsubscribe from the customer list.
In the unlikely event of bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors’ rights generally, we may not be able to control how your personal data is treated, transferred or used.
We are subject to the provisions of the General Data Protection Regulations that protect your personal data. Where we transfer your data to third parties outside of the EEA, we will ensure that certain safeguards are in place to ensure a similar degree of security for your personal data. As such:
We may transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or
If we use US-based providers that are part of EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place; or
Where we use certain service providers who are established outside of the EEA, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
PROTECTION OF YOUR DATA
We operate secure data networks protected by industry standard firewall and password protection systems. Our security and privacy policies are periodically reviewed and enhanced as necessary, and only authorized individuals have access to the personally identifiable information provided by our users. We do not, however, guarantee that unauthorized, inadvertent disclosure will never occur.
We offer the use of a secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway providers’ database only to be accessible by those authorized with special access rights to such systems. All information is required to be kept confidential.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
COMPANY only uses information supplied via online order and or registration forms voluntarily provided by you.
COMPANY does not sell or rent customer lists.
COMPANY has contracted with a third-party provider, Ontraport, to host email list databases and process payment. Ontraport has promised that it will not share COMPANY customer information with third parties.
COMPANY uses Google® Analytics to track overall statistics about computer usage on our site. This information is not linked to individual customer information.
We will only retain your personal data for as long as necessary to fulfill purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.