Effective Date: 01-Oct-2020
Everyday Bodywork (“Company”, "us", "we", or "our") owns and operates the website (the "Website") which we use to describe and promote our services and other offerings (collectively “Services”).
1. INFORMATION COLLECTION AND USAGE
While using our Website, we may ask you to provide us with certain personally identifiable information ("Personal Data”). Personal Data may include but is not limited to your email address, name, phone number and postal address.
We may also collect information that your internet browser broadcasts whenever you visit our Website ("Log Data"). This Log Data may include information such as your device's Internet Protocol address, browser type, browser version, the pages of our Website that you visit and the time spent on those pages, the time and date of your visit, and other statistics.
Everyday Bodywork uses collected Personal Data and Log Data to provide and maintain our Website and Services, to notify you about changes to our Services, to allow you to participate in interactive features of our Services when you choose to do so, to respond to your requests and inquiries, to service your purchases and orders, to provide client and user support, to gather analytical information so that we can improve our Website and Services, to monitor the usage of our Website, to detect and remedy technical issues, and to provide you with news and blog articles, marketing and promotional materials and information that may be of interest to you, special offers and general information about our Services and events that are similar to those that you have already purchased or inquired about unless you have opted not to receive such information. You may opt out of receiving any or all of these communications from us by following the included unsubscribe link or instructions provided in any email we send. We will only use your Personal Data for the purpose for which it was collected or reasonably compatible purposes if necessary.
In addition, we may use third party services such as Google Analytics that collect, monitor and analyze information in order to increase our Website's functionality. These third party service providers have their own privacy policies addressing how they use such information.
2. SERVICE PROVIDERS
Everyday Bodywork may employ third party companies and individuals (“Service Providers”) to facilitate and maintain our Website on our behalf, to provide IT and system administration services, to perform Website-related services and to assist us in analyzing our Website usage for professional advisers including lawyers, bankers, auditors and insurers, to government bodies that require us to report processing activities, and to third parties to whom we sell, transfer, or merge parts of our business or our assets.
We contractually require all Service Providers that are exposed your Personal Data to respect the security of your Personal Data and to treat it in accordance with the law. We only allow such Service Providers to process your Personal Data for specified purposes and in accordance with our instructions.
3. DATA SECURITY
We have put in place security measures to prevent your Personal Data from being accidentally lost, used, altered, disclosed, or accessed without authorization. We allow access to your Personal Data only to those employees, partners and Service Providers who have a business need to know and are contractually bound to keep your Personal Data confidential and only process it on our instructions.
We also have procedures in place to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach when we are legally required to do so.
We have implemented a variety of security measures to maintain the safety of your Personal Data whenever you submit your personal information using our Website.
We do not accept or receive personal financial information through our Website or through email. All supplied sensitive financial information is transmitted via Square’s processing environment and payment data encryption layers. After any transaction, your personal financial information (credit cards, social security numbers, financials, etc.) is not stored on our servers or systems.
4. LINKS AND EXTERNAL REFERENCES
You can set your internet browser to refuse some or all Cookies and to alert you when websites set or access Cookies. The ‘Help’ or ‘Settings’ features in most internet browsers provide information on how to accept cookies, disable cookies, and to notify you when receiving a new cookie. Please note that some of our Cookies, such as those used for security, scheduling and purchasing, are essential for our Website’s functionality (“Necessary Cookies”) so if you elect to not accept at least these Cookies, you may not be able to use some portions of our Website.
6. BEHAVIORAL REMARKETING
Google AdWords remarketing service is provided by Google, Inc. You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page. Google also provides an installer for the Google Analytics Opt-out Browser Add-on for your internet browser which provides visitors with the ability to prevent their data from being collected and used by Google Analytics. For more information on Google’s privacy practices, please visit the Google Privacy Terms web page.
Facebook remarketing service is provided by Facebook, Inc. You can learn more about interest-based advertising from Facebook by visiting this page. To opt-out from Facebook's interest-based ads follow these instructions from Facebook. Facebook adheres to the Self-Regulatory Principles for Online Behavioral Advertising established by the Digital Advertising Alliance. For more information on the privacy practices of Facebook, please visit Facebook's Data Policy.
7. DO NOT TRACK DISCLOSURE
Everyday Bodywork supports Do Not Track ("DNT"). DNT is a preference you can set in your internet browser to inform websites that you do not want to be tracked. You can enable or disable DNT by visiting the ‘Preferences’ or ‘Settings’ page in your internet browser.
8. PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS (PECR)
Our lawful grounds for collecting and processing your Personal Data and Log Data to send you marketing communications is either your consent or our legitimate interests, namely to grow our business. Under the PECR we may send you marketing communications from us if (i) you made a purchase from us or asked us for information about our Services or (ii) you agreed to receive marketing communications, and in each case you have not opted out of receiving such communications since. Under these regulations, if you are a limited company, we may send you marketing emails without your consent.
However, you can still opt out of receiving marketing emails from us at any time by following the opt-out links on any marketing message sent to you or by emailing us at at any time. If you opt out of receiving marketing communications this opt-out does not apply to Personal Data provided as a result of other transactions, such as purchases, warranty registrations and so on.
9. SENSITIVE DATA
We do not solicit or collect any data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, gender identification, political opinions, trade union membership, or information about your health, genetic or biometric data (“Sensitive Data”). We do not collect any information about criminal convictions and offenses.
10. CHILDREN’S ONLINE PRIVACY PROTECTION ACT (COPPA)
11. CALIFORNIA ONLINE PRIVACY PROTECTION ACT (CalOPPA)
12. GENERAL DATA PROTECTION REGULATION (GDPR)
If you are located in the European Economic Area (EEA), Everyday Bodywork’s legal basis for collecting and using your Personal Data depends on the data we collect and the specific context in which we collect it. We may process your Personal Data because (i) you have given us permission to do so; (ii) we need to perform a contract with you; (iii) the processing is in our legitimate interests and it is not overridden by your rights; or (iv) we must comply with the law.
If you are a resident of the EEA, you have specific protection rights in relation to your personal information that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and to withdraw consent where the lawful ground of processing is consent. Specifically, you have the following data protection rights: (i) You have the right to access, update or to delete the information we have on you usingyour account settings. (If you are unable to perform these actions yourself, please contact us to assist you.); (ii) You have the right to have your information rectified if that information is inaccurate or incomplete; (iii) You have the right to object to our processing of your Personal Data; (iv) You have the right to request that we restrict the processing of your Personal Data; (v) You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format (“Data Portability”); (vi) You have the right to withdraw your consent at any time where Everyday Bodywork relied on your consent to process your Personal Data. You can find a more comprehensive description of these rights here.
Everyday Bodywork endeavors to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. If you wish to be informed what Personal Data we hold about you or if you want to request that it be removed from our servers and systems, please contact us. If you wish to exercise any of the rights set out above, please email us at firstname.lastname@example.org. You will not have to pay a fee to access your Personal Data or to exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, and we may refuse to comply with your request in these circumstances. Please note that we may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data or to exercise any of your other rights. This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We endeavor to respond to all legitimate requests within thirty (30) days. Occasionally it may take us more time; especially if your request is particularly complex or you have made multiple requests. In such cases, we will notify you with a more accurate response time estimate.
13. RETENTION AND TRANSFER OF DATA
When deciding the duration for retaining any data, we look at its amount, nature and sensitivity, potential risk of harm from unauthorized use or disclosure, the processing purposes, and if any of these can be achieved by other means for legal requirements. For tax purposes, United States law requires us to keep basic information about our customers for seven (7) years after they cease being customers. In some circumstances we may anonymize your Personal Data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
14. INTERNATIONAL DATA TRANSFERS
Everyday Bodywork is an American company, thus your Personal Data is primarily stored in the United States by us and third party service providers which may include companies such as Dropbox, MailChimp, InfusionSoft, GoToWebinar and others. Necessarily this involves transferring your data outside the European Economic Area (EEA). Countries outside of the EEA do not always offer the same levels of protection to your personal information, so European law prohibits transfers of personal information outside of the EEA unless the transfer meets certain criteria.
Whenever we transfer your Personal Data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is in place: (i) We will only transfer your Personal Data to companies based in countries that the European Commission has approved of as providing an adequate level of protection for personal information by; or (ii) When we use certain service providers, we use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal information the same protection it has in Europe; or (iii) If we use U.S.-based providers that are part of EU-US Privacy Shield Framework, we may transfer data to them since they have equivalent safeguards in place. If none of the above safeguards is available to us, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
15. GOVERNING LAW
18. ENTIRE DOCUMENT