Privacy Statement And Policy
Collection of Personal Information
Types of Information Collected
User Information. In addition to the above personal information, we collect standard information about Karrot Health users such as:
Personal data, including, birthdate, height and weight, and gender.
Email address and Karrot Health Password.
Any additional information relating to you and your use of the Websites, Apps or Karrot Health Services that you provide to use directly through the Websites, Apps or Karrot Health Services.
Calorie and exercise data collected from wearable devices and other sensor equipment.
Information collected from promotions with third party companies.
Your information may also be supplemented with additional information from other sources, including publicly available sources.
Use of Personal Information
We will treat the information we collect as confidential. We will not share Personally Identifiable Information about you without your consent. We may share information collected from you that does not identify you or an individual with third parties, including advertisers and potential business partners.
We may also use or share data that does not identify a user to:
Fulfill the services and products you request from us;
Operate and improve the Websites, App and Karrot Health Services available to you through Karrot Health, including developing new features and products;
Communicate with you, respond to your requests, and manage our relationship;
Personalize the products and services provided to you;
Measure performance of the products and Karrot Health Services; and
Send you marketing notices including promotions of our products and services.
For internal purposes, which may require the transfer of such information to other Karrot Health affiliates for administrative purposes, for technical maintenance purposes, the marketing and promotion of products and services that might be of interest to you.
We may disclose your personal information when we reasonably believe that it is required by law, a duly authorized court order, or legal process and to protect and defend the rights and interests of Karrot Health, its affiliates, suppliers, or users. If we are required to disclose your information, we will attempt to provide you with advance notice, unless we are prohibited from doing so by law.
For data auditing purposes only, we disclose your personal information (name and work email) to your employer/insurance company that is providing you with Karrot Health’s services. Your employer/insurer will be able to see how many calories you have burned, and whether or not you reached the set calorie goal.
If your company chooses to add a competition, event, leaderboard, or other social component to their use of Karrot Health’s services, your coworkers may be able to see your activity. This information may contain your first name, last initial, and calories burned. This information may be in the aggregate based on groups, or individuals. For example, they will see “Team A is leading with 30,000 calories burned” or “Jane S. is in the lead with most calories burned this month”.
In some circumstances we may use third party contractors to perform these services on our behalf. In such circumstances, we will only provide the contractor with the information needed to perform the services (for example, name and address if a contractor is delivering a product to you), and all contractors will be required to agree to confidentiality obligations with respect to your personal information.
Notwithstanding the foregoing, Karrot Health will not use or disclose to third parties user data gathered from the Apple, Inc. Healthkit framework or Healthkit API for advertising or other use-based data mining purposes other than improving health, or for the purpose of health research. In no event will any information be collected from Healthkit users for use by third parties in compliance with this section without obtaining user consent.
Control of Personal information and Opt-Out Options
Karrot Health values the accuracy of the information you provide. You can confirm, change, or update personal information you have provided to us by contacting us directly at email@example.com.
If you want to opt-out of communications from Karrot Health, you can do so by emailing your request to firstname.lastname@example.org. If you change your mind, you can opt-in again, by emailing this same address. When you opt-out of promotional communications from us, you may still receive service messages and legally mandated notices.
Security of the Information We Collect
We take commercially reasonable precautions in an effort to protect your information against security breaches. For example, we store personal information and data in a secure server, and we use industry-standard firewalls and security software design to protect the security and integrity of your Personal Information. However, this is not a guarantee that your information may not be accessed, disclosed, altered, or destroyed. By using the Websites, Apps and Karrot Health, you acknowledge that you understand and agree to assume these risks.
Protection of Children's Privacy
Karrot Health is a general interest website, and we do not knowingly collect any personal information from children. If you are under 18, you are not permitted to use the Websites or App. Consistent with the Children's Online Privacy Protection Act (“COPPA”), the Websites and App are not intended for use by anyone under the age of 18 (COPPA's minimum protections are for minors 13 years of age or under). Karrot Health does not knowingly collect personal information from children through this Web Site or App.
Cookies. When you visit the Websites, a cookie may be saved on your computer (if your computer accepts cookies), and if you return to the Websites the cookie may be read. A “cookie,” is a small text file placed on the user's hard drive to track usage of the Websites and collect basic information, which may include certain of your preferences.
If you would like to avoid cookies, your web browser may have an option that enables you to disable or not accept cookies. It should be noted, however, that should you disable or not accept cookies, portions of the Web Site may not properly function.
Web Beacons. We may also use web beacons, clear gif technology, or action tags as mechanisms to collect aggregate site visitation data by tracking how users navigate to and through our Websites. We may also use this technology to track the delivery of HTML email messages. Data collected through this mechanism is not linked to personal information. A web beacon is an electronic image and string of code that is imbedded in a web page or email which allows us to track web page views/hits or the opening of an email containing a beacon. We may use web beacon in conjunction with cookies to track web site activity on www.karrothealth.com. Web beacon tracking by Karrot Health does not identify the name or email address of the web user or mail recipient.
In addition, Karrot Health or our partners may use analytics technology to track anonymous traffic data about use of the Apps. Such partners have the right to retain and use the anonymous traffic data collected by through the analytics service from users of the Websites or the Apps.
Links to Other Websites
Our Websites may contain links to other websites. Please be aware that we are not responsible for the privacy practices of these other sites, and we encourage you to review the policies of each site you use. We cannot control the actions of such third parties or be held responsible for their use of any information that you provide directly to them.
Legal Bases for Processing Your Information
We rely on the following legal grounds to process your personal information:
Performance of a contract – If you choose to make a purchase or receive money through the Websites or Apps, we need to collect and use your personal information to perform our agreement with you.
Transfer and Processing of Data
For users within the United States, we process data in data centers located in the United States. We have adopted reasonable physical, technical, and organizational safeguards against accidental, unauthorized, or unlawful destruction, loss, alteration, disclosure, access, use, or processing of user data in our possession. We comply with state and federal laws governing the protection of personal information.
For users within the European Union, we transfer data from the European Union to data centers located in the United States for processing. The European Commission has determined that the law of the United States does not provide a level of protection adequate to satisfy the requirements of Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and free movement of such data, known as the General Data Protection Regulation (“GDPR”). As to users residing in the EU, however, we extend the rights provided for by the GDPR – as detailed below – including the imposition of required safeguards with respect to accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing of data. Transfers of EU resident data from the EU to the United States from third parties (such as third party payment processors) are conducted in accordance with appropriate transfer mechanisms under the GDPR, principally contractual clauses approved by the European Commission.
If you are a resident of the EU, you have the right to:
request an accounting of all personal information that we possess that pertains to you in an electronically portable format (e.g., electronic copies of information attached to an email).
request that we change any personal information that pertains to you.
request that we delete any personal information that pertains to you.
fully or partially withdraw your consent to the collection, processing, and/or transfer of your personal information.
To request an accounting of your personal information, a change to your personal information, deletion of your personal information, or to withdraw your consent to the collection, processing, and/or transfer of your personal information, contact email@example.com. Once we have received notification that you withdraw your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
If you believe that we have misused your personal data, you also have a right to lodge a complaint with a national Data Protection Authority. Each European Union member nation has established its own Data Protection Authority; you can find out about the Data Protection Authority in your country here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
Data Retention and Deletion
We will only retain your personal information for as long as necessary to fulfill the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.
In some circumstances, we may anonymize your personal information so that it can no longer be associated with you, in which case it is no longer personal information.
It is our policy to retain personal information for 6 months once such personal information is no longer necessary to deliver the Website and Apps and to delete such personal information thereafter. This means that, if you close your account with us, we will delete personal information associated with your account after 6 months.
Regarding other types of information we collect as described in this policy, it is our policy to retain such personal information for 6 months and to delete such personal information thereafter.
DO NOT TRACK DISCLOSURE
Karrot Health does not track its customers over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals. However, some third party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, your browser may be able to set the DNT signal so that third parties (particularly advertisers) know you do not want to be tracked.
We welcome your input on our privacy statement. If you have any questions or suggestions regarding our privacy statement, please contact us at firstname.lastname@example.org.
Last Updated: 08/12/2018