a. What we mean by “Personal Information”
By “Personal Information,” we mean personal data as defined in the General Data Protection Regulation (GDPR). In general, it means any information relating to you, which identifies you or allows you to be identified. That may be your name, an ID number, location, an online identifier or factors specific to you (e.g. physical, physiology (thoughts, feelings), genetic, mental, economic, cultural or social factors).
Here is a list and quick overview to help you find what you need:
- Important information about your rights in relation to consent and to object to our use of your Personal Information – these are important new rights under GDPR, and we’ve set out them out for you separately
- Key information required by the GDPR – this is a mixed bag: it’s got our contact details, what Personal Information we collect, where we get it from, how we use and share it, the legal justifications for our use, how long we keep it for, your data protection rights, how to complain, when we transfer Personal Information from Europe to the USA and other countries we operate in, and more besides
- Feedback and queries – how to get in touch.
Before you read on, a quick word about UK independent associates (“associates”).
A. It doesn’t!
Isagenix is the controller of Personal Information collected through the Sites, which includes associates’ replicated websites. For queries about Slim n’ Trim’s use of your Personal Information please contact us.
2. Important information about your rights in relation to consent and to object to our use of your Personal Information
Before we start – a couple of IMPORTANT NOTICES!
|Your rights in relation to consent: if you are in the European Economic Area, we will transfer your Personal Information to our parent company in the USA, Isagenix International LLC who will share it with their authorised service providers in the USA or in any other countries Isagenix operates in, and, because of the way the direct selling model works where all members are connected, your Personal Information may also be accessed from any country in which we operate. You will be asked to give explicit consent on this Site and your continued use of this Site after that will be your continued explicit consent to these transfers. If you do not want us to transfer your Personal Information, please do not use any of our Sites. For further details of the transfers, please see section g in part 5, Key information. This explicit consent is only necessary to the extent that the model clause agreement between Isagenix (United Kingdom) Ltd and Isagenix International LLC does not cover the transfer. You may withdraw your explicit consent at any time. However if you do so, and the transfer is not covered by the model clause agreement and there is no other legal way to transfer your Personal Information, we will not be able to provide you with our Sites or products.
If you consented to receive Isagenix promotions and offers by email, SMS or other channel(s), you have a right to withdraw your consent at any time.
To withdraw your consent, please contact us.
|Your right to object to our use of the “legitimate interests” basis for processing (and direct marketing): we consider that our use of Personal Information, summarised below, is legitimate commercial practice and is in our legitimate interests:
You may object to our use on that basis. To exercise your right, please contact us.
These are the categories of individual whose Personal Information we collect and use:
- website visitor – someone who browses our Site but does not register or make a purchase.
- customer – end consumers who purchase Isagenix products as individuals acting for purposes which are wholly or mainly outside that individual’s trade, business, craft or profession, and for their own personal use.
- associate – someone who meets the requirements to become an “associate” as outlined in the Associate Terms and Conditions, who may purchase Isagenix products at wholesale prices and is eligible to resell those products to clients, and who chooses to participate in the Isagenix compensation plan.
- mobile users – a customer, associate or client or other individual who downloads and uses one of our mobile apps or browses our Site using a mobile device.
(We use the term “member” to mean anyone who registers/enrols with us: all customers, associates and clients will be “members”.)
5. Key information required by the GDPR
Here are important details about us and our use of your Personal Information.
|a. Our identity and contact details
Identity and contact details and, where applicable, of the representative
|Isagenix (United Kingdom) Ltd (company number 09895521).
We are entered in the Information Commissioner’s register of data controllers with registration number ZA189082.
Registered office address: Lower Ground, Ground, First and Second Floors Watchmaker Court,
Trading address: Lower Ground, Ground, First and Second Floors Watchmaker Court,
Telephone: 0808 189 0490
It would be very helpful if you would tell us exactly why you are contacting us. For example, to exercise a right by email, please put the name of the right in the subject line of the email. Thank you.
|b. Data protection officer and queries
Contact details of the data protection officer, where applicable
Please use the contact details in the “Identity and contact details” section a above to contact our data protection officer.
|c. Purposes and legal basis
The purposes of the use for which the Personal Information isintended as well as the legal basis for the use
|The purposes for which we use Personal Information are:
We have set out above where we obtain consent or the use is necessary for contract purposes.
In all other cases, the legal basis for our use is our own or our service providers’ legitimate interests.
|d. Legitimate interests
Where the use of information is based on the legitimate interests condition, the legitimate interests pursued
|Our legitimate interests are to operate our business in accordance with legitimate commercial practice, for example to provide products and services, to maintain accounts and records, and for promotion and advertising, including management of our members, fraud prevention, direct marketing (where consent isn’t required), internal group administration and administration of other relationships, network and information security and reporting criminal and security threats; please see the purposes section c above for details. Some examples are included in the indirect categories section e below. For further details please see the “Isagenix business activities” in part 7 section 7.3 below.
Our merchants, co-branded businesses and service providers’ legitimate interests are for service provision and operating their businesses, as set out in more detail in the purposes section c above and the indirect categories section e below.
|e. Personal Information collected indirectly – categories
The categories of Personal Information collected indirectly
|We collect the following categories of Personal Information indirectly (i.e. from third parties):
The recipients or categories of recipients of the Personal Information, if any
|We may share your Personal Information with:
Whatever the purpose may be – whether we share with service providers or other external companies – we only use and share your Personal Information to the extent reasonably necessary to fulfil your requests and our legitimate business objectives/interests. When we disclose Personal Information to external companies to perform support services for us, they may access your Personal Information only for the purposes of performing those support services (in accordance with our instructions), and must keep your Personal Information secure.
|g. Transfers outside of the European Economic Area (EU member states, Norway, Iceland and Liechtenstein)
Where applicable, the fact that Personal Information is to be transferred to a third country or international organisation and the existence or absence of an adequacy decision by the European Commission, or in the case of transfers subject to appropriate safeguards or non-repetitive, limited transfers based on compelling legitimate interests, reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available.
Here is a short explanation of the options for transferring Personal Information outside the EEA.
First, an “adequacy decision” which is a legal decision by the European Commission that adequate protection is provided by a country, territory, specified sector(s) or an international organisation. It is based on an assessment of the following: (a) rule of law and other legal considerations (b) existence and functioning of an independent supervisory authority and (c) international commitments and obligations/participation.
Secondly “appropriate safeguards” which may take several forms, including:
Thirdly, “derogations” (exceptions) such as consent or contact performance.
As at April 2018:
IF YOU PREFER NOT TO HAVE YOUR PERSONAL INFORMATION TRANSFERRED TO THE UNITED STATES OR ANY OTHER COUNTRY IN WHICH WE OPERATE, PLEASE DON’T USE THIS SITE.
|h. Storage period
The period for which the Personal Information will be stored, or if that is not possible, the criteria used to determine that period
|The period for which we will store Personal Information is based on our need to fulfil our legitimate business needs, comply with applicable law, resolve disputes, and enforce our agreements.
For members, because of the way the direct selling model works where everyone is connected, the storage period will be for the longer of (a) the period that you remain connected to other members, and (b) 7 years after your last purchase of a product.
For website visitors, if you consent to cookies through our cookie banner, the consent cookie is valid for 1 year. If you agree to our terms and conditions when logging in as a member, we will store that cookie and it is valid until the document is updated and changed. The vast majority of cookies (most of which are for site analytics) last two years or less. You can shorten each cookie’s storage period by deleting the cookie before the expiry date. Please see part 8 Cookies and similar technologies for information on how to delete cookies and adjust your browser settings.
|i. Individual rights
The existence of the right to request access to and rectification or erasure of Personal Information or restriction of use concerning the individual or to object to use as well as the right to data portability
|You have rights to make a request to us:
If you are a member you can access some information yourself. Please see part 6 section 4 below.
To exercise your rights, please contact us. Our contact details are in the “Identity and contact details” section a above. We can send you an individual rights form if you wish, but the law does not require you to complete a form.
|j. Withdrawal of consent
Where the use is based on consent (for ordinary or sensitive Personal Information), the existence of the right to withdraw consent at any time, without affecting the lawfulness of use based on consent before its withdrawal
|You have a right to withdraw any consent you give us at any time.
This will not affect the legality of our consent-based use before you withdrew consent.
To exercise your right to withdraw, please contact us. Our contact details are in the “Identity and contact details” section a above.
The right to lodge a complaint with a supervisory authority
|You have a right to complain to the Information Commissioner, whose contact details are:
Information Commissioner’s Office
Telephone: 0303 123 1113 (local rate) or 01625 545 745 (national rate).
Website: https://ico.org.ukwhich sets out email addresses and an email form.
|l. Information collected directly – legal or contract requirement
Whether the provision of Personal Information is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the individual is obliged to provide the Personal Information and of the possible consequences of failure to provide that information
|Photos will be collected if an associate or preferred customer joins an “IsaBody” challenge. This is a necessary requirement of participation in the challenge.
To ensure we act responsibly, an ID verification check is required if you apply to be a member and a credit check is required if you request credit from us.
To buy products and services from us, and enable us to fulfil your order, you must provide certain Personal Information to us.
|m. Sources of Personal Information collected indirectly
The source of the Personal Information and if applicable, whether it came from publicly accessible sources
|The sources of the Personal Information we collect indirectly are:
|n. Automated decision-making
The existence of automated decision-making, including profiling. This means a decision based solely on automated profiling which produces legal effects concerning the individual, and which must not be based on special categories of (i.e. sensitive) Personal Information without explicit consent or substantial public interest with safeguards. Meaningful information about the logic involved, as well as the significance and the envisaged consequences of the processing for the individual must also be provided.
|We do not use automated decision-making which produces legal effects or similarly significant effects.
We do however undertake profiling. We undertake data analytics on purchases, downline and members to understand how we can improve our business model to enhance a member’s interaction with us. We also use web analytics on our Sites which affects website visitors (please see part 8).
We do not base profiling on special categories of Personal Information, that is Personal Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Meaningful information about the logic involved: we use certain categories of Personal Information described in part 6 (namely the Personal Information listed in sections 1 – website visitors; 2 – mobile users; 3 – members), to create a profile. The source of this Personal Information is you or other sources (see section m (sources)). This Personal Information is directly relevant to improving our business model as set out above.
Significance and envisaged consequences for you: as a result of data analytics, you may see different recommendations depending on your purchases and browsing or a new feature on the Site; data analytics also helps keep you and other members safe from fraudulent activity.
6. Further details of the Personal Information we collect
Here are some further details of the Personal Information we collect (directly or indirectly).
|1. Information we collect automatically on all website visitors|
|2. Information we collect on users of our mobile apps|
|We collect the same information as we do for website visitors, but focused on technologies associated with mobile devices including location services provided by mobile devices if enabled. For further details please see part 7 section 7.1.2.|
|3. Information we collect on customers, associates and clients (members)|
|As well as your name, postal or billing address, e-mail address and telephone or mobile number, we will collect your purchase history, which we sometimes aggregate with similar information from other members to create features such as Best Sellers. For example, as a member you provide information when you: search for a product; place an order through an associate’s Site or through one of our third-party partners; provide information in My Account (you might have more than one if you used more than one e-mail address when shopping with us), post, participate in a contest or questionnaire or communicate with customer services. As a result of those actions, you might supply us with information such as: name; address and phone number; credit card information (please note that we use a tokenizer to store the credit information; we do not store credit card details); people to whom purchases have been dispatched (including addresses and phone numbers); people (with addresses and phone numbers) personal description and photograph if participating in the IsaBody Challenge, and financial information as needed to conduct business in EU (e.g. VAT ID).
We also collect information from other sources (please see part 5, section m above), including in connection with offering joint or co-branded products and services (please see part 5, section e above).
|4. Information we have that you can access too if you are a member|
|Examples of information a member can access include: up-to-date information regarding recent orders; personally identifiable information (including name, e-mail, password, communications and personalised advertising preferences, address book); payment settings (including credit-card information and gift voucher, gift card and cheque balances); e-mail notification settings (including Product Availability Alerts, Deliveries, Special Occasion Reminders, and newsletters); recommendations (including Recommended for You and Improve Your Recommendations).|
|5. Sensitive (special categories of) Personal Information|
7. Further details of our collection, use and sharing of Personal Information
7.1. What types of Personal Information do we collect about our online visitors?
7.1.1. Information you provide.
We generally collect only Personal Information you voluntarily provide to us or which is collected through cookies or similar technologies (please see section 7.2 of this part 7 below and part 8). For some secure areas of our Site, however, we require you to provide Personal Information when you use specific features. For example, we collect Personal Information from you when you:
- Ask to register for an account with us
- Sign up for newsletters
- Buy our products at one of our Sites
- Participate in promotions or surveys
- Submit comments, reviews, or other user-generated content
- Connect or interact with us through social networks (e.g., Facebook, Google+, Twitter)
- Request customer or technical support
This Personal Information, for example, may include your:
- Postal or billing address
- E-mail address
- Telephone or mobile number
- Payment card information
- Location via IP address
- Device being used (for our mobile site)
- Previous shopping history with Isagenix
(Please see part 6 above for details of the categories of Personal Information we collect.)
If you can’t or choose not to provide us with the Personal Information we reasonably require, we may be unable to provide you with the information or products you have requested.
7.1.2. Information collected through technology.
We also obtain information in other ways through technology. Some of this information may be linked to you personally. This information helps our Sites function correctly and supports the work we do to understand the needs of our customers.
Device Information. Depending on the permissions you’ve granted, we may receive information about your location and your mobile device when you download or use our apps, including a unique identifier for your device. We may use this information to provide you with location-based services, such as advertising, and other personalised content. Examples of the device information we collect include:
- Attributes such as the operating system, hardware version, device settings, file and software names and types, battery and signal strength, and device identifiers
- Device locations, including specific geographic locations, based on information we are provided through Apple and Android APIs for location services and country identifier
- Connection information such as the name of your mobile operator or ISP, browser type, language and time zone, mobile phone number and IP address
Most mobile devices allow you to turn off location services, and we encourage you to contact your device manufacturer for detailed instructions on how to do that.
Payment Information. If you buy a product on our Site, our payment processor will collect payment card information from you, including your name, expiration date, authentication code, and billing address. Our payment processor will securely transmit this information consistent with payment card industry rules to the appropriate payment facilitators. We may offer you the option to save information about the method and choice of payment on our Site. If you save this payment card information on our Site, you will be able to add, delete, or modify that information at any time using your account settings.
7.2. Do we advertise online?
We advertise in a number of ways, including online through managed social media presences, and on other unaffiliated sites and mobile applications. To understand how our advertising campaigns are performing, we may collect certain information via our Sites through our advertising service providers. We or our suppliers use several common online tracking tools to collect this information, such as browser cookies, web beacons and other, similar technologies. The information we collect includes IP addresses, the number of page visits, pages viewed via our Sites, search engine referrals, browsing activities over time and across other websites following your visit to one of our Sites or applications, and responses to advertisements and promotions on the websites and applications where we advertise.
We also use certain information to:
- Present tailored ads, including banner ads and splash ads that appear as you log-in or off of your online accounts via our Sites
- Identify new visitors to our Sites
- Recognise returning visitors
- Advertise on other websites and mobile applications not affiliated with us
- Analyse the effectiveness of our advertisements
- Better understand our audience, customers, or other Site visitors
- Determine whether you might be interested in new products or services
Controlling our tracking tools. Your browser may give you the ability to control cookies. How you do so, however, depends on your browser and the type of cookie. Certain browsers can be set to reject all browser cookies. If you configure your computer to block all cookies, you may disrupt certain web page features, and limit the functionality we can provide when you visit or use our Sites. If you block or delete cookies, not all of the tracking that we have described in this section will stop and our Site may stop working in part or completely. Some browsers have a “Do Not Track” feature that lets you tell websites that you do not want to have your online activities tracked. These browser features are still not uniform, so we are not currently set up to respond to those signals.
For more information about our ad service provider and its cookies, including information about how to withdraw your consent to these technologies, you may visit www.aboutads.info/choices. In addition, users may prevent Google’s collection of data generated by your use of the Sites (including your IP address) by downloading and installing a Browser Plugin available at https://tools.google.com/dlpage/gaoptout?hl=en. Please also see part 8 (cookies) for further information.
7.3. How we use and share your Personal Information?
Isagenix business activities. We use your Personal Information to:
- Respond to your questions, complaints, or reviews of our product or services
- Administer contests, promotions, or surveys
- Send you communications about online transactions, product information, ads and promotions, electronic newsletters, or other notices or offers tailored to you
- Enable our advertisers to provide you with more personalised content, and track the effectiveness of certain advertising campaigns
- Comply with applicable law, obey judicial orders, cooperate with law enforcement authorities, or prevent any suspected illegal activities
- Help us run our business
- For any other everyday business purposes, such as product development and Site administration
Authorised service providers. We use other companies and individuals to perform certain functions on our behalf. Those functions include payment card processors, delivery, call-centre support, analysing or hosting data on cloud-based servers, and other companies that help us improve our products and services. We may disclose your Personal Information to these companies and other individuals performing services on our behalf in the UK, in the United States and in Mexico or in any other country in which we operate.
7.4. What choices do you have about the collection, use, and sharing of your Personal Information?
If you signed up to receive newsletters or other marketing communications from us, you can opt-out any time by clicking the unsubscribe link at the bottom of the message or texting STOP in response to a marketing text message. You can also log-in to your account to opt-out and update your marketing preferences at any time, or just contact us to let us know. Even after you opt-out or update your marketing preferences, please allow us sufficient time to process your marketing preferences. It may take up to 10 days to process your e-mail related requests, and up to 30 days for all other marketing-related requests. And even after you’ve opted-out of receiving marketing communications from us, we may still contact you for transactional or informational purposes. These include, for example, customer service issues, returns or product-related inquiries, surveys or recalls, or any questions regarding a specific order.
7.5. How can you access, update, or block your Personal Information?
You can update the delivery or billing information, as well as other Personal Information, you provided to us by logging-in to the My Account page, and making the appropriate changes or corrections yourself by clicking the edit button next to “Contact Information”. You can also update your newsletter preferences by logging-in to the My Account page or contact us directly at the address below. If you wish to de-activate your account, you may do so by contacting our customer support team at email@example.com. Once you do so, your account will then be de-activated on a going-forward basis, although certain Personal Information may still be retained to the extent necessary to fulfil our legitimate business needs, comply with applicable law, resolve disputes, and enforce our agreements.
8. Cookies and similar technologies
A cookie is a file containing a small amount of information that a Site places on your device. Similar technologies include:
- Local shared objects (Flash cookies) – data that websites which use Adobe Flash store on your device
- Local storage (session storage and database storage) – a type of file placed on your device that can hold data, often related to video or audio content
- Pixels – (also known as clear gifs, web beacons or web bugs) are code used on a web page or in an email notification. They are used to learn whether you’ve interacted with certain web or email content. This helps to measure and improve services and personalise your experience
8.2. What cookies do we use?
|We use these types of cookie …||… for these purposes|
|Strictly necessary cookies. These cookies are generally used to store a unique identifier to manage and identify you as unique to other users currently viewing the Site, in order to provide you with a consistent and accurate service.||To remember previous actions (e.g. entered text) when navigating back to a page in the same session, managing logins and other security features, and to route visitors to specific versions of a Site and to remember items put into an online shopping basket.|
|Performance cookies. These cookies are used for performance and to improve the Site.||For web analytics (we use Google Analytics – see how Google uses your data here: www.google.com/policies/privacy/partners), ad response rates, affiliate tracking, error management and testing designs.|
|Targeting or advertising cookies. These cookies contain a unique key that is able to distinguish individual users’ browsing habits or store a code that can be translated into a set of browsing habits or preferences using information stored elsewhere. Cookies may also be used to limit the number times a user sees a particular ad on a Site and to measure the effectiveness of a particular campaign.||With similar technologies, for online advertising, which is described in more detail in part 7 section 7.2.
Cookies change and their names and descriptions are not very user-friendly for most people, so we haven’t listed them individually. If you want to see the cookies currently used on the Sites, they should be visible through your browser. (Please see below for instructions.)
There are different browsers and manufacturers upgrade them frequently. The best way to get the right instructions is to go to the manufacturer’s support page. The following support/privacy pages (for some of the more common browsers) are correct as at April 2018.
- For Chrome, please see Google’s support page here: https://support.google.com/chrome/answer/95647
- For Internet Explorer, please see Microsoft’s support page here: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
- For Edge, please see Microsoft’s privacy page here: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
- For Firefox, please see Mozilla’s support page here: http://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- For Safari, please see Apple’s support page here for mobile devices: https://support.apple.com/en-us/HT201265
If you have problems with these pages, can’t see individual cookies or want find out more about how cookies are handled within your browser, please go to the manufacturer’s site and search for the browser name and your cookie query.
8.3.2. Flash cookies
To disable flash cookies (local shared objects) go to the Global Storage Settings panel of the online Settings Manager at Adobe’s website at http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html. This places a permanent flash cookie on the device, informing all other websites that you do not want flash cookies stored on your device.
8.3.3. Online advertising cookies
You may prevent Google’s collection of data generated by your use of the Sites (including your IP address) by downloading and installing a browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=en.
8.3.4. Local and session storage
You can delete local storage, session storage and database storage in the same way that you delete cookies.
You cannot delete pixels but you may be able to disable them by disabling cookies or by using browser add-ons or extensions. Some pixels in emails can be disabled by selecting an option in your email application not to download images.
Please be aware that restricting cookies and similar technologies may impact on the functionality of our Site.
8.4. Further information
To find out more about cookies, including how to see what cookies and other technologies have been set and how to manage and delete them, please visit http://www.allaboutcookies.org/ and http://www.youronlinechoices.com/.
9. Feedback and queries
10. Accessing and Correcting Your Personal Information
If you ask, in most cases we must give you access to the personal information that we hold about you, and take reasonable steps to correct it if we consider it is incorrect. We will try to make the process as simple as possible.
11. How to Make a Complaint
You can complain to us in writing about how we have handled your personal information. We will respond to the complaint within 30 days.
12. How to Contact Us
- Email: firstname.lastname@example.org