Hi friend! I hear you have some questions about your privacy. Your privacy is taken seriously here at The FODMAP Formula (www.fodmapformula.com). The information below will walk you through the kind of information I collect myself, the kind of information collected by my service providers, and how you can opt-out of some of these services if you want to stay incognito.
Last updated: March 2, 2020
OWNER AND DATA CONTROLLER
The FODMAP Formula (“I”) operates https://www.fodmapformula.com (the “Site”).
The FODMAP Formula c/o Amy Agur
PO BOX 99900 HU 734 112
TORONTO RPO WOODBINE HTS
TORONTO ON M4C 0A5
Contact email: [email protected]
I am committed to protecting and respecting your privacy. So I want you to know that this site collects some personal data from its users.
By submitting personal data to me, you agree to me using your personal data as follows.
INFORMATION COLLECTION, BUSINESS PURPOSE AND USE
While using my Site, I may ask you to provide me with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include but is not limited to name, email address, cookies, usage data, password.
I may use your personal information to:
- send you my weekly newsletter
- manage contacts and send messages
- ensure that content from my site is presented in the most effective manner for you and for your computer
- provide you with information, products or services that you request from me or which may be of interest to you
- carry out any obligations arising from any contracts entered into between you and me
- interact with external social networks and platforms like social media widgets and share bars
- allow access to third party services’ accounts
- monitor infrastructure
- manage hosting and backend infrastructure
- interact with live chat platforms
- carry out remarketing and behavioural targeting, such as display ads
- display content from external platforms
- carry out commercial affiliation, such as display ads
- interact with support and feedback platforms
- manage user database
Heads up, I collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device. Personal information does not include:
- Publicly available information from government records.
- De-identified or aggregated consumer information.
- Information excluded from the CCPA’s and GDPR’s scope
In particular, I have collected the following categories of personal information from our users within the last twelve (12) months:
|A. Identifiers||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.||YES|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||YES|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, colour, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||NO|
|Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||YES|
|E. Biometric information.||Genetic, physiological, behavioural, and biological characteristics or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||NO|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||YES|
|G. Geolocation data.||Physical location or movements.||YES|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||NO|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||NO|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 .F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||NO|
|K. Inferences drawn from other personal information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behaviour, attitudes, intelligence, abilities, and aptitudes.||NO|
I obtain the categories of personal information listed above from the following categories of sources:
- Directly from you. For example, from forms you submit or transactions related to products and services you purchase.
- Indirectly from you. For example, from your browser while visiting our Site.
- From third parties. For example, from our business partners or service providers.
I do not intentionally collect or use the personal information of minors under sixteen (16) years of age or sell it with or without affirmative authorization.
Like many site operators, I collect information that your browser sends whenever you visit my Site.
This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of my Site that you visit, the time and date of your visit, the time spent on those pages and other statistics.
In addition, I may use third party services such as Google Analytics that collect, monitor and analyze this data.
What are cookies?
Cookies are text files with a small amount of data, which may include an anonymous unique identifier.
Cookies are sent to your browser from a web site and stored on your computer’s or tablet device’s or mobile device’s part of the hard drive specifically designated for cookies.
Like many sites, I use “cookies” to recognize, collect, and/or track information about, and relevant to, your usage of the Site.
These cookies are known as “first-party cookies”. I may also recognize, collect, and/or track information through cookies set by third parties. These cookies are known as “third-party cookies”. Third-party cookies are used to perform tasks related to advertising, and analytics, and to enable interactive features such as sharing or commenting. Some third parties collect statistics in an anonymized and aggregated form and may not require the consent of the user.
The information that our first-party cookies or third-party cookies recognize, collect, and/or track may include information about your devices, browsing actions, and patterns, such as among others, the type of computer you use, your internet service provider, your browser type, your location, your IP address, the date and time of your visit, the pages viewed, your traffic pattern through the Site.
What cookies do I use?
Analytics cookies These cookies collect information about your use of the Site, such as for instance, browsing actions, and patterns, the date and time of your visit, the pages viewed, your traffic pattern through the Site.
Through the collection of this information, I am able to monitor and analyze web traffic to the Site. User behaviours may be recognized, collected, and/or tracked.
I use Google Analytics to monitor and analyze web traffic to the Site. Google utilizes the data recognized, collected, and/or tracked on the Site to prepare reports on traffic activities.
This integration of Google Analytics anonymizes your IP address.
Google may use the information recognized, collected, and/or tracked to personalize the ads of its advertising network and may share the information recognized, collected, and/or tracked with other services.
Customization cookies These cookies allow the Site to save information and details such as your username to optimize your experience on the Site and provide personal features.
Social media cookies and pixels These cookies allow you to share your activity on the Site on social media such as Facebook, LinkedIn, and Twitter, or other external platforms directly from the Site.
Cookies may still be recognized, collected, and/or tracked on the pages where buttons, widgets, or other applications are installed, even when you do not actively use it.
The interaction and information recognized, collected, and/or tracked through the Site are always subject to your privacy settings for each social network and external platform.
Facebook Like button and Facebook social widgets
The Facebook Like button and Facebook social widgets are applications allowing interaction with the Facebook social network.
Twitter Tweet button and Twitter social widgets
The Twitter Tweet button and Twitter social widgets are applications allowing interaction with the Twitter social network.
YouTube video widget
YouTube is a video-sharing website that allows this Site to incorporate video content on its pages and posts.
Live chat platform
This application allows you to interact with a third-party live chat platform directly from the Site, e.g. to get in contact with the Site support or customer care service.
This application may recognize, collect, and/or track browsing and usage information on the pages where it is installed, even if you do not actively use it. If you do actively use it, your live chat conversation may be logged or recorded.
Social media pixels
Facebook pixel connects the activity performed on the Site with the Facebook advertising network, including Instagram and Audience ads.
Targeting or advertising cookies
These cookies record your browsing actions and patterns on the Site, such as among others, the pages you have visited and the links you have followed. The information recognized, collected, and/or tracked by these cookies is used to make the Site and the advertising displayed by way of links or banners on the Site more relevant to your interests. For the same purpose, this information may also be shared with third parties, such as Mediavine.
HOW TO CONTROL COOKIES
Strictly necessary cookies may not be rejected since they are essential to enable you to browse the Site and use its features.
Should you reject cookies, you will still be able to use the Site although certain features and functionalities may not be available to you and/or certain areas may be restricted.
Through browser preferences, it is also possible to delete cookies installed in the past, including the cookies that may have saved the initial consent for the installation of cookies by this Site.
You can find information about how to manage cookies in the most commonly used browsers (e.g. Google Chrome, Mozilla Firefox, Apple Safari, and Microsoft Internet Explorer) on the website of the browser of choice.
You may also be able to reject third-party cookies by visiting the sites below:
To opt out of Facebook Analytics: Click Here
To opt out of Google Analytics: Click Here
To opt out of Bing analytics: Click Here
You can also opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal.
WHY THIS INFORMATION IS COLLECTED
Comments: When you make a comment on The FODMAP Formula blog, WordPress will make a record of your email address and the name you provide, as well as your IP address and your browser agent string. These are required to prevent bots and spammers from leaving harmful comments or links on my website and to help identify and approve messages from repeat commenters. This information is collected as cookies and will be held for one year.
Just so you know, an anonymized string is also created from your email address (also called a hash) and may be provided to the Gravatar service. If you have a Gravatar account associated with that email address, it will pull your Gravatar photo and place it beside your comment. If you don’t have a Gravatar account, the information will be deleted automatically.
Forms: If you fill out a contact form on The FODMAP Formula website, I will collect the name and email address you provide. This information is used to answer your questions or comments and will not be shared with any third-party services. You will not be subscribed to my mailing list unless you specifically ask me to do so or you sign up using one of the opt-in forms available on The FODMAP Formula website. This information is kept indefinitely as part of my community correspondence. I’m happy to delete it if you want me to. Just ask!
Mailing List: If you do opt into my mailing list, I’ll collect information like your name, email, IP address, and time zone so I can send you the information you’ve asked for. You can opt out of my mailing list at any time by clicking the unsubscribe link in the footer of any email you’ve received or by emailing me at [email protected] and asking me to delete your information entirely. You can also control the number of emails you receive from me using the “manage my subscription” link at the bottom of each email.
Purchases: If you make a purchase on The FODMAP Formula website, I’ll collect information like your name, address, payment information, and transaction information specific to your purchase. This information helps me prevent fraudulent purchases and helps me direct you to other products and resources you may find helpful.
Your personal data may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”).
LAWFUL BASIS OF PROCESSING PERSONAL DATA UNDER THE GDPR
I may process personal data relating to users if one of the following applies:
- you have given your consent for one or more specific purposes;
- provision of data is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof;
- processing is necessary for compliance with a legal obligation to which I am subject;
- processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in me;
- processing is necessary for the purposes of the legitimate interests pursued by me or by a third party.
I process and store your personal data for as long as required by the purpose they have been collected for.
- personal data collected for purposes related to the performance of a contract between me and you will be retained until such contract has been fully performed;
- personal data collected for the purposes of my legitimate interests will be retained as long as needed to fulfil such purposes;
- I may be allowed to retain personal data for a longer period whenever you have given consent to such processing, as long as such consent is not withdrawn;
- I may be obliged to retain personal data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Once the retention period expires, personal data will be deleted and some of your rights (i.e. the right to access, the right to erasure, the right to rectification and the right to data portability) cannot be enforced after expiration of the retention period.
I do not sell, trade, or otherwise transfer to outside parties your personal information unless I provide users with advance notice. This does not include website hosting partners and other parties who assist me in operating my website, conducting my business, or serving my users (such as, for example, Drip, my email service provider), so long as those parties agree to keep this information confidential. I may also release information when its release is appropriate to comply with the law, enforce my site policies, or protect my or others’ rights, property or safety.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
In the preceding twelve (12) months, I have disclosed the following categories of personal information for a business purpose:
Category A: Identifiers
Category B: California Customer Records personal information categories
Category D: Commercial information.
Category F: Internet or other similar network activity.
Category G: Geolocation data.
I disclose your personal information for a business purpose to the following categories of third parties:
- Professional service providers.
- Third parties whose services you purchase through our Site.
- Social Media Networks.
YOUR RIGHTS UNDER THE GDPR
Users based in the European Union have the right to do the following:
- Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their personal data.
- Object to processing of their data. Users have the right to object to the processing of their data if the processing is carried out on a legal basis other than consent.
- Access their data. Users have the right to learn if data is being processed by me, obtain disclosure regarding certain aspects of the processing and obtain a copy of the data undergoing processing.
- Verify and seek rectification. Users have the right to verify the accuracy of their data and ask for it to be updated or corrected.
- Restrict the processing of their data. Users have the right, under certain circumstances, to restrict the processing of their data. In this case, I will not process their data for any purpose other than storing it.
- Have their personal data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their data from us.
- Receive their data and have it transferred to another controller. Users have the right to receive their data in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted to another controller without any undue delay.
- Lodge a complaint. Users have the right to bring a claim before their competent data protection supervisory authority.
You can exercise your right to prevent such processing by contacting me [email protected]
These requests can be exercised free of charge and will be addressed by us as soon as possible and always within thirty (30) days.
YOUR RIGHTS UNDER THE CCPA
Users who reside in California have the right to request any of the following:
- disclosure of the categories and specific pieces of personal information I have collected
- deletion of personal information I have collected from you
- disclosure of the categories of personal information I have collected, the categories of sources from which I collected it, the business or commercial purpose for collecting or selling it, the categories of third parties with whom I share it, and the specific pieces of personal information I have collected
- disclosure of the categories of personal information I collected or sold and the categories of third parties to whom it was sold
You have the right not to receive discriminatory treatment for the exercise of these privacy rights.
Requests can be submitted by you or someone legally authorized to act on your behalf by email to [email protected] and via my contact me page.
These requests can be exercised free of charge and will be addressed by me as soon as possible and always within forty-five (45) days.
YOUR RIGHT TO OPT OUT OF THE SALE OF PERSONAL INFORMATION
Under the CCPA, “sell,” “selling,” “sale,” or “sold,” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.
As per the CCPA definition, selling personal information includes disclosing information to a third party by using analytics tools, running ads or having social media pixels and plugins installed.
Users who reside in California have the right to opt out of the sale of personal information.
Requests to exercise your right to opt out can be submitted by you or someone legally authorized to act on your behalf by email to [email protected] and by following the link below and submitting your request via our web form
NON DISCRIMINATION AND NOTICE OF FINANCIAL INCENTIVES
I will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, I will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, I may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels.
Any financial incentive I offer will reasonably relate to the value of your personal information and will describe the material terms of the financial incentive program. Participation in any financial incentive program I offer requires your prior consent
I do not use financial incentive practices that are unjust, unreasonable, coercive, or usurious in nature.
The security of your personal information is important to me.
my website is scanned regularly for security holes and known vulnerabilities and regularly scan for malware in order to make your visit to our Site as safe as possible.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential.
In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
I implement a variety of security measures when a user places an order, enters, submits, or accesses their information to maintain the safety of your personal information.
All transactions are processed through a gateway provider and are not stored or processed on my servers.
Unfortunately, no method of transmission over the internet is completely secure. While I strive to use commercially acceptable means to protect your personal information, I cannot guarantee its absolute security.
CalOPPA (CALIFORNIA ONLINE PRIVACY PROTECTION ACT)
For the collection of personal information from children under the age of thirteen (13) years old, I comply with the Children’s Online Privacy Protection Act (COPPA).
The Site is intended for individuals who are eighteen (18) years of age or older.
By visiting and using the Site, you represent and warrant that you are of legal age and meet all of the foregoing eligibility requirements.
The Site is not intended for children under thirteen (13) years of age. I do not specifically market to children under thirteen (13) years of age. I do not knowingly collect personal information from children under thirteen (13) years of age.
If you are under thirteen (13) years of age, please do not use the Site or provide any information on the Site, including your name, screen name, username, address, telephone number, email address, and payment details.
If I learn I have collected or received personal information from a child under thirteen (13) years of age without verification of consent from a parent or guardian, the personal information collected or received shall be deleted with no delay.
If you believe I might have any information concerning a child under thirteen (13) years of age, please contact me at [email protected] or via my information request contact form and I will endeavour to delete such information without delay.