Last updated: April 14, 2021
This policy applies to all visitors from the European Union.
(For visitors from outside the European Union, please see here.)
LEH handles the personal data of its European Union visitors in accordance with the E.U. General Data Privacy Regulation 2016/679 (“GDPR”).
Your Privacy Rights:
- Under the GDPR, you have the right to be informed of how LEH collects, uses, and processes personal data, and you have the right to exercise control over it in prescribed ways.
- You voluntarily provide the following information when you order:
- a. name
- b. postal address
- c. e-mail address
- d. phone number
- e. payment method
- f. purchase contents
- g. associated shipping details
- We may collect this information before you order:
- a. IP address
- b. browser and device details
- c. general geographic data
- d. referral and exit pages
- e. date/time stamps
- We use data for these purposes:
- a. To process your order.
- b. To give our customer service representatives the information they need if you have questions.
- c. To optimize the presentation of the product for you and your computer or device.
- d. Troubleshooting.
- e. Research.
- f. Surveys.
- g. To provide you with information on other products, services, promotions, or newsletters (upon consent).
- The legal bases for collection, use, and processing of personal data (unless by consent) is Article 6(1)(b) and (f) of the GDPR. These state that data may be collected, used, and processed for:
- a. the performance of a contract, like a contract of sale, in order to take the necessary steps at your request, and/or
- b. what the GDPR calls “legitimate interests,” such as “where there is a relevant and appropriate relationship” between a business and its “client,” or marketing generally, including direct marketing (GDPR Recital 47).
- If we collect, use, or process personal data “for purposes other than those for which the personal data were initially collected,” we may do so if it is “compatible with the purposes for which the personal data were initially collected,” and “[i]n such a case, no legal basis separate from that which allowed the collection of the personal data is required” (GDPR Recital 50).
- a. For example, on the legal bases noted above, we may use your data to send you confirmations of the order, customer service replies to questions you pose, the reset of your password if you so request, or a customer satisfaction survey.
- b. If we wish to use information for purposes that are incompatible with the purposes for which it was initially collected, we will request your consent.
- We have contracted with some service providers to help us process data. Some may be located outside the E.U., but they are GDPR-compliant. These providers are:
- a. the shipping center from which your order will be sent;
- b. the credit card company issuing the card you use to make a purchase;
- c. customer service representatives who are available to help you with your purchase or answer questions;
- d. companies that help us store information;
- e. companies that assist with e-mail delivery; and
- f. a company that helps carry out customer surveys.
- We will not store personal data longer than is necessary to carry out the original or compatible purposes for which data was collected, with narrow exceptions, such as if we are subject to “compliance with a legal obligation” (GDPR Recital 65).
- You may request access to your information, correct inaccuracies, request erasure, restrict its processing, ask that your data be provided to you in a form to take elsewhere, and object to its processing, although there are some limitations. The services shall be provided free of charge, unless unduly burdensome or repetitive, in which case a fee may be assessed or the service may be withheld, but we will always explain the reason. While we will try to fulfill your request as quickly as possible, the GDPR allows a month, calculated from the day after the request is made, and longer in some circumstances. Contact information to exercise these rights can be found at the bottom of this policy.
- a. Your right of access.
- a.i. You are permitted to know what personal data we have about you.
- a.i.1. We may ask you to verify your identity in order to ensure privacy.
- a.i.2. We can provide someone else’s information to you only if you provide proof that you are authorized to ask on the other person’s behalf, such as a signed general power-of-attorney form.
- b. Your right to rectification
- b.i. If you find that the personal data is inaccurate, you have the right to amend or complete it.
- b.i.1. We have the right to verify the accuracy of the requested change, and to refuse to change it if we find the proposed amendment to be inaccurate.
- c. Your right to data erasure.
- c.i. For personal data held on the basis of contract, or on the basis of “legitimate interest,” and compatible purposes, you may request that we erase it if is “no longer necessary in relation to the purposes for which they [the data] were collected or otherwise processed” (GDPR Article 17).
- c.ii. For personal data held on the basis of consent, you have the right to withdraw that consent at any time, bearing in mind that the processing of the information was lawful up until the time that consent is revoked.
- c.iii. There are some exceptions to this right. Those likely to be relevant for us are “compliance with a legal obligation” and/or “for the establishment, exercise or defence of legal claims” (GDPR Recital 65).
- d. Your right to restrict processing.
- d.i. Processing of personal data will be suspended for a time if its accuracy, purpose of collection, or legal grounds of collection are questioned.
- d.ii. If the processing is unlawful and we intend to erase the data, you can instead request that it be used in a restricted manner.
- d.iii. The GDPR provides that we may continue to process the information if “the legitimate grounds of the controller override those of the data subject.”
- e. Your right to data portability:
- e.i. To the best of our technical ability, we will provide your personal data to you (or to another data controller if feasible) in a structured manner, if the data was collected by automated means and was collected on the bases of contract or consent.
- f. Your right to object:
- f.i. You may object to the continuing processing of your personal data if its collection was based on the bases of consent or legitimate interests.
- f.ii. Processing based on contract grounds may continue.
- f.iii. Processing may also continue if our legitimate grounds are “compelling” (GDPR Article 21) or if we need it to establish, exercise, or defend legal claims.
- f.iv. Because we are entitled to continue processing under those limited exceptions, you may be required to explain your reasons for objecting, and they must be based on your own “personal situation” (GDPR Recital 69).
- f.v. However, with respect to direct marketing, we will cease processing data under all circumstances if requested, without exceptions.
- a. Your right of access.
- We do NOT collect information about your general browsing behavior on the net.
- We do NOT know any of your internet search queries except for those that land you on our domains.
- We will NEVER spam you, and our third-party affiliate marketers are strictly forbidden to spam. By “spam,” we mean the sending of bulk, unsolicited e-mail. If you receive spam containing an ad for one of our products, contact us at once. We will terminate the affiliate from our marketing program immediately.
- We are informed when someone clicks on ads on other sites, but the only information we have is the number of ad views. We do NOT know the identity of the site on which the ad was clicked, unless it is the immediate page before you land on our site.
- Besides our own website pages, the only page we will ever know you visited is the specific page from which you arrive (if applicable).
- We do NOT have discretionary access to your credit card information. Your credit card information is in a locked system, held by a certified Level 1, PCI-compliant third-party processor, for strict data security. If you make multiple purchases, their locked system will conduct the transactions. We do NOT have access to any part of the stored information, and we do NOT see the credit card numbers. There are strict obligations that govern credit card merchants’ handling of personal data, and we cannot be held responsible for actions by this third party. We accept no liability for loss and/or damage that you may suffer as a result of this third party’s acts and/or omissions. We advise you to print and retain a copy of each card transaction for future reference.
- Your order is shipped discreetly in a plain package with a shipping label that does NOT identify the contents.
- Personal information you provide for making your purchase, such as your name and address, is transmitted from your web browser to our order processing system using Secure Sockets Layer (SSL). With this communication protocol, the data is encrypted prior to transmission over the internet, and NOT sent as readable text. There is an inherent risk that any communication, whether by e-mail, fax, telephone, or post, however, can be intercepted by third-parties, and we cannot accept liability for that.
- Just as with any other company, your personal data might have to be disclosed to a court of competent jurisdiction or a law enforcement agency if validly demanded, or may have to be disclosed in the course of a lawsuit, or supplied to a doctor or medical authority for your protection in the event of a health risk.
- If you have a matter that you cannot resolve with us, you may contact the GDPR supervisory authority of the E.U. member state where you habitually reside.
Copyright ©2021 Leading Edge Health, Inc., a Bahamas corporation. All rights reserved.