Privacy and Cookies Policy
Effective Date (Last Updated):
April 3, 2019
Body Plus is Committed to Privacy Protection
Body Plus Nutritional Products Inc. ("Body Plus", "we", "us", “our”) is committed to protecting the privacy of consumers who visit our websites and of our customers ("you", “your”). Please read our Privacy and Cookies Policy (“Policy”) before using our websites: www.progressivenutritional.com (“website(s)”, “site(s)”). This Policy applies to all Body Plus websites and outlines how we collect and process your personal data.
Changes to This Privacy and Cookies Policy
Body Plus reserves the right to modify this Policy at any time. If amended, we will provide notice to you by publishing the most current version of this Policy and revising the Effective Date at the top of this page. If we make a material change to this Policy, we will provide additional notice by sending you an email and/or displaying a prominent notice on our websites. You may contact us at the address in section “How To Contact Us”, below, to obtain a copy of this Policy at any time.
It is your responsibility to review this Policy regularly. By continuing to use our websites after changes to this Policy come into effect, you agree to the revised Policy.
Personal Data We Collect and Why
Body Plus collects your personal data, with your consent, for a variety of purposes. When you subscribe to our email list, we collect your first and last name, email address, and we may ask other questions to help us better understand your product preferences. We collect your personal data when you opt-in to receive our e-newsletter, when you submit comments, feedback or questions, when you complete a survey or quiz, or when you enter a contest. When you choose to download content offered on our website, we collect your email address and you may opt-in to join our email list. When you email us via a contact form on our website or send us something via postal service, we collect your personal data so we can respond to you and keep a record of our correspondence.
Body Plus does not intentionally or knowingly collect sensitive personal information about you, meaning, any information that reveals your race or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information used to identify you, and any information concerning your health, sex life or sexual orientation. If you share sensitive personal information with us, we may delete it with the understanding that you explicitly consented to its deletion.
California Do Not Track Disclosures: We adhere to the California Online Privacy Protection Act (“CalOPPA”) which protects personally identifiable information belonging to residents of California. Do Not Track (“DNT”) is a privacy preference that users can set in their web browsers. When you turn on a DNT signal in your web browser, a message is sent to the websites you visit requesting that they do not track your use of those websites. Body Plus honours DNT signals and does not track your online activities over time and across third party websites when a DNT browser mechanism is in place. Where Body Plus uses a third party service provider that does not recognize DNT protocol (for example, Squarespace for website hosting services), personal data about site users would only be collected and used in aggregate form such that individual users would not be personally identifiable.
How We Use Your Personal Data
The personal data we collect can tell us a lot about how you and other users interact with our websites and other marketing communications. We perform various data analytics to deepen our understanding of our website users. Body Plus can improve our websites and marketing activities when we better understand usage behaviour.
Whenever required to do so, we will use personal data to comply with our legal obligations and any applicable laws and regulations.
Collection of Personal Data From Children
Our websites and marketing activities are not aimed at children, defined as individuals under the age of 13. We comply with the Children’s Online Privacy Protection Act of 1998 (“COPPA”) and we do not knowingly collect personal data from children. If we become aware that we have personal data of children, whether through error, deception or fraud, we will delete the data unless there is a justifiable reason to retain such data in compliance with COPPA.
Where We Store and Process Personal Data
Body Plus is based in Canada and our brands are available around the world. To help us market our products online, we use various third party service providers, such as Squarespace and Wordpress for website hosting and HubSpot for contact management. These service providers collect and process certain personal data on our behalf and may have servers located around the world; see section “Who We Share Your Personal Data With and Why”, below, for more information.
If you live in the European Economic Area (“EEA”), your personal data is transferred outside the EEA. We ensure appropriate safeguards are in place whenever we transfer your data outside the EEA. Many of the third parties who transfer personal data outside the EEA on our behalf follow the principles of the EU-U.S. and/or Swiss-U.S. Privacy Shield Frameworks. For more information, see www.privacyshield.gov.
Who We Share Personal Data With and Why
Body Plus shares your personal data only when we have a legitimate reason for doing so. We use various third party service providers to help us market our products online, some of which collect and/or process personal data on our behalf. Body Plus may use a service provider to facilitate communication with our registered users (for example, HubSpot) in which case personal data is collected and maintained with your consent. Our website hosting services automatically collect certain data in server logs whenever someone accesses our websites. We use a service that sends you our e-newsletters and administers our mailing lists. Our web analytics service providers collect data including IP addresses and information in cookies to learn more about users of our websites; once such personal data is collected, it is anonymized and stored on an aggregate basis. We use a variety of service providers for plugins which, in simple terms, enable an application or program to do something it could not do on its own. For example, some plugins allow you to play a video on a website that your browser, operating without the plugin, would not be able to play. We use plugin providers for enabling store locator.
Body Plus does not sell or give away your personal data. We may collect aggregated, anonymous information (such as demographic and profile data, usage and selection data, and similar data) about our website users and email subscribers. We may share aggregated statistics about our users with our service providers, agents, marketing consultants and advertisers; we would aggregate or reasonably de-identify your personal data so that any information could not reasonably be used to identify you. We would share this data in order to better understand and learn more about our users and their preferences, to improve our products, services and websites, and for related marketing and research purposes.
We will disclose your personal data in response to a court order or other governmental request, and in compliance with any legal obligation we must uphold. We will also share your personal data in connection with a merger, sale of company assets, or acquisition of all or a portion of our business by another company. In the unlikely event that we go out of business or enter bankruptcy, your personal data would likely be one of the assets that is transferred to or acquired by a third party. If any of these business transfers happens, this policy would continue to apply to your personal data and the party receiving your data would continue to follow this policy.
How Long We Retain Personal Data
Body Plus stores your personal data only for as long as it is reasonably needed to fulfill the purposes for which it was collected, unless and to the extent a longer retention period is permitted or required by law. We store your personal data until it is no longer necessary for us to provide our products and services to you or until your data is deleted. See section “How to Access and Control Your Personal Data”, below, for information on how to delete your personal data. When we stop using a service provider that processed personal data on our behalf, we require that the service provider does not retain this personal data for any longer than is necessary.
We retain your personal data to comply with legal and regulatory requirements or for our legitimate purposes, such as responding to enquiries, and may sometimes need to keep it for a longer period. If we do not need to retain it for as long, we may delete, destroy or anonymise it sooner.
How to Access and Control Your Personal Data
You have the right to access, verify, update, edit, delete, obtain a copy of, and transfer your personal data in our systems. Please see the section “How to Contact Us”, below, for more information about requesting access to or a copy of your data.
You may contact us at any time to request access to, deletion of and/or updates to your personal data. Please contact us, outlining your request, at the address provided in the “How to Contact Us” section, below. You can withdraw your consent at any time for anything you gave consent to. You can also object to or restrict our use of your personal data. You can request to receive an exported file of your personal data. You can also request that we delete any personal data we hold about you, excluding any data we are obligated to keep for administrative, legal or security purposes.
When you request access to your personal data, we are required to use all reasonable measures to verify your identity before granting access. We do this to protect your data and limit the risk of potential identity fraud/theft or unauthorized access. You have the right to contact the privacy or data protection regulator in the country where you live to make a complaint.
How We Keep Your Personal Data Secure
Body Plus and our service providers use a range of measures to keep your personal data safe and secure, including the use of Secure Sockets Layer (“SSL”) technology to encrypt transfers of data to and from our servers. Our service providers store data on secure servers and create server logs used to ensure network security by detecting unusual or suspicious activity, preventing unauthorized access, and blocking distribution of malicious code. Server logs collect your IP address, the webpages you access on our site, information you request and the date/time of your request, the source of your access to our website (for example, the website or link which referred you to our website), your browser version and your operating system. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect personal data when using and transferring such data.
If a data breach occurs and jeopardizes the security of your personal data, we will work with our service providers to address the breach. We will notify users of our website of a data breach within whatever timeframe is required by law.
Cookies are small text files sent to and stored on your web-enabled device (for example, your computer, smartphone or other device) when you visit a website. This data uniquely identifies your device. When we use the term “cookies”, we include other technologies that accomplish similar tasks or help cookies function. For example, web beacons are electronic tags on webpages used to help deliver cookies. Web beacons can also be used in emails to collect information about delivery rate, open rate, and click through rate this helps us assess the level of engagement by our email recipients.
When we include links to other websites, those sites will have their own privacy and cookie policies that will govern the use of your personal data on those sites. We recommend you check their policies as we are not responsible or liable for their practices.
Web browsers are typically set up to accept cookies but if you wish to amend your cookie preferences, you can do this through your browser settings. If you choose to turn off certain cookies, it may affect the functionality of our websites. The cookies we use cannot look into your computer, phone or web-enabled device and obtain information about you or your family or read any material kept on your hard drive. If you use a public computer to access our websites, our cookies cannot be used by anyone else who has access to that computer to find out anything about you, other that the fact that someone using that computer may have visited this site.
How to Contact Us
If you have any questions about this Policy, please contact us at the address below. Also, please send us any comments or complaints about this Policy or our handling of your personal data. Send us a written request if you wish to withdraw your consent to our use of your personal data, for any specified purpose, or to request access to or a copy of your data we have on file in order to review it for accuracy, to make changes, to transfer it, or delete all of part of it. Body Plus will respond to your question, inquiry or complaint within a reasonably timeframe — typically within thirty business days, except where required by law to respond sooner.
Body Plus Nutritional Products Inc.
1 Adelaide Street East
Canada M5C 2V9