Last updated: 9-Apr-18
a. What we mean by "Personal Information"
By “Personal Information,” we mean personal data as defined in the General Data Protection Regulation (GDPR). In general, it means any information relating to you, which identifies you or allows you to be identified. That may be your name, an ID number, location, an online identifier or factors specific to you (e.g. physical, physiology (thoughts, feelings), genetic, mental, economic, cultural or social factors).
Here is a list and quick overview to help you find what you need:
Before you read on, a quick word about Netherlands independent associates ("associates").
A. It doesn't!
Isagenix is the controller of Personal Information collected through the Sites, which includes associates' replicated websites. For queries about Isagenix's use of your Personal Information please contact us.
Before we start – a couple of IMPORTANT NOTICES!
Your rights in relation to consent: if you are in the European Economic Area, we will transfer your Personal Information to our parent company in the USA, Isagenix International LLC who will share it with their authorised service providers in the USA or in any other countries Isagenix operates in, and, because of the way the direct selling model works where all members are connected, your Personal Information may also be accessed from any country in which we operate. You will be asked to give explicit consent on this Site and your continued use of this Site after that will be your continued explicit consent to these transfers. If you do not want us to transfer your Personal Information, please do not use any of our Sites. For further details of the transfers, please see section g in part 5, Key information. This explicit consent is only necessary to the extent that the model clause agreement between Isagenix (EU) BV and Isagenix International LLC does not cover the transfer. You may withdraw your explicit consent at any time. However if you do so, and the transfer is not covered by the model clause agreement and there is no other legal way to transfer your Personal Information, we will not be able to provide you with our Sites or products.
If you consented to receive Isagenix promotions and offers by email, SMS or other channel(s), you have a right to withdraw your consent at any time.
To withdraw your consent, please contact us.
· section a in part 5, Key information below for our contact details
· sections c and g in part 5, Key information below for further details of where we rely on your consent
· section j in part 5, Key information below for further details of your right to withdraw consent, and
· Cookies and similar technologies for information on how to adjust your browser settings.
Your right to object to our use of the "legitimate interests" basis for processing (and direct marketing): we consider that our use of Personal Information, summarised below, is legitimate commercial practice and is in our legitimate interests:
· to conduct and improve our business and co-branded businesses
· to maintain our accounts and records
· to promote and advertise our products
· to support and manage our associates
· to provide personalised recommendations
· to operate our Sites
· to prevent and detect fraud
· for diagnostics and IT security
· for direct marketing (where consent isn't required)
· our sharing of Personal Information within the Isagenix group, with Isagenix authorised associates and with merchants, and with co-branded businesses and service providers (but excluding transfers), and
· our disclosures (if any) of possible criminal acts or security threats to the proper authorities.
You may object to our use on that basis. To exercise your right, please contact us.
· section a in part 5, Key information below for our contact details
· section d in part 5, Key information below for further details of our reliance on the legitimate interests basis for processing, and
· section i in part 5, Key information below for further details of your right to object.
These are the categories of individual whose Personal Information we collect and use:
(We use the term "member" to mean anyone who registers/enrols with us: all customers, associates and clients will be "members".)
Here are important details about us and our use of your Personal Information.
a. Our identity and contact details
Identity and contact details and, where applicable, of the representative
Isagenix (EU) BV (company number 64602990).
Registered office address: Isagenix (EU) BV Strawinskylaan 3127, 8th Floor, 1077 ZX, The Netherlands
Trading address: Watchmaker Court • 31 to 34 St. John’s Lane • London EC1M 4BJ
Telephone: 1 800 817 102
It would be very helpful if you would tell us exactly why you are contacting us. For example, to exercise a right by email, please put the name of the right in the subject line of the email. Thank you.
b. Data protection officer and queries
Contact details of the data protection officer, where applicable
Please use the contact details in the "Identity and contact details" section a above to contact our data protection officer.
c. Purposes and legal basis
The purposes of the use for which the Personal Information is intended as well as the legal basis for the use
The purposes for which we use Personal Information are:
· to conduct our business and co-branded businesses
· to maintain our accounts and records and keep our records up to date
· to promote and advertise our products and services
· to support and manage our associates
· with consent, for direct marketing
· to provide personalised recommendations
· with consent, to provide events and roadshows to associates (we use service providers to do this)
· with consent, for analysis by aggregating associates' Personal Information (for example to provide rankings/tabulated statistics and event itinerary forms) (we use service providers to do this)
· to provide products and services (this is necessary for contract performance)
· to provide fulfilment, advertising or other services to other merchants or co-branded businesses (since we do not manufacture or produce items such as shirts, hats and bags) (fulfilment is necessary for contract performance)
· to verify prospective members' identities and, where members ask us for credit or other financial services, to conduct credit checks before offering credit (these are necessary steps before entering into a contract)
· to operate our Sites
· to help detect and prevent fraud
· for diagnostics and IT security
· for intra-group administration and administration of our relationships with associates, merchants, co-branded businesses and service providers (transfers are with consent), and
· our disclosures (if any) of possible criminal acts or security threats to the proper authorities.
We have set out above where we obtain consent or the use is necessary for contract purposes.
In all other cases, the legal basis for our use is our own or our service providers' legitimate interests.
d. Legitimate interests
Where the use of information is based on the legitimate interests condition, the legitimate interests pursued
Our legitimate interests are to operate our business in accordance with legitimate commercial practice, for example to provide products and services, to maintain accounts and records, and for promotion and advertising, including management of our members, fraud prevention, direct marketing (where consent isn't required), internal group administration and administration of other relationships, network and information security and reporting criminal and security threats; please see the purposes section c above for details. Some examples are included in the indirect categories section e below. For further details please see the "Isagenix business activities" in part 7 section 7.3 below.
Our merchants, co-branded businesses and service providers' legitimate interests are for service provision and operating their businesses, as set out in more detail in the purposes section c above and the indirect categories section e below.
e. Personal Information collected indirectly – categories
The categories of Personal Information collected indirectly
We collect the following categories of Personal Information indirectly (i.e. from third parties):
· updated delivery and address information from our carriers or other third parties which we use to correct our records and deliver your next purchase or communication more easily
· account information, purchase or redemption information and page-view information from some merchants with whom we operate co-branded businesses or for whom we provide technical, fulfilment, advertising or other services
· search results and links, including paid listings (such as sponsored links)
· credit history information from credit reference agencies, which we use to help prevent and detect fraud (by verifying identity) and to offer certain credit or financial services to some members
· registration details from a family member (e.g. a spouse) who enrols you as an associate (if you do this yourself, please make sure you have the other person's prior consent)
· your name, address and phone number, if a member sends you one of our products (e.g. as a gift).
The recipients or categories of recipients of the Personal Information, if any
We may share your Personal Information with:
· business associates; for example:
o merchants and co-branded businesses (if you buy one of their products or services through our Site) (please contact us for details)
o associates (who receive information about their clients) and upline sponsors (who receive information about associates in their downline)
§ this is because we are a direct selling company, and we share this information to provide associates and upline sponsors with credit for orders and associate enrolments
§ if you give them your consent, the associate or upline sponsor may use your Personal Information for their own marketing purposes
· suppliers (for example service providers)
· financial organisations
· consultants and professional advisers
· credit reference agencies
· debt collection agencies
· a prospective purchaser of all or a part of our business
and other recipients as permitted or required by applicable law.
Whatever the purpose may be – whether we share with service providers or other external companies – we only use and share your Personal Information to the extent reasonably necessary to fulfil your requests and our legitimate business objectives/interests. When we disclose Personal Information to external companies to perform support services for us, they may access your Personal Information only for the purposes of performing those support services (in accordance with our instructions), and must keep your Personal Information secure.
g. Transfers outside of the European Economic Area (EU member states, Norway, Iceland and Liechtenstein)
Where applicable, the fact that Personal Information is to be transferred to a third country or international organisation and the existence or absence of an adequacy decision by the European Commission, or in the case of transfers subject to appropriate safeguards or non-repetitive, limited transfers based on compelling legitimate interests, reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available.
Here is a short explanation of the options for transferring Personal Information outside the EEA.
First, an "adequacy decision" which is a legal decision by the European Commission that adequate protection is provided by a country, territory, specified sector(s) or an international organisation. It is based on an assessment of the following: (a) rule of law and other legal considerations (b) existence and functioning of an independent supervisory authority and (c) international commitments and obligations/participation.
Secondly "appropriate safeguards" which may take several forms, including:
· standard data protection clauses adopted by the European Commission (commonly called "model clauses")
· other contract clauses that have been approved by the Dutch Data Protection Authority
· "binding corporate rules" which apply to a group of companies or enterprises engaged in a joint economic activity
· an approved code of conduct or approved certification mechanism, which binds the organisation in the third country and can be enforced.
Thirdly, "derogations" (exceptions) such as consent or contact performance.
As at April 2018:
· neither the USA nor any country in which Isagenix operates has an adequacy decision
· Isagenix International LLC has not joined the EU-US Privacy Shield, which has an adequacy decision
· there are appropriate safeguards (model clauses) in place between us and our parent company but not with other group companies in other countries in which we operate (please go to the home page of our Site and click "select language" (it may show as a flag) in the top right hand corner for a list)
· where appropriate safeguards are not in place, or are in place but a court finds them invalid or they are ineffective for some other reason, our transfer of your Personal Information is based on an exception (derogation), namely your consent to the transfer. Please note that the absence of an adequacy decision and appropriate safeguards creates possible risks that you will not have the same rights and remedies in respect of the processing of your Personal Information once it is the USA and Mexico or other non-EEA countries as you would have in the Netherlands.
IF YOU PREFER NOT TO HAVE YOUR PERSONAL INFORMATION TRANSFERRED TO THE UNITED STATES OR ANY OTHER COUNTRY IN WHICH WE OPERATE, PLEASE DON’T USE THIS SITE.
h. Storage period
The period for which the Personal Information will be stored, or if that is not possible, the criteria used to determine that period
The period for which we will store Personal Information is based on our need to fulfil our legitimate business needs, comply with applicable law, resolve disputes, and enforce our agreements.
For members, because of the way the direct selling model works where everyone is connected, the storage period will be for the longer of (a) the period that you remain connected to other members, and (b) 7 years after your last purchase of a product.
For website visitors, if you consent to cookies through our cookie banner, the consent cookie is valid for 1 year. If you agree to our terms and conditions when logging in as a member, we will store that cookie and it is valid until the document is updated and changed. The vast majority of cookies (most of which are for site analytics) last two years or less. You can shorten each cookie's storage period by deleting the cookie before the expiry date. Please see part 8 Cookies and similar technologies for information on how to delete cookies and adjust your browser settings.
i. Individual rights
The existence of the right to request access to and rectification or erasure of Personal Information or restriction of use concerning the individual or to object to use as well as the right to data portability
You have rights to make a request to us:
· for access to your Personal Information
· for rectification or erasure of your Personal Information
· for restriction of processing concerning you
· to object to our processing which is based on legitimate interests
· to object to direct marketing (including to object to related profiling)
· to port data you have provided to us, either to you or to another provider.
If you are a member you can access some information yourself. Please see part 6 section 4 below.
To exercise your rights, please contact us. Our contact details are in the "Identity and contact details" section a above. We can send you an individual rights form if you wish, but the law does not require you to complete a form.
j. Withdrawal of consent
Where the use is based on consent (for ordinary or sensitive Personal Information), the existence of the right to withdraw consent at any time, without affecting the lawfulness of use based on consent before its withdrawal
You have a right to withdraw any consent you give us at any time.
This will not affect the legality of our consent-based use before you withdrew consent.
To exercise your right to withdraw, please contact us. Our contact details are in the "Identity and contact details" section a above.
The right to lodge a complaint with a supervisory authority
You have a right to complain to the Dutch Data Protection Authority, whose contact details are:
Dutch Data Protection Authority
2509 AJ DEN HAAG
Telephone: + 31 70 888 8500
Website: www.autoriteitpersoonsgegevens.nl which sets out additional details.
l. Information collected directly – legal or contract requirement
Whether the provision of Personal Information is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the individual is obliged to provide the Personal Information and of the possible consequences of failure to provide that information
Photos will be collected if an associate or preferred customer joins an "IsaBody" challenge. This is a necessary requirement of participation in the challenge.
To ensure we act responsibly, an ID verification check is required if you apply to be a member and a credit check is required if you request credit from us.
To buy products and services from us, and enable us to fulfil your order, you must provide certain Personal Information to us.
m. Sources of Personal Information collected indirectly
The source of the Personal Information and if applicable, whether it came from publicly accessible sources
The sources of the Personal Information we collect indirectly are:
· our carriers or other third parties (updated delivery and address information)
· merchants with which we operate co-branded businesses or for which we provide technical, fulfilment, advertising or other services (account information, purchase or redemption information and page-view information)
· search engine providers (search results and links, including paid listings (such as sponsored links))
· credit reference agencies (credit history information)
· family members (where a family member enrols an associate)
· members (e.g. where a member sends our products to a friend or family member as a gift).
n. Automated decision-making
The existence of automated decision-making, including profiling. This means a decision based solely on automated profiling which produces legal effects concerning the individual, and which must not be based on special categories of (i.e. sensitive) Personal Information without explicit consent or substantial public interest with safeguards. Meaningful information about the logic involved, as well as the significance and the envisaged consequences of the processing for the individual must also be provided.
We do not use automated decision-making which produces legal effects or similarly significant effects.
We do however undertake profiling. We undertake data analytics on purchases, downline and members to understand how we can improve our business model to enhance a member’s interaction with us. We also use web analytics on our Sites which affects website visitors (please see part 8).
We do not base profiling on special categories of Personal Information, that is Personal Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
Meaningful information about the logic involved: we use certain categories of Personal Information described in part 6 (namely the Personal Information listed in sections 1 – website visitors; 2 – mobile users; 3 - members), to create a profile. The source of this Personal Information is you or other sources (see section m (sources)). This Personal Information is directly relevant to improving our business model as set out above.
Significance and envisaged consequences for you: as a result of data analytics, you may see different recommendations depending on your purchases and browsing or a new feature on the Site; data analytics also helps keep you and other members safe from fraudulent activity.
Here are some further details of the Personal Information we collect (directly or indirectly).
1. Information we collect automatically on all website visitors
· the Internet protocol (IP) address used to connect your computer/mobile device to the Internet
· login, e-mail address, password (if you are enrolled/registered)
· computer and connection information such as
o browser type and version
o time zone setting
o browser plug-in types and versions
o operating system
o the full Uniform Resource Locators (URL) clickstream to, through and from our Site (including date and time)
o cookie number
o products you viewed or searched for
o any phone number used to call our customer service number.
· browser data such as
o cookies (please see part 8)
o Flash cookies (also known as Flash Local Shared Objects), or similar data on certain parts of our Site to support fraud prevention and other purposes, such as to gauge viewing patterns of videos on our Sites.
o page response times
o download errors
o length of visits to certain pages
o page interaction information (such as scrolling, clicks, and mouse-overs), and
o methods used to browse away from the page.
· technical information to help us identify your device for fraud prevention and diagnostic purposes.
2. Information we collect on users of our mobile apps
We collect the same information as we do for website visitors, but focused on technologies associated with mobile devices including location services provided by mobile devices if enabled. For further details please see part 7 section 7.1.2.
3. Information we collect on customers, associates and clients (members)
As well as your name, postal or billing address, e-mail address and telephone or mobile number, we will collect your purchase history, which we sometimes aggregate with similar information from other members to create features such as Best Sellers. For example, as a member you provide information when you: search for a product; place an order through an associate's Site or through one of our third-party partners; provide information in My Account (you might have more than one if you used more than one e-mail address when shopping with us), post, participate in a contest or questionnaire or communicate with customer services. As a result of those actions, you might supply us with information such as: name; address and phone number; credit card information (please note that we use a tokenizer to store the credit information; we do not store credit card details); people to whom purchases have been dispatched (including addresses and phone numbers); people (with addresses and phone numbers) personal description and photograph if participating in the IsaBody Challenge, and financial information as needed to conduct business in EU (e.g. VAT ID).
We also collect information from other sources (please see part 5, section m above), including in connection with offering joint or co-branded products and services (please see part 5, section e above).
4. Information we have that you can access too if you are a member
Examples of information a member can access include: up-to-date information regarding recent orders; personally identifiable information (including name, e-mail, password, communications and personalised advertising preferences, address book); payment settings (including credit-card information and gift voucher, gift card and cheque balances); e-mail notification settings (including Product Availability Alerts, Deliveries, Special Occasion Reminders, and newsletters); recommendations (including Recommended for You and Improve Your Recommendations).
5. Sensitive (special categories of) Personal Information
We generally collect only Personal Information you voluntarily provide to us or which is collected through cookies or similar technologies (please see section 7.2 of this part 7 below and part 8). For some secure areas of our Site, however, we require you to provide Personal Information when you use specific features. For example, we collect Personal Information from you when you:
This Personal Information, for example, may include your:
(Please see part 6 above for details of the categories of Personal Information we collect.)
If you can’t or choose not to provide us with the Personal Information we reasonably require, we may be unable to provide you with the information or products you have requested.
We also obtain information in other ways through technology. Some of this information may be linked to you personally. This information helps our Sites function correctly and supports the work we do to understand the needs of our customers.
Device Information. Depending on the permissions you’ve granted, we may receive information about your location and your mobile device when you download or use our apps, including a unique identifier for your device. We may use this information to provide you with location-based services, such as advertising, and other personalised content. Examples of the device information we collect include:
Most mobile devices allow you to turn off location services, and we encourage you to contact your device manufacturer for detailed instructions on how to do that.
Payment Information. If you buy a product on our Site, our payment processor will collect payment card information from you, including your name, expiration date, authentication code, and billing address. Our payment processor will securely transmit this information consistent with payment card industry rules to the appropriate payment facilitators. We may offer you the option to save information about the method and choice of payment on our Site. If you save this payment card information on our Site, you will be able to add, delete, or modify that information at any time using your account settings.
We advertise in a number of ways, including online through managed social media presences, and on other unaffiliated sites and mobile applications. To understand how our advertising campaigns are performing, we may collect certain information via our Sites through our advertising service providers. We or our suppliers use several common online tracking tools to collect this information, such as browser cookies, web beacons and other, similar technologies. The information we collect includes IP addresses, the number of page visits, pages viewed via our Sites, search engine referrals, browsing activities over time and across other websites following your visit to one of our Sites or applications, and responses to advertisements and promotions on the websites and applications where we advertise.
We also use certain information to:
Controlling our tracking tools. Your browser may give you the ability to control cookies. How you do so, however, depends on your browser and the type of cookie. Certain browsers can be set to reject all browser cookies. If you configure your computer to block all cookies, you may disrupt certain web page features, and limit the functionality we can provide when you visit or use our Sites. If you block or delete cookies, not all of the tracking that we have described in this section will stop and our Site may stop working in part or completely. Some browsers have a “Do Not Track” feature that lets you tell websites that you do not want to have your online activities tracked. These browser features are still not uniform, so we are not currently set up to respond to those signals.
For more information about our ad service provider and its cookies, including information about how to withdraw your consent to these technologies, you may visit www.aboutads.info/choices. In addition, users may prevent Google’s collection of data generated by your use of the Sites (including your IP address) by downloading and installing a Browser Plugin available at https://tools.google.com/dlpage/gaoptout?hl=en. Please also see part 8 (cookies) for further information.
Isagenix business activities. We use your Personal Information to:
Authorised service providers. We use other companies and individuals to perform certain functions on our behalf. Those functions include payment card processors, delivery, call-centre support, analysing or hosting data on cloud-based servers, and other companies that help us improve our products and services. We may disclose your Personal Information to these companies and other individuals performing services on our behalf in the UK, in the United States and in Mexico or in any other country in which we operate.
If you signed up to receive newsletters or other marketing communications from us, you can opt-out any time by clicking the unsubscribe link at the bottom of the message or texting STOP in response to a marketing text message. You can also log-in to your account to opt-out and update your marketing preferences at any time, or just contact us to let us know. Even after you opt-out or update your marketing preferences, please allow us sufficient time to process your marketing preferences. It may take up to 10 days to process your e-mail related requests, and up to 30 days for all other marketing-related requests. And even after you’ve opted-out of receiving marketing communications from us, we may still contact you for transactional or informational purposes. These include, for example, customer service issues, returns or product-related inquiries, surveys or recalls, or any questions regarding a specific order.
You can update the delivery or billing information, as well as other Personal Information, you provided to us by logging-in to the My Account page, and making the appropriate changes or corrections yourself by clicking the edit button next to “Contact Information”. You can also update your newsletter preferences by logging-in to the My Account page or contact us directly at the address below. If you wish to de-activate your account, you may do so by contacting our customer support team at firstname.lastname@example.org. Once you do so, your account will then be de-activated on a going-forward basis, although certain Personal Information may still be retained to the extent necessary to fulfil our legitimate business needs, comply with applicable law, resolve disputes, and enforce our agreements.
A cookie is a file containing a small amount of information that a Site places on your device. Similar technologies include:
We use these types of cookie …
… for these purposes
Strictly necessary cookies. These cookies are generally used to store a unique identifier to manage and identify you as unique to other users currently viewing the Site, in order to provide you with a consistent and accurate service.
To remember previous actions (e.g. entered text) when navigating back to a page in the same session, managing logins and other security features, and to route visitors to specific versions of a Site and to remember items put into an online shopping basket.
Performance cookies. These cookies are used for performance and to improve the Site.
For web analytics (we use Google Analytics – see how Google uses your data here: www.google.com/policies/privacy/partners), ad response rates, affiliate tracking, error management and testing designs.
Functionality cookies. These cookies will typically be the result of something you do, but might also be implemented in the delivery of a service not explicitly requested but offered to you. They can also be used to prevent you being offered a service again that had previously been offered to you and rejected.
Targeting or advertising cookies. These cookies contain a unique key that is able to distinguish individual users’ browsing habits or store a code that can be translated into a set of browsing habits or preferences using information stored elsewhere. Cookies may also be used to limit the number times a user sees a particular ad on a Site and to measure the effectiveness of a particular campaign.
With similar technologies, for online advertising, which is described in more detail in part 7 section 7.2.
Cookies change and their names and descriptions are not very user-friendly for most people, so we haven't listed them individually. If you want to see the cookies currently used on the Sites, they should be visible through your browser. (Please see below for instructions.)
There are different browsers and manufacturers upgrade them frequently. The best way to get the right instructions is to go to the manufacturer's support page. The following support/privacy pages (for some of the more common browsers) are correct as at April 2018.
If you have problems with these pages, can't see individual cookies or want find out more about how cookies are handled within your browser, please go to the manufacturer's site and search for the browser name and your cookie query.
To disable flash cookies (local shared objects) go to the Global Storage Settings panel of the online Settings Manager at Adobe's website at http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html. This places a permanent flash cookie on the device, informing all other websites that you do not want flash cookies stored on your device.
You may prevent Google’s collection of data generated by your use of the Sites (including your IP address) by downloading and installing a browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=en.
You can delete local storage, session storage and database storage in the same way that you delete cookies.
You cannot delete pixels but you may be able to disable them by disabling cookies or by using browser add-ons or extensions. Some pixels in emails can be disabled by selecting an option in your email application not to download images.
Please be aware that restricting cookies and similar technologies may impact on the functionality of our Site.
To find out more about cookies, including how to see what cookies and other technologies have been set and how to manage and delete them, please visit http://www.allaboutcookies.org/ and http://www.youronlinechoices.com/.