Last updated and effective as of: July 15, 2021
- the Intensive Dietary Management mobile applications (“Mobile Apps”); and
- our online platform and related services available through our website and Mobile Apps, except as otherwise specified below (“Platform”).
Tip: If you are a resident of California, the EEA, UK or Switzerland, see the “Supplemental Disclosures” sections below for additional information.
The Personal Information we collect
“Personal Information” means information that relates to an identified or identifiable individual and which is submitted to and/or collected by Intensive Dietary Management and maintained by Intensive Dietary Management in an accessible form, in the course of our commercial activities.
Note: Certain Personal Information we collect (such as health data) may include categories of data (such as health data) considered to be Special Category Data subject to additional protections under applicable law. “Special Category Data” generally includes any information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, health information, or information relating to sex life or sexual orientation.
When you use our Service, we may collect the following categories of Personal Information:
Personal Information about you and your identity, such as your name, username, biographic/profile information, employment, and other Personal Information you voluntarily provide us on registration forms or as part of an account profile.
Identity Information used to contact you, such as your email address, physical address, or phone number.
Information relating to financial accounts or payment, such as a credit card number, bank account, or similar payment method
Personal Information we collect in connection with a transaction or purchase or relating to Services you are interested in.
Personal Information relating to your device, browser, or application, for example, IP addresses, MAC addresses, application ID/AdID/IDFA, identifiers from cookies, session history and similar browsing metadata, and other data generated through applications and browsers, including via cookies and similar technologies.
Personal Information included in content provided by users of the Services in any free-form or unstructured format, such as in a “contact us” box, free text field, in a file or document, or messages to us.
Personal Information inferred about personal characteristics and preferences, such as predicted creditworthiness, demographics, interests, behavioral patterns, psychological trends, predispositions, or behavior.
Personal Information relating to physical characteristics, such as your height and weight (this may be classified under applicable law as Special Category Data)
Personal Information relating to health or medical conditions, allergies, dietary restrictions, and related information (this may be classified under applicable law as Special Category Data)
Sources of your Personal Information
Information you provide: We collect Personal Information directly from you. We will ask you for Personal Information when you interact with us, such as when you register on our websites, sign up to receive a newsletter, or make a purchase.
Service Providers: We receive Personal Information from third parties with whom we have a relationship in connection with a relevant transaction, or who collect information on our behalf.
Partners: We may receive information from partners that refer users to our Services, or that act as resellers or agents collecting information on our behalf (“Partners”).
Data we create or infer: We (or third parties operating on our behalf) create and infer Personal Information (such as Inference Data) based on our observations or analysis of other Personal Information we process, and we may correlate this data with other data we process
How do we process Personal Information?
Comments, ratings, favorites, questions and similar information
When you submit User Content to Intensive Dietary Management to comment on posts and articles, rate a recipe or video, answer a question, or mark content as favorite or to watch later, we may collect Device/Network data, such as the internet address you are using will be stored, as well as the User Content you provide and the Identity Data associated with your account. We use this information to operate our Services, to create certain Inference Data (e.g. to improve recommendations and understand your preferences), and we may associate such information with your user profile.
Please note: In some cases, if you comment on a public post, forum, or related area of the Services, the Personal Information you provide may be public.
Registration and Member information
A member’s Identity Data, Device/Network Data, Physical Data, Health Data, Contact Data, such as name, email address and internet address used when registering for the Services, or if you want start a Subscription. If you subscribe, we may also collect and process certain Financial Data in order to process your payment transaction, as well as Commercial Data relating to the transaction and goods/Services you purchased. When you use your account, we may also generate and process Inference Data, (e.g. video views, ratings, last visit etc.) in connection with our recommendations and preferences tools.
We primarily use this data as necessary to create, maintain, and provide you with important information about your account, and to otherwise provide the Services and features you request. We use Financial Data and Personal Information collected in connection with your payment only as necessary to process the billing and payment transaction, to contact you with information regarding the transaction (e.g. payment success or failure, or transaction confirmation), and for security/antifraud and other internal business purposes (described below). When we process Special Category Data, as necessary to fulfill a transaction you request, for the vital interests of the individual, and where required by law, in accordance with your consent
With your consent, we may send you commercial electronic messages to the email address you provided, including newsletters, information about our products and Services, and other information and news that we believe may be of interest to you. We may process Identity Data, Physical Data, Device/Network Data and Contact Data in connection with these marketing communications we may also automatically collect Device/Network Data when you open or interact with those marketing communications.
Note, where allowed by law, you might receive marketing communications if you register for an account, choose to receive marketing communications, or engage in a transaction allowing us to send you those marketing communications.
If you no longer desire to receive these communications, you have the right to withdraw your consent to receive future communications at any time. To unsubscribe to commercial electronic messages from Intensive Dietary Management use the following link: Unsubscribe.
When you Use our Services
When you use our Services, we automatically collect and process Device/Network Data (including using cookies and similar technologies). We may also collect and process Contact Data, Identity Data, and Inference Data that we collect, create, and/or receive. We use this information as necessary to initiate or fulfill your requests for certain features, or enable the functionality of our Services, such as keeping you logged in, delivering pages, etc. we may also stores standard access logs of all visits to the site. This includes access time, URL, internet address, and browser information.
Surveys and Contact Us Forms
We also process Personal Information if you respond to a surveys, contact us, or reply to via email or other communication from Intensive Dietary Management. We process Identity Data, Contact Data, and User Content if you choose to do. We may receive that data from a third party if and to the extent provided to us by a third party (e.g. contact or communications platforms). We use Identity Data, Contact Data, and User Content as necessary to communicate with you about the subject matter of your request and related matters, to manage the survey, and for other business purposes described below.
Where permitted by law, may also use Identity Data and Contact Data to in connection with Marketing Communications, if relevant to your request, such as when you request more information about our Services.
Promotions and Offers
Note: If you win a promotion, your acceptance of a prize may allow us to make certain Personal Information public, e.g. posting your name on a winner’s page. See the applicable program’s terms and conditions for details.
Cookies & Similar technologies
We, and certain third parties, may process Identity Data, Contact Data, and Device/Network Data when you interact with cookies and similar technologies on our Services. We may receive this information from third parties to the extent allowed by the applicable partner.
We may use this information as follows:
- for “essential” or “functional” purposes, such as to enable certain features of the Services, or keeping you logged in during your session;
- for “analytics” and “personalization” purposes, consistent with our business interest in how the Services are used or perform, how users engage with and navigate through our Services, what sites users visit before visiting the Services, how often they visit the Services, and other similar information, as well as to greet users by name and modify the appearance of the Services to usage history, tailor the Services based on geographic location or Customer, and understand characteristics of users in various technical and geographic contexts; and
- for retargeting or online advertising (described below), such as:
- for social media integration e.g. via third-party social media cookies, or when you share information using a social media sharing button or “like” button on our Services or you link your account or engage with our content on or through a social networking website such as Facebook or Twitter;
- to collect information about your preferences and demographics to help target advertisements which are more likely to be of interest to you using behavioral advertising; and
- to allow us to carry out retargeting (this includes, for example, when advertisements are presented to you for products or Services which you have previously looked at on a website but have not purchased).
Purposes for Processing Personal Information
In addition to the processing described above, we generally process Personal Information for several common purposes in connection with certain business purposes. Applicable law may grant you certain rights and choices with respect to the processing described in this section as this processing is based on our legitimate business interests. See the rights and choices section below for more information.
Service Provision and Contractual Obligations
We process any Personal Information as is necessary to provide the Services, and as otherwise necessary to fulfill our obligations to you. For example, to provide you with the information, features, and Services you request. We may also use Personal Information to fulfill any contracts we have with you. Similarly, we may contact you about important announcements and updates regarding our Services, for customer inquiries and the resolution of problems associated with the Services, to provide you with information you request, and otherwise in relation to your transactions or use of the Services.
We process Personal Information in connection with our legitimate business interest in personalizing the Services. For example, the Services may be customized to you so that it displays your name, reflects your preferences or to display content that we think may be of interest to you based on your interactions with our Services, questionnaires, purchases, etc. This processing may involve the creation and use of Inference Data relating to your preferences.
Internal Processes and Service Improvement
We may use any Personal Information we process through our Services as necessary to improve the design of our Services, understand how our Services are used or function, for customer service purposes, to create and analyze logs and metadata relating to the use of our Services, and to ensure the security and stability of the Services. Additionally, we may use Personal Information to understand what parts of our Services are most relevant to users, how users interact with various aspects of our Services, how our Services perform or fail to perform, etc., or we may analyze use of the Services to determine if there are specific activities that might indicate an information security risk to the Services or our Users.
We process Personal Information as necessary in connection with our creation of aggregate analytics relating to how our Services are used, the products and Services our users purchase, use, and in what ways, to create service delivery metrics, and to create other reports regarding the use of our Services, demographics of our Users, and other similar information and metrics. The resulting aggregate information will not contain information from which an individual may be readily identified.
Security and Fraud Detection
Whether online or off, we work to ensure that our Services are secure, and we work to prevent fraud on our Services. We may process any Personal Information we collect in connection with our business interest in ensuring that our properties and locations are secure, to identify and prevent crime, prevent fraud, and ensure the safety of our users. Similarly, we process Personal Information on our Services as necessary to detect security incidents, protect against, and respond to malicious, deceptive, fraudulent, or illegal activity. We may analyze network traffic, device patterns and characteristics, maintain and analyze logs and process similar Personal Information in connection with our information security activities.
Research and Public Health
We may also process and disclose your Personal Information for uses related to medical research, public health, and for other research and public health/safety grounds, to the extent and under the conditions allowed by applicable law
Compliance, Health, Safety & Public Interest
Other Processing of Personal Information
Sharing of Information with Third Parties
In general, Intensive Dietary Management will not share your details with any third party unless required to do so by law, or as provided below. We may also share your Personal Information with our service providers, sub-contractors and agents in order to process your transactions and to manage the client relationship.
We generally disclose your Personal Information to third parties as follows:
In the event that we outsource certain operational processes, or in connection with our product/Service improvements, to enable certain features, and in connection with our other business purposes, we may share Personal Information with service providers or subprocessors who provide certain services or process data on our behalf. For example, we may disclose information as part of our own internal operations, with vendors such as cloud-hosting providers, CRM providers, payment processors, IT security vendors, and other utilities or functions.
If you subscribe to or are referred to our Services through a Partner, we may share with that Partner certain information relating to your use of the Services. For example, we may share with the Partner information about how the types of features you use, how often you use the Services and certain features, as well as aggregated information around use of the Services and trends among individuals that subscribed to the Services through the Partner.
In order to streamline certain business operations, develop products and services that better meet the interests and needs of our users, and for other authorized purposes, we may share your Personal Information with any of our current or future affiliated entities, subsidiaries, and parent companies.
Service Provider List
Below is a list of the third-party providers Intensive Dietary Management uses and what information these have access to, as well as the purposes for which they process your Personal Information:
- Akismet anti-spam service
- Intensive Dietary Management shares information about all blog comments to help avoid comment spam.
- PayPal, PayPal Payments Pro, and Stripe
- Intensive Dietary Management uses PayPal, PayPal Payments PRO and Stripe to process payments. When you pay, the information required to process the payment is handled by our payment-service providers PayPal, PayPal Payments Pro and Stripe
- Intensive Dietary Management uses content delivery services to speed up access to the site. As requests to Intensive Dietary Management pass through these services they will get standard access information for each request sent.
- Google Analytics
- Intensive Dietary Management uses Google Analytics to help Us understand how our website is used. As a result, Google Analytics stores cookies on our site.
- Intensive Dietary Management uses MailChimp to send our newsletters and some other e-mails (such as for the 2-week challenge). For those who are signed up to the newsletters MailChimp will store e-mail information, and information about how you interact with individual e-mails (like open and click rates).
- Sharing buttons and widgets for Facebook, Instagram and Twitter
- Intensive Dietary Management uses social-media technology to allow you to share Intensive Dietary Management content. These services use their own third-party cookies.
- Vimeo and youTube
- Intensive Dietary Management uses video services (Vimeo, youTube, etc.) that store their own third-party cookies.
- Heads Up Health
- Intensive Dietary Management uses Zendesk for customer service.
Your Rights and Choices
Applicable law may grant you rights in your Personal Information. These rights vary based on your location, state/country of residence. Your rights and our obligations may be subject to certain exemptions in applicable laws and may be limited by other individuals’ rights in their own data. If and to the extent applicable law grants you rights in the Personal Information we process, you may submit a request to exercise those rights by contacting us at firstname.lastname@example.org.
All rights requests must be verified to ensure that the individual making the request is authorized to make that request, to reduce fraud, and to ensure the security of your Personal Information. We may require that you log in to your account or verify that you have access to your account or the email on file in order to verify your identity. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf. If you used our Services on a Client Site, please contact the Client for any data rights requests.
You may have the following rights in your Personal Information
The Right to Request and Modify Personal Information
You have a right to access, correct or delete your Personal Information in Intensive Dietary Management’s custody or control, subject to limited exceptions.
In some circumstances, we may not be able to provide access to your Personal Information, for example if it contains the Personal Information of other persons, if it constitutes confidential commercial information, or if it is protected by solicitor-client privilege. If we deny your request for access to, or refuse a request to correct, your Personal Information, we will advise you of the reasons for this refusal.
If you consent to processing, you may withdraw your consent at any time. You may be required to close your account in order to withdraw consent where your consent is necessary to perform essential aspects of our Services.
You have the choice to opt-out of or withdraw your consent to marketing communications. You may have a legal right not to receive such messages in certain circumstances, in which case, you will only receive direct marketing communications if you consent. You may exercise your choice via the links in our communications or by contacting us using the following link: Unsubscribe.
Cookies & Similar Tech
Intensive Dietary Management retains Personal Information it collects only as long as it is necessary to completely fulfill our Services or remains appropriate given the purpose for which it was originally collected. We will review retention periods periodically, and if appropriate, we may de-identify or anonymize data held for longer periods
Intensive Dietary Management is committed to ensuring the security of customer Personal Information in order to protect it from accidental loss and from unauthorised access, collection, use, alteration or disclosure. Intensive Dietary Management has put reasonable physical, organizational, and technological security measures in place for Personal Information, whether in paper, mechanical, electronic or other form, to ensure the security of this information. However, we cannot guarantee that unauthorised third parties will never be able to defeat those measures or use your Personal Information for improper purposes.
We are a Canadian company with U.S. affiliates, and we may use service providers located in the U.S. and Canada, and you acknowledge that your Personal Information will be transferred to the U.S. and Canada for processing.
Changes to our Policy
Feel free to contact us with questions or concerns using the appropriate address below.
General inquires: email@example.com
Mailing Address: 304 Crestwood Road, Bolton, ON, L7E 3V7, Canada
Data rights requests: Privacy@thefastingmethod.com" Privacy@thefastingmethod.com
Supplemental Disclosures: Your California Privacy Rights
If and to the extent the California Consumer Privacy Act (“CCPA”) applies to us and the Personal Information we process, and as provided under other California laws, California residents may have the following rights, subject to your submission of an appropriately verified request (see below for verification requirements):
Right to Know
You may have the right to request any of following, for the 12 month period preceding your request: (1) the categories of Personal Information we have collected about you, or that we have sold or disclosed for a commercial purpose; (2) the categories of sources from which your Personal Information was collected; (3) the business or commercial purpose for which we collected or sold your Personal Information; (4) the categories of third parties to whom we have sold your Personal Information, or disclosed it for a business purpose; and (5) the specific pieces of Personal Information we have collected about you. See below for a table summarizing this information.
Right to Delete
You may have the right to have us delete (or deidentify) certain Personal Information that we hold about you, subject to exceptions under applicable law.
Right to Non-Discrimination
You may have the right to not to receive discriminatory treatment as a result of your exercise of any rights conferred by the CCPA.
You may have the right to request a list of Personal Information we have disclosed about you to third parties for direct marketing purposes (if any) during the preceding calendar year.
Opt-Out of Sale
At this time, we do not sell Personal Information. If we engage in sales of Personal Information in the future (as defined by applicable law), you may direct us to stop selling or disclosing Personal Information to third parties for commercial purposes.
Submission of Rights Requests
If and to the extent the CCPA applies to you and the Personal Information we process, you may submit requests, via at firstname.lastname@example.org. See below for information regarding information that you must submit to verify your identity.
Verification of Rights Requests
All rights requests must be verified to ensure that the individual making the request is authorized to make that request, to reduce fraud, and to ensure the security of your Personal Information. We may require that you provide the email address we have on file for you (and verify that you can access that email account) and we may request additional information such as an address, phone number, or other data we have on file, in order to verify your identity. Depending on the sensitivity of the Personal Information you request and what type of request you submit, we may request additional information from you. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf.
Supplemental Data Processing Disclosures
Categories of Personal Information Disclosed for Business Purposes
For purposes of the CCPA, we may disclose to Service Providers for “business purposes” the following categories of Personal Information: Identity Data; Contact Data; Financial Data; Transaction Data; Device/Network Data; User Content; Inference Data; Health Data.
For purposes of the CCPA, we do not “sell” your Personal Information.
Supplemental Disclosures: Users in the EEA, UK, and Switzerland
Legal Basis for Processing
All processing of your Personal Information is based on one of a number of legal bases. Generally, these will be:
- Consent – e.g. when we place cookies which process Personal Information, for email marketing from our third-party partners, and when we process Special Category Data for purposes other than to fulfill a request or for the vital interests of an individual, or to comply with a legal obligation. Where we rely on your consent you have the right to withdraw it anytime by closing your account.
- Contractual Necessity – This processing is necessary to perform the contract governing our provision of the Services or to take steps that you request prior to signing up for the Services. This may include processing that is in connection with operations that are necessary to provide the Services themselves. For example, we process on the basis of contractual necessity when we process a payment from you or deliver requested Services.
- Legal Obligations – This processing is necessary for us to comply compliance with our legal obligation (e.g., for tax or fraud reporting, or where we are required to disclose information to a court or other governmental authority);
- Legitimate interests – This processing we undertake as necessary for common business purposes. We balance any potential impact on you when we process your Personal Information for our legitimate interests. You may object to this processing as permitted by law. For example, our legitimate interests include:
- Direct marketing;
- Determining the effectiveness of marketing campaigns;
- To create, provide, support, maintain, and improve the functionality and performance of our Services, and operate our business; and
- To secure our Services and network, investigate suspicious activity or violations of our terms or policies; and to protect the safety of Personal Information, including to prevent exploitation or other harms to which users may be particularly vulnerable.
- Other – We may process and disclose Personal Information where it is in the vital interests of a data subject, to comply with a legal obligation to which we are subject, in the public interest, for public health purposes and medical or scientific research, or other appropriate legal ground which may apply under applicable law.
Subject to applicable law, as a resident of the EEA/UK/Switzerland, you may have some or all the following rights regarding your Personal Information. You may submit requests to email@example.com (subject line: Rights Request).
You may have a right to know what information we collect, use, disclose, or sell, and you may have the right to receive a list of that Personal Information and a list of the third parties (or categories of third parties) with whom we have received or shared Personal Information, to the extent required and permitted by law.
You may correct any Personal Information that we hold about you to the extent required and permitted by law.
To the extent required by applicable law, you may request that we delete your Personal Information from our systems. We may delete your data entirely, or we may anonymize or aggregate your information such that it no longer reasonably identifies you. Contact us as part of your request to determine how your Personal Information will be erased in connection with your request.
To the extent required by applicable law, we will send you a copy of your Personal Information in a common portable format of our choice.
Right to Object
Where we process Personal Information on the basis of our legitimate interests, you can object to that processing to extent allowed by law. Note that we must only limit processing where our interests in processing do not override an individual’s interests, rights, and freedoms, or the processing is not for the establishment exercise, or defense of a legal claim.
Right to Restrict
You may have the right to restrict processing of your Personal Information where the accuracy of the Personal Information is contested, the processing is unlawful but you object to deleting the Personal Information, or we no longer require the Personal Information, but it is still required for the establishment, exercise, or defense of a legal claim, or while we assess an objection to processing.
To the extent we process Personal Information using automated means (if any), or where otherwise required by law, you may opt-out of, or revoke your consent, to this processing or elect to have an individual review any of the results of processing.
You may have the right to file a complaint with regulators about our processing of Personal Information. To do so, please contact your local data protection or consumer protection authority.
EEA/UK/Swiss residents should be aware that we are headquartered in Canada with affiliates in the United States. Your Personal Information will routinely be transferred to and stored in the Canada or the United States for processing. Although Canada has obtained an “adequacy” decision from the European Commission, the U.S. does not provide the same legal protections guaranteed to Personal Data in the European Union. Accordingly, your Personal Data may be transferred to the U.S. pursuant to the Standard Contractual Clauses (e.g. eligibility data from Clients), or other adequacy mechanisms, or pursuant to exemptions provided under GDPR (e.g. if you consent when you register). Contact us for additional information regarding the mechanisms to ensure adequate protection of data subject to the laws of the EEA, UK or Switzerland.