Privacy
It is important to us to protect your data, which may be recorded during your visit to www.katesweeneynutrition.com. The legal provisions for the protection of your data can be found in the General Data Protection Regulation (GDPR) and in the Federal Data Protection Act. The following information will provide you with an easy to navigate overview of what will happen with your personal data when you visit this website. The term “personal data” comprises all data that can be used to personally identify you.
​
Responsible body in the sense of the data protection regulations is Ms Kate Sweeney (contact info in imprint).
Below you will find information about what data we collect during your visit to our site and how it is used. If you have any questions, please feel free to contact us at kate@katesweeneynutrition.com.
​
1. General information
The following information will provide you with an easy to navigate overview of what will happen with your personal data when you visit this website. The term “personal data” comprises all data that can be used to personally identify you.
​
Who is the responsible party for the recording of data on this website (i.e., the “controller”)?
The data on this website is processed by the operator of the website, whose contact information is available below.
​
Kate Sweeney, Registered Dietitian Nutritionist
Phone: +1 508 560 1550
E-mail: kate@katesweeneynutrition.com
Fax: +1 844-605-3324
The controller is the natural person or legal entity that single-handedly or jointly with others makes decisions as to the purposes of and resources for the processing of personal data (e.g., names, e-mail addresses, etc.).
​
How do we record your data?
We collect your data as a result of your sharing of your data with us. This may, for instance be information you enter into our contact form. We receive, collect and store any information such as the Internet protocol (IP) address used to connect your computer to the Internet; e-mail address; and computer and connection information. The legal basis for data collection is Art. 6 I f GDPR. This data is not merged with other data sources. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We also collect information like name and email put into our contact form. All of this information is recorded automatically when you access this website.
In principle, you have the right to object to this data collection. However, it is not possible to use the site without this data. The data will be deleted as soon as they are no longer required for the stated purposes. It is not possible to completely protect data against third-party access.
​
What are the purposes we use your data for?
We collect such Non-personal and Personal Information for the following purposes:
1. Within the framework of contracts concluded with you in the context of medical nutritional therapy, we collect and store the personal data you transmit, e.g. name, address, reason for the consultation, for the purpose of contract processing, e.g. for accounting. The data is passed on as part of the billing.The billing data is transmitted to the tax office within the framework of the tax law requirements.
​
The legal basis for the collection and processing of data within the framework of contract processing is Art. 6 I (b) GDPR. The legal basis for the transfer of data to the tax office is Art. 6 I (c) GDPR.
​
2. If you send us a contact request by email, we will collect and store the email address and the data contained in the email for the purpose of answering your request. The legal basis is Art. 6 I (f) GDPR, as we have a legitimate interest in answering inquiries from our customers and potential customers. The data will be deleted when the purpose of storage no longer applies, i.e. after your e-mail inquiry has been answered or when the matter related to the inquiry has been clarified.
​
3. To comply with any applicable laws and regulations.
​
This data will be deleted after the applicable statutory retention requirements have expired. If we are not subject to any statutory storage obligations, the data will be deleted when the purpose no longer applies.
​
You have the right to information and the right to object to your data stored by us at any time, see also point 6 on your rights as a data subject.
​
How do you store, use, share and disclose your site visitors' personal information?
Our company is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.
​
What rights do you have regarding your information?
You have the right to receive information about the source, recipients, and purposes of your archived personal data at any time without having to pay a fee for such disclosures. You also have the right to demand that your data are rectified or eradicated. If you have consented to data processing, you have the option to revoke this consent at any time, which shall affect all future data processing. Moreover, you have the right to demand that the processing of your data be restricted under certain circumstances. Furthermore, you have the right to log a complaint with the competent supervising agency.
Please do not hesitate to contact us at any time if you have questions about this or any other data protection related issues. Read more below under point 7.
​
What if the privacy policy changes?
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
​
2.Recording Data on this Website
Cookies:
This site uses cookies. These are small text files that are stored in your Internet browser (e.g. Firefox, Chrome, Microsoft Explorer/Edge, Safari etc.) when you visit our site or by it on your computer (or your operating system). With the help of cookies, which contain a certain character string, our website recognizes your Internet browser when you call it up. So-called session cookies are used to improve the use of the website and to optimize the display of content for you.
These cookies are only valid for the duration of your browser session and are deleted when you end your visit to our site. We do not use third-party cookies.
The legal basis is Art. 6 I (f) GDPR. Our legitimate interest results from the fact that we only make it easier for you to access the site with the aforementioned cookies, do not collect any tracking data and therefore do not interfere with your personal rights and fundamental freedoms.
You can exclude the acceptance of cookies in your web browser. However, this can possibly lead to impairments in functionality. Further data subject rights can be found under point 6.
​
The following links explain how to access cookie settings in various browsers:
-
Cookie settings in Firefox
-
Cookie settings in Internet Explorer
-
Cookie settings in Google Chrome
-
Cookie settings in Safari (OS X)
-
Cookie settings in Safari (iOS)
-
Cookie settings in Android
To opt out of being tracked by Google Analytics across all websites, visit this link: http://tools.google.com/dlpage/gaoptout.
​
Contact Form:
If you submit inquiries to us via our contact form, the information provided in the contact form as well as any contact information provided therein will be stored by us in order to handle your inquiry and in the event that we have further questions. We will not share this information without your consent.
The processing of these data is based on Art. 6(1)(b) GDPR, if your request is related to the execution of a contract or if it is necessary to carry out pre-contractual measures. In all other cases the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6(1)(f) GDPR) or on your agreement (Art. 6(1)(a) GDPR) if this has been requested; the consent can be revoked at any time.
The information you have entered into the contact form shall remain with us until you ask us to eradicate the data, revoke your consent to the archiving of data or if the purpose for which the information is being archived no longer exists (e.g., after we have concluded our response to your inquiry). This shall be without prejudice to any mandatory legal provisions, in particular retention periods.
​
Email, phone or fax:
If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.
These data are processed on the basis of Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data are processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us (Art. 6(1)(f) GDPR) or on the basis of your consent (Art. 6(1)(a) GDPR) if it has been obtained; the consent can be revoked at any time.
The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
​
3. Video consultation with Zoom
As part of the online consultations, we use the Zoom video chat in order to be able to provide our services. A BAA was signed Feb 5, 2021 to ensure HIPAA compliance on the platform. Zoom is a service of the US provider Zoom Video Communications Inc., Almaden Blvd, 6th Floor, San Jose, CA 95113, USA.
The legal basis for the processing of data via Zoom (hereinafter: service) is Art. 6 Para. 1 lit b) GDPR. We provide our contractual services with the service, in particular advice via video chat.
The service is certified under the EU-US Privacy Shield.
​
4. Plug ins and Tools
Google Web fonts:
This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display text and fonts correctly.
For this purpose, the browser you are using must connect to the Google servers. This gives Google knowledge that our website was accessed via your IP address. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offering. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR.
If your browser does not support web fonts, a standard font will be used by your computer.
You can find more information about Google Web Fonts at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/ .
​
5. Google Workplace
Our company uses Google Workplace for email, storage of accounting data, and phone. It is compliant with GDPR as well as non-EU country rules regarding HIPAA. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that establishes data privacy and security requirements for organizations that are charged with safeguarding individuals' protected health information (PHI). These organizations meet the definition of “covered entities” or “business associates” under HIPAA.
Google's Business Associate Agreement (BAA) ensures that the Google products covered under the BAA meet the requirements under HIPAA and align with our ISO/IEC 27001, 27017, and 27018 certifications and SOC 2 report. Our company has a signed BAA with Google dated April 15, 2017.
The Google Cloud Platform BAA covers GCP’s entire infrastructure (all regions, all zones, all network paths, all points of presence).
​
6. Payment Service Providers
Processing of Customer and Contract Data
We collect, process, and use personal customer and contract data for the establishment, content arrangement and modification of our contractual relationships. Data with personal references to the use of this website (usage data) will be collected, processed, and used only if this is necessary to enable the user to use our services or required for billing purposes. The legal basis for these processes is Art. 6(1)(b) GDPR.
The collected customer data shall be deleted upon completion of the order or termination of the business relationship and upon expiration of any existing statutory archiving periods. This shall be without prejudice to any statutory archiving periods.
​
7. Data Subject Rights
Storage Period
Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons cease to apply.
General information on the legal basis for the data processing on this website.
If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9 (2)(a) GDPR, if special categories of data are processed according to Art. 9 (1) DSGVO. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also based on Art. 49 (1)(a) GDPR. If you have consented to the storage of cookies or to the access to information in your end device (e.g., via device fingerprinting), the data processing is additionally based on § 25 (1) TTDSG. The consent can be revoked at any time. If your data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, if your data is required for the fulfillment of a legal obligation, we process it on the basis of Art. 6(1)(c) GDPR. Furthermore, the data processing may be carried out on the basis of our legitimate interest according to Art. 6(1)(f) GDPR. Information on the relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.
​
Data Transfer for non-EU Countries
Among other things, we use tools of companies domiciled in the United States from a data protection perspective non-secure non-EU countries. If these tools are active, your personal data may potentially be transferred to these non-EU countries and may be processed there. We must point out that in these countries, a data protection level that is comparable to that in the EU cannot be guaranteed. For instance, U.S. enterprises are under a mandate to release personal data to the security agencies and you as the data subject do not have any litigation options to defend yourself in court. Hence, it cannot be ruled out that U.S. agencies (e.g., the Secret Service) may process, analyze, and permanently archive your personal data for surveillance purposes. We have no control over these processing activities.
​
Revocation of your consent to data processing
A wide range of data processing transactions are possible only subject to your express consent. You can also revoke at any time any consent you have already given us. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.
​
Right to object to collection of data in special cases; right to object to direct advertising Art. 21 GDPR)
IN THE EVENT THAT DATA ARE PROCESSED ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO AT ANY TIME OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS ARISING FROM YOUR UNIQUE SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. TO DETERMINE THE LEGAL BASIS, ON WHICH ANY PROCESSING OF DATA IS BASED, PLEASE CONSULT THIS DATA PROTECTION DECLARATION. IF YOU LOG AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE IN A POSITION TO PRESENT COMPELLING PROTECTION WORTHY GROUNDS FOR THE PROCESSING OF YOUR DATA, THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE PURPOSE OF THE PROCESSING IS THE CLAIMING, EXERCISING OR DEFENCE OF LEGAL ENTITLEMENTS (OBJECTION PURSUANT TO ART. 21(1) GDPR).
IF YOUR PERSONAL DATA IS BEING PROCESSED IN ORDER TO ENGAGE IN DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING AT ANY TIME. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS AFFILIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).
​
Right to log complaint with competent supervisory agency
In the event of violations of the GDPR, data subjects are entitled to log a complaint with a supervisory agency, in particular in the member state where they usually maintain their domicile, place of work or at the place where the alleged violation occurred. The right to log a complaint is in effect regardless of any other administrative or court proceedings available as legal recourses.
​
Right to data portability
You have the right to demand that we hand over any data we automatically process on the basis of your consent or in order to fulfil a contract be handed over to you or a third party in a commonly used, machine readable format. If you should demand the direct transfer of the data to another controller, this will be done only if it is technically feasible.
​
SSL and/or TLS encryption
For security reasons and to protect the transmission of confidential content, such as inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.
If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.
​
Information about, rectification and eradication of data
Within the scope of the applicable statutory provisions, you have the right to at any time demand information about your archived personal data, their source and recipients as well as the purpose of the processing of your data. You may also have a right to have your data rectified or eradicated. If you have questions about this subject matter or any other questions about personal data, please do not hesitate to contact us at any time.
​
Right to demand processing restrictions
You have the right to demand the imposition of restrictions as far as the processing of your personal data is concerned. To do so, you may contact us at any time. The right to demand restriction of processing applies in the following cases:
In the event that you should dispute the correctness of your data archived by us, we will usually need some time to verify this claim. During the time that this investigation is ongoing, you have the right to demand that we restrict the processing of your personal data.
If the processing of your personal data was/is conducted in an unlawful manner, you have the option to demand the restriction of the processing of your data in lieu of demanding the eradication of this data.
If we do not need your personal data any longer and you need it to exercise, defend or claim legal entitlements, you have the right to demand the restriction of the processing of your personal data instead of its eradication.
If you have raised an objection pursuant to Art. 21(1) GDPR, your rights and our rights will have to be weighed against each other. As long as it has not been determined whose interests prevail, you have the right to demand a restriction of the processing of your personal data.
​
If you have restricted the processing of your personal data, these data – with the exception of their archiving – may be processed only subject to your consent or to claim, exercise or defend legal entitlements or to protect the rights of other natural persons or legal entities or for important public interest reasons cited by the European Union or a member state of the EU.