On May 25, 2018, a new privacy regulation, the General Data Protection Regulation or “GDPR,” came into effect for member states in the European Union. The law represents the effort by EU regulators to improve each individual’s control over their own personal information, and would cover any personal information you provide to Seed as a part of its commercial activities.
Seed Health, Inc. and its direct and indirect subsidiaries (collectively, “Seed,” “we”, “us”, or “our”) collects, processes, and retains your personal information in connection with pursuing its legitimate business interest in marketing and selling its products and services worldwide, and to comply with its legal, regulatory, and contractual obligations. Seed may also process a limited amount of your health data for the purpose of better determining appropriate use of our products. In providing such information you consent to such limited use and such data being shared with third parties.
Seed Health, Inc.
2100 Abbot Kinney Blvd
Venice, CA 90291
United States of America
Seed is the controller of any personal information collected or otherwise processed on or through seed.com.
PURPOSES AND LEGAL BASES FOR PROCESSING
As a part of conducting commercial activities involving the sale of our products, we may process your personal information on several different legal bases, as follows:
1. Based on contractual necessity when we enter or perform a contract with you. For distribution of our products as well as other services such as delivery of our newsletter, we need to process your personal information to perform our agreement with you or to complete transactions and support for the products we place into the market.
2. Based on legitimate interests, we may process personal information from you as a necessary activity in pursuing Seed’s legitimate business interests and those of our customers, commercial partners, and distributors and our affiliates, where those interests do not unreasonably hinder your privacy rights, including but not limited to:
for engaging with, completing business, and marketing our products and services;
to protect and defend our partners and distributors rights or property and interests;
for the security and safety of our information processing and communications systems connected to seed.com and the users of seed.com;
where the processing enables us to enhance, modify, personalize or otherwise improve our services / communications for the benefit of our customers;
to better understand how people interact with our websites;
to determine the effectiveness of promotional campaigns and advertising;
to detect and prevent fraud;
to protect and defend Seed’s rights, property, and interests;
to protect you and aid in meeting our obligations under privacy law to respond to your requests
3. To comply with legal obligations. We may need to process your personal information to comply with relevant laws and regulatory requirements and to respond to lawful requests, court orders, and legal process . In some cases, this may result in us processing your personal information for a period of time exceeding the time required for the original processing.
4. Based on your prior consent, we may place cookies, tracking beacons and similar tools on your device (subject to certain exceptions) or send marketing communications about our products and services directly to you.
PROCESSING YOUR PERSONAL INFORMATION FOR DELIVERING GOODS AND SERVICES TO YOU
On our seed.com website and all related websites or service specific web pages (“seed.com”), you may register for information or to purchase our products. When receiving a registration, we may log and store the time and date of registration and the IP address the registration was received from in order to facilitate our data security procedures. Registering will result in processing of your personal information that you supply at registration and thereafter. Generally, the information is used to deliver your requested service, to contact you with information or notices, and to provide you with information about changes to our products, product lines, or services. Limited health information may be processed to assist you in assessing our products and is provided to Seed with your express consent for such a limited use. The related processing activities are outlined below.
LIST OF DATA PROCESSORS AND LINKS TO APPLICABLE PRIVACY OR GDPR POLICY PAGES ARE LISTED BELOW
These companies may change, and we will update this list from time to time, but it may not always be a fully updated list. Because these companies may share the information they collect on seed.com with other third parties, those third parties may also collect personal data from the Seed Website (last updated July 1, 2019).
ShopifyPlus — shopify.com/legal/privacy
ReCharge — rechargepayments.com/privacy-policy
Wordpress — wordpress.org/about/privacy
PayPal — paypal.com/va/webapps/mpp/ua/privacy-full
BrainTree — braintreepayments.com/legal/braintree-privacy-policy
Avalara — avalara.com/us/en/legal/privacy-policy.html
ShipStation — shipstation.com/privacy-policy
Passport — passportshipping.com/gdpr
Klaviyo — klaviyo.com/privacy
Kustomer — kustomer.com/privacy
ShareASale — shareasale.com/PrivacyPolicy.pdf
Reddit — redditinc.com/policies/privacy-policy
Twitter — twitter.com/en/privacy
Facebook — facebook.com/policy.php
Instagram — help.instagram.com/402411646841720
Typeform — termsandconditions.typeform.com/to/L9Crcj
Google — policies.google.com/privacy
HotJar — hotjar.com/legal/policies/privacy
Littledata — blog.littledata.io/privacy-policy
QuickBooks — quickbooks.intuit.com/eu/privacy-policy
Processing your personal information for sending you communication from Seed
If you use services on seed.com or register to obtain products or information, we may provide you with information through emails, newsletters, or other marketing communications directed to you based on the information you provided at “registration”. Until you notify us of your desire to cease receiving such communications, or as may otherwise be required by applicable EU regulations, we will assume your continuing consent to such communications. We will always include an “opt out” link in such communications to you and provide a link to allow you to manage your Seed subscriptions.
Data Transfers to recipients outside of the EU/EAA
Seed is headquartered in the United States and many of our affiliated companies or third-party service providers are located outside the EU/EEA in jurisdictions that are authorized by the EEA either by being a country that provides adequate protection or by being an entity that has achieved an approved status of compliance with GDPR. However, to ensure an adequate level of protection of your personal information, we enter into data processing and data transfer agreements with our affiliated companies and third-party service providers outside of the EU/EEA that, where required, incorporate the provisions of the Standard Contractual Clauses approved by the EU Commission or implement other appropriate safeguards with them.
How long we retain your personal information
We have implemented appropriate retention periods for your personal information collected or otherwise processed on or through seed.com as set forth in our records management policy and in compliance with the GDPR. Personal information processed in the context of a contract with you will be retained by us for the term of the contract and for a reasonable time afterwards as might be required to determine and settle any related claims or prevent fraud or as otherwise required by law. Where our processing of your personal information is based on legitimate interests or the compliance with legal obligations, it will be deleted as soon as the underlying purpose has expired, subject to legal obligations and requirements described above. Personal information processed based on your consent to retain for future use will be deleted if and when you withdraw such consent, once again subject to any legal obligations and considerations.
The Bulk Consent is logged and documented by registration of the user’s anonymized IP number, browser user agent, website URL, date and time of consent and a unique, encrypted key that is stored in a data center with Cybot’s cloud vendor, Microsoft Ireland Operations Ltd in Dublin, Ireland. After 12 months, the Bulk Consent is automatically deleted from Cybot’s log and then used only in an aggregated, anonymized form as part of the statistics that Seed has access to in Cookiebot.
You can manage your cookie settings within your own individual cookie declaration at seed.com/privacy-policy.
Your GDPR rights regarding the processing of your personal information
The GDPR provides you with the following specific rights to citizens and residents of the Member States of the European Union:
(a) right of access – you have the right to request information about how your personal information is being processed and to obtain a copy of that personal information.
(b) right to rectification – you have the right to obtain from Seed the rectification of inaccurate personal information concerning you and to have incomplete personal information about you completed.
(c) right of erasure (also known as the right to be forgotten) – you have the right to obtain from Seed the erasure of personal information concerning you. The right is not absolute and can only be exercised if certain grounds apply (e.g., the original purpose for which the personal information was collected no longer applies, or the processing is unlawful). Even if a ground applies, there are some exemptions available where Seed does not have to delete the data.
(d) right to object – you have the right to object to the processing of this personal information, which is based on the legitimate interests of Seed. Seed will stop the processing unless it can demonstrate compelling legitimate grounds for the processing that override the interests and rights of the data subject, or for the establishment, exercise or defense of legal claims.
(e) rights in relation to automated decision-making – you have the right not to have a decision made about you that is based solely on automated processing, if that decision produces legal effects concerning you or significantly affects you. The right is not absolute and does not apply in certain situations.
(f) right to restriction of processing – you have the right to restrict the processing of your personal information in certain limited circumstances (i.e. Seed is not allowed to process (including delete) the personal information until the restriction is lifted).
(g) right to data portability – you have the right to receive the personal information concerning you, which you have provided to Seed based on consent or contract, in a structured, commonly used and machine-readable format and, where technically feasible, you also have the right to request the data be transmitted to another controller without hindrance from Seed.
(h) right to be provided with information about the processing – you have the right to be provided with certain information describing how your personal information will be processed (e.g. the purposes for the processing, the person doing the processing, and the recipients of the data).
You may exercise the above mentioned rights and the right to register a complaint directly with the regulator in your home country.
Effective date and changes
If you have questions about this Supplemental Statement, please contact us at firstname.lastname@example.org.
Marco Pane, Advisor
Data Protection Officer
Raja Dhir, Co-Founder and Co-CEO
Last updated: June 27, 2019
© 2019 Seed® (Seed Health, Inc.)