1. What is “Personal Data”?
“Personal Data” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal Data falls within certain categories, for example:
· Identifiers (e.g., name, email, telephone number, address, username);
· Sensitive Information (e.g., government identification number; precise geolocation; racial or ethnic origin; religious beliefs; health information; contents of messages when we are not the recipient; in some cases, information about a known child);
· Legally protected information (e.g., race, citizenship, marital status, sex);
· Employment-related information (e.g., current or past employment);
· Non-public educational information, including information protected under the Family Educational Rights and Privacy Act (20 U.S.C. §1232g, 34 C.F.R. Part 99);
· Biometrics (e.g., DNA, face/voice prints, health data) and audio, electronic, visual, thermal, or olfactory information;
· Commercial information (e.g., products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies);
· Internet or other similar activity (e.g., browsing history; content interactions); and
· Inferences drawn from Personal Data to create a profile about preferences, characteristics, trends, predispositions, behavior, attitudes, intelligence, and aptitudes;
Not all information is protected as Personal Data, for example: publicly available information; aggregated information(meaning data summaries or reports with Personal Data removed); and anonymized information that cannot be linked back to an individual.
2. Health Privacy
Youtopia is not subject to the Health Insurance Portability and Accountability Act of1996 (“HIPAA”), but we have set up our Services to align with HIPAA protections as part of our commitment to your privacy. You may choose to provide us with health information when you use certain Youtopia Services, like completing experiences at a Discovery Center. Youtopia does not offer diagnosis or medical treatment, but we are committed to ensuring that any health information you share with us remains private and secure.
3. Children’s Privacy
You must be at least 18 years old to use Youtopia. A Youtopian may add a minor to their account as a dependent to their account, but Youtopia will never knowingly collect Personal Data from a minor online. If we learn we have collected or received Personal Data from a child under 18 without authorization, we will delete that information.
If you wish to add a minor as a Dependent to your Account, you must first agree to our Agreement to Add Dependent in which you confirm that you are the minor’s legal guardian and you must consent to Youtopia collecting Personal Data from the minor online. Once you have executed the Agreement to Add Dependent, you may create Account access for the Dependent to use the Services under your Account. You are solely responsible for all activity on your account by your dependent(s).
4. Collecting and Processing Personal Data
Over the last 12 months, we have collected categories of Personal Data, including identifiers, biometrics, sensitive information, legally protected information, commercial information, internet and similar activity, and inferences drawn from other types of data collected. Our sources of collection include:
Your registration as a Youtopian. When you register as a Youtopian, we will collect information to register your account and complete a Youtopian profile:
· We collect identifiers like your name and email address. We also collect your location to confirm that our Services are available in your area.
· You will have the option to complete a phenotype quiz that collects your date o birth, biological sex, height, weight, jean size, and activity level to generate a Nutrients Score and populate a personalized menu.
We collect this information with your consent, and we use it to facilitate your account and to communicate with you about the Services.
When you use Nutrients. You can shop Nutrients menus and make purchases. If you use Nutrients:
· We keep track of your commercial history like orders placed, menus browsed, meal preferences, and delivery information.
· You have the option to submit information about allergies and food preferences.
· If you list other Youtopians as your dependents or friends, we will link their information to yours so you can place orders as a group.
We collect this information with your consent, and we use it to fulfill your Nutrient orders and to deliver tailored menus and content to you.
Your experiences at Discovery Centers. At our Discovery Centers, you have the option to participate in in-person experiences like physical assessments and lab screenings:
· For physical assessments, we may collect health information or family details
· For lab screenings, we may collect biometrics from lab samples you provide.
· Experiences outcomes are posted to your account dashboard and only accessible by you.
An initial health assessment or test may be required to access subsequent experiences. All subsequent experiences are fully optional. You consent to all Personal Data collection at Discovery Centers, and we use the information to provide you with the experiences you have selected, to update your Nutrients Score, and to enhance your user experience.
When you contact us. If you contact us online or through other means, we will collect Personal Data from you to respond to your inquiry:
· If you request information about our Services or other resources we offer through an online form, by text, email, or phone, we will collect your name, email address and other contact information as needed to provide you with the information you request. We collect this information with your consent, and we use it for the purposes stated at the time of collection, to provide you with our Services, and to communicate with you or send you direct marketing communications.
· We may record calls between you and members of our team for quality monitoring, training, to improve our Services, and for other internal business purposes. You will be notified if your call is being recorded. By staying on the line after receiving the notification, you consent to the call recording. If you do not consent to call recording, you may end the call or ask to not be recorded.
We collect this information with your consent, and we use it respond to your inquiries and to communicate with you about the Services.
Your online interactions with Youtopia. We automatically collect technical information, which may include some Personal Data, from your use of our website or App, such as:
· Device information (e.g., IP address, operating system, browser type, device ID)
· Usage details (e.g., traffic data, search queries, content interactions)
· Stored information (e.g., metadata)
We collect this information to achieve our legitimate interest of providing and improving our Services.
5. Retaining Personal Data
Youtopia brings you the tools and knowledge to help you work towards Precision Nourishment. We do this by analyzing your unique wellness information over time in order to offer you tailored options to work toward improved wellbeing. To make this possible, we must retain yourPersonal Data long enough to provide you with meaningful analyses throughout your wellness journey. Youtopia retains most types of Personal Data that we collect indefinitely unless you delete it. Other types of data are retained according to our internal policies. All data deletion is achieved using secure, industry standard best practices.
6. Data Security
Youtopia has implemented and maintains reasonable security measures to secure your Personal Data from accidental loss and unauthorized access, use, alteration, and disclosure. Our security measures are appropriate to the volume, scope, and nature of the personal data processed and designed to meet our duty of care with respect to your Personal Data.
Youtopia recognizes the sensitivity of the PersonalData you entrust to us, so we designed our systems to align with the privacy and trust principles adopted by the National Institute of Health. To this end, our security measures include:
· Encryption of all Youtopian Personal Data in transit and at rest.
· Identifiers (like name, email, etc.)are stored separately from the Youtopian’s health information.
· Multi-factor authentication is required to access a Youtopian’s health information.
· All Youtopia personnel with job duties requiring access to health information must complete privacy and security training.
· Integrity protection controls that detect if unauthorized alterations have been made to data on our systems.
· Regular security patching to keep our systems updated with the latest security patches.
· Change control and configuration management policies to ensure our system updates are tested, reviewed, and approved prior to implementing.
· Completion of regular independent third-party audits to test our systems for effective security controls and responsiveness to emerging threats.
Please bear in mind that submission of information over the Internet is never entirely secure. You are responsible for keeping your device access and login information confidential. You are also encouraged to install anti-virus and anti-malware software on your devices and keep all software updated to avoid security risks. We cannot guarantee the security of information you submit via our Services while it is in transit over theInternet, and any such submission is at your own risk.
7. Disclosing Personal Data
At Youtopia, we understand that the security of your Personal Data is essential to earning your confidence in our Services. TheServices are designed to keep your Personal Data private, including our relationships with trusted third parties to provide key features of theServices. Youtopia will only disclose Personal Data to the third parties as described in this section, with your permission, or as required by law. In the preceding 12 months, we have disclosed the PersonalData we have collected to:
· Service Providers. Our service providerslike laboratory screening services, medical professional services, data processing and analytics services, software providers, and email and data hosting providers may have access to Personal Data as needed to perform their contractual obligations to us. Service providers only have access to the minimum Personal Data necessary to perform their contracted tasks for us. We prohibit our service providers from further disclosing Personal Data to anyone, and we require all service providers to maintain confidentiality standards and appropriate technical and organizational measures to ensure the security of your Personal Data.
· Law enforcement, and other governmental agencies, as permitted or required by law.
· Other third parties, as permitted by applicable law, for example: if we go through a business transition (e.g., merger, acquisition, or sale of a portion of our assets); to comply with a legal requirement or a court order; when we believe it is appropriate in order to take action regarding illegal activities or prevent fraud or harm to any person; to exercise or defend our legal claims; or for any other reason with your consent.
· Aggregated and Deidentified Information. We reserve the right to share aggregated, anonymized, or deidentified information about any individuals with nonaffiliated entities for marketing, advertising, research or other purposes, without restriction.
8. Your Personal Data
Youtopia provides you with options to control yourPersonal Data directly, including:
· YourAccount. You have the option to access, correct or update, or delete certain Personal Data through your account settings.
· SMS. If you provide us with your wireless phone number, you consent to Youtopia sending you informational or service text messages. However, we will only send you marketing text messages if you opt-into receive these notifications from us. For all text messages, the number of texts you receive will depend on the Services you use and the information you request from us. You can unsubscribe from our text messages by replying STOP or UNSUBSCRIBE to any of these text messages. Messaging and data charges may apply to any text message you receive or send. Please contact your wireless carrier if you have questions about messaging or data charges.
· Emails. We may send you informational or support emails related to your account. We may also send you marketing emails based on your stated preferences. To stop receiving emails from us, you can unsubscribe or change your preferences via the links provided in the emails. If you opt-out of marketing communications, we may still send you messages about your account or orders.
· DeviceSettings. You can control the data we collect through cookies and related technologies by adjusting your device settings or your cookie preferences on the Site.
· BlockLocation Tracking.You can stop all collection of information by an app by uninstalling it. You can also reset your device Ad Id at any time through your device settings, which is designed to allow you to limit the use of information collected about you. You can stop all collection of precise location data through an app by uninstalling the app or withdrawing your consent through your device settings.
· Opt-Out of Interest Based Ads.You may limit our use of information collected from or about your mobile device for purposes of serving online behavioral advertising to you by going to your device settings and selecting “Limit Ad Tracking” (for iOS devices) or “Opt-Out of Interest-Based Ads” (for Android devices).
· Do Not Track. Do Not Track signals are signals sent through a browser informing us that you do not want to be tracked. Currently, our systems do not recognize browser “do-not-track”requests.
NeedHelp? To exercise your rights under applicable privacy laws, or if you want to express concerns, revoke your consent, lodge a complaint, or request information, please submit a Privacy Request or email us at firstname.lastname@example.org.
We can only assist with or fulfill a privacy request when we have sufficient information to verify that the requester is the person or an authorized representative of the person about whom we have collected Personal Data, and to properly understand, evaluate, and respond to the request. We do not charge a fee to process or respond to a verifiable request unless we have legal grounds to do so. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. We endeavor to respond to privacy requests in accordance with the requirements of the law applicable to your jurisdiction. If we do not fulfill your request within the legally required timeline, you can appeal our response by contacting [contact].
9. Your Privacy Rights
Depending on where you live or are located, you may have certain rights over your Personal Data that we collect and retain. In theUnited States, consumer privacy is governed by federal privacy laws covering specific industries or data uses and state privacy laws providing with general consumer privacy rights. This section provides informational notices for privacy laws in states like California, Colorado, Connecticut, Nevada, Utah, Virginia, and other states that require companies to inform consumers about their privacy rights and provide a method to exercise those rights. Residents of states offering privacy protections (each a “Consumer”) can exercise their privacy rights as applicable to our Services by submitting a Privacy Request.
· Right to Correct.You have the right to request that we correct inaccurate Personal Data about you on our systems. If you become aware that the Personal Data that we hold about you is incorrect, or if your information changes, please inform us and we will update our records.
· Right to Deletion.You have the right to request that we delete your Personal Data that we collected and retained, with certain exceptions. Youtopia may permanently delete, deidentify, or aggregate the Personal Data in response to a request for deletion.
· Right to Access.You have the right to request confirmation that we have collected Personal Data about you and that we provide you with access to that Personal Data. If you submit an access request, we will provide you with copies of the requested pieces of Personal Data in a portable and readily usable format. Please note that Youtopia may be prohibited by law from disclosing certain pieces of Personal Data, and we may be limited in the number or frequency of requests we must fulfill.
· Right to Disclosure.You may request that we disclose information to you about our collection and use of your Personal Data, such as: (i) the categories of Personal Data we have collected about you; (ii) the categories of sources for the Personal Data we have collected about you; (iii) our business purpose for collecting, using, processing, sharing or selling that Personal Data, as applicable; (iv) the categories of third parties with whom we share that Personal Data; and (v) if we sold or shared your Personal Data under the CCPA, two separate lists stating: (a) sales or sharing, identifying the Personal Data categories that each category of recipient purchased; and (b) disclosures for a business purpose, identifying the Personal Data categories that each category of recipient obtained. Certain laws may limit the number or frequency of requests we must fulfill.
· Limited Use and Disclosure of Sensitive information. You have the right to opt-out or limit our use of your sensitive information. Youtopia only collects sensitive information that you submit voluntarily, such as health information you include in your account profile or provide when you select a Discovery Center experience. Youtopia only uses this information to provide you with the Services you have selected, and we never share it with third parties that are not Youtopia service providers. To opt-out, you can decline to submit sensitive information to us.
· Right to Opt-Out of Profiling. You have the right to opt-out of automated profiling. Youtopia uses analytics and algorithms to deliver personalized menu and experience recommendations, which may include evaluation, analysis, or prediction of your interests and preferences. To opt out, or to learn more about how we use profiling, please contact email@example.com.
· Right to Nondiscrimination. We will not discriminate against you for exercising your privacy rights. While certain exercises of your privacy rights will make it impossible for us to provide the full scope of Services, unless permitted by law we will not: (i)deny you goods or services; (ii) charge you different prices or rates for goods or services; (iii) provide you a different level or quality of goods or services; (iv) retaliate against you as an employee, applicant for employment, or independent contractor for exercising your privacy rights; or (v) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services, because you exercised a right under applicable privacy laws.
· Right to Disclosure of MarketingInformation. California’s Shine the Light Act (Civil Code sections 1798.83-1798.84) entitles California residents to request certain disclosures regarding Personal Data sharing with affiliates and/or third parties for marketing purposes.
If you are a Consumer, you may exercise these rights by submitting a Privacy Request. Only you or someone legally authorized to act on your behalf may make a verifiable PrivacyRequest related to your Personal Data. You may also make a verifiable privacy request on behalf of your minor child. You may designate a third party to exercise your rights – an authorized agent – however we will require written proof of the authorization and potentially proof of your identity.
10. Consent to Cross-Border Data Transfers
Youtopia is owned and operated in the United States using technical infrastructure in the United States and elsewhere. If you access the Services from outside the United States, please be aware that your PersonalData may be transferred to, processed, stored, and used in the United States or other jurisdictions.
Youtopia is committed to transferring Personal Data using a lawful data transfer mechanism. For example, if we transmit data from the EU to the United States or other jurisdictions, we do so pursuant to standard contract clauses approved by the European Commission and employ those security measures required by the country in question to secure the data. We work with third-party vendors from time-to-time and require those parties to meet these same standards.
However, we do not warrant that our Services are appropriate or authorized for use in any other jurisdictions. When your information is moved from your home country to another country, the laws and rules that protect your Personal Data in the country to which your information is transferred may be different from those of the country where you live. For example, if your information is in the United States it may be accessed by government authorities under United States law.
You are solely responsible for determining whether their use of the Services complies with applicable laws. By allowing us to collect Personal Data about you, you consent to the transfer and processing of your Personal Data as described in this section.
Cookies are small text files downloaded and stored on your computer or mobile device when you visit or use an online platform. Cookies help the platform recognize your device, store your preferences, or perform certain functions for the platform. Cookies are used for functionality, security, analytics, or advertising. Some cookies are strictly necessary to the function of the website or other platform, while others enable certain features.
· When you submit data to through a form such as those found on contact pages or comment forms, cookies may be set to remember your user details for future correspondence.
· We use one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.
· From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimizations our users appreciate the most.
12. Third-Party Services
When using Youtopia’s Services, you may have the option to access or link to third-party services. Youtopia has no control, and we are not responsible for, the privacy and data collection, use, and disclosure practices of third-party services. We encourage you to read the privacy statements of each online service that collects your Personal Data.