General Data Protection Policy

Protecting Personal Data and the Rights of Data Subjects

Last Updated: July 23, 2019

This site, Healthy Me, Healthy Us (“Site”), is owned by Leverage Creative Group, Inc. and operated by Leverage Creative Group, Inc. (together “Companies,” “we,” “us,” or “our”). This General Data Protection Policy (“GDPR”) is applicable to you (“User,” “you,” or “your”). The terms contained herein apply to all Users of our Sites.

Leverage Creative Group, Inc. has published this General Data Protection Policy to inform our users, customers, and website visitors from the European Economic Area (collectively, “Data Subjects,” “you,” or “your”) about why and on what legal bases Leverage Creative Group, Inc. collects personal data from Data Subjects when visiting our website and/or completing a purchase or other interaction with us. Personal data will be collected and processed in accordance with our https://healthymehealthyus.com/?lcg-terms&term=privacy-policy.

If you would like information on how we process personal data via cookies, social plugins, and other types of tracking technology, please also refer to our https://healthymehealthyus.com/?lcg-terms&term=cookie-policy.

We will only share your personal data with third parties in the circumstances set out below. We will always comply with the General Data Protection Regulation (“GDPR”) when dealing with Data Subjects’ personal data. Further details on GDPR can be found on the website of the Information Commissioner (www.ico.gov.uk).

We reserve the right to amend this policy from time to time without prior notice.

Overview of Data Protection:

GDPR requires that Leverage Creative Group, Inc., acting either as a data controller (meaning an individual or organization which, alone or jointly with others, determines the purposes and means of the processing of personal data) or as a data processor (meaning an individual or organization which processes personal data on behalf of the data controller), process data in accordance with certain principles of data protection:

  • Personal data must be processed lawfully, fairly, and in a transparent manner;
  • Personal data must be collected for specified and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  • The personal data collected must be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed;
  • The personal data collected must be accurate and kept up-to-date; every reasonable step must be taken to ensure that personal data that is inaccurate, bearing in mind the purpose(s) for which it is processed, is erased or rectified without delay;
  • The personal data collected must be kept for no longer than is necessary for the purpose(s) for which the personal data is processed;
  • The personal data collected must be processed with appropriate security measures, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures; and that
  • The data controller shall be responsible for, and be able to demonstrate, compliance with these principles.

Data Protection Officer:

For the purposes of the GDPR, our Data Protection Officer (the “DPO”) will be Chase Neely ([email protected]). The DPO is responsible for making sure that Leverage Creative Group, Inc. complies with the GDPR requirements for handling the personal data of Data Subjects. We will regularly review all our holdings of personal data to establish our compliance.

Data Subject Rights:

Data Subjects have rights under the GDPR, including:

  • The right to request access to all personal data relating to you that is processed by us in a structured, commonly-used, and machine-readable format. However, we reserve the right to charge an administrative fee for multiple subsequent requests for access that are clearly submitted for the purpose of causing us nuisance or harm.
  • The right to ask that any personal data relating to you that is inaccurate is corrected free of charge. If you submit a request for correction, such request must be accompanied by proof of the accuracy of the correction you are seeking.
  • The right to withdraw previously-granted consent for the processing of your personal data. You have the right to oppose the processing of personal data if you are able to prove that there are serious and justified reasons connected with the particular circumstances that warrant such opposition. However, if the intended processing qualifies as direct marketing, you have the right to oppose such processing free of charge and without justification.
  • The right to request that personal data relating to you be deleted if it is no longer required in light of the purposes outlined in this policy or, where we rely on your consent as the legal basis for processing, when you withdraw your consent for processing. Please keep in mind that a request for deletion will be evaluated against our overriding interests or those of any other third party and any legal or regulatory obligations or administrative or judicial orders which may contradict such deletion. Instead of deletion, you can also ask that we limit the processing of your personal data if and when: (a) you contest the accuracy of the data, (b) the processing is illegitimate, or (c) the data is no longer needed for the purposes listed in this policy.

If you wish to submit a request to exercise one or more of the rights listed above, or to address any questions, comments, or requests about our data processing practices, you can send an e-mail to our DPO at [email protected]. An e-mail requesting to exercise a right shall not be construed as consent to the processing of your personal data beyond what is required for handling your request. Any request should be dated and clearly state which right you wish to exercise and the reasons for it, if such is required. The circumstances may mean we need to undertake verification of your identity before we action your request in order to protect your personal data to the relevant standard. We will promptly inform you of having received this request. If the request proves valid, we will action it as soon as reasonably possible and at the latest thirty (30) days after having received the request.

For more details describing the rights of Data Subjects with regards to personal data, please see our https://healthymehealthyus.com/?lcg-terms&term=privacy-policy.

Lawful Reasons for Processing Personal Data:

Leverage Creative Group, Inc. will only process personal data where it has a legal basis for doing so (see Annex A attached). Where Leverage Creative Group, Inc., Inc. does not have a legal reason for processing personal data, any processing will be a breach of the terms of GDPR.

For processing your personal data for the purposes outlined this policy and our Privacy Policy, we, as the responsible party, ask for your consent. The processing of your personal data for these purposes is also necessary for the protection of our legitimate interest in marketing and promoting our products, services, and brands and the overall successful commercialization of our products and services. The processing of personal data for these purpose is also necessary for the protection of our legitimate interest to continuously improve our websites, social media channels, products, and services to ensure that you have the best experience possible. Finally, the processing of personal data is necessary to allow us to comply with our legal obligations and for the protection of our legitimate interest in keeping our websites, social media channels, products, and services safe from misuse and illegal activity.

Before transferring personal data to any third party, Leverage Creative Group, Inc. will establish that we have a legal reason for making the transfer. We will make a reasonable effort to ensure that your personal data is shared only with organizations that are GDPR compliant in those instances where we have your consent to sharing with third parties or are otherwise permitted by law to do so.

Protecting Personal Data and the Rights of Data Subjects:

Your personal data is only processed for as long as needed to achieve the lawful purposes described in this policy and in our Privacy Policy. We may de-identify your personal data when it is no longer necessary for those purposes, unless there is:

  • An overriding interest of Leverage Creative Group, Inc., your financial institution, the payment service provider, or another third party, in keeping your personal data identifiable; or
  • A legal or regulatory obligation or a judicial or administrative order that prevents us from de-identifying.

You understand that an essential aspect of our marketing efforts involves making our marketing materials more relevant to you. This means that we collect personal data in order to provide you with communications, promotions, offerings, newsletters, and other advertisements about products and services that may interest you. We will take appropriate technical and organizational measures to keep your personal data safe from unauthorized access or theft, as well as accidental loss, tampering, or destruction. Access by our personnel or our third party processors will be on a need-to-know basis and will be subject to strict confidentiality obligations. You understand, however, that safety and security are best-efforts obligations which can never be guaranteed.

If you are registered to receive communications, promotions, offerings, newsletters, and other advertisements via e-mail or other person-to-person electronic communication channels, you can change your preferences for receiving such communications, promotions, offerings, newsletters and other advertisements by following the opt-out link provided in such communications or by emailing us at [email protected].

Your personal data will normally be kept for up to 3 years. It may be kept for a longer period for reasons such as legal action or required management. For more information on our retention of personal data, please see our [Data Retention Policy].

Reporting Personal Data Breaches:

All data breaches should be referred immediately to the DPO, Chase Neely, at [email protected].

Where Leverage Creative Group, Inc. has identified a personal data breach resulting in a high risk to the rights and freedoms of any Data Subject, we shall alert all affected Data Subjects without undue delay. Leverage Creative Group, Inc. may not be required to tell Data Subjects about a personal data breach where:

  • We have implemented appropriate technical and organizational protection measures to the personal data affected by the breach, in particular to make the personal data unintelligible to any person who is not authorized to access it, such as encryption.
  • We have taken subsequent measures which ensure that the high risk to the rights and freedoms of the Data Subject is no longer likely to materialize.
  • It would involve disproportionate effort to tell all affected Data Subjects. In this case, Leverage Creative Group, Inc. will make a public communication or similar measure to tell all affected Data Subjects.

If you have a complaint or suggestion about the handling of personal data, please contact our DPO, whose details are listed above.