Effective Date: July 1, 2020.
- The Information We Collect
1.1. Information You Provide to Us
We collect information you provide to us. For example, we collect information when you sign up to become a subscriber, email us, call us, order a gift subscription, or enter a contest, promotion, or sweepstakes. Such information may include your name, e-mail address, date of birth, mailing address, and phone number.
Additionally, when you take our health assessment, you may also voluntarily provide us with additional information about yourself such as your hobbies, personal interests, household income range, gender, number of children, and other demographic information. You may also voluntarily provide us with information about your health and diet, and product and service preferences.
1.2. Information We Collect Automatically
We automatically collect information about you when you access or use the Platform. Such information may include your IP address, browser type and language, referring and exit pages and URLs, date and time, amount of time spent on particular pages, what sections of the Website you visit, order information, device identifier, and other similar information concerning your use of the Services and Platform.
Additionally, we use data analytics tools like Google Analytics and other third-party technologies to understand how users interact with our advertisements and Services. For more information, you can visit www.google.com/policies/privacy/partners/ (“How Google Uses Information From Sites Or Apps That Use Our Services”).
For more information about cookies and how to disable them or to opt out of receiving certain advertising tailored to you from third parties, please visit:
Options you select are browser and device specific.
1.3. Information from Other Sources
Bump does not share any personal health information with third parties.
1.3.1. Digital Advertising
We may partner with third party companies that collect data from our Services, as well as from other non-affiliated websites and mobile apps over time in order to infer what interests you to deliver more relevant advertising to your browser or device, as well as browsers and devices associated with it. These partners, however, do not collect or receive information about your responses to assessment questions answered on the Platform for advertising or marketing purposes. This type of advertising is known as interest-based advertising. To learn more about this type of advertising for your browser, and your choices about it for companies that participate in the Digital Advertising Alliance’s (“DAA”) WebChoices tool, you can visit www.aboutads.info/choices. To learn about your choices about this activity on your mobile device for companies that participate in the DAA’s AppChoices you can download the appropriate version of the app from www.youradchoices.com/appchoices.
We adhere to the DAA’s Self-Regulatory Principles. When you exercise choice through these tools, data will no longer be collected from that browser or device for interest-based advertising, and data collected from associated browsers or devices will not be used on the browser or device for interest-based advertising on the browser or device where choice was exercised. Note that you will still see advertising, but that advertising may be less relevant to your interests. If you use multiple browsers or devices, clear your cookies, or reset your device identifier, you may need to exercise choice again.
1.4. Payment Information
2. How We Use the Information
We use the information we collect to process transactions; provide you with the Services; solicit your feedback; provide information about our products, Services, or otherwise market to you; inform you about upcoming events, recipes, and special promotions; administer and process contests, promotions, and sweepstakes; analyze use of the Services; improve our Services; or as disclosed at the time of collection.
- How We Share the Information
We may share your information in the following situations:
- With service providers to provide services such as food services, delivery services, marketing assistance, information technology support, and customer service. These service providers will have access to the information only as necessary to perform their functions and to the extent permitted by law. We do not allow these service providers to share your information with others without our authorization or to use it for their own purposes;
- With our affiliates and subsidiaries;
- In the event of a business transaction or sale of all or part of our assets, including at bankruptcy;
- In response to a court order, subpoena, warrant, or as otherwise required to by law;
- To other parties with your consent or as disclosed at the time of collection; and
- To protect our rights and the rights of third parties.
We may also aggregate information together in order to operate, maintain, manage, and improve the Services. We may share this aggregated data with our affiliates, agents, and business partners. We may also disclose aggregated user statistics in order to describe our products and Services to current and prospective business partners and to other third parties for other lawful purposes.
- Accessing and Modifying Personal Information and Communication Preferences
If you have registered for the Services, you may access, review, and make changes to your Personal Information and Billing Information by following the instructions found on the Platform. In addition, you may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of any Bump marketing email.
- Data Security
We take reasonable and appropriate measures to help protect information we collect and maintain from loss and unauthorized access. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that the information you supply will not be intercepted while being transmitted to and from us over the Internet.
- Retention of Data
We have procedures in place regarding our retention periods which we keep under review taking into account our reasons for processing your personal data and the legal basis for doing so.
- Important Notice to European and Swiss Economic Area Residents
The Platform and the Services are operated in the United States. If you are located outside of the United States, please be aware that any information you provide to us will be transferred to the United States. By using the Services and/or providing us with any information, you consent to this transfer.
The following terms apply to transfers of personal data from the European and Swiss Economic Areas to the United States in connection with Bump’s services.
The U.S. Federal Trade Commission has jurisdiction over Bump’s compliance with this Policy, the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.
Notice. As explained above, Bump collects the data you provide when you take our health assessment, subscribe, use our chat services, email or call us, order a gift subscription, or enter a contest, promotion, or sweepstakes. Additionally, when you take our health assessment, for example, you may also voluntarily provide us with additional information about yourself such as your hobbies, personal interests, household income range, gender, number of children, and other demographic information. You may also voluntarily provide us with information about your health and diet, and product and service preferences. Bump will subject all personal information received from the EU in reliance on the Privacy Shield to the EU-U.S. and Swiss-U.S. Privacy Shield Principles. In cases of onward transfers of data, received pursuant to the EU-U.S. and Swiss-U.S. Privacy Shield, Bump is potentially liable.
Choice. Bump allows EEA and Swiss individuals to choose whether the personal information it has received is to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. An individual may opt-out of such uses of their personal information by emailing us at email@example.com.
Bump will obtain affirmative express consent from individuals to collect sensitive personal information if that information is to be disclosed to a third party or used for a purpose other than that for which it was originally collected or authorized by your choice to opt-in.
In certain situations, Bump may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Security. Bump takes reasonable and appropriate measures to protect personal data in our possession from loss, misuse, and unauthorized access, disclosure, alteration and destruction.
Data Integrity and Purpose Limitation. Bump will use personal information only in ways that are compatible with the purposes for which it was collected and subsequently authorized by the individual. Bump will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.
Access. If you have registered for the Services, you may access, review, and make changes to your Personal Information and Billing Information by following the instructions found on the Platform. You may request to correct, amend, or delete information where it is inaccurate, or has been processed in violation of the Principles. In addition, you may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of any Bump marketing email.
Dispute Resolution. If you have questions or concerns, please write to us at firstname.lastname@example.org. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal data in accordance with the Privacy Shield Principles.
In the event we are unable to resolve your concern, bump commits to cooperate with the relevant EU Data Protection Authority and the Swiss Federal Data Protection and Information Commissioner and comply with their advice regarding personal data transfers and the Privacy Shield Principles. Per the terms of the frameworks and under certain circumstances, you may invoke binding arbitration.
- Your GDPR Rights
This section applies to those who live in the European Union that use the Services and Platform.
Bump, in Denver, CO, United States, is the controller of any personal data it may collect, process and hold about you. We process personal information with your consent (e.g. when we process personal information to provide vitamin supplement recommendations), to fulfill a contract, provide you with customer service, or as required by law.
You have the right to the following:
- To request access to your personal information
- To data portability
- To rectify your personal information
- To object to the processing of your personal information
- To request the erasure of your personal information
- To restrict the processing of your personal information
- To withdraw consent to the processing of your personal information
You can exercise your rights by sending an email to email@example.com. You also have the right to lodge a complaint with your national Data Protection Authority.
Please note that Bump uses automated decision making processes (including solely-automated decision making processes) to provide certain Services (“Automated Processes”). The Automated Processes were created by our team of medical doctors, nutritionists, registered dietitians, and pharmacist. Automated Processes are used to provide you with your vitamin supplement recommendation using the health assessment by taking into account the personal information you provide to us. For example, the Automated Processes are designed not to process orders that contain supplements that interact with one another or contain more than a certain amount. These are called supplement/supplement interactions.
Human Involvement: Bump has a team comprised of professionals, nutritionists, and registered dieticians who review certain orders created by our Automated Processes. Whether an order is flagged for review by a human is determined by rules created by the team. Orders that may be flagged for review, for example, include orders that contain pills over a certain count limit, orders that may result in pill interaction errors, or orders that are a result of technical errors that may cause duplicate protocol distributions. Our Automated Processes are designed to set limits regarding supplement orders. There are certain situations when such orders can be bypassed by a team member manually changing a customer’s order on the back end before the order is fulfilled.
At any point, you have the right to object to the Automated Processes, request human intervention, express your point of view about our Automated Processes, or contest any vitamin supplement recommendations. To exercise such a right, please contact us at firstname.lastname@example.org.
- Children. Our Services and Platform are not directed to, or intended for, individuals under the age of 18 and we do not knowingly collect personal information from individuals under the age of 18. If you are under 18, please do not give us any information. If you believe that we have any such information, please notify us immediately using the contact information provided in Section 14 and we will delete the information as quickly as possible.
10. External Websites
- Notice to California Residents – Your California Privacy Rights
California Residents: Your California Privacy Rights
Last Revised: July 1, 2020.
11.1. Information We Collect About Our California Consumers
A. Types of Information We Collect
In the past twelve months we may have collected the following types of information:
|Category and Sources of Information||How We Collect this Information||How We Use the Information||How We Share This Information|
|Identifiers such as a real name, alias, date of birth, postal address, unique personal identifier, online identifier, Internet Protocol address, phone number, email address, account name or other similar identifiers||We collect this information from users who voluntarily provide such information when using our Platform, such as when signing up as a subscriber, using our chat services, entering a contest, promotion, or sweepstakes, or otherwise interacting with us. We may collect such information automatically or passively.||We use this information to provide our Services to you, improve user experience, and for data analysis and market research.||We share this information with our service providers.|
|Personal information categories listed in the Cal. Civ. Code § 1798.80(e)||We collect this information from users who voluntarily provide such information when using our Platform, such as when signing up for an account, or otherwise interacting with us. We may collect such information automatically or passively.||We use this information to provide our Services to you, improve user experience, and for data analysis and market research.||We share this information with our service providers.|
|Protected classifications under California or federal law||We collect this information from users who voluntarily provide such information when using our Platform.||We use this information to provide our Services to you, improve user experience, and for data analysis and market research.||We share this information with our service providers.|
|Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies||We collect this information from users who voluntarily provide such information when using our Platform.||We share this information with our service providers.|
|Biometric information||We collect certain physiological, biological, and behavioral information from users who voluntarily provide information about their health, diet, and lifestyle.||We do not share this information.|
|Internet or electronic network activity information (such as website activities and browsing history)||We collect this information from users’ browsers using cookies, tags, pixels, heat maps, screen grabs, and other similar technologies.||We use this information to improve user experience, and for data analysis and market research.||We share this information with our service providers.|
|Geolocation data||We collect this information from users’ IP addresses.||We use this information for data analysis and market research.||We share this information with our services providers.|
|Audio, electronic, visual, thermal, olfactory, or similar information||N/A||N/A||N/A|
|Professional or employment-related information||We collect certain information that users voluntarily provide about their household income range and other demographic information.||We do not share this information.|
|Inferences drawn from any of the information above||We only collect this information because users send it to us or are using our Platform.||We use this information to provide Services to you.||We share this information with our service providers.|
11.2. Your Rights as a California Consumer
As a California resident, you have certain rights regarding your personal information, which are described in detail below.
A. Opting Out of “Sales”
We do not sell your personal information.
B. Your Access Rights
You have the right to request from us the following information: (1) the categories of personal information we have collected about you; (2) the categories of sources from which your personal information is collected; (3) the business or commercial purpose for collecting or selling your personal information; (4) the categories of third parties with whom we share personal information; and (5) the specific pieces of personal information we have collected about you.
To the extent that we used any of your personal information for a business purpose, you have the right to request that we disclose to you: (1) the categories of personal information that we collected about you; (2) the categories of personal information that we sold about you and the categories of third parties to whom the personal information was sold, by category or categories of personal information for each third party to whom the personal information was sold; and (3) the categories of personal information that we disclosed about you for a business purpose.
C. Your Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete), or will instruct you on how to delete, your personal information from our records, unless an exception applies.
D. How to Exercise Your Rights
To exercise any of the rights listed above, please submit a verifiable consumer request, which must include your full name, email address, and phone number, by emailing us at email@example.com. You are not required to have an account with us in order to submit a request and we will only use personal information provided in a consumer request to verify the requestor’s identity or authority to make such a request. Please note you may only make a verifiable consumer request for access or data portability twice within a 12-month period. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. If we are unable to comply with a request, we will inform you of the reason why.
Please note that we must verify the identity of the requestor. You may designate an authorized agent to make a request on your behalf by providing proof of a valid power of attorney, your valid government issued identification, and the authorized agent’s valid government issued identification. We cannot respond to requests where the identity and authority of the requestor cannot be confirmed.
E. Non-Discrimination Policy
California residents that choose to exercise such rights will not be denied any goods or services, charged different prices or rates, or be provided a different level or quality of goods or services unless those differences are related to your personal information.
F. Shine the Light Disclosure
You may request and obtain from us once year, free of charge, information about the personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. To access this information, please email us at firstname.lastname@example.org.
G. “Do Not Track” Disclosures
We have disclosed our collection practices herein, but at this time, we do not honor do-not-track signals. Some of the third parties that we work with may honor such requests.
11.3. Changes to Our Privacy Notice for California Residents
- Contact Us