Privacy Policy

Effective Date: July 1, 2020.

We at Bump Health, Inc. DBA BumpVitamins.com (“Bump,” “we,” “us,” or “our”) provide this privacy policy (“Privacy Policy”) to help inform you about how we collect information, how we use the information, and with whom we disclose such information. This Privacy Policy relates to our online services (the “Services”), which are available to you through a variety of platforms, including our website www.bumpvitamins.com (the “Website”), mobile application, and other interaction by telephone, e-mail, chat or other media (collectively, the “Platform”). Capitalized terms not defined in this Privacy Policy shall have the meaning set forth in our Terms of Use.

  1. The Information We Collect

1.1. Information You Provide to Us

We collect information you provide to us. For example, we collect information when you sign up to become a subscriber, email us, call us, order a gift subscription, or enter a contest, promotion, or sweepstakes. Such information may include your name, e-mail address, date of birth, mailing address, and phone number.

Additionally, when you take our health assessment, you may also voluntarily provide us with additional information about yourself such as your hobbies, personal interests, household income range, gender, number of children, and other demographic information. You may also voluntarily provide us with information about your health and diet, and product and service preferences.

1.2. Information We Collect Automatically

We automatically collect information about you when you access or use the Platform. Such information may include your IP address, browser type and language, referring and exit pages and URLs, date and time, amount of time spent on particular pages, what sections of the Website you visit, order information, device identifier, and other similar information concerning your use of the Services and Platform.

We may use cookies or similar technologies to help us collect information and to enhance your experience using the Services. Cookies are small packets of data that a website stores on your browser so that your computer will “remember” information about your visit. We use both session and persistent tracking technologies. For example, we collect information on our Platform through session cookies, which disappear when you close your Internet browser, and through persistent cookies, which remain on your computer until they are deleted. If you do not want the Platform to place a cookie on your hard drive or mobile device, you may be able to turn that feature off on your computer or mobile device. However, the Services may not function properly and your experience with the Platform and Services may be impacted.

Additionally, we use data analytics tools like Google Analytics and other third-party technologies to understand how users interact with our advertisements and Services. For more information, you can visit www.google.com/policies/privacy/partners/ (“How Google Uses Information From Sites Or Apps That Use Our Services”).

For more information about cookies and how to disable them or to opt out of receiving certain advertising tailored to you from third parties, please visit:

  • http://www.aboutads.info/choices/
  • https://policies.google.com/technologies/ads
  • http://optout.networkadvertising.org/?c=1#!%2F
  • http://www.networkadvertising.org/choices/
  • allaboutcookies.org/manage-cookies/

Options you select are browser and device specific.

1.3. Information from Other Sources

We may receive information from third parties that provide us with information about you from online and offline sources. These third parties may use cookies or other similar technologies. For example, we may use third party web analytics tools to help us provide you with a better experience, determine your interest in our products, and improve the quality of our offerings. Additionally, such third parties may collect and combine your email address with other information they have access to solely so that we may serve relevant marketing offers to you via direct email.

Bump does not share any personal health information with third parties.

1.3.1. Digital Advertising

We may partner with third party companies that collect data from our Services, as well as from other non-affiliated websites and mobile apps over time in order to infer what interests you to deliver more relevant advertising to your browser or device, as well as browsers and devices associated with it. These partners, however, do not collect or receive information about your responses to assessment questions answered on the Platform for advertising or marketing purposes. This type of advertising is known as interest-based advertising. To learn more about this type of advertising for your browser, and your choices about it for companies that participate in the Digital Advertising Alliance’s (“DAA”) WebChoices tool, you can visit www.aboutads.info/choices. To learn about your choices about this activity on your mobile device for companies that participate in the DAA’s AppChoices you can download the appropriate version of the app from www.youradchoices.com/appchoices.

We adhere to the DAA’s Self-Regulatory Principles. When you exercise choice through these tools, data will no longer be collected from that browser or device for interest-based advertising, and data collected from associated browsers or devices will not be used on the browser or device for interest-based advertising on the browser or device where choice was exercised. Note that you will still see advertising, but that advertising may be less relevant to your interests. If you use multiple browsers or devices, clear your cookies, or reset your device identifier, you may need to exercise choice again.

1.4. Payment Information

When you sign up to become a subscriber or order a gift subscription, you provide certain payment information. Such information may include a debit card number, credit card number, and similar information (collectively, the “Billing Information”) in order to complete your transaction. Billing Information is collected and processed through third-party vendors pursuant to the terms and conditions of their privacy policies and terms of use.

2. How We Use the Information

We use the information we collect to process transactions; provide you with the Services; solicit your feedback; provide information about our products, Services, or otherwise market to you; inform you about upcoming events, recipes, and special promotions; administer and process contests, promotions, and sweepstakes; analyze use of the Services; improve our Services; or as disclosed at the time of collection.

  1. How We Share the Information

We may share your information in the following situations:

  • With service providers to provide services such as food services, delivery services, marketing assistance, information technology support, and customer service. These service providers will have access to the information only as necessary to perform their functions and to the extent permitted by law. We do not allow these service providers to share your information with others without our authorization or to use it for their own purposes;
  • With our affiliates and subsidiaries;
  • In the event of a business transaction or sale of all or part of our assets, including at bankruptcy;
  • In response to a court order, subpoena, warrant, or as otherwise required to by law;
  • To other parties with your consent or as disclosed at the time of collection; and
  • To protect our rights and the rights of third parties.

We may also aggregate information together in order to operate, maintain, manage, and improve the Services. We may share this aggregated data with our affiliates, agents, and business partners. We may also disclose aggregated user statistics in order to describe our products and Services to current and prospective business partners and to other third parties for other lawful purposes.

  1. Accessing and Modifying Personal Information and Communication Preferences

If you have registered for the Services, you may access, review, and make changes to your Personal Information and Billing Information by following the instructions found on the Platform. In addition, you may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of any Bump marketing email.

  1. Data Security

We take reasonable and appropriate measures to help protect information we collect and maintain from loss and unauthorized access. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that the information you supply will not be intercepted while being transmitted to and from us over the Internet.

  1. Retention of Data

In broad terms, we retain your personal data for as long as is necessary for the purposes described in this Privacy Policy. This means that the retention periods will vary according to the type of the data and the reason that we have the data.

We have procedures in place regarding our retention periods which we keep under review taking into account our reasons for processing your personal data and the legal basis for doing so.

  1. Important Notice to European and Swiss Economic Area Residents

The Platform and the Services are operated in the United States. If you are located outside of the United States, please be aware that any information you provide to us will be transferred to the United States. By using the Services and/or providing us with any information, you consent to this transfer.

The following terms apply to transfers of personal data from the European and Swiss Economic Areas to the United States in connection with Bump’s services.

Certification. Bump complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Bump has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield Framework, and to view our certification, please visit the Privacy Shield website.

The U.S. Federal Trade Commission has jurisdiction over Bump’s compliance with this Policy, the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.

Notice. As explained above, Bump collects the data you provide when you take our health assessment, subscribe, use our chat services, email or call us, order a gift subscription, or enter a contest, promotion, or sweepstakes. Additionally, when you take our health assessment, for example, you may also voluntarily provide us with additional information about yourself such as your hobbies, personal interests, household income range, gender, number of children, and other demographic information. You may also voluntarily provide us with information about your health and diet, and product and service preferences. Bump will subject all personal information received from the EU in reliance on the Privacy Shield to the EU-U.S. and Swiss-U.S. Privacy Shield Principles. In cases of onward transfers of data, received pursuant to the EU-U.S. and Swiss-U.S. Privacy Shield, Bump is potentially liable.

Choice. Bump allows EEA and Swiss individuals to choose whether the personal information it has received is to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. An individual may opt-out of such uses of their personal information by emailing us at support@bumpvitamins.com.

Bump will obtain affirmative express consent from individuals to collect sensitive personal information if that information is to be disclosed to a third party or used for a purpose other than that for which it was originally collected or authorized by your choice to opt-in.

Transfers to Third-Parties. Bump may transfer personal data to third-party agents or service providers who perform functions on our behalf, as described in Section 3 of this privacy policy. In such cases, we will take reasonable and appropriate measures to ensure that our third-party agents and service providers process personal data in accordance with our Privacy Shield obligations. Under certain circumstances, we remain liable under the Privacy Shield Principles if third-party agents that we engage to process personal data on our behalf do so in a manner inconsistent with the Privacy Shield Principles.

In certain situations, Bump may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Security. Bump takes reasonable and appropriate measures to protect personal data in our possession from loss, misuse, and unauthorized access, disclosure, alteration and destruction.

Data Integrity and Purpose Limitation. Bump will use personal information only in ways that are compatible with the purposes for which it was collected and subsequently authorized by the individual. Bump will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.

Access. If you have registered for the Services, you may access, review, and make changes to your Personal Information and Billing Information by following the instructions found on the Platform. You may request to correct, amend, or delete information where it is inaccurate, or has been processed in violation of the Principles. In addition, you may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of any Bump marketing email.

Dispute Resolution. If you have questions or concerns, please write to us at support@bumpvitamins.com. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal data in accordance with the Privacy Shield Principles.

In the event we are unable to resolve your concern, bump commits to cooperate with the relevant EU Data Protection Authority and the Swiss Federal Data Protection and Information Commissioner and comply with their advice regarding personal data transfers and the Privacy Shield Principles. Per the terms of the frameworks and under certain circumstances, you may invoke binding arbitration.

  1. Your GDPR Rights

This section applies to those who live in the European Union that use the Services and Platform.

Bump, in Denver, CO, United States, is the controller of any personal data it may collect, process and hold about you. We process personal information with your consent (e.g. when we process personal information to provide vitamin supplement recommendations), to fulfill a contract, provide you with customer service, or as required by law.

You have the right to the following:

  • To request access to your personal information
  • To data portability
  • To rectify your personal information
  • To object to the processing of your personal information
  • To request the erasure of your personal information
  • To restrict the processing of your personal information
  • To withdraw consent to the processing of your personal information

You can exercise your rights by sending an email to support@bumpvitamins.com. You also have the right to lodge a complaint with your national Data Protection Authority.

Please note that Bump uses automated decision making processes (including solely-automated decision making processes) to provide certain Services (“Automated Processes”). The Automated Processes were created by our team of medical doctors, nutritionists, registered dietitians, and pharmacist. Automated Processes are used to provide you with your vitamin supplement recommendation using the health assessment by taking into account the personal information you provide to us. For example, the Automated Processes are designed not to process orders that contain supplements that interact with one another or contain more than a certain amount. These are called supplement/supplement interactions.

Human Involvement: Bump has a team comprised of professionals, nutritionists, and registered dieticians who review certain orders created by our Automated Processes. Whether an order is flagged for review by a human is determined by rules created by the team. Orders that may be flagged for review, for example, include orders that contain pills over a certain count limit, orders that may result in pill interaction errors, or orders that are a result of technical errors that may cause duplicate protocol distributions. Our Automated Processes are designed to set limits regarding supplement orders. There are certain situations when such orders can be bypassed by a team member manually changing a customer’s order on the back end before the order is fulfilled.

At any point, you have the right to object to the Automated Processes, request human intervention, express your point of view about our Automated Processes, or contest any vitamin supplement recommendations. To exercise such a right, please contact us at support@bumpvitamins.com.

  1. Children. Our Services and Platform are not directed to, or intended for, individuals under the age of 18 and we do not knowingly collect personal information from individuals under the age of 18. If you are under 18, please do not give us any information. If you believe that we have any such information, please notify us immediately using the contact information provided in Section 14 and we will delete the information as quickly as possible.

10. External Websites

The Platform may contain links to third-party websites. Bump has no control over the privacy practices or the content of any of our business partners, advertisers, sponsors, or other websites to which we provide links. As such, we are not responsible for the content or the privacy policies of those third-party websites. You should check the applicable third-party privacy policy and terms of use when visiting any other websites.

  1. Notice to California Residents – Your California Privacy Rights

California Residents: Your California Privacy Rights

Last Revised: July 1, 2020.

This Privacy Notice For California Residents (“CA Privacy Notice”) supplements the information contained in the Privacy Policy (“we,” “us,” or “our”) and applies solely to visitors, purchasers, users, and others who reside in the State of California (“California Consumers” or “you” or “users”), and who use our Platform, as referenced in the Privacy Policy.

11.1. Information We Collect About Our California Consumers

A. Types of Information We Collect

In the past twelve months we may have collected the following types of information:

Category and Sources of Information How We Collect this Information How We Use the Information How We Share This Information
Identifiers such as a real name, alias, date of birth, postal address, unique personal identifier, online identifier, Internet Protocol address, phone number, email address, account name or other similar identifiers We collect this information from users who voluntarily provide such information when using our Platform, such as when signing up as a subscriber, using our chat services, entering a contest, promotion, or sweepstakes, or otherwise interacting with us. We may collect such information automatically or passively. We use this information to provide our Services to you, improve user experience, and for data analysis and market research. We share this information with our service providers.
Personal information categories listed in the Cal. Civ. Code § 1798.80(e) We collect this information from users who voluntarily provide such information when using our Platform, such as when signing up for an account, or otherwise interacting with us. We may collect such information automatically or passively. We use this information to provide our Services to you, improve user experience, and for data analysis and market research. We share this information with our service providers.
Protected classifications under California or federal law We collect this information from users who voluntarily provide such information when using our Platform. We use this information to provide our Services to you, improve user experience, and for data analysis and market research. We share this information with our service providers.
Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies We collect this information from users who voluntarily provide such information when using our Platform. We use this information to provide our Services to you, improve user experience, and for data analysis and market research. We share this information with our service providers.
Biometric information We collect certain physiological, biological, and behavioral information from users who voluntarily provide information about their health, diet, and lifestyle. We use this information to provide our Services to you, improve user experience, and for data analysis and market research. We do not share this information.
Internet or electronic network activity information (such as website activities and browsing history) We collect this information from users’ browsers using cookies, tags, pixels, heat maps, screen grabs, and other similar technologies. We use this information to improve user experience, and for data analysis and market research. We share this information with our service providers.
Geolocation data We collect this information from users’ IP addresses. We use this information for data analysis and market research. We share this information with our services providers.
Audio, electronic, visual, thermal, olfactory, or similar information N/A N/A N/A
Professional or employment-related information We collect certain information that users voluntarily provide about their household income range and other demographic information. We use this information to provide our Services to you, improve user experience, and for data analysis and market research. We do not share this information.
Education information N/A N/A N/A
Inferences drawn from any of the information above We only collect this information because users send it to us or are using our Platform. We use this information to provide Services to you. We share this information with our service providers.

 

11.2. Your Rights as a California Consumer

As a California resident, you have certain rights regarding your personal information, which are described in detail below.

A. Opting Out of “Sales”

We do not sell your personal information.

B. Your Access Rights

You have the right to request from us the following information: (1) the categories of personal information we have collected about you; (2) the categories of sources from which your personal information is collected; (3) the business or commercial purpose for collecting or selling your personal information; (4) the categories of third parties with whom we share personal information; and (5) the specific pieces of personal information we have collected about you.

To the extent that we used any of your personal information for a business purpose, you have the right to request that we disclose to you: (1) the categories of personal information that we collected about you; (2) the categories of personal information that we sold about you and the categories of third parties to whom the personal information was sold, by category or categories of personal information for each third party to whom the personal information was sold; and (3) the categories of personal information that we disclosed about you for a business purpose.

C. Your Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete), or will instruct you on how to delete, your personal information from our records, unless an exception applies.

D. How to Exercise Your Rights

To exercise any of the rights listed above, please submit a verifiable consumer request, which must include your full name, email address, and phone number, by emailing us at support@bumpvitamins.com. You are not required to have an account with us in order to submit a request and we will only use personal information provided in a consumer request to verify the requestor’s identity or authority to make such a request. Please note you may only make a verifiable consumer request for access or data portability twice within a 12-month period. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. If we are unable to comply with a request, we will inform you of the reason why.

Please note that we must verify the identity of the requestor. You may designate an authorized agent to make a request on your behalf by providing proof of a valid power of attorney, your valid government issued identification, and the authorized agent’s valid government issued identification. We cannot respond to requests where the identity and authority of the requestor cannot be confirmed.

E. Non-Discrimination Policy

California residents that choose to exercise such rights will not be denied any goods or services, charged different prices or rates, or be provided a different level or quality of goods or services unless those differences are related to your personal information.

F. Shine the Light Disclosure

You may request and obtain from us once year, free of charge, information about the personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. To access this information, please email us at support@bumpvitamins.com.

G. “Do Not Track” Disclosures

We have disclosed our collection practices herein, but at this time, we do not honor do-not-track signals. Some of the third parties that we work with may honor such requests.

11.3. Changes to Our Privacy Notice for California Residents

This CA Privacy Notice is effective as of the date stated at the top of this CA Privacy Notice. We may change this Privacy Policy from time to time and will post any changes on the Platform as soon as they go into effect. By accessing the Platform or using the Services after we make any such changes to this Privacy Policy, you are deemed to have acknowledged such changes. Please refer back to this Privacy Policy on a regular basis.

11.4. Contact

If you have questions or concerns about this Privacy Policy, you can send an e-mail to support@bumpvitamins.com.

  1. Changes to This Privacy Policy

This Privacy Policy is effective as of the date stated at the top of this Privacy Policy. We may change this Privacy Policy from time to time and will post any changes on the Platform as soon as they go into effect. By accessing the Platform or using the Services after we make any such changes to this Privacy Policy, you are deemed to have acknowledged such changes. Please refer back to this Privacy Policy on a regular basis.

  1. Contact Us

If you have questions or concerns about this Privacy Policy, you can send an e-mail to support@bumpvitamins.com.