Twelve General Data Protection Regulation (GDPR) Statement

Effective May 15, 2020

Beginning May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) went into effect. These new regulations provide EU residents with greater control over what, how, why, where, and when their personally identifiable data is used, processed or disposed. The regulations expand these rights beyond the borders of the EU, applying to organizations, such as ours, that process personal data of EU residents (“Personal Data”). Nutrition With Danielle, LLC d/b/a Twelve (“Twelve”, “we”, “us” or “our”) has been committed to the privacy of our users, wherever located, since our inception and complying with GDPR principals is no exception.

Twelve either already meets or is implementing our obligations as a data processor and/or controller as applicable under GDPR. We are committed to periodically reviewing our policies and verifying our compliance with applicable law and our internal standards. This GDPR Statement (“Statement”) describes how Twelve collects, uses, and discloses certain personally identifiable information that we receive in the United States (“U.S.”) from the European Union; the European Economic Area, the United Kingdom, and Switzerland. In this Policy, the European Union, the European Economic Area, the United Kingdom, and Switzerland are collectively referred to as the “EU.”

1. Information We Collect

We adhere to the principles of the GDPR with respect to Personal Data provided by: (i) individuals who visit our website and voluntarily provide their information, and (ii) from our participants, vendors, contractors, affiliates, and agents.

Twelve provides educational programs, support research, and various types assistance with land use projects and related policy-making. Through providing such services, the Personal Data we may collect may include:

  1. First and last names

  2. Email addresses

  3. Phone numbers

  4. Mailing Address

  5. Username and password for your Twelve account

  6. Personal information you submit to us via our customer service methods or through leaving reviews and testimonials

  7. Usage, viewing, and technical data, including device identifier and/or IP address, or location information

  8. Billing information

  9. Log files, information collected by cookies or similar technologies about actions taken when accessing our platform

  10. Data submitted through survey responses

2. Purposes of Personal Information Collection and Use

Twelve collects, uses and processes Personal Data for the purposes of:

  1. Providing information about our services and projects

  2. Providing services and support

  3. Communicating with business partners, vendors, agents and contractors about business matters

  4. Analysis of information in order to improve business practices and services

  5. Conducting related tasks for legitimate business purposes

  6. Other purposes disclosed at the time of collection

  7. Compliance with legal requirements

Twelve will only process Personal Data in ways that are compatible with the purpose for which Twelve collected the Personal Data, or for purposes that the individual or participant providing the Personal Data authorizes. If Twelve desires to use your Personal Data for a purpose that is materially different than the purpose for which it was collected or that you authorized, we will provide you with the opportunity to opt in.

3. Data Transfer to Third Parties

  1. Subcontractors. We transfer Personal Data to our subcontractors that perform consulting services and other functions on our behalf. We enter into written agreements with each of our subcontractors requiring them to provide the same level of protection that Twelve provides for its participants and as required by the GDPR, limiting their use of the Personal Data to the specified services provided on our behalf. We take reasonable and appropriate steps (i) to ensure that subcontractors process Personal Data in accordance with our company policies and GDPR obligations and (ii) to stop and remediate any unauthorized processing. We remain liable for the acts of our subcontractors that perform services on our behalf for their handling of Personal Data that we transfer to them.

  2. Third Party Agents or Service Providers. We may transfer Personal Data to our third-party agents or service providers that perform functions on our behalf. You can access our current list of subprocessors here. We enter into written agreements with those third-party agents and service providers requiring them to provide the level of protection required by the GDPR if applicable to such third-party agents and service providers, and if not, then the same level of protection that Twelve provides, limiting their use of the Personal Data to the specified services provided on our behalf. We take reasonable and appropriate steps (i) to ensure that third-party agents and service providers process Personal Data in accordance with our company polies and GDPR obligations and (ii) to stop and remediate any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers that perform services on our behalf for their handling of Personal Data that we transfer to them.

4. Disclosures for National Security or Law Enforcement

Under certain circumstances, we may be required to disclose your Personal Data in response to valid requests by public authorities or to meet national security or law enforcement requirements.

5. Security

Twelve maintains reasonable and appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction.

Remember that no method of transmission over the internet or method of electronic storage is 100% secure. Twelve cannot promise, and you should not expect, that your personal information or private communications will always remain private. Twelve cannot guarantee complete security.

Twelve currently stores user information via secure cloud-based web hosting services, provided by the Google Cloud Services, and the information is stored on servers located within the United States.

6. Access rights

You may have the right to access the Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of applicable law. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your Personal Data, you can submit a written request to the contact information provided below. We may request specific information from you to confirm your identity. If your Personal Data was provided to us by a Twelve subscribing user, we may facilitate your access to such data by directing you to the user that provided your data to us.

Twelve would like to make sure you are fully aware of all of your data protection rights under GDPR. If you are a resident of the EU, you are entitled to the following:

The right to access – You have the right to request Twelve provide you with copies of your personal data. We may charge you a small fee for this service.

The right to rectification – You have the right to request that Twelve correct any information you believe is inaccurate. You also have the right to request Twelve to complete the information you believe is incomplete. Please be advised that you may personally change this information at any time via your account Dashboard.

The right to erasure – You have the right to request that Twelve erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that Twelve restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to Twelve’s processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that Twelve transfer the data that we have collected to another organization, or directly to you, under certain conditions.

7. Staff and Responsibilities

Everyone who works for or with Twelve has some responsibility for ensuring data is collected, stored and handled appropriately. Only employees who need to access or know the Personal Data in order to accomplish their work have access to such Personal Data. Our employees that have access to Personal Data must ensure that it is handled and processed in line with this policy and data protection principles. The Manager of Nutrition with Danielle, LLC is ultimately responsible for ensuring that Twelve meets its legal obligations. Twelve has designated the Manager to oversee its information security policies and procedures, including its compliance with applicable law. The Manager shall review and approve any material changes to this policy as necessary.

8. Questions and Concerns

Any questions, concerns, or comments regarding this Statement or our use of your Personal Data, please contact us at:

Nutrition with Danielle, LLC
d/b/a Twelve
Attn: GDPR
305 Hamilton Ave. Silver Spring, Maryland 20901

We reserve the right to amend this Policy from time to time consistent with GDPR requirements and other applicable law