Twelve General Data Protection Regulation (GDPR) Statement
Effective May 15, 2020
Beginning May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) went into effect. These new regulations provide EU residents with greater control over what, how, why, where, and when their personally identifiable data is used, processed or disposed. The regulations expand these rights beyond the borders of the EU, applying to organizations, such as ours, that process personal data of EU residents (“Personal Data”). Nutrition With Danielle, LLC d/b/a Twelve (“Twelve”, “we”, “us” or “our”) has been committed to the privacy of our users, wherever located, since our inception and complying with GDPR principals is no exception.
Twelve either already meets or is implementing our obligations as a data processor and/or controller as applicable under GDPR. We are committed to periodically reviewing our policies and verifying our compliance with applicable law and our internal standards. This GDPR Statement (“Statement”) describes how Twelve collects, uses, and discloses certain personally identifiable information that we receive in the United States (“U.S.”) from the European Union; the European Economic Area, the United Kingdom, and Switzerland. In this Policy, the European Union, the European Economic Area, the United Kingdom, and Switzerland are collectively referred to as the “EU.”
1. Information We Collect
We adhere to the principles of the GDPR with respect to Personal Data provided by: (i) individuals who visit our website and voluntarily provide their information, and (ii) from our participants, vendors, contractors, affiliates, and agents.
Twelve provides educational programs, support research, and various types assistance with land use projects and related policy-making. Through providing such services, the Personal Data we may collect may include:
First and last names
Username and password for your Twelve account
Personal information you submit to us via our customer service methods or through leaving reviews and testimonials
Usage, viewing, and technical data, including device identifier and/or IP address, or location information
Log files, information collected by cookies or similar technologies about actions taken when accessing our platform
Data submitted through survey responses
2. Purposes of Personal Information Collection and Use
Twelve collects, uses and processes Personal Data for the purposes of:
Providing information about our services and projects
Providing services and support
Communicating with business partners, vendors, agents and contractors about business matters
Analysis of information in order to improve business practices and services
Conducting related tasks for legitimate business purposes
Other purposes disclosed at the time of collection
Compliance with legal requirements
Twelve will only process Personal Data in ways that are compatible with the purpose for which Twelve collected the Personal Data, or for purposes that the individual or participant providing the Personal Data authorizes. If Twelve desires to use your Personal Data for a purpose that is materially different than the purpose for which it was collected or that you authorized, we will provide you with the opportunity to opt in.
3. Data Transfer to Third Parties
Subcontractors. We transfer Personal Data to our subcontractors that perform consulting services and other functions on our behalf. We enter into written agreements with each of our subcontractors requiring them to provide the same level of protection that Twelve provides for its participants and as required by the GDPR, limiting their use of the Personal Data to the specified services provided on our behalf. We take reasonable and appropriate steps (i) to ensure that subcontractors process Personal Data in accordance with our company policies and GDPR obligations and (ii) to stop and remediate any unauthorized processing. We remain liable for the acts of our subcontractors that perform services on our behalf for their handling of Personal Data that we transfer to them.
Third Party Agents or Service Providers. We may transfer Personal Data to our third-party agents or service providers that perform functions on our behalf. You can access our current list of subprocessors here. We enter into written agreements with those third-party agents and service providers requiring them to provide the level of protection required by the GDPR if applicable to such third-party agents and service providers, and if not, then the same level of protection that Twelve provides, limiting their use of the Personal Data to the specified services provided on our behalf. We take reasonable and appropriate steps (i) to ensure that third-party agents and service providers process Personal Data in accordance with our company polies and GDPR obligations and (ii) to stop and remediate any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers that perform services on our behalf for their handling of Personal Data that we transfer to them.
4. Disclosures for National Security or Law Enforcement
Under certain circumstances, we may be required to disclose your Personal Data in response to valid requests by public authorities or to meet national security or law enforcement requirements.
Twelve maintains reasonable and appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction.
Remember that no method of transmission over the internet or method of electronic storage is 100% secure. Twelve cannot promise, and you should not expect, that your personal information or private communications will always remain private. Twelve cannot guarantee complete security.
Twelve currently stores user information via secure cloud-based web hosting services, provided by the Google Cloud Services, and the information is stored on servers located within the United States.
6. Access rights
You may have the right to access the Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of applicable law. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your Personal Data, you can submit a written request to the contact information provided below. We may request specific information from you to confirm your identity. If your Personal Data was provided to us by a Twelve subscribing user, we may facilitate your access to such data by directing you to the user that provided your data to us.
Twelve would like to make sure you are fully aware of all of your data protection rights under GDPR. If you are a resident of the EU, you are entitled to the following:
The right to access – You have the right to request Twelve provide you with copies of your personal data. We may charge you a small fee for this service.
The right to rectification – You have the right to request that Twelve correct any information you believe is inaccurate. You also have the right to request Twelve to complete the information you believe is incomplete. Please be advised that you may personally change this information at any time via your account Dashboard.
The right to erasure – You have the right to request that Twelve erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that Twelve restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to Twelve’s processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that Twelve transfer the data that we have collected to another organization, or directly to you, under certain conditions.
7. Staff and Responsibilities
Everyone who works for or with Twelve has some responsibility for ensuring data is collected, stored and handled appropriately. Only employees who need to access or know the Personal Data in order to accomplish their work have access to such Personal Data. Our employees that have access to Personal Data must ensure that it is handled and processed in line with this policy and data protection principles. The Manager of Nutrition with Danielle, LLC is ultimately responsible for ensuring that Twelve meets its legal obligations. Twelve has designated the Manager to oversee its information security policies and procedures, including its compliance with applicable law. The Manager shall review and approve any material changes to this policy as necessary.
8. Questions and Concerns
Any questions, concerns, or comments regarding this Statement or our use of your Personal Data, please contact us at:
Nutrition with Danielle, LLC
305 Hamilton Ave. Silver Spring, Maryland 20901
We reserve the right to amend this Policy from time to time consistent with GDPR requirements and other applicable law