GDPR (Updated April 22, 2020)
The aim of the GDPR is to protect natural persons (EU/EEA Citizens) in relation to the processing of their personal data. The regulation applies to those within the EU/EEA which may hold such data, but also to those outside the EU/EEA which may offer goods or services to natural persons within that area, or send personal data to organization’s within the EU/EEA, or send personal data to recipients within the EU/EEA. HealthFit Web Services LLC, dba Ancient City Ways Inc. to now be referenced as (ACW) in this privacy notice, a US Based company, may offer goods or services to natural persons of the EU/EEA from time to time via its websites as it is possible for these natural persons to find and visit our websites, therefore certain principles and rights exist for these natural persons that ACW takes into consideration. As Defined in Article 4 (6), ACW is to be considered a Data Controller. A Data Controller has certain obligations to natural persons (EU/EEA Citizens) when processing and storing your Personal data.
Data Controller obligations:
- Data must be available to the data subject.
- Describe what data will be collected and for what purposes.
- Detail any recipients who will receive the data, including if will be transferred outside EEA, and how data will be protected with onward transfer.
- If any legitimate interests exist in collecting and/or processing the data.
- Describe data retention and/or storage periods, or the criteria used to determine retention periods.
- Describe data subject rights, and how a data subject can exercise his/her rights.
- Details around any uses of automated decision-making.
Personal Data Collection
Processing of your EU/EEA personal data may only apply under certain conditions, such as receiving your express consent or where processing is a necessary consequence of the establishment, exercise or defense of legal claims, or wherever courts are acting in their judicial capacity. ACW has updated its privacy policies to notify EU/EEA citizens of their rights and also to be transparent where applicable of what information ACW collects and how we process data of EU/EEA citizen’s personal data.
ACW DOES NOT collect what is to be considered sensitive personal data as some of the examples of such data include: race, ethnic background, religious/political affiliations and health and medical information about a data subject.
ACW DOES collect certain personal data in order for ACW to provide its products and services to EU/EEA citizens upon receiving express consent. This personal data may include one or more of the following data attributes, dependent upon the submission form, order form, and other data entry points and data attributes filled out by the EU/EEA citizen:
- First Name
- Last Name
- Email Address
- Phone Number
In addition, before receiving express consent, there will be transparent and plain language that states ACW may use this information for marketing purposes. Marketing is defined as sending internal and 3rd party offers that may be of interest to the EU/EEA citizen. Methods of communicating these offers include email, text, ad display, push notifications, and phone. EU/EEA citizens have the right to opt out at any time by following the opt out instructions included in the marketing materials or by contacting us at email@example.com. Please see the section Right of the EU/EEA Data Subject for more information below.
ACW DOES collect the following data upon visiting our website(s) which Include
- IP Address
- Metadata (browser version, device name, etc.)
- Cookie Data (expiring no more than 30 days)
The purpose of this data is to enhance user experience, and allows us to view visitors geo location, time on site, what device the user used to access our site, what browser version so we can better format and properly display pages to enhance viewing. Cookies may be used to remember settings or preferences from visitors or to not display the same advertisement or tailor or track advertisements. EU/EEA citizens will have the right to request cookie deletion and ACW will work on those requests to the best of our ability. All requests can be sent to firstname.lastname@example.org.
ACW to the best of its ability have reviewed its vendors and have listed their GDPR policies with the following found links above.
Rights of the EU/EEA Data Subject
EU/EEA citizens have rights to transparency, access, updating, restrict processing and which may also include to be forgotten.
Below is a summary of the rights which the data subject has, including the right to request information.
Under the GDPR what does this mean to you? As owners of your data, you are granted rights and data controllers who process and/or store your information, are required under GDPR to comply with your data requests. ACW will respond to all requests in a reasonable time frame and in a courteous manner. ACW will also store data no longer than necessarily needed as part of its data minimization practices:
- Right to Access (Article 15): You have the right to request a copy of your personal data that ACW has collected on you. Please send requests to email@example.com. We will comply with this request in a timely manner to not be more than 30 days.
- Right to Rectification (Article 16): You have the right to change inaccurate information of the data we have on you. For example, if you have a different email address or there is a typo or misspelling in your name you can send ACW a request to update this information. Please send all update requests to firstname.lastname@example.org. We will comply with this request in a timely manner to not be more than 30 days.
- Right to Erasure (Article 17): You have the right to request to delete your data. You may request for ACW to delete all existing personal data. You may also with to withdraw consent to not receive any future communications from ACW. We will honor these requests in a timely manner not to exceed more than 30 days. Please send Right to Erasure requests to email@example.com
- Right to Restriction of Processing (Article 18) You may request that ACW stops using tracking data. Examples of tracking or behavior based tracking may include impressions, site visits, website clicks, and what pages you have visited and the time and duration on those pages. Please send Rights to Restrictions requests to firstname.lastname@example.org
- Right to Data Portability (Article 20): In some cases, you may have the right to request that we move your data or transfer your data to another provider. Please send Right to Data Portability requests to email@example.com
- ACW takes data security and the protection of a data subject’s information very seriously. ACW has created al Data Protection Policy information that the company follows as a guideline to ensure best practices and guidelines of the security of data.
Data Breach of Data Subject
- In case of a data Breach ACW will inform such a breach occurred to a supervisory authority within 72 hours of the breach, if high risk impact is likely to data subjects.
- If appropriate ACW will give notice to the Data Subject