Policies

Thank you for visiting one of our websites (“Cluster” or “ByHeart,” individually the “Site” or collectively the “Sites”) at cluster.byheart.com or ByHeart.com. BYHEART, INC. (“ByHeart,” “we,” or “us”) is committed to treating the personal and corporate information of our Site users (“Users”) with respect and sensitivity. To that end, we have issued this Privacy Policy (“Privacy Policy” or “Policy”) and enacted improved privacy practices so that we can better safeguard your data and remain transparent about the process. This Site also uses cookies to personalize your experience and target advertising. By continuing to use our Site, you accept the terms of this Privacy Policy, along with our Terms of Use and Terms of Service.

This Privacy Policy (together with our Terms of Use and any and all other policies, terms, and agreements referenced herein) identifies how we will collect and process any personally identifiable information that we collect from you (such as your name, username, email address, password, home address, Social Security Number, driver’s license number or non-driver identification card number, account number(s) and credit or debit card number(s) in combination with other identifiable data, unique physical or digital representations, and answers to security questions), or that you provide to us (collectively, “Personally Identifiable Information”).

For compliance with state-specific and European privacy policies, see Addendum A.

As our services and the functionalities of the Site evolve and we perceive the need or desirability of using the personal information that we have collected in other ways, we may update or amend this Privacy Policy. The effective date, which represents the date that the Policy was last updated or amended, appears at the top of this Privacy Policy. We encourage you to check our Site frequently to review the Policy currently in effect and make note of any changes that may have been made to it.

By providing your Personally Identifiable Information to us in any format (e.g., via web form, email, telephone, fax, or in person) and continuing to use any of our services or accessing our Site, YOU ACCEPT AND CONSENT TO THE PRACTICES DESCRIBED IN THIS PRIVACY POLICY.

If you choose to visit our Site, your visit and any dispute over your privacy is subject to this Policy and our Terms of Use, including the latter’s provisions concerning limitations on damages, resolution of disputes, and application of the laws of the State of New York. If you have any concern about our privacy practices, please contact us with a thorough description of your concern and we will try to arrive at a resolution that satisfies you.


CONTACT US

This Site is owned and operated by ByHeart, Inc. If you have any questions or suggestions with respect to this Privacy Policy or our privacy practices, please email us at hello@byheart.com, or you can contact us via mail at:

ByHeart, Inc.
131 Varick Street, 11th Floor
New York, NY 10013


INTRODUCTION

This Privacy Policy describes how ByHeart collects, uses, and shares information about visitors to and Users of our Site, individuals who contact us, make purchases, or request information, and other Users of our services. The Site and our other services are the “Services.” This Policy describes how we obtain and use both personal data (which can be used to identify a specific individual) and anonymous data (which cannot).

Region-specific provisions. Certain provisions of this Privacy Policy, which are clearly labelled in Addendum A, apply only to Users who are citizens or residents of particular regions (e.g., the EU, Nevada, or California). Otherwise, the Policy applies to all Users of our Services, regardless of location.

Children. The Services of ByHeart are not directed to children. If you become aware that a child (based on the jurisdiction where the child lives, which in the United States means someone under the age of thirteen (13)) has provided us with personal data or Personally Identifiable Information without parental consent, please contact us at the location identified above in the Contact Us section.

We collect information and data that you enter on our Site or otherwise volunteer to us when you contact us to, among other things, set up an Account, interact with experts, interact with or review our products or services on our Site or third party sites, request information, make purchases, or access or use the Site. You can choose not to provide certain information, but then you might not be able to take advantage of many of our features.

For purposes of this Policy, Personally Identifiable Information means information (whether stored electronically or in paper-based filing systems) relating to a living individual who can be identified from that data (or from that data and other information in our possession). Personally Identifiable Information comprises the categories of Personal Information defined by the CCPA (effective July 1, 2020) and the categories of Personally Identifiable Information defined in the New York Stop Hacks and Improve Electronic Data Security Act of 2020 (the “SHIELD Act,” effective March 21, 2020), which include:

Identifiers
Name; home address; email address; phone number; Social Security Number; driver’s license number; non-driver identification card number

Other Data
Financial information, including account number(s) and credit and debit card number(s) in combination with any required security code, access code, password, or other information that would permit access to an individual’s financial account; medical information; health insurance information

Protected Classes
Race; gender; sexual orientation; religion

Commercial Information
Records of personal property; records of purchasing or consuming histories or tendencies

Biometric Information
Data generated by electronic measurements of an individual’s unique physical characteristics, such as a fingerprint; voice print; retina or iris image; or other unique physical representation or digital representation of biometric data that are used to authenticate or ascertain the individual’s identity;

Internet Activity
Browsing history; search history; Internet Protocol (“IP”) address; website interactions

Geolocation Data
Global Positioning System (GPS) coordinates; location history

Sensory Data
Audio; electronic; visual; thermal; olfactory

Professional Data
Resume; curriculum vitae (“CV”); employment history

Education Data
Educational background; grades; test scores

Inferences
Any inference drawn from the above categories, such as personal preferences; characteristics; attitudes; predispositions; abilities; aptitudes; intelligence; and psychological traits

The above examples are not meant to provide an exhaustive list, but are examples of the kinds of data included in each category. IT IS IMPORTANT TO NOTE THAT BYHEART DOES NOT COLLECT PERSONALLY IDENTIFIABLE INFORMATION IN EVERY ONE OF THESE CATEGORIES. We identify below the categories of information that we do collect.

ByHeart collects only the Personally Identifiable Information that is relevant for the purposes for which the information or data is requested. We do not use your Personally Identifiable Information in any way that is incompatible with the purposes for which it was collected or for which you have consented.


INFORMATION THAT YOU GIVE US

When you access, use, or contact us through our Site, correspond with us
by phone, e-mail, or otherwise, or interact with us online, we may collect Personally Identifiable Information from you that may include:

Identifiers: first and last names, email address, phone number(s)

Other Data (California Civil Code § 1798.80(e)) and Financial Information (SHIELD Act): credit card and account information collected when you purchase products or services; medical and health data that you may contribute voluntarily

Protected Classes: race, gender, sexual orientation, religion

Professional Data: where relevant and applicable, professional data and education information such as resume or CV and education history; information about the ByHeart programs, products and activities with which you have engaged or participated in; details about our interactions with you and the agreements you have executed with us; any information you choose to provide about yourself or your household; publicly available information related to your practice, such as license information, disciplinary history, prior litigation and regulatory proceedings, and other due diligence related information

User-Generated Content: your communications with us and any other comments and content you
provide about your use of our services and products (such as posts on our social media pages and reviews left on the Site or through third-party review platforms such as Yotpo)

Inferences: information about your goals and aspirations for our services and products, or inferences derived from that information

We do not collect or receive Biometric Information or Sensory Data.


INFORMATION THAT WE COLLECT AUTOMATICALLY

Internet Activity: When you visit our Site, our web server automatically collects and stores the following information:

The IP address used to connect your computer to the Internet, referring website address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform

Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), pages on our Site that you viewed, page response times, download errors, duration of page visits, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service or other phone number(s)

Our Site uses cookies and pixel tags to collect this information.


INFORMATION THAT WE RECEIVE FROM OTHER SOURCES

This is information that we receive about you from third parties who operate other websites or services that we use in order to provide our products and services to you, or for proper functioning and maintenance of our Site itself. We work closely with third parties, including (for example) business partners, promoters, affiliates, and sub-contractors in technical, payment, and delivery services, advertising networks, marketing analytics providers, and search information providers. We will notify you when we receive information about you from them and the purposes for which we intend to use that information.

COOKIES
Our Site uses cookies to personalize your experience, and we recommend that you review our Cookie Policy.

INFORMATION THAT YOU GIVE US

We will use this information:

to provide you with the Services that you request from us;

to carry out our obligations arising from the Terms of Use;

to contact you in the future to provide you with information about other products and services that we offer, or that are offered by our affiliates or third party vendors;

to notify you about changes to our Services;

to comply with applicable laws and regulations;

to determine additional ByHeart materials, services, or events to recommend and market to you;

to provide advertising of ByHeart and its products and services on other websites and platforms;

to perform direct marketing of products and services offered by ByHeart and our affiliates;

for training purposes, quality assurance, and to record details about the products and services that you use or order from us;

to make inquiries about you for credit reference purposes; and

to perform data analyses (including anonymization and aggregation of Personally Identifiable Information).


INFORMATION THAT WE COLLECT ABOUT YOU

We will use this information:

to provide targeted advertising and marketing services;

to administer our Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical, and survey purposes;

to improve our Site to ensure that content is presented in the most effective manner for you and for your computer; and

as part of our efforts to keep our site safe and secure.


INFORMATION THAT WE RECEIVE FROM OTHER SOURCES

We will combine this information with information that you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information that we receive).


DO WE SHARE YOUR INFORMATION WITH ANY THIRD PARTIES?

ByHeart does not sell your Personally Identifiable Information to any third parties. To provide the Services, we sometimes disclose Personally Identifiable Information in the form of aggregated, anonymized data to service providers. We currently use Google Analytics (traffic analysis, SEO optimization), Klaviyo (mailing list management), Segment (customer data management and integration), and Shopify (e-commerce).

We also use social buttons provided by services like LinkedIn and Facebook. Your use of these third party services is entirely optional. We are not responsible for the privacy policies and/or practices of these third party services, and you are responsible for reading and understanding those third party services’ privacy policies.

We employ and contract with people and other entities that perform certain tasks on our behalf and who are under our control (our “Agents”). We may need to share personal information with our Agents in order to provide products or services to you. Unless we tell you differently, our Agents do not have any right to use Personally Identifiable Information or other information we share with them beyond what is necessary to assist us. You hereby consent to our sharing of Personally Identifiable Information with our Agents.

Our service providers are contractually obligated to comply with all applicable laws (e.g., the NY SHIELD Act and CCPA), and all such third parties use your Personally Identifiable Information only on behalf of ByHeart and under the instructions of ByHeart regarding how your information may be used and processed. ByHeart takes reasonable steps to ensure that these third parties use your Personally Identifiable Information only for the purposes for which they have been engaged by ByHeart, and that they do not share or sell your Personally Identifiable Information to anyone else.

By enjoying our Site and Services and sharing your Personally Identifiable Information with us, you agree that we have the right to share the categories of Personally Identifiable Information we collect, as identified above, with our service providers for the following business purposes:

Sales: for the purpose of fulfilling requests from you to purchase goods and services from our Site;

Targeted advertising: to provide advertising of ByHeart and its products and services on other websites and platforms;

Marketing: for the purpose of direct marketing of goods and services offered by ByHeart and our affiliates;

Cloud services: for the provision of cloud storage services;

Contractual performance: for the performance of any contract that we enter into with you;

Web analytics: for analytics and search engine service providers that assist us in the improvement and optimization of our site;

Health assessment: for the analysis of health- and wellness-related information that you submit to ByHeart in any form, including to an expert.

We may also disclose your Personally Identifiable Information to third parties in the following circumstances:

In the event that we sell or buy any business(es) or asset(s), in which case we will disclose your Personally Identifiable Information to the prospective seller or buyer of such business(es) or asset(s) as part of the purchase, transfer, or sale of services or assets;

If we sell all or substantially all of our assets to a third party, in which case personal information about our customers will be one of the transferred assets;

If we are under a duty to disclose or share your Personally Identifiable Information in order to comply with any legal obligation, or any lawful request by public authorities (including to meet national security or law enforcement requirements), or in order to enforce or apply our Terms of Use and other agreements; or to protect the rights, property, or safety of us, our customers, or others.

Whenever we share information with third parties, we will take steps to ensure that the third parties put in place adequate measures to safeguard your Personally Identifiable Information, and they will be required to use any Personally Identifiable Information only for the intended purpose for which it was shared.


OUR STORAGE OF YOUR PERSONALLY IDENTIFIABLE INFORMATION

ByHeart uses reasonable and appropriate measures to protect your Personally Identifiable Information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the processing undertaken and the nature of the Personally Identifiable Information that we collect.

We will keep your personal data for as long as we need it, or as otherwise prescribed by law, for the purposes set out above. This period will vary depending on your interactions with us. We may also keep a record of correspondence with you (for example, if you have made a complaint) for as long as is necessary to protect us from any and all actual or threatened legal claims against us.

You may unsubscribe from any of our email and marketing updates by following the unsubscribe instructions in the body of any email message we have sent to you. We will take commercially reasonable steps to implement your unsubscribe requests promptly, but you may still receive promotional information from us by mail for up to sixty (60) days, and up to fifteen (15) days for email. You may also continue to receive information from those third parties to whom we have previously disclosed your Personally Identifiable Information.

Please note that when you unsubscribe from our marketing communications, we will keep a record of your email address to ensure that we do not send you marketing emails in future.


ACCESS TO OTHER WEBSITES

Our Site may include links to and from other websites, including our partner networks and affiliates and other third parties. If you follow a link to any of these websites, please note that these websites are not covered by this Privacy Policy. We are not responsible for the privacy practices of any third parties or the content of linked sites, although we do encourage you to read the applicable privacy policies and terms and conditions of use of such parties or websites. This Privacy Policy only applies to how ByHeart deals with your Personally Identifiable Information; it does not apply to any other company or any other company’s website, even if you access these websites via our Site. Please check those websites’ policies before you use them or submit any Personally Identifiable Information to them.


CHOICES ABOUT YOUR PERSONAL INFORMATION

You may access and change personal information that you have submitted by logging into your Account and updating your profile information, or contacting us at hello@byheart.com. We may communicate with you via email if you purchase products or services from the Site. You may opt out of receiving some or all categories of promotional communications from us by following the instructions in those communications or by updating your email preferences in your Account.


PUBLIC INTERACTIVE FORUMS AND OTHER POSTING AREAS

We may offer public interactive forums and other posting areas through our Site and on other platforms, like office hours, discussion boards, product reviews, chat rooms, community forums, social media pages, etc. When you participate in these offerings, other visitors to and Users of our Site and other platforms may be able to see your username, postings, and other personal information you choose to provide or communicate. You should take this into consideration before posting to the Site and exercise caution when disclosing such information. Information you post could remain viewable even after you remove it or delete your Account.

If you interact with us on social media or use features, such as plugins, widgets, or other tools made available by social media platforms or networks in connection with the Site or your use of our products or services, we collect information that you share with us, or that the social media platforms share with us. For any user-generated content you submit to us or when you interact with us on our public interactive forums or other publicly available posting areas, that information will be publicly available, and may be used and reshared for our own activities such as advertisements, creative assets, email marketing, and organic social media. [We will seek your consent prior to sharing user-generated content that identifies you by name.] For more information about the privacy practices of those social media platforms, please review the privacy policies and settings of the social media platforms and networks that you use.

DO NOT TRACK REQUESTS

Our Site does not respond to Do Not Track requests at this time, as there is currently no industry standard approach to sending, processing, and addressing Do Not Track requests from browsers. Please see https://allaboutdnt.com/ for more information on “Do Not Track” requests.


PROTECTING CHILDREN’S PRIVACY

We are strongly committed to protecting the safety and privacy of children who may visit our Site. Our Site is not designed for nor is it intended to be used by children under the age of thirteen (13). We do not knowingly collect personal information online from children under the age of thirteen (13), and we have adopted techniques to ensure compliance with this Privacy Policy and with the Children’s Online Privacy Protection Act of 1998 (“COPPA”). Our Site includes content that we believe to be unsuitable for children under the age of thirteen (13), and we encourage all parents to talk to their children about online safety and to monitor their children’s use of the Internet.

The CCPA affords California consumers the rights with respect to their Personal Information set forth in this section.


1. RIGHT TO KNOW ABOUT PERSONAL INFORMATION COLLECTED, USED, DISCLOSED, OR SOLD

California consumers have the right to request that ByHeart disclose what personal information it has collected, used, disclosed, and sold over the twelve (12) month period preceding ByHeart’s receipt of such a request. To exercise this right, a California consumer must submit to the Company a verifiable request to obtain such information. This request can be submitted by following the procedures set forth in the “Contact Us” section above.


2. RIGHT TO REQUEST DELETION OF PERSONAL INFORMATION

California consumers have the right to request the deletion of their personal information collected or maintained by ByHeart. To exercise this right, a California consumer must submit to ByHeart a verifiable request to delete such information. This request can be submitted by following the procedures set forth in the “Contact Us” section above.


3. RIGHT TO NON-DISCRIMINATION FOR THE EXERCISE OF A CONSUMER’S PRIVACY RIGHTS

California consumers have the right not to be discriminated against because the consumer exercised any of the consumer’s rights under the CCPA. That means that ByHeart may not deny goods or services to a consumer, charge different rates for goods or services, or provide a different level or quality of goods or services if a consumer chooses to exercise his, her, or their rights under the CCPA (unless the different rate or different level or quality is reasonably related to the value to the business of the consumer’s data).


4. SUBMITTING A CCPA DATA REQUEST

To submit a request to know about the Personal Information we collect about you or a request for deletion of your Personal Information, please contact us by emailing us at hello@byheart.com and including “CCPA Request” in the subject line of the email. ByHeart is required to verify the identity of the individual requesting access to a consumer’s data or requesting deletion of a consumer’s data. To verify your identity, you must provide:

username and password for ByHeart’s Site; or

if ByHeart has previously received an email from your email address, ByHeart may verify that you have access to that email address by sending a verification code; or

if ByHeart has previously received a call from your phone number, ByHeart may text you a verification code.


5. AUTHORIZED AGENT

California consumers may designate an authorized agent to exercise a CCPA right on the consumer’s behalf. If a consumer utilizes an authorized agent to exercise a CCPA right, the following proof that the agent has been authorized to act on the consumer’s behalf will need to be provided:

proof of written permission by the consumer for the authorized agent to act on his, her, or their behalf and separate verification of the consumer; or

proof that the authorized agent holds a power of attorney to act on the consumer’s behalf pursuant to Cal. Probate Code §§ 4000-4465.


As of January 1, 2023, the CPRA will expand consumer data privacy laws and permit California consumers to:

Prevent businesses from sharing personal information;

Correct inaccurate personal information; and

Limit businesses’ use of “sensitive personal information,” including social security number, financial account or credit card number in combination with any required access code or credentials, precise geolocation, race, ethnicity, religion, genetic data, private communications, sexual orientation, and specified health information.

SB 220 affords Nevada consumers the rights with respect to their Personal Information set forth in this section.


1. RIGHT TO REQUEST THAT PERSONAL INFORMATION NOT BE SOLD

Nevada consumers have the right to request that ByHeart promptly stop selling any of their covered information. “Covered Information” means any one or more of the following items of Personally Identifiable Information collected through a website or online service and maintained in an accessible form:

a first and last name;

a home or other physical address which includes the name of a street and the name of a city or town;

an email address;

a telephone number;

a social security number;

an identifier that allows a specific person to be contacted either physically or online;

any other information concerning a person collected from the person through a website or online service and maintained in combination with an identifier in a form that makes the information personally identifiable.

Under SB 220, “Sale” means the exchange of covered information for monetary consideration by the website owner to a recipient for that recipient to license or sell the covered information to third parties.

To exercise this right, a Nevada resident must submit to ByHeart an opt-out request. This request can be submitted by following the procedures set forth in the “Contact Us” section above. ByHeart must respond to any such request within sixty (60) days of receipt.


2. SUBMITTING A SB 220 DATA REQUEST

To submit a request to ByHeart that your covered information not be sold, please contact us by emailing us at hello@byheart.com and including “SB 220 Request” in the subject line of the email. ByHeart is required to verify the identity of the individual making this request.

Effective January 1, 2023, Virginia consumers will have the rights with respect to their Personal Information set forth in this section.


1. RIGHT TO CONFIRM AND ACCESS PERSONAL DATA

Virginia consumers have the right to confirm whether or not a controller is processing the consumer’s personal data and to access such personal data. “Controller” means the natural or legal person that determines the purpose and means of processing personal data. “Personal data” means any information that is linked or reasonably linkable to an identified or identifiable natural person; it does not include de-identified data or publicly available information.


2. RIGHT TO CORRECT INACCURACIES IN PERSONAL DATA

Virginia consumers have the right to correct inaccuracies in the consumer’s personal data, taking into account the nature of the personal data and the purposes of the processing of the consumer’s personal data.


3. RIGHT TO DELETE PERSONAL DATA

Virginia consumers have the right to delete personal data provided by or obtained about the consumer.


4. RIGHT TO OBTAIN A COPY OF PERSONAL DATA

Virginia consumers have the right to obtain a copy of the consumer’s personal data that the consumer previously provided to the controller in a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the data to another controller without hindrance, where the processing is carried out by automated means.


5. RIGHT TO OPT OUT

Virginia consumers have the right to opt out of the processing of the personal data for purposes of (i) targeted advertising, (ii) the sale of personal data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.


6. SUBMITTING A CDPA DATA REQUEST

To submit a request to ByHeart to invoke the consumer rights authorized above, please contact us by emailing us at hello@byheart.com and including “CDPA Request” in the subject line of the email. ByHeart is required to verify the identity of the individual making this request.

Effective July 1, 2023, Colorado consumers will have the rights with respect to their Personal Information set forth in this section.


1. RIGHT TO OPT OUT

Colorado consumers have the right to opt out of the processing of personal data concerning the consumer for purposes of

Targeted advertising;

The sale of personal data; or

Profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer.
“Personal data” means information that is linked or reasonably linkable to an identified or identifiable individual and does not include de-identified data or publicly available information.


2. RIGHT TO ACCESS PERSONAL DATA AND DATA PORTABILITY

Colorado consumers have the right to confirm whether a controller is processing personal data concerning the consumer and to access the consumer’s personal data. “Controller” means a person that, alone or jointly with others, determines the purposes for and means of processing personal data. Consumers have the right to obtain the personal data in a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the data to another entity without hindrance. Consumers may exercise this right no more than two times per calendar year.


3. RIGHT TO CORRECT PERSONAL DATA

Colorado consumers have the right to correct inaccuracies in the consumer’s personal data, taking into account the nature of the personal data and the purposes of the processing of the consumer’s personal data.


4. RIGHT TO DELETE PERSONAL DATA

Colorado consumers have the right to delete personal data concerning the consumer.


5. SUBMITTING A SB 190 DATA REQUEST

To submit a request to ByHeart to invoke the consumer rights authorized above, please contact us by emailing us at hello@byheart.com and including “SB 190 Request” in the subject line of the email. ByHeart is required to verify the identity of the individual making this request.


BYHEART’S ADDITIONAL POLICIES IN COMPLIANCE WITH THE EEA PRIVACY LAWS (GDPR)

In addition to the other policies described in this Privacy Policy, residents of the EU or the EEA are afforded the following additional rights and protections as required by the General Data Privacy Regulation (“GDPR”). The additional rights and protections set forth in this section of this Policy apply only to residents of the European Union or the EEA.

1. GDPR DEFINITIONS

THE FOLLOWING ADDITIONAL DEFINITIONS APPLY TO THIS SECTION OF THE PRIVACY POLICY:

“Controller” means the organization that determines the purposes for which and the manner in which any Personal Information is Processed and used in its business.

“Processor” means any person processing Personal Information.

“Person” means a natural person, corporation, association, organization, partnership, or other legal entity.

“Processing” is any activity that involves use of the Personal Information. It includes, without limitation, obtaining, recording, or holding the Personal Information, or carrying out any operation or set of operations on the Personal Information, including organizing, amending, retrieving, using, disclosing, erasing, or destroying it. Processing also includes transferring Personal Information to third parties.


2. THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION

In order to comply with the GDPR, we are required to set out the legal basis for the processing of your Personal Information. In accordance with the purposes for which we collect and use your Personal Information, as set out above, the legal basis for processing your Personal Information will typically be one of the following:

Our own legitimate business interests, or the legitimate business interests of our third party partners, promoters, affiliates, distributors, suppliers, vendors, and subcontractors, such as, for example, providing direct marketing to our customers of our products and services that we think would be of interest, handling inquiries from our promoters, affiliates, distributors, vendors, and customers, or other instances in which we have carried out a legitimate interests assessment and have established an existing legitimate interest;

The performance of a contract that we have in place with you;

Your consent, where appropriate; or

Compliance with our legal obligations, including to meet national security or law enforcement requirements.


3. WHERE WE STORE YOUR PERSONAL INFORMATION

The data that we collect from you is stored on servers provided by cloud service providers, such as Amazon Web Services. If you are a resident of the EEA or EU, your Personal Information may be transferred within or outside the EEA or EU to areas where privacy laws may be less strict. By submitting your Personal Information, you agree to this transfer, storing, and processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

Unfortunately, the transmission of information via the Internet is never completely secure. Although we will do our best to protect your Personal Information, we cannot guarantee the security of your data transmitted to our Site. Thus, any transmission of Personal Information using the Site is at your own risk. Once we have received your information, we will use strict procedures and security features to try as best as we are able to prevent unauthorized access.


4. ADDENDUM TO HOW LONG WE STORE YOUR PERSONAL INFORMATION

In some cases, there is a legal requirement to keep Personal Information for a minimum period of time. Except in those circumstances, we do not keep your Personal Information for any longer than is necessary for the purposes for which the Personal Information was collected or for which it is to be further processed.


5. YOUR RIGHTS WITH RESPECT TO YOUR PERSONAL INFORMATION

Subject to certain exceptions, you have the following rights with respect to your Personal Information:

To receive or access a copy of the Personal Information that we hold about you;

To request that any inaccurate or incomplete Personal Information be corrected or supplemented;

To have your Personal Information erased, unless we have a legitimate reason to retain the Personal Information (such as if we are required to do so for legal reasons); and

To ask us not to process your Personal Information for a particular purpose, including for marketing.
All of these rights are subject to certain conditions and exemptions. For example, ByHeart will not be obligated to erase your Personal Information if we need to retain it to protect ourselves in the event of a legal claim.

To exercise any of these rights, please submit a written request to us at hello@byheart.com. We reserve the right to charge a fee in dealing with such a request as permitted by applicable law and regulations. You may also opt out of receiving additional marketing information by using the “Unsubscribe” feature in any marketing email that we send to you.