Privacy Policy
Introduction
This Privacy Policy describes how Medelz Incorporated (“Medelz,” “we,” “our,” or “us”) collects, uses, shares, and protects your personal information when you access or use our websites, platforms, applications, or services (collectively referred to as the “Services”). By accessing or using the Services, you agree to the collection, use, and sharing of your information as described in this Privacy Policy. If you do not agree with our policies and practices, you should not use the Services.
Medelz is a Delaware corporation headquartered in San Diego, California, U.S.A., and for individuals located in the European Economic Area (EEA) or jurisdictions with data protection laws, Medelz acts as the data controller of your personal information. If you have any questions, concerns, or requests, you can contact us at [email protected] or by mail at [Insert Address]. For EEA or UK residents, Medelz may appoint a Data Protection Officer (DPO) or local representative to assist with compliance matters.
Information We Collect
When you use the Services, Medelz collects personal information that you provide directly, such as your name, email address, phone number, payment details, profile information, and any content or submissions you create. This includes information provided when registering for an account, participating in competitions, purchasing merchandise, interacting with other users, or contacting us. We also automatically collect technical data about your device and usage patterns, including your IP address, browser type, device information, location data, interaction data, cookies, and similar technologies. Information may also be collected from third-party sources, including social media platforms, public databases, and marketing partners, where permitted by law and with your authorization.
How We Use Your Information
We use your information to provide, operate, maintain, and improve the Services, including managing your account, processing transactions, delivering content and merchandise, providing customer support, and ensuring compliance with our Terms of Service. We use your information to communicate with you, including service updates, promotions, surveys, and direct marketing, subject to applicable legal requirements and your preferences. We rely on your consent for certain types of processing, the necessity to perform a contract for core services, compliance with legal obligations, or our legitimate interests in securing the platform, enhancing user experience, and conducting business operations. We also use your information for analytics, fraud prevention, enforcement of our rights, and compliance with applicable laws.
Sharing of Your Information
Medelz does not sell or rent your personal information for third-party marketing purposes. We may share your data with trusted third-party service providers that assist in delivering the Services, including payment processors, cloud hosting providers, analytics services, marketing platforms, and customer support vendors. These providers are contractually bound to handle your data securely and only in accordance with Medelz’s instructions. In the event of a merger, acquisition, or sale of all or part of our assets, your information may be transferred to the successor entity, subject to data protection commitments. We may disclose information to comply with legal obligations, court orders, or regulatory requests, or to protect the rights, safety, and property of Medelz, its users, or the public. If you choose to integrate or interact with third-party platforms through the Services, you authorize us to share relevant data with those platforms as necessary.
Data Retention
We have implemented a detailed data retention policy that regulates how long we retain your personal data. The retention period for your data is based on a combination of legal, regulatory, and business requirements.
We will retain your information for as long as your account is active or as needed to provide you with the Services. We will also retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.
For most types of personal data, we retain it for as long as necessary to fulfill the purpose for which it was collected, such as to provide you with our services or to comply with legal and regulatory requirements. For example, we may retain certain transaction records for a number of years to comply with tax laws.
Once the retention period has expired, we securely delete or anonymize your personal data, so that it can no longer be associated with you.
In some cases, you may request that we delete your personal data before the end of the retention period. We will assess your request in accordance with our legal and regulatory obligations and will delete your data as soon as it is reasonably possible to do so.
International Data Transfers
Because Medelz operates globally, your information may be transferred to, processed in, or stored in countries outside your jurisdiction, including the United States. Where required by applicable law, Medelz implements appropriate safeguards for such transfers, including Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or reliance on adequacy decisions issued by regulatory authorities. By using the Services, you acknowledge and consent to the cross-border transfer of your data, recognizing that privacy protections may differ in other jurisdictions.
Data Protection
We take the protection of your personal data very seriously. We have implemented several physical, technical, and organizational measures to ensure the security of your personal information and to prevent unauthorized access, use, disclosure, or destruction of it.
We have implemented strict internal policies to ensure that your personal information is only accessible by authorized personnel who have a valid business reason to access it. All our employees and third-party contractors who have access to your personal information are bound by strict confidentiality agreements.
We have implemented a number of technical security measures, including firewalls, intrusion detection systems, and encryption, to protect your personal information from unauthorized access, use, or disclosure.
We use a variety of industry-standard security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. When we transmit sensitive information (such as a credit card number or password) over the Internet, we protect it through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
We regularly review and update our security measures to ensure that your personal information is protected at all times.
We will inform our users of any data breaches in case of any incident where unauthorized access, use, disclosure or destruction of their data.
We comply with all applicable data protection and privacy laws. If you have any concerns about the security of your personal information, please let us know by contacting us as described below in the Contact Us section. We will do our best to address them promptly.
Your Rights, Choices, and Access
You have the following choices regarding the information we collect and use:
Opt-out of marketing communications: You can opt-out of receiving marketing communications from us by following the unsubscribe instructions included in each communication or by contacting us directly.
Access and update your information: You have the right to access, update, and correct any inaccuracies in your personal information at any time by logging into your account and making the desired changes. You can also contact us directly to request access to, or correction of, your personal information.
Close your account: You can close your account at any time by contacting us directly. Please note that we may retain certain information as required by law or for legitimate business purposes. We may also retain de-identified or aggregated information after your account has been closed.
The right to access: You have the right to request a copy of the personal data that we hold about you, along with information about how and why it is processed.
The right to rectification: If you believe that any personal data we hold about you is incorrect or incomplete, you have the right to request that we correct or complete it.
The right to erasure: In certain circumstances, you have the right to request that we delete any personal data that we hold about you. This is often referred to as the “right to be forgotten.”
The right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to have us transfer that data to another controller without hindrance.
The right to object: You have the right to object to our processing of your personal data in certain circumstances, for example, for direct marketing purposes or for scientific or historical research.
The right to restrict processing: In certain circumstances, you have the right to request that we temporarily or permanently stop processing your personal data.
The right to withdraw consent: If we are relying on your consent as a legal basis for processing your personal data, you have the right to withdraw that consent at any time.
Exercise your rights under applicable data protection laws: Depending on where you live, you may have certain rights under data protection laws, such as the right to request access to or correction of your personal information, the right to object to or request the restriction of processing of your personal information, and the right to data portability. You can exercise these rights by contacting us as set forth below in the Contact Us section.
If you wish to exercise any of these rights, please contact us. We will do our best to respond to your request as soon as possible and will provide you with information about any actions taken in response to your request. Please note that in certain circumstances, we may not be able to fully comply with your request.
Please note that we may need to verify your identity before fulfilling your request. We will respond to your request in a reasonable time frame and in accordance with applicable laws.
We will do our best to address any concerns you may have. You also have the right to file a complaint with the relevant data protection authority if you believe that we have not addressed your concerns in a satisfactory manner.
California Consumer Privacy Act (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) gives you the right to request that we disclose certain information to you about our collection, use, and sharing of your personal information over the past 12 months.
You have the right to request that we:
Disclose to you the personal information we have collected about you.
Provide you with a list of the categories of personal information we have collected about you.
Provide you with a list of the categories of sources from which we collected your personal information.
Provide you with a list of the categories of third parties with whom we shared your personal information.
Provide you with a list of the specific pieces of personal information we have collected about you.
To exercise your rights under the CCPA, please contact us as set forth in the “Contact Us” section below.
Please note that we may need to verify your identity before fulfilling your request. We will respond to your request in a reasonable time frame and in accordance with applicable laws.
Do Not Track and Global Compliance
Medelz does not currently respond to “Do Not Track” signals or similar mechanisms but allows you to manage tracking preferences through your browser or device settings. We comply with global data protection laws, including but not limited to GDPR, CCPA, Brazil’s LGPD, Canada’s PIPEDA, and other applicable regulations. Users outside the United States and EEA should be aware that their local laws may grant additional rights or require specific handling of personal data. Medelz will comply with local regulations where applicable and may establish regional annexes or supplemental policies as needed.
California Shine the Light
Under California law, California residents who provide personal information in obtaining products or services for personal, family, or household use are entitled to request and obtain from us, once per calendar year, information about the customer information we shared, if any, with other businesses for their own direct marketing purposes. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately preceding calendar year (e.g., requests made in 2023 will receive information regarding 2022 sharing activities).
In your request, please specify that you want a “California Shine the Light” notice. Please allow 30 days for a response.
EEA and UK Privacy Rights (GDPR)
If you reside in the EEA or UK, this Privacy Policy complies with the General Data Protection Regulation (GDPR) and UK Data Protection Act. You have enhanced rights, including the right to object to certain processing, such as profiling or automated decision-making, and the right to request human intervention in automated decisions. If you wish to exercise these rights, contact our DPO at [email protected] or your local supervisory authority. You also have the right to data portability, allowing you to request a structured, commonly used, and machine-readable copy of your data or to have it transferred directly to another controller where technically feasible.
GDPR
If you are a resident of the European Economic Area (EEA), the General Data Protection Regulation (GDPR) gives you certain rights with respect to your personal data.
Right of Access: You have the right to access the personal data we hold about you and to receive information about how it is processed.
Right to Rectification: You have the right to request that we correct any inaccurate personal data about you and to have any incomplete data completed.
Right to Erasure: You have the right to request that we delete your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.
Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to its processing.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to request that we transmit it to another data controller, where technically feasible.
Right to Object: You have the right to object to the processing of your personal data for certain purposes, such as for direct marketing purposes.
Right not to be subject to Automated Decision-making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Children’s Privacy
Medelz does not knowingly collect or solicit personal information from individuals under the age of 18. If we become aware that we have collected information from a minor without verified parental consent, we will delete such data promptly. Parents or guardians may contact us at [email protected] to request removal of such information.
Changes to This Privacy Policy
This Privacy Policy may be updated from time to time to reflect changes in our practices, legal requirements, or Services. We will notify users of material changes through prominent notices on our platform or by direct communication, and we encourage you to review the policy periodically. Continued use of the Services after updates signifies your acceptance of the revised policy.
Contact Us
To request this information or if you have any questions about this privacy policy or our treatment of your personal information, please contact us by email at [email protected] or by mail at:
Medelz Incorporated
PO BOX 5010 PMB185
RANCHO SANTA FE,
CA 92067, U.S.A.
We are not required to respond to requests made by means other than through the provided contact information.