NMF Science LLC (“the Company”, “we,” or “us”) values the confidentiality and pledges to safeguard personal data. This Confidentiality Notice (the “Policy”) details our procedures for handling the information we may receive about visitors to our website, users of our offerings, audience of our broadcast, business partners, and others with whom we interact in providing our services. This Policy applies to information you provide to us through our website (the “Site”), when you subscribe to our services, get in touch with us, and otherwise engage with us. The Policy describes the types of personal data we may receive, how we may use and disclose the information, and certain rights and options you may have regarding your information. Utilization of our website is also subject to our Usage Terms, which are accessible at this location.

TABLE OF CONTENTS

  1. Important Information About This Policy
  2. No Doctor-Patient Relationship or Medical Advice
  3. Information We Receive
  4. How We Use Personal Information
  5. Our Marketing Efforts
  6. Disclosure of Personal Information
  7. Your Choices About Personal Information
  8. Links to Third-Party Websites
  9. Rights Afforded California Residents
  10. Rights Afforded to Virginia Residents
  11. Rights Afforded Nevada Residents
  12. Rights Afforded Canadian Residents
  13. Rights Afforded Individuals in the EU, UK, and Switzerland
  14. Children’s Privacy
  15. Security of Personal Information
  16. Data Storage and Retention
  17. Changes to this Policy
  18. How to Contact Us

1. Important Information About This Policy While our objective is always to provide complete and clear details about how we process your personal data, we hold the authority to modify or refresh this Policy from time to time or to create additional policies in order to accurately reflect changed circumstances or new legal requirements. As a result, it is important that you go through this Notice closely so that you are completely informed of how and why we are using your personal data.

To assist us in ensuring that we can provide the most accurate information possible, we ask that you check this Policy for updates. We also ask that where we have an ongoing relationship with you, and any of the data you have provided becomes no longer accurate, that you keep us informed of this so we can amend our records accordingly. By providing us with personal data or using our website, you expressly consent to the information-handling practices described in this Policy. If you do not agree with this Policy, please do not use our website or services, follow us on social media, listen to our podcast, or provide us with your information.

2. No Doctor-Patient Relationship or Medical Advice Use of our Site and services, listening to our podcast, and following us on social media does not establish a doctor-patient relationship. None of the information contained on the Site or provided in connection with our services, social media presence, or podcast should be interpreted as medical advice rendered to any particular user or customer. Nor should any statement be construed to be relied upon as generally accepted medical advice or medically advisable practice or guideline. Any information we provide is for general informational purposes only and should not replace a consultation with your health care professional. Always consult an appropriate health care professional for your specific needs.

3. Information We Receive A. Personal Information For the purposes of this Policy, “personal data” is any information that identifies, relates to, or can be used to contact a particular individual. The types of personal data we receive include the following categories:

  • Individual contact information – first name, last name, email address, billing address, mailing address, and telephone number.
  • Business contact information – first name, last name, business email address, physical address of the business, billing address, and business telephone number.
  • Member account information – Member username, account password, member contact information (see individual contact information), member content accessed, and other information that we may request or that you may provide relating to your membership.
  • Transactional information – details about your or your business’s transactions with us, including method of payment, payments received, payment details, and transaction history.
  • Payment information – details of the payment card or financial account you use to pay for your membership or other transactions with us.
  • Marketing information – details regarding informational and promotional materials you may have requested or received from us, the services in which you are interested, your receipt of promotional communications, and information on your marketing or communication preferences.
  • Communication information – copies of communications and inquiries you have submitted to us, including through email, calls, direct messages or comments on social media or podcast platforms, and chatbots or other features available on our Site.
  • Device and usage information – details regarding how and when you use our Site and services, listen to our podcast, or engage with us on social media, including the device used to connect to our Site, your IP address and device identifier, the frequency and duration of your usage, the pages you view, what websites or search terms referred you to our Site, and information about your interaction with our Site.

We collect this information when you visit or navigate our Site, subscribe for a membership or to receive newsletters, fill in forms on our Site, listen to our podcast, engage with us on social media platforms, enter into transactions with us, get in touch with us (including by phone, email, or otherwise), or otherwise provide us with personal data.

Please note that we may aggregate or anonymize the foregoing types of information such that they are no longer capable of identifying you, in which case they are not considered “personal data.” We may also collect information about you from third-party sources and information about you that is publicly available.

B. Automatically Collected Usage and Device Information Like most websites, our Site uses various technologies to automatically collect information about visitors. Those technologies include:

  • Cookies. Cookies are small text files that a website transfers to a visitor’s device for recordkeeping purposes. We use cookies to personalize visitors’ experiences on our website, provide content that we believe may be of interest, track visitor trends and patterns, engage in marketing and advertising, and otherwise analyze our Site traffic. For further information about cookies, including how to refuse cookies, please visit www.allaboutcookies.org. Please note that if cookies are disabled, you may not be able to enjoy certain features of our Site.
  • Log Files and Device Identifiers. We use log files to track actions occurring on the Site and collect data about visitors, including IP address, browser type, Internet service provider, referring/exit pages, date/time stamps, and device identifiers.
  • Web beacons and other technologies. Our Site may use other tracking tools, including web beacons (also known as clear gifs, pixel tags, and single-pixel gifs), which are small electronic images embedded in content and email messages that are not ordinarily visible to users. Web beacons allow us to track pages and content accessed and viewed by users, as well as to monitor email readership.
  • Analytics. Our Site may also use third-party analytics tools such as Google Analytics. You can find more information about how data is collected and processed in connection with the Google Analytics service here. You can also read Google’s privacy policy here.

The information collected through these technologies may be combined with personal data or aggregated with other information on Site visits. We may share information about your use of our Site with our advertising and analytics partners, who may combine it with other information that you previously provided to them.

C. Information from Social Media If you engage with us on any social media platform: (i) depending on your social media privacy settings, the personal data that you submit on the social media platform may be read, collected, or used by us as described in this Policy, and (ii) where we respond to any interaction with you on social media, your account name/handle may be viewable by any and all members or users of our social media accounts. Social media platforms operate independently from the Company and we are not responsible for the personal data that you choose to submit or link on any social media platform. We encourage you to review the privacy policies and settings of any social media platform with which you interact to help you understand their privacy practices.

D. Information from Other Sources We may obtain both personal and non-personal data about you from our affiliated businesses, contractors, suppliers, and other third parties and add it to other information we have collected. We, and the third parties we engage, may combine information we collect from you over time, and across the Site, with information obtained from other sources. This helps us improve the information’s overall accuracy and completeness, and also helps us better tailor our interactions with you.

4. How We Use Personal Information We (or service providers acting on our behalf) may use the personal data identified above for the following purposes:

  • Negotiating, entering into, and managing our business relationship with you (or your company), including providing our services and processing payments from you (or your company).
  • Registering you as a member and providing you access to the content and benefits of membership.
  • Subscribing you to, and providing you with, our newsletter.
  • Providing and optimizing your experience on our Site and ensuring that we present our content to you in the most effective manner.
  • Communicating with you and responding to your inquiries and communicating regarding our services, our agreements with your company (where applicable), and other issues.
  • Sending you promotional or informational communications and solicitations, tracking your marketing preferences, and for our internal marketing purposes.
  • Managing customer service issues, including issues relating to membership and our services.
  • Developing, updating, and improving our services, customer service, and member experience, and otherwise improving our knowledge and insights regarding customers.
  • Preventing and detecting fraud, financial crime, hacking activities, security breaches, and other unlawful activities in connection with the Site or the purchase or use of our services.
  • Enforcing our agreements with customers, complying with our legal or regulatory obligations, and defending or advancing legal claims.
  • Notifying you about changes to our Site, services, or material changes to this Policy.
  • Providing you with surveys or otherwise soliciting feedback from you.
  • Performing other functions as otherwise described to you at the time of collection or to which you otherwise consent.

For more information about your options relating to your personal data and your communication preferences, see “Your Choices About Personal Information” below.

5. Our Marketing Efforts We may send you direct marketing communications from time to time including news, updates, offers, and other promotions relating to our services and activities. We will only send marketing messages where the law allows us to do so and, in the event that you no longer wish to receive marketing from us, then you can always unsubscribe using the option provided in the footer of the communication you have received or by contacting us using the information below.

6. Disclosure of Personal Information When the information we collect about you is aggregated, anonymized, or otherwise does not identify you, we may use that information for any purpose or disclose it to third parties, to the extent permitted by applicable law.

In addition, we may disclose your information with the following types of entities:

  • Service providers we use to facilitate our business operations and administration. These third parties have access to your personal data only to perform specific tasks on our behalf. For example, our service providers include (i) IT and system administration providers that hosts our Site and enable member access to content, (ii) data storage providers, and (iii) vendors to facilitate payments and payment processing.
  • Marketing and advertising vendors that may assist with lead generation, hosting information relating to clients and potential clients, marketing automation, advertisement placement and targeting, and marketing campaigns and communications.
  • Analytics vendors in order to understand our Site traffic and usage patterns, optimize our Site, and identify potential new customers.
  • Regulatory and governmental authorities, law enforcement agencies, and courts, as necessary to comply with applicable laws and regulations, respond to a subpoena, search warrant, or other lawful request for information, or to otherwise protect our rights.
  • Buyers or other successors prior to or in the event of a merger, acquisition, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as a part of bankruptcy, liquidation, or similar proceeding, where the information is among the assets transferred.
  • Other parties for any purpose we disclose at the time you provide the information.

7. Your Choices About Personal Information We respect your right to make choices about the ways we collect, use, and disclose your information. We try to offer you meaningful choices regarding your personal data. Some choices you have regarding personal data include the following:

  • Marketing Emails – As required by applicable laws, you can opt-out of receiving promotional emails from us by clicking the “opt out” link in any such promotional emails and following the instructions provided.
  • Cookies – Depending on your browser or device, you may have the option to set the browser to accept all cookies, reject all cookies, notify you when a cookie is set, or delete cookies. Each browser and device are different, so we recommend you evaluate the tools and settings available in your browser or device, as well as any available instructions for the same. We provide information on disabling cookies in our Cookie Statement.
  • Google Analytics – As discussed above, we use Google Analytics in connection with the Site. If you would like to refrain from having your data collected by Google Analytics, Google has developed an opt-out browser that you can use. You can find more information on how Google uses information it collects here.
  • Declining to Provide Information – You can choose not to provide us with information we may request through our Site, but that may result in you being unable to use certain features of our Site, request information about our services, or initiate other transactions with us.
  • Do Not Track Mechanisms – Please note that our Site does not honor “Do Not Track” signals, and such signals will not impact the operation of this Site.

In addition to the above, you may contact us using the details provided at the end of this Policy with any questions about the choices relating to your personal data.

8. Links to Third-Party Websites Our Site may contain links to third-party websites. Such websites have separate privacy policies that you should review. We do not control these third-party websites and are not responsible for the content of linked websites or those companies’ data-handling practices.

9. Rights Afforded California Residents This section is included pursuant to the California Consumer Privacy Act, including as amended by the California Privacy Reform Act (collectively, the “CCPA”). This section applies to California residents (“consumers” as defined by CCPA) and explains our online and offline personal data practices when acting as a “business” under the CCPA.

A. Information We Collect and Disclose In the past 12 months, the Company has collected the following categories of personal data from consumers and disclosed such information to the following categories of third parties for the business purposes described below.

Categories of PI CollectedExamplesCategories of Third Parties to Whom Disclosed
IdentifiersA real name, alias, postal address, unique personal identifier, company information, online identifier, Internet Protocol address, email address, telephone number.IT and cloud/hosting service providers, such as our email providers, business application providers, managed services providers and IT consultants. Online analytics and marketing/advertising service providers. Professional advisors (accountants, lawyers, and auditors)
Commercial informationRecords of services purchased, obtained, or considered, including distribution and sales details.IT and cloud/hosting service providers, such as our email providers, business application providers, hosting providers, managed services providers, and IT consultants. Marketing/advertising service providers. Financial institutions and payment processors. Professional advisors (accountants, lawyers, and auditors)
Internet or other similar network activityBrowsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.IT and cloud/hosting service providers. Online analytics and marketing/advertising service providers
Personal information types listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))A name, address, telephone number, employment information. Some personal data included in this category may overlap with other categories.IT and cloud/hosting service providers, such as our email providers, business application providers, managed services providers and IT consultants. Online analytics and marketing/advertising service providers. Professional advisors (accountants, lawyers, and auditors)
Sensory dataAudio recordings, voicemail, or similar information.IT and cloud/hosting service providers, such as our email providers, business application providers, hosting providers, and telephone communication providers

B. How We Collect Your Information The Company collects the categories of personal data listed above from the following sources:

  • Direct collection: We collect information directly from you when you choose to provide it to us by filling out forms on our website, engaging in transactions with us, signing up to receive promotional or information communications from us, communicating with us about our podcast or services, or otherwise directly providing the information to us.
  • Indirect and technology-based collection: We also collect certain information from you indirectly when you visit, use, or navigate our website. The Company collects certain identifiers (such as IP addresses) and internet and similar network activity (such as website usage data) from you indirectly using cookies, pixels, and passive tracking technologies, as described above.
  • Collection via social media: We may collect personal data about social media users, including basic user profile information (such as username), user-generated content (such as posts, comments, pages, profiles, or feeds) and associated metadata (such as time and location of a post or comment); contact details (such as name, email address, telephone number if made public by the user); and additional individual information published by the user (such as employer, profession, age, location, education information, habits, etc.). The type and scope of personal data obtained from social media platforms depends on the type of APIs and permissions set out by the respective platforms and the administrative permissions granted by individuals, where applicable.
  • Third-party collection: From time to time, we may obtain marketing or lead lists from third-party vendors. We use these, for example, to send you marketing communications.

C. Use of Personal Information We collect and use your personal data for the following business or commercial purposes (as well as any other purposes described elsewhere in this Policy).

  • Providing and optimizing your experience on our Site and ensuring that our content is presented to you in the most effective manner.
  • Fulfilling transactions with you or your company, processing payments, and managing the business relationship and transaction process.
  • Communicating with you and responding to your inquiries about our services and products, including to provide you with promotional and informational communications regarding our podcast or services, informing you about new services and products, updating you about changes to our services and products, and investigating any concerns you may have.
  • Developing, updating, and improving our services and products, customer service, member experience, and marketing efforts, and otherwise improving our knowledge and insights regarding actual or potential providers, customers, and business partners.
  • Preventing and detecting fraud, financial crime, hacking activities, security breaches, and other unlawful activities in connection with our business and services.
  • Enforcing our agreements and complying with our legal or regulatory obligations.
  • Performing other functions as otherwise described to you at the time of collection or to which you otherwise consent.

D. Applicable Retention Periods The Company determines the retention period for each category of personal data based on the criteria set forth below in the section titled “Data Retention and Storage.”

E. Sensitive Personal Information The Company does not collect “sensitive personal data” (as defined by the CCPA) for the purposes of inferring characteristics about California consumers. Accordingly, the Company treats any such information as “personal data” consistent with applicable provisions of the CCPA.

F. Sale or Sharing of Personal Information In the past 12 months, the Company has not “sold” any categories of personal data, as defined by the CCPA.

In the past 12 months, the Company shared the following categories of personal data with (i) marketing/advertising service companies, and (ii) online analytics providers, for the purposes of cross-context behavioral advertising:

  • Identifiers: Name, address, email address, device identifier, IP address, tags and identifiers for Google, Facebook/Meta, YouTube, Instagram, Mailchimp, Unbounce, and OptinMonster.
  • Internet and similar network activity: Site pages visited, duration of visit to Site, and referring website or advertisement.

The Company shared such personal data for the purposes of allowing such third parties to provide targeted advertising and cross-context behavioral advertising services to us and to others.

The Company does not have actual knowledge of any sales or sharing of personal data regarding minors under 16 years of age.

G. Rights Available Under the CCPA The CCPA provides California residents with the rights discussed below. For convenience, and as required by the CCPA, we explain how you can exercise those rights, to the extent they are applicable.

  • Right to Request Information. You have the right to request that we disclose certain information about our collection and use of your personal data during the past twelve (12) months. Specifically, you may request that we disclose:
    • The categories of personal data we collected about you;
    • The categories of sources for the personal data we collected about you;
    • The business and commercial purposes for collecting your personal data;
    • The categories of third parties to whom we disclose your personal data;
    • The specific pieces of personal data we collected about you; and
    • If we disclosed your personal data for a business purpose, the categories of personal data received by each category of third party.
  • Right to Data Portability. You have the right to request that we provide copies of the specific pieces of personal data we collected about you. If a verifiable consumer request is made, and subject to any exceptions or limitations under the CCPA, we will take steps to deliver the personal data to you either by mail or electronically. If we provide the information to you electronically, it will be in a portable and readily usable format, to the extent technically feasible. Consistent with the CCPA and our interest in the security of your personal data, we will describe but may not provide copies of certain personal data we may receive from you (e.g., driver’s license number, other government-issued identification number, financial account number, health or medical identification number, account password, or security questions or answers) in response to a CCPA request, to the extent any of those items are in our possession.
  • Right to Request Deletion. You have the right to request that we delete personal data we collected from you, subject to any exceptions or limitations under the CCPA.
  • Right to Correct Inaccurate Information. If we maintain inaccurate personal data about you, you have the right to request that we correct that inaccurate personal data, taking into account the nature of the personal data and the purposes of the processing of the personal data.
  • Right to Opt-Out. Consumers in California have the right to opt-out of (a) the sale of personal data, or (b) the sharing of their personal data for the purposes of cross-context behavioral advertising.

H. How to Exercise Rights to Request Information, Data Portability, Deletion, and Correction To exercise the rights described above, you—or someone authorized to act on your behalf—must submit a verifiable consumer request to us by sending an e-mail to legal@nmfscience.com with the subject line: “CCPA Request”. Your request must include your name, e-mail address, mailing address, phone number, the nature of your inquiry and the context in which we may have received your information. If you are an agent submitting a request on behalf of a consumer, we may request that you submit a signed permission from the consumer authorizing you to make the request.

In order to protect the privacy and data security of consumers, the verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal data or an authorized representative of such consumer; and
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

As indicated above, please be aware that the CCPA provides certain limitations and exceptions to the foregoing rights, which may result in us denying or limiting our response to your request.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. We will only use personal data provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. We may also request that you provide additional information if needed to verify your identity or authority to make the request. We cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request and confirm the personal data relates to you or the consumer on whose behalf you are making the request.

Response timing and format. The CCPA requires us to respond to a verifiable consumer request within forty-five (45) days of its receipt; however, we may extend that period by an additional 45 days. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response via e-mail. Any disclosures we provide will only cover the 12-month period preceding the receipt of the verifiable consumer request, provided that you may request disclosure beyond the 12-month period as permitted by the CCPA. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select the format of our response; the format will be readily useable and should allow you to transmit the information from one entity to another. We will not charge a fee to process or respond to a verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing the request.

I. Exercising Your Right to Opt-Out of Sharing To exercise your right to opt-out of the sharing of your personal data, you or someone authorized to act on your behalf must submit a request using one of the following methods:

  • By completing the “Do Not Share My Personal Information” form located here.
  • By emailing us at legal@nmfscience.com

The CCPA requires us to comply with a consumer request to opt-out of sharing as soon as feasibly possible, but no later than fifteen (15) business days from the date the request is received. We may deny an opt-out request if we have a good-faith, reasonable, and documented belief that the request is fraudulent. In the event we deny a request, we will inform the consumer and explain why we believe the request is fraudulent.

J. Our Commitment Not to Discriminate Consistent with the CCPA, we will not discriminate against you for exercising any of your CCPA rights by: (1) denying you services or products; (2) charging you different prices or rates for services or products, including through granting discounts or other benefits, or imposing penalties; (3) providing you a different level or quality of services or products; or (4) suggesting that you may receive a different price or rate for services or a different level or quality of services or products.

K. California’s Shine the Light Act California Civil Code § 1798.83 (California’s Shine the Light Act) permits California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. If you are a California resident, you may ask us to refrain from sharing your personal data with certain of our affiliates and other third parties for their marketing purposes. Please tell us your preference by contacting us at the contact information below.

10. Rights Afforded to Virginia Residents This section is included pursuant to the Virginia Consumer Data Protection Act (the “VCDPA”). It applies to Virginia residents (“consumers” as defined by VCDPA) and explains our online and offline our personal data practices when acting as a “controller” under the VCDPA.

A. Categories of Personal Data We Process and Third Parties With Whom We Share Such Data The categories of personal data that the Company processes about Virginia consumers is described in Sections 3 and 9(A) of this Policy. We share that personal data with the categories of third parties identified in Sections 5 and 9(A).

B. Purpose for Processing Personal Data The purposes for which the Company processes personal data about Virginia consumers is described in Sections 4 and 9(C).

C. Consumer Rights Available Under the VCDPA With respect to their personal data, Virginia consumers have the following rights, which are described in more detail in Section 9(F).

  • Consumers have the right to confirm whether we are processing the consumers’ personal data and to access such data.
  • Consumers have the right to correct inaccuracies in the personal data we are processing.
  • Consumers have the right to delete personal data that they have provided to us or that we have obtained about them.
  • Consumers have the right to obtain a copy of their personal data in a portable and readily usable format.
  • Consumers have the right to opt out of the processing of their personal data for the purposes of (i) targeted advertising, (ii) the sale of personal data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

D. Exercising Consumer Rights Consumers—or authorized representatives acting on their behalf—may exercise the rights described in bullets 1-4 above by submitting a verifiable consumer request to legal@nmfscience.com with the subject line: “VCDPA Request”. Section 9(G) provides further information regarding the process for submitting such requests and the response timing and format.

Consumers may submit requests to opt out of targeted advertising via the methods described in Section 9(H). The Company does not “sell” consumers personal data or profile in furtherance of decisions that produce legal or similarly significant effects and, as such, the Company will not comply with such requests.

E. Appeal Process for Consumer Rights As described in Section 9(G), when the Company denies or refuses to act on a consumer request, we will provide you with a written explanation of our reasons for doing so. You may appeal that decision by emailing us at legal@nmfscience.com with the subject line “VCDPA Appeal.” Your email shall describe the specific reasons you think our determination was incorrect. Within 60 days after receiving your email, we provide you with a written explanation of our any actions we have taken or not taken in response to your appeal. If we refuse to take action on your appeal, you may submit a complaint to the Virginia Attorney General by submitting this form or calling the Consumer Protection Hotline at (800) 552-9963.

11. Rights Afforded Nevada Residents Pursuant to Nevada law, Nevada residents who have purchased services from us may opt out of the “sale” of “covered information” (as such terms are defined under Nevada law) for monetary consideration to a person for that person to license or sell such information to additional persons. “Covered information” includes first and last name, address, email address, and phone number, or an identifier that allows a specific person to be contacted either physically or online. We do not engage in any activities that would qualify as a sale under Nevada law.

12. Rights Afforded Canadian Residents If you reside in Canada, various Canadian laws, including Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), may provide you certain rights with respect to your personal data, including the right to request information about the collection, use, or disclosure of your personal data, to request access to your personal data, and to challenge the accuracy and completeness of your personal data and have it amended as appropriate.

If you are a Canadian resident and would like to make a request regarding your personal data, please send a request to legal@nmfscience.com with the subject line, “Canada Resident Request,” or otherwise contact us using the information in the “How to Contact Us” section below. We will attempt to respond to your request as quickly as possible but may ask you to provide additional information to enable us to locate the personal data or determine how it has been used or disclosed. We will provide you access, as appropriate, at minimal or no cost to you.

13. Rights Afforded Individuals in the EU, UK, and Switzerland

A. Rights Available Pursuant to the GDPR The European Union’s General Data Protection Regulation and the United Kingdom and Switzerland’s version of the same (collectively, the “GDPR”) afford certain rights to individuals in the European Economic Area (“EEA”). If you are in the EEA, you have the following rights. Note, however, that not all rights apply in all circumstances.

  • Right of access: subject to certain exceptions, you have the right of access to your personal data that we hold. If you are requesting access to your data in order to protect the rights of others, we may require you to validate your identity before we can release that information to you.
  • Right to rectify your personal data: if you discover that the information, we hold about you is inaccurate or incomplete, you have the right to have this information rectified (i.e., corrected).
  • Right to be forgotten: you may ask us to delete information we hold about you in certain circumstances. This right is not absolute, and it may not be possible for us to delete the information we hold about you, for example, if we have an ongoing contractual relationship or are required to retain information to comply with our legal obligations.
  • Right to restriction of processing: in some cases, you may have the right to have the processing of your personal data restricted. For example, where you contest the accuracy of your personal data, its use may be restricted until the accuracy is verified.
  • Right to object to processing: you may object to the processing of your personal data (including profiling) when it is based upon our legitimate interests. You may also object to the processing of your personal data for the purposes of direct marketing and for the purposes of statistical analysis.
  • Right to data portability: you have the right to receive, move, copy, or transfer your personal data to another controller when we are processing your personal data based on consent or on a contract and the processing is carried out by automated means.

With regard to your personal data, we are typically the “data controller” for such information under the GDPR. As a result, if you wish to exercise one of the rights discussed above, you may do so by submitting a written request to legal@nmfscience.com. This is normally free, unless this process is unduly difficult or is clearly unfounded, repetitive, or excessive, in which case we may charge a reasonable fee or decline to respond. Once we have received your request, we will review it and contact you within thirty (30) days of receipt of your request, will notify you of any delay in processing your request and, in any event, will respond to the request within three (3) months. Please note that we may need to request specific information from you to help us confirm your identity. If you are located in the EEA and have a concern about our processing of your data, you may have the right to make a complaint to the appropriate data protection authority in the EEA.

B. Lawful Basis under GDPR We will process different types of information under different lawful bases under the GDPR depending on the nature of the information and your relationship with us. The following table describes how we plan to use your personal data and our lawful basis for doing so. We may process your personal data on more than one basis depending on the specific purpose for which we have collected or are otherwise using your information.

Purpose/ActivityType of InformationBasis of Processing
To enter into and subsequently to manage our relationship with you or your company including: Managing your membership and providing you content pursuant to the same. Negotiating, entering into, and performing agreements with you or your company. Responding to inquiries and providing customer support. Managing and processing transactions for our services. Notifying you about changes to our website, business terms, or this Policy. Communicating with you and responding to your inquiries regarding our services, agreements with you or your company, and other issues.Individual contact information, Business contact information, Member account information, Transactional information, Payment information, Communications InformationNecessary for our legitimate interests (to manage our relationships and administer our operations including through the keeping of appropriate records). Performance of a contract with you. Necessary to comply with legal obligations.
To administer and protect our business and website including: Updating and maintaining our website and services. Maintaining business records for legal purposes. Defending and advancing legal claims. Enforcing our rights under any agreements. Ensuring effective security for our services and website. Conducting website maintenance. Identifying and addressing security risks and unlawful activity.Individual contact information, Business contact information, Member account information, Transactional information, Communications information, Device and usage informationNecessary for our legitimate interests (running our business, facilitating administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise). Necessary to comply with legal obligations.
To make decisions about how best to deliver relevant website content and advertisements to you, and otherwise market to you, and to better understand the effectiveness of our marketing effortsIndividual contact information, Member account information, Marketing information, Transactional information, Communications information, Device and usage informationNecessary for our legitimate interests (better understanding website functionality and how website users navigate and interact with the site).
To advance and promote our business interests including contacting you regarding services or promotions that may be of interest, conducting surveys or soliciting feedback on our services, and updating, developing, and improving our services, customer service, and marketing efforts.Individual contact information, Member account information, Marketing information, Transaction information, Device and usage informationNecessary for our legitimate interests (to enhance our services, improve our marketing strategies and develop our business).

C. Transfers from the EEA, Switzerland, or UK If we transfer personal data from the EEA, Switzerland, or UK to the United States or any other country, we will implement appropriate legal mechanisms to ensure an adequate level of personal data protection consistent with the GDPR’s requirements. For example, if the recipient country has not received an Adequacy Decision from the European Commission (such as the United States), we will rely on Standard Contractual Clauses (SCC) that have been approved by the European Commission as the lawful mechanisms for such transfers. Further, we will enter into appropriate data processing agreements with all non-EU (sub)processors that contain SCCs and define data protection standards to be employed by each (sub)processor.

14. Children’s Privacy Our Site is a general audience site and is not directed at, or intended for use by, children under the age of 16 years. Accordingly, we do not knowingly collect personal data from children under age 16. Should we discover that a child under the appropriate age provided their personal data, we will use that information only to respond to that child and inform them that we must have parental consent before receiving such information.

15. Security of Personal Information We use appropriate administrative, technical, and physical measures to protect your personal data from loss, theft, and unauthorized use, disclosure, or modification. Please be aware that no data transmission over the Internet is 100% secure. While we strive to protect your personal data, we cannot ensure or warranty the security of any information you transmit to us, and you do so at your own risk.

16. Data Storage and Retention We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or other mandatory reporting requirements. To determine the appropriate retention period we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it, whether we can achieve those purposes through other means, and the applicable legal requirements. We also consider any specific limitation periods under applicable law.

17. Changes to this Policy Please note that we may change this Policy from time to time. If there are changes to our Policy, we will post them here and update the “Last Updated” date at the top of this document. Continued use of this Site after any changes is deemed to be acceptance of those changes. Accordingly, we encourage you to check the Policy periodically for updates.

18. How to Contact Us For questions or more information about our privacy practices, please contact us by e-mail at legal@nmfscience.com or by using the contact information provided below:

NMF Science LLC 1916 Main St Suite #138018, Niagara Falls, NY 14305, United States.