Updated: May 24, 2018
Information Collection and Use
In order for our coaching in the Tiny Habits method to be effective, we ask for some personal data about you. We need your email address because that’s how we send instructions to you about the method. We ask you to share what habits you are creating so we can coach you more effectively. We also ask you to report how you are doing with your selected habits. Optionally you can share your professional and other personal data, but it is not required. If you want us to erase any of this information or remove consent, please let us know as detailed below.
Personal Data We Collect:
You can generally visit our website without having to submit any personal data about yourself to us.
If you register on our Services, we ask to collect your email address. You may also elect to provide us with your name and other professional or personal data. If you contact us with questions or request information or complete a survey, we will collect the personal data that you voluntarily transmit to the Services.
Anyone who has access to the web can enroll in a session of Tiny Habits. We use an online form (such as Google Forms) that is based in the United States. That means if you are outside the U.S. and use our enrollment method, the online form will probably transfer what you enter internationally.
Persistent Identifiers and Tracking
We may use both session ID cookies and persistent cookies. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. You can read more about cookies at www.allaboutcookies.org.
How we Use Information
Where we need to perform the contract we are about to enter into or have entered into with you. For example, when you purchase our Services, that’s a contract.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example, when we carry out fraud screening as part of the check-out process.
Where we need to comply with a legal or regulatory obligation. For example, keeping records of our sales for tax compliance.
Generally, we do not rely on consent as a legal basis for processing your personal data other than where the law requires it, for example in relation to sending certain direct marketing communications. Where our legal basis is consent, you have the right to withdraw consent any time.
Specifically, we may use your personal data to provide you with the Services and certain information you have requested, provide you with support, verify your authority to use the Services and improve the content and general administration of the Services (to perform our contract and for our legitimate interests).
We may send you direct marketing, newsletters and information that we believe may be of interest to you (for our legitimate interests).
We may analyze the aggregate data that we collect for trends and statistics in the aggregate, and we may use such aggregate information to administer the Services, and gather broad demographic information for aggregate use (for our legitimate interests).
We may also use personal data to resolve or defend legal claims (for a legal or regulatory obligation).
Tiny Habits recognizes the privacy interests of children and we encourage parents and guardians to take an active role in their children's online activities and interests. The Services are not directed to children under the age of 16. Tiny Habits does not target this Services to children under 16. Tiny Habits does not knowingly collect personal data from children under the age of 16. If you are under the age of 16, please do not provide us with any personal data.
California Privacy Rights
We do not disclose any personal data to third parties for their direct marketing purposes. Should this practice change, we will seek your consent before disclosing information for a third party’s direct marketing.
Social Plugins on Our Services
We may use social plugins on our Services and may include icons that allow you to interact with third party social networks such as Facebook, Pinterest and Twitter. For example, you may “Like” us on Facebook or follow us on Twitter. The third party social plugin may set a cookie when your browser creates a connection to the servers of such social networks and the plugin may transmit your data to the social networks. Your use of these social plugins is subject to the privacy policies of the third party social networks.
We may provide your personal data and the data generated by cookies and the aggregate information to the vendors and service agencies that we may engage to assist us in providing our services to you, such as our hosting providers or other certified coaches.
If you're assigned a Tiny Habits certified coach (or coach-in-training), that person will be able to view your personal data in the Services in order to provide you with coaching services. Such certified coaches will be able to communicate with you through the Services.
If you post a comment on our blogs, other users of our Services will be able to view your name and comment.
Links to Third Party Web Sites
We use a variety of third-party data processors, including Google (primarily Google Forms), Heroku, Infusionsoft, GoSquared, and Mailgun. To the best of our knowledge all of these companies adhere to GDPR regulations, and none of these third parties has access to the data you share with us.
We and our hosting provider may employ procedural and technological measures that are generally consistent with industry practice such as password protection and internal restrictions. Such measures are reasonably designed to help protect your personal data from loss, unauthorized access, disclosure, alteration or destruction.
We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Tiny Habits LLC is the data controller.
Users Outside of the United States
If the General Data Protection Regulation applies to you because you are in the European Union, you have rights under data protection laws in relation to your personal data:
The right of access – that’s a right to make what’s known as a ‘data subject access request’ for copy of the personal data we hold about you;
The right to rectification – that’s a right to make us correct personal data about you that may be incomplete or inaccurate;
The right to erasure – that’s also known as the ‘right to be forgotten’ where in certain circumstances you can ask us to delete the personal data we have about you (unless there’s an overriding legal reason we need to keep it);
The right to restrict processing – that’s a right for you in certain circumstances to ask us to suspend processing personal data;
The right to data portability – that’s a right for you to ask us for a copy of your personal data in a common format (for example, a .csv file);
The right to object – that’s a right for you to object to us processing your personal data (for example, if you object to us processing your data for direct marketing).
These rights are subject to certain rules around when you can exercise them.
If you wish to exercise any of the rights set out above, please contact us at firstname.lastname@example.org
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You have the right to make a complaint at any time to the data protection authority in your country of residence. We would, however, appreciate the chance to deal with your concerns before you approach a data protection authority so please contact us in the first instance.