GDPR Policy

PRIVACY STATEMENT

Grassroots Physical Therapy, LLC (doing business as Grassroots Self-Treatment) values your business and respects your privacy rights.  This privacy policy covers what information we collect and why we collect it, how we use the information we collect, and the choices you have to access and update that information. Please familiarize yourself with our practices and let us know if you have any questions. By using our sites and services, you expressly consent to our collection, use, disclosure, and retention of your personal information as described in this privacy policy. If you do not agree to this privacy policy, please do not use our site.


WHAT INFORMATION DO WE COLLECT AND WHAT DO WE DO WITH IT?

Our online store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.  Therefore, Shopify’s terms of use and privacy policies apply when you browse or purchase products from our site. You can read Shopify’s privacy policies at https://www.shopify.com/legal/privacy.  


When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, shipping and billing address, phone number and/or email address in order to fulfill your order.  Information from cookies, stored temporarily as per Shopify’s Cookie policy, are also collected. Please see our Cookie Policy below and Shopify’s cookie policy is available at https://www.shopify.ca/legal/cookies.


When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.


Email marketing (if applicable): When you sign up to receive our e-newsletters or marketing emails, you give us permission to send you emails about our store, new products and other updates.


COOKIE POLICY

We use cookies and other tracking technologies (including but not limited to browser cookies, pixels, beacons and mobile application identifiers) to help us recognize you across different sites and services, improve your experience, increase security, measure use and effectiveness of our services, and serve advertising. Cookies also help us know how our site is working, but these cookies generally do not collect any personal information about you. By visiting our sites and services, you consent to the placement of cookies and beacons in your browser and HTML-based emails in accordance with this privacy policy and our Cookie Policy. You can choose to accept or reject cookies by adjusting your cookie settings for the browser you use.


Here is a partial list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.

_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).

_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits

_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.

cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.

_secure_session_id, unique token, sessional

storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.


CONSENT

When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, you imply that you consent to our collecting it and using it for that specific reason only.  


Under the General Data Protection Regulation (GDPR), additional lawful basis we may rely on for processing your information are:


  • We have a contractual or legal obligation
  • We have a vital or legitimate interest.  

If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say ‘no.’


DATA STORAGE AND RETENTION

When you sign up for our e-newsletter, marketing or other notifications, your data is stored on our servers, which may be outside the United States.    We maintain your data until you unsubscribe from our email notifications. You can unsubscribe by clicking the “unsubscribe” link in our notices.


When your purchase products through our on-line store, your data is stored through Shopify’s data storage, databases and the general Shopify application.  In general, Shopify will keep your data as long as Shopify provides the platform for our online store and purge it 90 days after our store is closed.


If you are a European resident, please note that your information will be transferred outside of Europe, including to Canada and the United States. By using our Website and providing us with your personal data, you consent to these transfers in accordance with this Privacy Policy.


For information on where Shopify processes your data and how it is protected, please refer to Shopify’s privacy policy at https://www.shopify.com/legal/privacy.  Shopify’s Privacy Shield certification statement can also be found on PrivacyShiled.gov.  


SHARING PERSONAL INFORMATION

We do not sell any personal information we collect from you without your consent to any other business or vendor who does not need your information to provide a service to us or to you related to your interaction with our Website.  


We and our affiliates (including Shopify, Inc.) may share personal information about you with third parties in the following circumstances:


  • Your personal information, and the contents of all of your online communications on or through our sites and services may be accessed and monitored as necessary to operate our sites and perform our services, and may be disclosed:
  • to satisfy any applicable laws or regulations,
  • to defend ourselves in litigation or a regulatory action,
  • in order to protect the rights or property of Grassroots Physical Therapy, LLC (doing business as Grassroots Self-Treatment) and our affiliates, including to enforce our sites’ or services' terms of use,
  • when we have a good faith belief that we are required to disclose the information in response to legal process (for example, a subpoena, court order, or search warrant),
  • where we believe our sites and services are being used in the commission of a crime, including to report such criminal activity or to exchange information with other companies and organizations for the purposes of fraud protection and risk management.
  • We may share personal information about you for any other purpose(s) disclosed to you at the time we collect your information or with your consent.
  • We may affiliate with other businesses to assist us in our marketing, communications, and sales efforts, and may share information about you for these purposes. If any of those communications require us to obtain your authorization to disclose your personal or health information, we will obtain your authorization first.
  • In addition, information about our users, including personal information, may be disclosed as part of any merger, acquisition, debt financing, sale of company assets, or similar transaction, as well as in the event of insolvency, bankruptcy or receivership in which personal information could be transferred to third parties as one of our business assets.

YOUR DATA PROTECTION RIGHTS

We provide all our customers, including those who are residents of the European Union, the following rights;

  • Right to Withdraw Consent – You have the right to withdraw previously given consent to the processing of your data.  If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us at the address below.  
  • Right of Access – You have the right to ask us for copies of your personal information.
  • Right to Rectify – You have the right to ask us to rectify information you think is inaccurate.  You also have the right to ask us to complete information you think is incomplete.
  • Right to erasure – You have the right to ask us to erase your personal information in certain circumstances.  However, we cannot erase your order information for 180 days, which is the window of time in which Shopify allows a customer to make chargeback.
  • Right to restriction of processing – You have the right to ask us to restrict the processing of your personal data in certain circumstances.
  • Right to data portability – You have the right to ask that we transfer the information you gave us to another organization, or to you, in certain circumstances.  You may request your data by contacting us at the address under the “Questions and Contact Information” heading below.

If you would like to exercise any of these rights, please contact us through the contact information below.  If you make a request, we will make reasonable efforts to respond within 30 days unless required by applicable law to respond sooner.   


SECURITY

To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.


If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with AES-256 encryption.  Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.


If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.


All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.


For more insight, you should read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).


It is important to remember that no system can guarantee 100% security at all times. Accordingly, we cannot guarantee the security of information stored on or transmitted to or from our services. We cannot assume responsibility or liability for unauthorized access to our servers and systems. When disclosing any personal information, you should remain mindful of the fact that it is potentially accessible to the public and, consequently, can be collected and used by others without your consent. Accordingly, you should consider carefully if you want to submit sensitive information that you would not want disclosed to the public and should recognize that your use of the Internet and our sites and services is solely at your risk.


LINKED SITES AND SERVICES

Our sites and services may link to other sites or services operated by our affiliates or third parties, and may carry advertisements or offer content, functionality, newsletters or applications developed and maintained by third parties. We do not exercise control over third party sites or services. We are not responsible for the privacy practices of any such third parties. Once you leave our sites or services via a link, enable a third-party service, or click an advertisement, you should check the applicable privacy policy of the third-party's site or service. The fact that we link to a site or present a banner ad or other type of advertisement is not an endorsement, authorization or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices.


We may also provide social media features on our sites and services that enable you to share personal information with your social network(s) and to interact with our sites and services. Depending on the features, your use of these features may result in the collection or sharing of personal information about you. We encourage you to review the privacy policies and settings on the social media site(s) with which you interact.  We are not responsible for the privacy or security of any information you share on such sites.


DO NOT TRACK

We do not currently actively respond to "Do Not Track" browser signals or mechanisms that indicate a request to disable online tracking of individual users who use our sites and services.


AGE OF CONSENT

We do not intend to collect any information from anyone under 18 years of age in compliance with the Children’s Online Privacy Protection Act (COPPA) and the General Data Protection Regulation (GDPR) of the European Union.  If you are under 18, please do not disclose or provide any information. If we learn that we have collected personal information from a child under 18, we will take steps to promptly delete the information.


By using this site, you represent that you are at least 18 years of age or the age of majority in your state or province of residence.  Alternatively, if you are the parent or guardian of someone under 18, you have given us your consent to allow any of your minor dependents to use this site.


CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.


QUESTIONS AND CONTACT INFORMATION

If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information, contact our Data Protection/Privacy Compliance Officer at rachel@grassrootsphysicaltherapy.com or by mail at:


Grassroots Self Treatment

Attn: Privacy Compliance Officer

1760 South 1100 East, Suite 3

Salt Lake City, Utah US 84105

(385) 226-5481