Privacy policy

Home / Privacy policy

www.carolinecain.com Privacy Policy

This privacy policy has been compiled to better serve those who are concerned with how their ‘Personally Identifiable Information’ (PII) is being used online. PII, as described in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.

Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.

Who is Caroline Cain?
Caroline Cain is a Nutritionist, Eating Psychology Coach and a Platinum leader with dōTERRA. She is passionate about toxin-free living, educating individuals on the power of plant based medicine and living a natural health lifestyle. Caroline also has a successful background in business coaching and is committed to inspiring leadership through her grounded, yet
strategic team mentoring.

What personal information do we collect from the people that visit our blog, website, forms or landing pages?
When contacting us on through our website, forms or landing pages, as appropriate, you may be asked to enter your name, email address, mailing address, phone number or other details to help you with your experience.

When do we collect information?
We collect information from you when you subscribe to a newsletter, respond to a survey, fill out a form or enter information on our site.

How do we use your information?
We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, fill out our contact forms, surf the website, or use certain other site features in the following ways:

  • To improve our website in order to better serve you.
  • To allow us to better service you in responding to your customer service requests.
  • To administer a contest, promotion, survey or other site feature.
  • To ask for ratings and reviews of services or products
  • To follow up with them after correspondence (live chat, email or phone inquiries)

Where do we store and process personal data?
We store your data with our respective service providers and locally, as outlined below.

How do we secure personal data?

  • For our external service providers, we use Two Factor Authentication. All our service providers meet data privacy compliance (e.g. USA-HIPAA, EU, UK, CAN-PIPEDA) or are certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation.
  • All locally stored data, e.g. tax invoices, are stored on encrypted devices as well as in an encrypted cloud-backup service using Two Factor Authentication.
  • For our website we not use regular malware scanning and Two Factor Authentication. Our website does not require a SSL connection because all private information is collected through secure 3rd party services as outline below.
  • An external PCI compliant payment gateway, PayPal, handles all credit card transactions.

How long do we store your data?
Unless otherwise stated in the following sections, we will store the data only as long as necessary to achieve the purpose of processing or to fulfill our contractual or statutory obligations.

How is your data transmitted?
Unless otherwise stated in the following sections, data will be processed on the servers of technical service providers commissioned by us for this purpose. These service providers will only process the data after having received express instructions and they are contractually obliged to guarantee adequate technical and organizational measures for data protection.

Insofar as we refer to integrated services of other providers in this Data Protection Declaration, it can be assumed that personal data will be transmitted to the specified headquarters of these providers. These providers may be based in a so-called third country outside the European Union or the European Economic Area. Further information can be found in the sections describing each service.

Do we use ‘cookies’?
We use cookies on our website. Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser used and can be recognized by our web server. Insofar as this use of cookies results in the processing of personal data, the legal basis for this is Art. 6 paragraph 1 sentence 1 letter f GDPR. This manner of processing serves our legitimate interest in making our website more user-friendly, effective and secure.

Most of the cookies we use are known as “session cookies”. They are deleted after the end of you visit. Other cookies (“persistent cookies”) are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser. You can object in principle to the use of cookies through your browser settings.

We use cookies to:

  • Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf.

For instance, we use cookies to not show you the newsletter signup popup every time you are visiting our website. They are also used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

If you turn cookies off, it won’t affect the user’s experience .

How does our site handle Do Not Track signals?
We honor Do Not Track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

Does our site allow third-party behavioral tracking?
It’s also important to note that we do not allow third-party behavioral tracking.

Newsletter
In the following section, we will inform you about our newsletter as well as other types of business emails and electronic communications and your right to object. By subscribing to our newsletter, you agree to receive it and you agree to the processes described below. The legal basis is your consent pursuant to Art. 6 paragraph 1 sentence 1 letter a GDPR and Section 7 paragraph 2 no. 3 of the German Act against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb – UWG).

We do not include the following information under the term “advertising communication”: Information about technical and organizational processes and information relating to the provision of services to our users.

We use the newsletter service of The Rocket Science Group LLC (675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA; “MailChimp”). To subscribe to our newsletter, use the double opt-in procedure, which serves to confirm your e-mail address. This confirmation is required so that no one can register with an e-mail address that does not belong to them. Subscriptions to the newsletter are logged in order to be able to provide evidence of the registration process in accordance with statutory requirements. This includes the storage of the login itself, the time of confirmation, as well as the IP address. Any changes to your data stored with the service provider that sends the newsletters are also logged.

The newsletters contain cookies that are retrieved by the server of the service provider that sends the newsletter, as soon as the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used for technical improvement or to analyze the target groups and their reading behavior on the basis of their retrieval locations (which can be determined using the IP address) or access times. The statistical data collection also includes determining if and when the newsletters are opened and which links are clicked and when they are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. These analyses are primarily intended to help us to identify the reading habits of our users and to adapt our content to them or to send different content based on user interests. The legal basis is Art. 6 paragraph 1 sentence 1 letter f GDPR.

You can stop receiving our newsletter at any time in the future just by letting us know that you wish to cancel or by using the link at the bottom of each of our communications or by using our contact form.

The Rocket Science Group LLC is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation.

Contact Forms and surveys
We use various contact forms and occasionally perform surveys. For this purpose, we collect and process your contact data as provided in the contact forms and surveys. The transfer of your data is encrypted. The provision of any additional data is voluntary. Your consent to its use may be revoked at any time by sending us a message to the contact e-mail address stated below. All data fields marked as mandatory are required for processing your request. If they are not provided, your request cannot be carried out. Alternatively, you can also send us a message to the contact e-mail address stated below.

We use the services of SurveyMonkey Inc (San Mateo, One Curiosity Way, San Mateo, California 94403, “SurveyMonkey”) and it’s daughter company Wufoo, as well as Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). To conduct the surveys, these services may collect additional information from participants in the form of cookies, which are only intended to ensure that the survey service is fully usable and that the surveys run as intended.

The legal basis for processing this additional information is Art. 6 paragraph 1 sentence 1 letter f GDPR. If you do not participate in our surveys or do not fill our forms, no personal information will be collected.

SurveyMonkey (and thus also Wufoo) are certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation.

Google LLC is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation.

Google Analytics
We use the Google Analytics service from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”) to analyze our website visitors. Google uses cookies. The information generated by the cookie about the use of the online product or service by users is generally transferred to a Google server in the USA and stored there. Google will use this information on our behalf to evaluate the use of our online products and services by users, to compile reports on the activities within these online products and services and to provide us with further services associated with the use of these online products and services and the use of the internet. Pseudonymous user profiles can be created from the processed data.

We use Google Analytics only with IP anonymization enabled. This means that Google will truncate the IP address of users within Member States of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent cookies from being stored by adjusting the settings to their browser software accordingly.

The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. Users can prevent the collection of data generated by cookies by downloading and installing the browser plug-in that is available here.

Google LLC is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation.

Facebook (Visitor Action Pixel)
We use the “visitor action pixels” from Facebook Inc (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on our website.

This allows user behavior to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy https://www.facebook.com/about/privacy/. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes.

The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads.

Facebook is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation.

Integrated Services and Third Party Content
We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential (e.g. our mailing list or contact form service providers).

We use services and content provided by third parties on our website (hereinafter collectively referred to as “content”). For this kind of integration, it is technically necessary to process your IP address so that the content can be sent to your browser. Your IP address will therefore be transmitted to the respective third party provider.

In each case, this data processing is carried out to safeguard our legitimate interests in the optimization and the commercial operations of our website, the legal basis of which is Art. 6 paragraph 1 sentence 1 letter f GDPR.

The Java programming language is regularly used to integrate content. Therefore, you can object to data processing by deactivating Java operations in your browser.

We have integrated contents from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”) into our website:

  • “YouTube” for displaying videos.

Google LLC is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation.

Third-party links
Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

California Online Privacy Protection Act
CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. – See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf

According to CalOPPA, we agree to the following:

  • Users can visit our site anonymously.
  • Once this privacy policy is created, we will add a link to it on our home page or as a minimum, on the first significant page after entering our website.
  • Our Privacy Policy link includes the word ‘Privacy’ and can easily be found on the page specified above.
  • You will be notified of any Privacy Policy changes via Email.
  • You can change your personal information by emailing us.

COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.

We do not specifically market to children under the age of 13 years old.

Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:

  • We will notify you via email within 7 business days.

We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.

CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:

  • Send information, respond to inquiries, and/or other requests or questions

To be in accordance with CANSPAM, we agree to the following:

  • If at any time you would like to unsubscribe from receiving future emails, you can do so by using the link at the bottom of each of our communications or by email us at to the contact information below and we will promptly remove you from ALL correspondence.

Your Rights
As the person concerned, you are entitled to exercise your rights against us. In particular, you have the following rights:

In accordance with Article 15 GDPR and Section 34 BDSG, you have the right to request information as to whether or not, and to what extent, we process personal data about you.

  • You have the right to have us correct your data in accordance with Article 16 GDPR.
  • You have the right to have us delete your personal data in accordance with Article 17 GDPR and Section 35 BDSG.
  • You have the right to have the processing of your personal data restricted in accordance with Article 18 GDPR.
  • You have the right, in accordance with Article 20 GDPR, to receive the personal data concerning you that you have provided to us, in a structured, commonly used and machine-readable format and to transmit this data to another controller.

If you would like to exercise any of these rights, please contact us through the contact information below.

Additionally, if you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you purchase one of our services), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information may be transferred outside of Europe, including to Canada and the United States, e.g. if our service provider resides outside the EU.

The Right to Object
In accordance with Article 21 GDPR, you have the right to object to any processing operations executed that use Art. 6 paragraph 1 sentence 1 letter e and letter f GDPR as their legal basis.

Complaints to Government Authorities
If you believe that the processing of your personal data constitutes an infringement of the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR.

Changes
We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. If you are signed up to our mailing list, you will be informed by email about any updates and changes.

Contacting Us
If there are any questions regarding this privacy policy, you may contact us at privacy@carolinecain.com

Last Edited on 2018-05-24

Caroline Cain

Copyright 2020 Caroline Cain ©  All Rights Reserved

Terms & Conditions   |   Privacy & Policy