Who is Caroline Cain?
Caroline Cain is a Nutritionist, Eating Psychology Coach and a Diamond leader with dōTERRA. She is passionate about toxin-free living, educating individuals on the power of plant based medicine and living a natural health lifestyle. Caroline also has a successful background in business coaching and is committed to inspiring leadership through her grounded, yet
strategic team mentoring.
What personal information do we collect from the people that visit our blog, website, forms or landing pages?
When contacting us on through our website, forms or landing pages, as appropriate, you may be asked to enter your name, email address, mailing address, phone number or other details to help you with your experience.
When do we collect information?
We collect information from you when you subscribe to a newsletter, respond to a survey, fill out a form or enter information on our site.
How do we use your information?
We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, fill out our contact forms, surf the website, or use certain other site features in the following ways:
- To improve our website in order to better serve you.
- To allow us to better service you in responding to your customer service requests.
- To administer a contest, promotion, survey or other site feature.
- To ask for ratings and reviews of services or products
- To follow up with them after correspondence (live chat, email or phone inquiries)
Where do we store and process personal data?
We store your data with our respective service providers and locally, as outlined below.
How do we secure personal data?
For our external service providers, we use Two Factor Authentication. All our service providers meet data privacy compliance (e.g. USA-HIPAA, EU, UK, CAN-PIPEDA) or are certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation. All locally stored data, e.g. tax invoices, are stored on encrypted devices as well as in an encrypted cloud-backup service using Two Factor Authentication. For our website we not use regular malware scanning and Two Factor Authentication. Our website does not require a SSL connection because all private information is collected through secure 3rd party services as outline below. An external PCI compliant payment gateway, PayPal, handles all credit card transactions.
How long do we store your data?
Unless otherwise stated in the following sections, we will store the data only as long as necessary to achieve the purpose of processing or to fulfill our contractual or statutory obligations.
How is your data transmitted?
Unless otherwise stated in the following sections, data will be processed on the servers of technical service providers commissioned by us for this purpose. These service providers will only process the data after having received express instructions and they are contractually obliged to guarantee adequate technical and organizational measures for data protection.
Insofar as we refer to integrated services of other providers in this Data Protection Declaration, it can be assumed that personal data will be transmitted to the specified headquarters of these providers. These providers may be based in a so-called third country outside the European Union or the European Economic Area. Further information can be found in the sections describing each service.
Do we use 'cookies'?
- Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf.
In the following section, we will inform you about our newsletter as well as other types of business emails and electronic communications and your right to object. By subscribing to our newsletter, you agree to receive it and you agree to the processes described below. The legal basis is your consent pursuant to Art. 6 paragraph 1 sentence 1 letter a GDPR and Section 7 paragraph 2 no. 3 of the German Act against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb – UWG). We do not include the following information under the term “advertising communication”: Information about technical and organizational processes and information relating to the provision of services to our users. We use the newsletter service of The Rocket Science Group LLC (675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA; "MailChimp"). To subscribe to our newsletter, use the double opt-in procedure, which serves to confirm your e-mail address. This confirmation is required so that no one can register with an e-mail address that does not belong to them. Subscriptions to the newsletter are logged in order to be able to provide evidence of the registration process in accordance with statutory requirements. This includes the storage of the login itself, the time of confirmation, as well as the IP address. Any changes to your data stored with the service provider that sends the newsletters are also logged. The newsletters contain cookies that are retrieved by the server of the service provider that sends the newsletter, as soon as the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used for technical improvement or to analyze the target groups and their reading behavior on the basis of their retrieval locations (which can be determined using the IP address) or access times. The statistical data collection also includes determining if and when the newsletters are opened and which links are clicked and when they are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. These analyses are primarily intended to help us to identify the reading habits of our users and to adapt our content to them or to send different content based on user interests. The legal basis is Art. 6 paragraph 1 sentence 1 letter f GDPR. You can stop receiving our newsletter at any time in the future just by letting us know that you wish to cancel or by using the link at the bottom of each of our communications or by using our contact form.
Contact Forms and surveys
We use various contact forms and occasionally perform surveys. For this purpose, we collect and process your contact data as provided in the contact forms and surveys. The transfer of your data is encrypted. The provision of any additional data is voluntary. Your consent to its use may be revoked at any time by sending us a message to the contact e-mail address stated below. All data fields marked as mandatory are required for processing your request. If they are not provided, your request cannot be carried out. Alternatively, you can also send us a message to the contact e-mail address stated below. We use the services of Wavoto (753 Waterside Drive, South Elgin, Illinois 60177; "Wavoto") as well as Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). To conduct the surveys, these services may collect additional information from participants in the form of cookies, which are only intended to ensure that the survey service is fully usable and that the surveys run as intended. The legal basis for processing this additional information is Art. 6 paragraph 1 sentence 1 letter f GDPR. If you do not participate in our surveys or do not fill our forms, no personal information will be collected.
Wavoto Privay Policy: https://www.wavoto.com/privacy-policy/
Google LLC is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation.
Google LLC is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation.
Facebook (Visitor Action Pixel)
We use the “visitor action pixels” from Facebook Inc (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on our website. This allows user behavior to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy https://www.facebook.com/about/privacy/. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes. The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads.
Facebook is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation.
Integrated Services and Third Party Content
We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential (e.g. our mailing list or contact form service providers). We use services and content provided by third parties on our website (hereinafter collectively referred to as “content”). For this kind of integration, it is technically necessary to process your IP address so that the content can be sent to your browser. Your IP address will therefore be transmitted to the respective third party provider. In each case, this data processing is carried out to safeguard our legitimate interests in the optimization and the commercial operations of our website, the legal basis of which is Art. 6 paragraph 1 sentence 1 letter f GDPR. The Java programming language is regularly used to integrate content. Therefore, you can object to data processing by deactivating Java operations in your browser.
We have integrated contents from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”) into our website:
“YouTube” for displaying videos. Google LLC is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation.
Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
California Online Privacy Protection Act
- Users can visit our site anonymously.
- You can change your personal information by emailing us.
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online. We do not specifically market to children under the age of 13 years old.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information. In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
-We will notify you via email within 7 business days.
We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. We collect your email address in order to:
- Send information, respond to inquiries, and/or other requests or questions
To be in accordance with CANSPAM, we agree to the following:
- If at any time you would like to unsubscribe from receiving future emails, you can do so by using the link at the bottom of each of our communications or by email us at to the contact information below and we will promptly remove you from ALL correspondence.
As the person concerned, you are entitled to exercise your rights against us. In particular, you have the following rights. In accordance with Article 15 GDPR and Section 34 BDSG, you have the right to request information as to whether or not, and to what extent, we process personal data about you:
- You have the right to have us correct your data in accordance with Article 16 GDPR.
- You have the right to have us delete your personal data in accordance with Article 17 GDPR and Section 35 BDSG.
- You have the right to have the processing of your personal data restricted in accordance with Article 18 GDPR.
- You have the right, in accordance with Article 20 GDPR, to receive the personal data concerning you that you have provided to us, in a structured, commonly used and machine-readable format and to transmit this data to another controller.
If you would like to exercise any of these rights, please contact us through the contact information below. Additionally, if you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you purchase one of our services), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information may be transferred outside of Europe, including to Canada and the United States, e.g. if our service provider resides outside the EU.
The Right to Object
In accordance with Article 21 GDPR, you have the right to object to any processing operations executed that use Art. 6 paragraph 1 sentence 1 letter e and letter f GDPR as their legal basis.
Complaints to Government Authorities
If you believe that the processing of your personal data constitutes an infringement of the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR.
Last Edited on 2021-08-24