GDPR Privacy Notice

MLB as your Controller

My Lifestyle Business (“MLB”) is the personal data controller of the following EEA Individuals for the purposes and in accordance with the legal bases for processing personal data:

  1. Visitors and Registered Users (collectively, “Customers”) and
  2. Affiliate partners and vendor contacts (collectively, “Business Contacts”)

In some cases, there may be overlap of the above categories of data subjects (e.g., Visitors and Registered Users using the Websites).

Applicability

This GDPR Privacy Notice (this “GDPR Notice“) shall apply when we process the personal data of natural persons located in the European Economic Area (“EEA Individuals,” “you,” or “your“). This GPDR Notice is made an integral part of our Privacy Policy. To the extent of any conflict between this GDPR Notice and any other provision of the Privacy Policy, this GDPR Notice shall control only with respect to EEA Individuals and their personal data.

The term “European Economic Area” (or “EEA“) shall mean the then-current member states and member countries of the European Union and European Economic Area, respectively, Switzerland, and, upon its withdrawal from the European Union, the United Kingdom.
Any capitalized terms or other terms not defined herein shall have the meaning ascribed to them in the MLB Policy or, if not defined herein or in the Privacy Policy, the GDPR. If you are located elsewhere, please see our Privacy Policy.

Purpose & Legal Basis of Processing for Data Subjects

  1. For Visitors and Registered Users – We will process your personal data for information security purposes. Our web servers will log your IP address and other information (e.g., browser information, operating system, request date/time, user agent string, referral and exiting URL) in order to maintain an audit log of activities performed. This information will be used and processed pursuant to our legitimate interests in tracking usage of the Websites, combating DDOS or other attacks, and removing or defending against malicious visitors on the Websites.
  2. For Registered Users and Customers – We will process your personal data for the following purposes:
    • For performing and consummating any contract and obligations with you, including those obligations relating to the sale transactions, Privacy Policy, Terms of Use, and any and all contracts relating to you being our customer;
    • For furthering business relationships with you, which includes storing your information within a CRM or other database/file), ensuring customer satisfaction, and answering inquiries.
    • For using testimonials, feedback, or survey responses from you for marketing purposes, such as posting on the Websites or within sales decks, pitches, or other promotional content (e.g., email marketing)
    • For administering our rewards and promotional offerings, including that of our promotional and marketing partners (e.g., affiliate partners. For example, when you avail of our products and/or service, we share your name and email address with the referring affiliate partners only to the extent such affiliate partners have offered you bonuses or rewards for following their referral link.
    • For direct marketing such as when you negotiate, avail of and/or purchase a product and/or service with us, we will send email marketing communications to you for the legitimate purpose as such communication is made in the context of a sale;
    • For audience measurement and retargeting – upon your express consent, we use various marketing and analytics cookies for purposes of audience measurement, retargeting, and creating relevant Visitor experiences (such as based on their interaction with our Websites).
  3. Business contacts either as our Affiliate Partners or Vendor Contacts – We will process your personal data for the following purposes:
    • For performing our contractual obligations with you as our Affiliate Partners, including your application with us as your affiliate partners; and
    • For establishing and developing our vendor relationships whereby we will receive the personal information of contacts employed or otherwise associated with such vendors.

When we process your personal data, we disclose to various categories of MLB personnel as recipients in order to appropriately effectuate the above purposes. Our recipients include those that provide technical assistance, order fulfillment, customer service, marketing assistance, payment processing, survey collection, promotional and marketing assistance, and business operations.

Retention

We retain your personal data as necessary to fulfill the purposes set forth within this Notice and to the extent you have (or demonstrate interest in) a relationship with us, unless you request deletion of such data or such data is no longer relevant. In some cases, we may have to retain data to comply with our legal obligations (e.g., accounting, finance, tax).

Transfer of Personal Data outside the EEA

Our Websites are operated and managed from Canada. Our websites are hosted on LINODE servers located in Newark, NJ, enabling visitors to our websites to benefit from fast website access speeds. We also use a Content Delivery Network (CDN) offered through CLOUDFLARE, which effectively distributes our web content and user data to servers across the globe in an effort to be as close as possible to user locations. Both CLOUDFLARE and LINODE provide effective user data protection. As an additional step, we have entered into a Data Processing Agreement with Cloudflare. Please be aware that any information provided to or collected by us, including personal information, will be transferred from your country of origin to where our global LINODE servers are located and are additionally distributed by CLOUDFLARE to global server locations for our Content Delivery Network (CDN). Therefore, in regard to user data transfers, including for users under the EU’s GDPR and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), your decision to provide such data to us, or allow us to collect such data through our Website, constitutes your consent to this data transfer. In other instances, however, we may alternatively rely on appropriate Standard Contractual Clauses to ensure adequate protection of your personal data.

Access LINOD legal compliance here: https://www.linode.com/legal-compliance/
Access CLOUDFLARE legal compliance here: https://www.cloudflare.com/gdpr/introduction/

Disclosure and Transfer of Data

We may disclose or transfer the personal data we process for the following reasons:

  1. When we will be required by virtue of lawful governmental requests for purposes of national security or law enforcement requirements, court orders and subpoenas.
  2. In the event of a merger, reorganization, dissolution or similar corporate event, or the sale of all or substantially all of our assets where we will ensure the privacy and confidentiality of your personal data as set forth in this GDPR Notice. 

GDPR Notice

If, in the future, we intend to process your personal data for a purpose other than that which it was collected, we will provide you with information on that purpose and any other relevant information at a reasonable time prior to such processing. After such time, the relevant information relating to such processing activity will be revised or added appropriately within this GDPR Notice, and the “Effective Date” at the top of this page will be updated accordingly.

Your GDPR Rights; How to Contact Us

You have a right to: (i) request access to, correction and/or erasure of your personal data; (ii) object to processing of your personal data; (iii) restrict processing of your personal data; and (iv) request a copy of your personal data, or have a copy thereof sent to another data controller, in a structured, commonly used and machine readable format under the right of data portability.

You also have the right to lodge a complaint about the processing of your personal data with an appropriate data protection authority, and, as applicable, to exercise third-party beneficiary rights under MLB’s Standard Contractual Clauses. Contact details for the EU data protection authorities can be found at: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

You have also the right to object to the processing of personal data pursuant to our legitimate interest. In such case, we will cease to process your personal data, unless there is an appropriate, overriding legitimate grounds for the processing or if needed for the establishment, exercise, or defense of legal claims. You may also object at any time to processing of your personal data for direct marketing purposes by clicking “Unsubscribe” within an automated marketing email.

You may exercise these rights and submit a GDPR complaint with the subject line “GDPR Notice.” by contacting: [email protected] or our representative in the European Union:

ePrivacy GmbH

Große Bleichen 21

20354 Hamburg Germany

https://www.eprivacy.eu