21 Day Club Privacy Notice
Last Updated: June 21, 2020
SUMMARY
Welcome to 21dayclub-canada.com, the website and online service of Essi. This page explains the data we receive from you and how we use it. We want to both allow you to have control over your data and to empower you to make the best decisions about the information you share with us.
DISCLAIMER: This summary of the 21 Day Club Privacy Notice is not legally binding, and is provided simply as a handy reference for understanding the full Privacy Notice which can be downloaded below.
When you use 21 Day Club, we collect and process your information in the following ways:
- We collect information necessary to create your account, such as your email address.
- We use the information we gather from you to provide you with the services you request. For example, when you take a Map, we receive additional data from you, which we use to provide you with the Map you requested, this data may include information about your life, such as information about you, your employment, your finances, your health and wellness, and your relationships. You do not have to share any of this information with us, however, without this information, we will not be able to provide you with a Map.
- You may also provide us with demographic information, such as your year of birth, gender, income, marital status, employment status, and education level. You do not have to provide us with this information. It’s completely voluntary. This information is not considered when providing you with your individual Map results. However, we do use your demographic data in a de-identified manner in order to maintain the norms against, which your individual Map is scored. Sharing your demographic data with us allows us to continuously improve the validity and reliability of the Maps for all users, which allows us to provide each individual user with the most accurate results. Additionally, we use demographic data in an aggregate, de-identified form for Essi’s ongoing research on stress, resilience and emotional intelligence in the workplace.
- We also use the information we gather from you to monitor for unusual or suspicious activity in your account, to communicate with you about your account, and as additional information that can be used to validate who you are if you need to recover your account or your account has been or may be compromised.
- We also share your information with our third party service providers as necessary for them to provide their services to us. We may also have to share your information with third parties if required to do so by law or in the event of a business reorganization.
- If you have questions about our data practices or information we store about you, you can email us at: team@21dayclub.com.
The Service may provide access to Maps, through which individuals may learn about and assess their stress, resilience and emotional intelligence, as well as behavior change tools that help users create a Statement of Commitment of their choice and track their progress over 21 days to reach their personal habit-changing and/or performance improvement goals. The Service may be paid for by you or by an Organization.
We are committed to protecting your rights and your privacy. This Privacy Notice explains what data we collect about you and how we store, analyze and share the data we collect about you through the platform (https://www.21dayclub-canada.com/). This Privacy Notice applies only to Personal Information collected about you online. The Privacy Notice also explains your rights with regard to your data, and how to contact us to request access, corrections, transfer, restriction or deletion of the data we have collected about you.
Before we get started, we want to make sure that you understand certain terms we use throughout this Privacy Notice. So, we’ve created this handy chart to help explain what we mean:
When we say: | We mean: |
“Aggregated Data” | de-identified and aggregated statistical and usage data related to the Services and your User Content |
“Essi”, “us”, “we” or “our” | E. Orioli’s Essi Systems, Inc., a corporation organized under the laws of the State of California |
“GDPR” | the European Union’s General Data Protection Regulation |
“Map(s)” | collectively, the various personal assessments offered through the Service, which include a map questionnaire, scoring grid, and interpretation guide |
“Privacy Notice” | this 21 Day Club Privacy Notice available at https://www.21dayclub-canada.com/consents/privacy_notice |
“Organization” | a legal entity |
“Personal Information” | any information, including personal and material circumstances, that allows a person to become identifiable. |
The “Service” | our online and/or mobile services, web site, and software provided on or in connection with the services of Essi |
“Statement of Commitment” | A Statement of Commitment is one simple sentence structured to help your brain and body remember and practice your new behavior for 21 days to create a habit. |
“Team Map” | a report that displays, in a manner that does not individually identify you or any single user, the aggregated results of all users who have taken a certain Map and elected to participate in the Team Map of their sponsoring Organization |
“User Content” | any materials a you submit, display, or otherwise make available on the Service |
We have designed our Privacy Notice in a question and answer format to make it easy to read and understand. Please read through it carefully. Your knowledge of and consent to our collection, use and disclosure of Personal Data is important. We rely on the following actions when taken by you as indications of consent to our existing and future Personal Data handling:
- Your voluntary provision of Personal Data to us directly;
- Your express consent or acknowledgement contained within a written, verbal or electronic application process; and
- Your verbal consent solicited by us (or our agent) for a specified purpose.
Where we rely on consent for the fair and lawful processing of Personal Data, the opportunity to consent will be provided when the Personal Data in question is collected. Subject to certain legal or contractual restrictions and reasonable notice, consent may be withdrawn at any time. We will inform you of the consequences of withdrawing consent. In some cases, refusing to provide certain Personal Data or withdrawing consent for us to collect, use or disclose your Personal Data could mean that we cannot provide the requested services or information for you. If you wish to withdraw consent, please refer to the section titled Health and Other Special Category Data below. However, there are a number of instances where we do not require your consent to engage in the processing or disclosure of Personal Data. We may not solicit your consent for the processing or transfer of Personal information for those purposes, which have a statutory basis, such as:
- The transfer or processing is necessary for the performance of a contract between you and Essi;
- The transfer or processing is necessary for the performance of a contract, concluded in your interest, between us and a third party;
- The transfer or processing is necessary, or legally required, on important public interest grounds, for the establishment, exercise, or defense of legal claims, or to protect your vital interests; or
- The transfer or processing is required by applicable law.
If you do not agree with our policies and practices contained in this Privacy Notice, please do not enroll yourself in the Service.
What laws, regulations or frameworks does Essi comply with?
The level of data protection established in the USA is lower than the one established in the European Union. We therefore take measures to ensure that your Personal Information is stored safely with us, meeting regulatory privacy and security requirements imposed on European Union businesses. Nothing in this Privacy Notice limits or attempts to limit your rights under applicable laws, including your ability, depending on your country of residence, to file a complaint with your local Data Protection Authority
Essi participates in and has certified its compliance with the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Framework, as set forth by the U.S. Department of Commerce regarding the collection, use and retention of Personal Information from the European Economic Area, the United Kingdom and Switzerland to the United States. Essi is committed to subjecting all personal data received from European Economic Area (EEA) countries, the United Kingdom and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield website at https://www.privacyshield.gov/list. To view and learn more about our certification, please visit [URL].
Essi is responsible for the processing of personal data it receives and subsequently transfers to a third party acting as an agent on its behalf, under the Privacy Shield Framework. Essi complies with the Privacy Shield Principles for all onward transfers of personal data from the EEA, the United Kingdom and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Essi is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. The Federal Trade Commission may be contacted at the following address:
Federal Trade Commission.
Attn: Consumer Response Center 600 Pennsylvania Avenue NW Washington, DC 20580
Email: Consumerline@ftc.gov or www.ftc.gov
In certain situations, Essi may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, Essi commits to resolve complaints about its collection or use of user Personal Information. Any user within the European Economic Area, United Kingdom or Switzerland with questions or concerns regarding the use or disclosure of Personal Information or who wishes to file a complaint are directed to contact us via the mechanism indicated herein. We will respond to any reasonable and valid complaint within 45 days of receipt of such complaint. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the principles contained in this Statement.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield.
Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Does Essi collect information about me?
Yes. We collect Personal Information about you in order to provide you with the Service and for research purposes. Personal Information includes, but is not limited to:
Information We Receive Directly from You
Basic Account Information
Some information is required to create an account on our Service, such as your access code, email address, and password. This is the only information you have to provide to create an account with us.
Map Information
You may provide us with certain Personal Information if you decide to take a Map. For example, your year of birth, gender, income level, marital status, number of children you have, race or ethnicity, education level, employment status, days absent from work, health status, distress level, alcohol and tobacco consumption, and level of exercise, religious beliefs, sexual wellness, or health. We use this information to prepare your Map and determine your level of stress, resilience, or emotional intelligence. Providing this information is entirely voluntary. Some of this information is considered a special category of personal data subject to the GDPR. Please review the section below titled [Health and Other Special Category Data] below to better understand our data handling practices with respect to health and special category data. When completing a Map questionnaire all questions are required; however, the demographic questions, prior to taking the Map questionnaire, give you the option to not answer. Providing any information to us is entirely voluntary. However, should you decide to not share the information we require in order to provide you with a Map, we may not be able to provide you with the Map that you requested.
Change Center Information
You may elect to share additional information with us relating to certain personal habit-forming changes you want to make or with respect to a goal reminder. Providing this information is entirely voluntary. We use this information to provide you with the Service you requested and to improve the Service, generally. While not required to use the Change Center, you may nonetheless, in association with your use of the Change Center, choose to submit certain types of personal information that are considered a special category of personal data subject to the GDPR. Please review the section below titled [Health and Other Special Category Data] to better understand our data handling practices with respect to health and special category data.
We use the information you submit through the Change Center, to help you write a Statement of Commitment, one simple sentence to help your brain and body remember and practice your new behavior, and to send you reminders so that you create a habit, to help you track your progress towards your behavior change goals.
Additional Information
To help improve your experience or enable certain features of the Service, you may choose to provide us with additional information, such as feedback about the Service or information about other individuals, for example, when you use the Share Results feature within the Mapping Center, you may provide us with the email address of the recipient with whom you wish to share your Map or scoring grid.
Contact Information
If you contact us, we collect the information you submit such as your name, contact information, and message.
Information We Receive Through Your Use of the Services
When you access or use our Service, we receive certain usage data. This includes information about your interaction with the Service, for example, when you view or search content, create or log into your account.
We also collect data about the devices and computers you use to access the Service, including IP addresses, browser type, language, operating system, mobile device information (including device and application identifiers), the referring web page, pages visited, location (depending on the permissions you have granted us), and cookie information.
Essi and its vendors use tools such as cookies, tags, scripts and other similar technologies to enhance and support your experience on the Service. These technologies help us administer the web-based platform, measure traffic patterns and the total number of users, as well as to personalize and customize the Service’s content, so that your settings are “remembered” when you login.
Cookies are small pieces of text sent to your browser by a website you visit. Cookies help our Service remember information about your visit, like your preferred settings. Cookies play an important role; they can make your next visit easier and the web-based platform more useful to you. You can learn more about cookies by visiting https://www.allaboutcookies.org, where you will also find information about how to block cookies on different types of browsers. Depending on your location, additional information about cookies may be presented to you when you visit the web-based platform, and you are given the opportunity to object to the use of cookies. However, please be aware that by blocking or deleting cookies you may not be able to take full advantage of the web-based Service.
We use cookies to collect information about your usage of the Service. Additionally, some cookies on our Service are set by third parties who are delivering aspects of the Service on our behalf.
We use cookies:
- To remember that you have used the website before, allowing us to identify you, as well as the number of unique visitors we receive and manage capacity;
- To allow you to navigate the website more quickly and easily;
- To remember your login session as you move from one page to the next within the platform;
- To store your settings and preferences;
- To customize some aspects of the platform to reflect your interests and preferences; and
- To collect statistical information about how you use the website, allowing us to improve our Service over time.
Information We Receive from Third Parties
We may partner with third parties, such as Organizations that offer the Service to their employees. In such cases, those companies may provide us with information related to the department or group within the Organization that you belong. We use this information in the event that you opt-in to participating in a Team Map for that Organization. For example, when you opt-in to participating in a Team Map, we use this information to ensure that we properly aggregate your de-identified User Content with the User Content of other users from the same Organization. Your participation in a Team Map is entirely voluntary. For clarity, the Organization will never know whether or no you’ve opted into participating in its Team Map(s) or not. The only information an Organization will receive from us is the final Team Map, which will not identify any individual user as a source of any of the information contained in the report.
How does Essi use my Personal Information?
To Provide and Maintain the Services
Using the information we collect, we are able to deliver the Service to you and honor our Terms of Use contract with you. For example, we need to use your information to provide you with your Maps; to enable the behavior-changing features of the Service; and to give you customer support.
Improve, Personalize, and Develop the Service
We use the information we collect to improve and personalize the Service. For example, we use the information to troubleshoot and protect against errors; perform data analysis and testing; conduct research; and develop new features and services.
We also use your information to make inferences and show you more relevant content. Here are some examples:
Information like your gender, age, details of your work environment or other details regarding your general wellness allow us to improve the accuracy of your Map profile and better assess factors that impact your profile, such as your environmental demands, your coping capabilities, and your general health.
Based on your responses to your Map questionnaires, we make inferences about your stress, resilience, or emotional intelligence and provide you with customized insights to help you improve the same.
We may personalize certain features of the Service for you based on the behavior change Statement of Commitment you set.
To Communicate with You
We use your information when needed to send you Service notifications and respond to you when you contact us. We may also use your information to promote new features or products that we think you would be interested in.
You can control marketing communications and most Service notifications by using your notification preferences in [account settings] or via the “Unsubscribe” link in an email.
If you have opted to receive notifications via email, we may, from time to time, send you push notifications to provide you with reminders and notices. If you no longer wish to receive such communications, you may unsubscribe using the link in the email or by turning off “reminders” from within the settings of your account
To Promote Safety and Security
We use the information we collect to promote the safety and security of the Service, our users, and other parties. For example, we may use the information to authenticate users, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.
For Research
Additionally, we may de-identify your Personal Information and combine it with the de-identified User Content of other users on the Service to create records of Aggregated Data by removing any information that would allow the remaining data to be linked directly back to you. We may use the Aggregated Data to analyze patterns and usage of the Service to improve our Service, to provide a Team Map, subject to your having opted-in to participating in such Team Map, and for other research purposes. Additionally, we may use Aggregated Data to analyze and understand demographic trends, customer behavior patterns and preferences, and information that can help us enrich the content and quality of the Service.
For personal data subject to the GDPR, we rely on several legal bases to process the data. These include when you have given your consent, which you may withdraw at any time using your [account settings] and other tools; when the processing is necessary to perform a contract with you, like the [Terms of Use]; and our legitimate business interests, such as in improving, personalizing, and developing the Services, marketing new features or products that may be of interest, for research, and promoting safety and security as described above.
How Does Essi Handle Health and Other Special Category Data?
To the extent that information we collect is health data or another special category of personal data subject to GDPR, we ask for your explicit consent to process the data. We obtain this consent separately when you take actions leading to our obtaining the data, for example, when you respond to certain demographic questions or respond to a questionnaire for a Map. You can use your account settings to withdraw your consent at any time, including by stopping use of a feature such as receiving daily reminders, or deleting your account. Please understand, though, that each Map you take or Team Map that you participate in represents a historical record. These tools are intended to represent a snapshot in time. Therefore, while you may withdraw your consent to participating in a future Team Map by opting out of participating in any future Team Maps of an Organization that you previously opted into, we are not able to remove your de-identified information from any Team Map that was created prior to your opting-out. Similarly, while you may withdraw your consent to us using your data to provide you with a Map, by simply discontinuing your use of the Service for that purpose, we are not able to remove your Personal Information from any prior Map that you completed.
Please bear in mind that the extent of the Personal Information you may be able to share with us will depend on the features of the Service made available to you, as well as your level of participation in the Service. You are under no obligation to provide any Personal Information to us at any time. However, if you choose to withhold some Personal Information, We may be unable to provide you with certain features of the Service.
Are there links to third-party websites on the Service?
Yes. Our Service may contain links to other websites that are not owned or controlled by Essi. We provide these links and connections for your convenience. Essi has no control over these third parties, their privacy policies, and the content they display on their websites. If you choose to submit Personal Information while visiting these websites, please be aware that your rights will be governed by the third parties’ privacy policies. We strongly encourage you to carefully read the privacy notice of any website you visit or use.
Who at Essi has access to my Personal Information?
Essi has an office location in the United States. Our employees at this location may be required to access your Personal Information to allow us to provide you with quality Service, including user support Service. Our employees are obligated to respect the confidentiality of your Personal Information and are only authorized to access your Personal Information as necessary to provide you with Service or support.
Can other users or my Organization view my 21dayclub-canada.com profile?
No. Neither your Organization nor other users will have access to your profile, your Maps, including your responses to a questionnaire for a Map, your behavior change or habit creation information or the number of steps you have taken towards goals you have identified on the Service.
Does Essi disclose my Personal Information to third parties?
We may, from time to time, share your Personal Information with third parties to allow us to provide you with our Service. If we need to share your Personal Information with third parties, we will limit the information disclosed to the minimum amount necessary to ensure the provision and quality of the Service we offer you.
We do not share your Personal Information except in the limited circumstances described below.
Your Requested Recipients
If you elect to use the share results feature accessed from within the Mapping Center to share either your full report of your Map results or your scoring grid with another individual, that individual will receive a link that will enable them to access that information from 21dayclub-canada.com. By allowing such access, we may disclose the following information at your request:
Full Report
By sharing a Map full report with a recipient, you may make certain types of information about yourself, such as your responses to your Map questionnaire, your interpretation guide, and your scoring grid available to another individual. By doing so, you may, additionally, provide the recipient with certain types of personal information identified under the GDPR as requiring special treatment, such as health information including, for example, the amount of alcohol or tobacco you consume, amount of exercise in which you engage, your sexual wellness, or your level of distress.
Scoring Grid
By sharing only the Map scoring grid with a recipient, you limit the information shared with the recipient to only your performance with respect to each scale of your Map.
If you choose to withdraw your consent to sharing either your Map scoring grid or the full report of your Map results with a recipient at a later date, this will not change the fact that your Personal Information was legally processed up to that point. When you use the share results feature, remember that recipients may save their own copies of the information that you share with them, even if you delete your copy of that information from your Mapping Center or discontinue sharing that information with that particular recipient from within your share results controls page.
Agents and contractors
In some instances, we may disclose your Personal Information to agents or contractors that work on our behalf and assist us in providing and supporting the Service we offer. This may include, fulfilling your requests, analyzing your data, or helping us to communicate important information about the Service.
Your Organization
We may share Aggregated Data with your Organization in specific circumstances and for limited purposes, such as to share a Team Map containing Aggregated Data with your Organization. Your Organization will not be able to use such Team Map Reports to directly identify you. Your Organization may use the Aggregated Data at its discretion, including to evaluate the overall Service, as well as to provide additional benefits, features and the Service. You can revoke your consent to include your results in a Team Map by using your [account settings].
Third-Party Providers
We transfer information to our service providers and other partners who process it for us, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures. These partners provide us with services globally, including for information technology, data analysis, and research.
Government Entities
Essi may be required to disclose your Personal Information if:
a. Legally required to do so by governments, tribunals, law enforcement and regulatory agencies (for example as part of an ongoing investigation, subpoena, similar legal process or proceeding);
b. As otherwise required under any applicable law, regulation or rule; and
c. If we believe, in good faith, that such disclosure is necessary to protect or defend our rights or the rights of others, to assist in an investigation or to prevent illegal activity.
Reorganization
If we are involved in a merger, acquisition, or sale of assets, we will continue to take measures to protect the confidentiality of Personal Information and give affected users notice before transferring any Personal Information to a new entity.
Aggregate and De-Identified Data
We may share non-personal information that is aggregated or de-identified so that it cannot reasonably be used to identify an individual. We may disclose such information publicly and to third parties, for example, in public reports about stress, resilience, emotional intelligence and behavior change or with Organizations, for example, in Team Maps.
Where and how is my Personal Information and other data stored?
All your data, including any Personal Information we collect about you, is stored at Amazon Web Service data centers located in Canada. However, because Essi is located in the U.S., it may be subject to USA laws, including the “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001” (USA PATRIOT Act), as well as the jurisdiction of the USA government, tribunals, law enforcement and regulatory agencies, which may require Essi to grant them access to your data.
How does Essi secure my Personal Information?
Essi is committed to protecting your data and your privacy. To ensure data security, we follow reasonable physical, electronic and managerial procedures designed to safeguard and secure your data and Personal Information. However, no company can fully eliminate security risks associated with the provision of online Service.
Among the security features we use to protect your Personal Information and other data, we require that you create and use a username and unique password to access the Service. We use multiple layers of security to protect your Personal Information and data, including firewalls, intrusion detection tools and antivirus software.
In addition to employing reasonable data security safeguards, we take reasonable steps to ensure that Personal Data is reliable for its intended use; as well as being current, accurate, and complete. We only collect, use, and disclose Personal Data for the purposes specified in this Privacy Notice. Should you know that the Personal Data you’ve provided to us is inaccurate or incomplete, please contact us at: team@21dayclub.com.
We will normally retain Personal Data for as long as necessary for the fulfillment of the Identified purposes in this Privacy Notice. However, some Personal Data may be retained for longer purposes as required by law, contract, or auditing requirements.
Can I access or change the Personal Information Essi has collected about me?
Yes, you can review and change your Personal Information by logging into the Service. All our users, regardless of residency, except in specific circumstances identified by local laws, have a legal right to access and correct or update the information Essi has collected about them. However, because Maps and Team Maps are intended to capture a moment in time and represent a historical record, any such changes you make will not be reflected on any Map that you completed prior to such change or any Team Map that you elected to participate in prior to such change
Please bear in mind that we may not be able to accommodate your request if we reasonably believe that the change would violate any laws or cause the information to be inaccurate or incorrect. Additionally, we may not be able to fulfill a request where it would impose a burden on us that is disproportionate to the risk to your privacy, or where your request may affect another individual’s rights to privacy. If we are unable to fulfil a request, we will provide you with the reasons why we are unable to comply.
Can my Personal Information and other data be transferred to a different company?
No. However, you may export all of your information from the Service at any time. To do so, please go into your account settings and elect to export your Maps. When you export a Map, you will receive the personal assessment questionnaire, including your answer summary, with your responses to the questions contained in the questionnaire, as well as the scoring grid, and the interpretation guide in .pdf format for each Map in that you export.
Can my Personal Information and data be deleted from Essi Systems’ databases?
You may terminate your use of the Service by choosing to delete your account through the Delete Account link on your account page . Your account on the Service will terminate immediately after we receive your request. Once your account on the Service has been terminated, your Personal Information will be permanently and irreversibly de-identified at the end of an additional 32-day grace period.
Can I request that Essi Systems restrict processing for some of my data?
Beyond the information necessary for creating an account, you are not required to share any additional information with us. You can choose to limit the data you share with us by not inputting or not using certain features. However, as noted above once you have shared information with us for the purposes of creating a Map or to include your Personal Information in the Aggregated Data used to create a Team Map, we are unable to accommodate requests to restrict the processing of that data as it relates to those historical Maps and Team Maps. You can restrict the processing of some of your data with respect to the creation of future Maps or Team Maps, however, it may mean that we are simply not able to provide you with the Service that you requested. If you wish for us to stop processing all of your data, you can request that all data be deleted by deleting your account.
Can I object to Essi’s processing of my data?
Yes, you can object to our processing of your data by contacting Essi at: team@21dayclub.com.
How does Essi make changes to this Privacy Notice?
We may update this Privacy Notice from time to time to reflect changes in our information practices or offered Service. If we make any material changes to this Privacy Notice, we will update the date that this Privacy Notice was last updated at the top of the Privacy Notice.
What should I do if I have a concern or complaint against Essi and its data privacy practices?
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield.[1]
How can I contact Essi or its Data Protection Officer (DPO)?
If you have any questions, comments or concerns about this Privacy Notice, or your rights and obligations under this Privacy Notice, you may contact us via email at team@21dayclub.com