GDPR Data Privacy Framework Services Notice

Marie Forleo International, Inc. (“Marie Forleo”)
GDPR Notice
Effective Date: 9 July 2024

This GDPR EU-U.S. Data Privacy Framework (EU-U.S. DPF) and UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) Services Notice (this “GDPR Notice”) is included in our Privacy Policy and applies to the ‘personal data,’ as defined in the GDPR, of EU and UK individuals and Swiss individuals (EEA, UK and Swiss Individuals,” you,” or your) processed by Marie Forleo. Any capitalized terms or other terms not defined herein shall have the meaning ascribed to them in the Marie Forleo Privacy Policy or, if not defined herein or in the Privacy Policy, the GDPR. To the extent of any conflict between this GDPR Notice and any other provision of the Privacy Policy, this GDPR Notice shall control only with respect to EEA Individuals and their personal data. If you are located elsewhere, please see our Privacy Policy here.

The term European Economic Area (or EEA) shall mean the then-current member states and member countries of the European Union and European Economic Area, respectively, Switzerland, and, upon its withdrawal from the European Union, the United Kingdom.

Controller Disclosure & Details:  We are a data controller of personal data regarding the following categories of EEA, UK and Swiss Individuals: Visitors and Registered Users (collectively, Customers) and affiliate partners and vendor contacts (collectively, Business Contacts) for the purposes and under the legal bases described in the table below. Please note that, in some cases, the categories of data subjects above may overlap (e.g., Visitors and Registered Users using the Websites).

Data Subject Category:

General (applies to all data subjects below)

Purpose & Legal Basis of Processing

Information Security: Our web servers will log your IP address and other information (e.g., browser information, operating system, request date/time, user agent string, referral and exiting URL) in order to maintain an audit log of activities performed. We use this information pursuant to our legitimate interests in tracking usage of the Websites, combating DDOS or other attacks, and removing or defending against malicious visitors on the Websites.

Data Subject Category:

Customers

Purpose & Legal Basis of Processing

Direct Marketing: Generally-speaking, we will provide email marketing (e.g., our newsletter) pursuant to a Customer’s consent. In cases where a Customer buys, or enters into negotiation for the sale of, a product or service, email marketing shall be sent to such Customer pursuant to our legitimate interest in sending marketing communications to such Customers in the context of a sale.

Rewards and Promotions: Marie Forleo International, our promotional and marketing partners (e.g., affiliate partners), and customers’ legitimate interest in administering our rewards and promotional offerings. For example, after purchasing a Marie Forleo International product or service, we share your name and email address with the referring affiliate partner only to the extent such affiliate partners have offered you bonuses or rewards for following their referral link.

Testimonials or Feedback: Our legitimate interest in using testimonials, feedback, or survey responses from Customers for marketing purposes, such as posting on the Websites or within sales decks, pitches, or other promotional content (e.g., email marketing).

Executing Contracts and other Legal Documentation: We will process all personal data as necessary for the performance of contracts to which Customers are a party (such as our Terms of Use or, Privacy Policy, or a purchase of our products or services) or to take requested steps to enter into such contracts.

General Business Development: Our legitimate interest in furthering business relationships (such as by storing Customer information within a CRM or other database/file), ensuring customer satisfaction, and answering inquiries.

Audience Measurement and Retargeting: Pursuant to a Visitor’s consent, we use an assortment of marketing and analytics cookies for purposes of audience measurement, retargeting, and creating relevant Visitor experiences (such as based on their interaction with our Websites).

Data Subject Category:

Business Contacts

Purpose & Legal Basis of Processing

Affiliate Partners: We will process all personal data as necessary for the performance of contracts to which our affiliate partners are a party (e.g., our affiliate partner terms) or to take requested steps to enter into such contracts (e.g., completing our affiliate partner application).

Vendor Contacts: When entering into vendor relationships, we will receive the personal information of contacts employed or otherwise associated with such vendors. We process such information in our legitimate interest in establishing and developing our vendor relationships.

Controller’s EU Representative: Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Marie Forleo International has appointed European Data Protection Office (EDPO) as its GDPR representative in the EU.

Avenue Huart Hamoir, 71
1030 Brussels/Belgium
privacy@edpo.com
edpo.com/gdpr-data-request

Controller’s UK Representative: Pursuant to the UK GDPR, Marie Forleo International has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:

EDPO UK at 8 Northumberland Avenue
London WC2N 5BY, United Kingdom
edpo.com/uk-gdpr-data-request

Categories of Recipients: Marie Forleo International personnel will process the categories of EEA Individuals’ (as listed above) information appropriately for sales, marketing, finance, and related purposes. Such EEA Individuals’ information (or a particular category of EEA Individual, as listed in the table above) is also disclosed to various categories of recipients to effectuate the purposes described in the table above, including companies providing technical assistance, order fulfillment, customer service, marketing assistance, payment processing, survey collection, promotional and marketing assistance, and business operations.

Retention: Marie Forleo International retains your personal data as necessary to fulfill the purposes set forth within this Notice and to the extent you have (or demonstrate interest in) a relationship with Marie Forleo International, unless you request deletion of such data or such data is no longer relevant. In some cases, we may have to retain data to comply with our legal obligations (e.g., accounting, finance, tax).

Your GDPR Rights: As a natural person, you have a right to: (i) request access to, correction and/or erasure of your personal data; (ii) object to processing of your personal data; (iii) restrict processing of your personal data; and (iv) request a copy of your personal data, or have a copy thereof sent to another controller, in a structured, commonly used and machine readable format under the right of data portability. For any questions, complaints, or requests regarding this GDPR Notice; please contact our EU Representative EDPO directly.

You can contact EDPO regarding GDPR matters by:

You also have the right to lodge a complaint about the processing of your personal data with an appropriate data protection authority, and, as applicable, to exercise third-party beneficiary rights under Marie Forleo’s Standard Contractual Clauses.

Contact details for the EU data protection authorities can be found at: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

Objecting to Legitimate Interest/Direct Marketing: You may object to personal data processed pursuant to our legitimate interest. In such case, we will no longer process your personal data unless we can demonstrate appropriate, overriding legitimate grounds for the processing or if needed for the establishment, exercise, or defense of legal claims. You may also object at any time to processing of your personal data for direct marketing purposes by clicking “Unsubscribe” within an automated marketing email. In such case, your personal data will no longer be used for that purpose.

Transfer of Personal Data outside the EEA: We may transfer your personal data outside of the EEA, including to our US data centers. We rely on appropriate Standard Contractual Clauses to ensure adequate protection for your personal data when transferred internationally.

Disclosure to Public Authorities: Marie Forleo International may be required to disclose personal data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal data to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.

Corporate Restructuring: In the event of a merger, reorganization, dissolution or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal data, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal data as set forth in this GDPR Notice.

Updates to this GDPR Notice: If, in the future, we intend to process your personal data for a purpose other than that which it was collected, we will provide you with information on that purpose and any other relevant information at a reasonable time prior to such processing. After such time, the relevant information relating to such processing activity will be revised or added appropriately within this GDPR Notice, and the “Effective Date” at the top of this page will be updated accordingly.

How to Contact Us: Please reach out to our EU Representative EDPO directly using their online request form: https://edpo.com/gdpr-data-request/ or writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium for any questions, complaints, or requests regarding this GDPR Notice.

Data Privacy Framework Services Notice

Important Notice for Residents of the European Economic Area, UK, and Switzerland

Marie Forleo International complies with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework program (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Marie Forleo International has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Marie Forleo International has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework program Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov.

Marie Forleo International is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Upon request to our EU Representative EDPO directly using their online request form: https://edpo.com/gdpr-data-request/ or writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium we will provide you with confirmation as to whether we are processing your personal data, and have the data communicated to you within a reasonable time. You have the right to access, correct, amend or delete your personal data where it is inaccurate or has been processed in violation of this Privacy Policy.

We will provide an individual opt-out choice before we share your personal information with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized.

We will not disclose your sensitive personal information to any third party without first obtaining your opt-in consent.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose personal information to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.

Marie Forleo International’s accountability for personal data that it receives in the United States under the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) and subsequently transfers to a third party is described in the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). In particular, Marie Forleo International remains responsible and liable under the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Marie Forleo International proves that it is not responsible for the event giving rise to the damage.

In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) principles, Marie Forleo International commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles.  European Union, Swiss and United Kingdom individuals with DPF inquiries or complaints should first contact Marie Forleo International at privacy@marieforleo.com with the subject line, “Data Privacy Framework”.

Marie Forleo International has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2.

Onward Transfer to Third Parties under the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) Principles

Like many businesses, we contract with other companies to perform certain business-related services. We may disclose Information, including personal information in some cases, to certain types of third-party companies, but only to the extent needed to enable them to provide such services, including, without limitation, technical assistance, order fulfillment, customer service, marketing assistance, payment processing, survey collection, promotional and marketing assistance, and business operations. All such third parties function as our agents, performing services at our instruction and on our behalf pursuant to contracts which require they provide at least the same level of privacy protection as is required by this Privacy Policy and implemented by Marie Forleo International. We may also disclose your information, including any personal information, to any of our parent companies, subsidiaries, affiliates, joint ventures, or other companies under common control with us in order to support delivery of our products and services.

Retention of Personal Information under the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) Principles

We will retain the personal information processed pursuant to the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) Principles in a form that identifies you pursuant to our data retention periods in Retention above, or as subsequently authorized. We may continue processing your personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research, and statistical analysis and subject to the protection of this Privacy Policy.  After such time periods have expired, we may either delete your personal information or retain it in a form such that it does not identify you personally.

How We Protect Personal Information under the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) Principles

We take commercially reasonable steps to protect personal information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction, taking into account the risks involved in processing and the nature of such data, and in compliance with applicable laws and regulations.  Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that the personal information that you supply will not be intercepted while being transmitted to and from us over the Internet. In particular, e-mail sent to or from the Websites may not be secure, and you should therefore take special care in deciding what information you send to us via email.