Privacy Policy

eSteps Inc. 90 Broad St, New York, NY 10004, US
Owner contact email: hello@estepshealth.com

Among the types of Personal Data that Website: www.eStepsHealth.com collects, by itself or through third parties, there are: Trackers; Usage Data; number of Users; session statistics; email address; various types of Data; payment info; first name; lastname; phone number; device information; contact details; data relating to the point of sale.

Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection.

Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using Website:
www.eStepsHealth.com.

Unless specified otherwise, all Data requested by Website: www.eStepsHealth.com is mandatory, and failure to provide this Data may make it impossible for Website: www.eStepsHealth.com to provide its services. In cases where Website:
www.eStepsHealth.com specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service

Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner.
Any use of Cookies – or of other tracking tools — by Website: www.eStepsHealth.com or by the owners of third-party services used by Website: www.eStepsHealth.com serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy.

Users are responsible for any third-party Personal Data obtained, published or shared through Website: www.eStepsHealth.com.

Methods of processing

The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.

The Data processing is carried out using computers and/or IT-enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of Website: www.eStepsHealth.com (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.


Place

The Data is processed at the Owner's operating offices and in any other places where the parties involved in the processing are located.

Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.


Retention time

Unless specified otherwise in this document, Personal Data shall be processed and stored for as long as required by the purpose they have been collected for and may be retained for longer due to applicable legal obligation or based on the Users’ consent.

The purposes of processing

The Data concerning the User is collected to allow the Owner to provide its Service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, as well as the following: Analytics, Interaction with live chat platforms, Advertising, Displaying content from external platforms, User database management, Contacting the User, Heat mapping and session recording, Interaction with online survey platforms, Interaction with data collection platforms and other third parties, Managing data collection and online surveys, Hosting and backend infrastructure, Access to third-party accounts, Tag management, Interaction with external social networks and platforms and Handling payments.

For specific information about the Personal Data used for each purpose, the User may refer to the section “Detailed information on the processing of Personal Data”.


Facebook permissions asked by Website: www.eStepsHealth.com

Website: www.eStepsHealth.com may ask for some Facebook permissions allowing it to perform actions with the User's Facebook account and to retrieve information, including Personal Data, from it. This service allows Website:
www.eStepsHealth.com to connect with the User's account on the Facebook social network, provided by Facebook Inc.

For more information about the following permissions, refer to the Facebook permissions documentation and to the Facebook privacy policy.

The permissions asked are the following:

Basic information

By default, this includes certain User’s Data such as id, name, picture, gender, and their locale. Certain connections of the User, such as the Friends, are also available. If the User has made more of their Data public, more information will be available.


device information

Email

Provides access to the User's primary email address.

Trackers

Tracker indicates any technology - e.g Cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting - that enables the tracking of Users, for example by accessing or storing information on the User’s device.

Usage Data

Personal Data is collected for the following purposes and using the following services:

Access to third-party accounts

This type of service allows Website: www.eStepsHealth.com to access Data from your account on a third-party service and perform actions with it.
These services are not activated automatically, but require explicit authorization by the User.

Facebook account access (Meta Platforms, Inc.)

This service allows Website: www.eStepsHealth.com to connect with the User's account on the Facebook social network, provided by Meta Platforms, Inc.
Permissions asked: device information; Email; Trackers; Usage Data.
Place of processing: United States – Privacy Policy – Opt out.
Category of Personal Information collected according to the CCPA: identifiers; internet or other electronic network activityinformation.

Advertising

This type of service allows User Data to be utilized for advertising communication purposes. These communications are displayed in the form of banners and other advertisements on Website: www.eStepsHealth.com, possibly based on User interests. This does not mean that all Personal Data are used for this purpose. Information and conditions of use are shown below. Some of the services listed below may use Trackers to identify Users or they may use the behavioral retargeting technique, i.e.
displaying ads tailored to the User’s interests and behavior, including those detected outside Website: www.eStepsHealth.com.
For more information, please check the privacy policies of the relevant services. Services of this kind usually allow Users to opt out of such tracking. Users may learn how to opt out of interest-based advertising more generally by visiting the relevant opt-out section in this document.

Meta ads conversion tracking (Meta pixel) (Meta Platforms, Inc.)

Meta ads conversion tracking (Meta pixel) is an analytics service provided by Meta Platforms, Inc. that connects data from the Meta Audience Network with actions performed on Website: www.eStepsHealth.com. The Meta pixel tracks conversions that can be attributed to ads on Facebook, Instagram and Meta Audience Network.

Personal Data processed: Trackers; Usage Data.

Place of processing: United States – Privacy Policy – Opt out.

Category of Personal Information collected according to the CCPA: internet or other electronic network activity information.

Hotjar Form Analysis and Conversion Funnels (Hotjar Ltd.)

Hotjar is an analytics service provided by Hotjar Ltd. Hotjar honors generic Do Not Track headers. This means your browser can tell its script not to collect any of your data. This is a setting that is available in all major browsers. Find Hotjar’s opt-out information here.

Personal Data processed: Trackers; Usage Data.

Place of processing: Malta – Privacy Policy – Opt Out.

Category of Personal Information collected according to the CCPA: internet or other electronic network activity information.

Analytics

The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.

Google Analytics 4 (Google LLC)

Google Analytics 4 is a web analysis service provided by Google LLC or by Google Ireland Limited, depending on how the Owner manages the Data processing, (“Google”). Google utilizes the Data collected to track and examine the use of Website:
www.eStepsHealth.com, to prepare reports on its activities and share them with other Google services. Google may use the Data collected to contextualize and personalize the ads of its own advertising network. In Google Analytics 4, IP addresses are used at collection time and then discarded before Data is logged in any data center or server. Users can learn more by consulting Google’s official documentation.

In order to understand Google's use of Data, consult their partner policy and their Business Data page.

Personal Data processed: number of Users; session statistics; Trackers; Usage Data.

Place of processing: United States – Privacy Policy – Opt out; Ireland – Privacy Policy – Opt out.

Category of Personal Information collected according to the CCPA: internet or other electronic network activity information.

Meta Events Manager (Meta Platforms, Inc.)

Meta Events Manager is an analytics service provided by Meta Platforms, Inc. By integrating the Meta pixel, Meta Events Manager can give the Owner insights into the traffic and interactions on Website: www.eStepsHealth.com.

Personal Data processed: Trackers.

Place of processing: United States – Privacy Policy – Opt out.

Category of Personal Information collected according to the CCPA: internet or other electronic network activity information.


Contacting the User

Contact form (Website: www.eStepsHealth.com)

By filling in the contact form with their Data, the User authorizes Website: www.eStepsHealth.com to use these details to reply to requests for information, quotes or any other kind of request as indicated by the form’s header.

Personal Data processed: email address; Usage Data.

Category of Personal Information collected according to the CCPA: identifiers; internet or other electronic network activity information.


Mailing list or newsletter

By registering on the mailing list or for the newsletter, the User’s email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning Website:
www.eStepsHealth.com. Your email address might also be added to this list as a result of signing up to Website:
www.eStepsHealth.com or after making a purchase.

Personal Data processed: email address; Trackers; Usage Data.

Category of Personal Information collected according to the CCPA: identifiers; internet or other electronic network activity information.


Displaying content from external platforms

This type of service allows you to view content hosted on external platforms directly from the pages of Website:
www.eStepsHealth.com and interact with them. Such services are often referred to as widgets, which are small elements placed on a website or app. They provide specific information or perform a particular function and often allow for user interaction. This type of service might still collect web traffic data for the pages where the service is installed, even when Users do not use it.


Google Fonts (Google LLC)

Google Fonts is a typeface visualization service provided by Google LLC that allows Website: www.eStepsHealth.com to incorporate content of this kind on its pages.

Personal Data processed: Trackers; Usage Data.

Place of processing: United States – Privacy Policy.

Category of Personal Information collected according to the CCPA: internet or other electronic network activity information.


OpenStreetMap widget (OpenStreetMap Foundation )

OpenStreetMap widget is a maps visualization service provided by OpenStreetMap Foundation that allows Website:
www.eStepsHealth.com to incorporate content of this kind on its pages.

Personal Data processed: Trackers; Usage Data.

Place of processing: United Kingdom – Privacy Policy.

Category of Personal Information collected according to the CCPA: internet or other electronic network activity information.


Handling payments

Unless otherwise specified, Website: www.eStepsHealth.com processes any payments by credit card, bank transfer or other means via external payment service providers. In general and unless where otherwise stated, Users are requested to provide their payment details and personal information directly to such payment service providers. Website: www.eStepsHealth.com isn't involved in the collection and processing of such information: instead, it will only receive a notification by the relevant payment service provider as to whether payment has been successfully completed.


Apple Pay (Apple Inc.)

Apple Pay is a payment service provided by Apple Inc., which allows Users to make payments using their mobile phones.

Personal Data processed: payment info; Trackers; Usage Data.

Place of processing: United States – Privacy Policy.

Category of Personal Information collected according to the CCPA: commercial information; internet or other electronic network activity information.


Klarna (Klarna AB)

Klarna is a payment service provided by Klarna AB.

Personal Data processed: payment info; Trackers; Usage Data.

Place of processing: Sweden – Privacy Policy.

Category of Personal Information collected according to the CCPA: commercial information; internet or other electronic network activity information.



Google Pay (Google LLC)

Google Pay is a payment service provided by Google LLC, which allows users to make online payments using their Google credentials.

Personal Data processed: email address; first name; last name; payment info; Trackers; Usage Data.

Place of processing: United States – Privacy Policy.

Category of Personal Information collected according to the CCPA: identifiers; commercial information; internet or other electronic network activity information.


PayPal (PayPal Inc.)

PayPal is a payment service provided by PayPal Inc., which allows Users to make online payments.

Personal Data processed: email address; payment info; Trackers; Usage Data.

Place of processing: See the PayPal privacy policy – Privacy Policy.

Category of Personal Information collected according to the CCPA: identifiers; commercial information; internet or other electronic network activity information.


PayPal Carrier Payments (PayPal Inc.)

PayPal Carrier Payments is a payment service provided by PayPal, Inc., which allows Users to make online payments using their mobile phone operator.

Personal Data processed: device information; payment info; phone number; Trackers; Usage Data.

Place of processing: See the PayPal privacy policy – Privacy Policy.

Category of Personal Information collected according to the CCPA: identifiers; commercial information; internet or other electronic network activity information.


Satispay (Satispay Europe S.A.)

Satispay is a payment service provided by Satispay Europe S.A. which allows Users to make online payments.

Personal Data processed: contact details; first name; last name; Trackers; Usage Data.

Place of processing: Luxembourg – Privacy Policy.

Category of Personal Information collected according to the CCPA: identifiers; internet or other electronic network activity information


Shop Pay (Shopify Inc.)

Shop Pay is a payment management and product checkout page service provided by Shopify Inc. which allows Users to make online payments on Website: www.eStepsHealth.com.

Personal Data processed: data relating to the point of sale; payment info; Trackers; Usage Data.

Place of processing: Canada – Privacy Policy.

Category of Personal Information collected according to the CCPA: commercial information; internet or other electronic network activity information.


Stripe (Stripe, Inc.)

Stripe is a payment service provided by Stripe, Inc.

Personal Data processed: email address; first name; last name; Trackers; Usage Data.

Place of processing: United States – Privacy Policy.

Category of Personal Information collected according to the CCPA: identifiers; internet or other electronic network activity information.


Heat mapping and session recording

Heat mapping services are used to display the areas of Website: www.eStepsHealth.com that Users interact with most frequently.
This shows where the points of interest are. These services make it possible to monitor and analyze web traffic and keep track of User behavior.
Some of these services may record sessions and make them available for later visual playback.


Hotjar Heat Maps and Recordings (Hotjar Ltd.)

Hotjar is a session recording and heat mapping service provided by Hotjar Ltd. Hotjar honors generic „Do Not Track” headers. This means the browser can tell its script not to collect any of the User's data. This is a setting that is available in all major browsers. Find Hotjar’s opt-out information here.

Personal Data processed: Trackers; Usage Data; various types of Data as specified in the privacy policy of the service.

Place of processing: Malta – Privacy Policy – Opt Out.

Category of Personal Information collected according to the CCPA: identifiers; internet or other electronic network activity information.


Hosting and backend infrastructure

This type of service has the purpose of hosting Data and files that enable Website: www.eStepsHealth.com to run and be distributed or to provide a ready-made infrastructure to run specific features or parts of Website: www.eStepsHealth.com.
Some services among those listed below, if any, may work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.


Openshift (Red Hat, Inc.)

Openshift is a hosting and backend service provided by Red Hat, Inc.

Personal Data processed: various types of Data as specified in the privacy policy of the service.

Place of processing: United States – Privacy Policy.

Category of Personal Information collected according to the CCPA: identifiers.


SiteGround Hosting (SiteGround Hosting Ltd.)

SiteGround Hosting is a hosting service provided by SiteGround Hosting Ltd.

Personal Data processed: Trackers; Usage Data; various types of Data as specified in the privacy policy of the service.

Place of processing: United Kingdom – Privacy Policy.

Category of Personal Information collected according to the CCPA: identifiers; internet or other electronic network activity information.


Interaction with data collection platforms and other third parties

This type of service allows Users to interact with data collection platforms or other services directly from the pages of Website:
www.eStepsHealth.com for the purpose of saving and reusing data. If one of these services is installed, it may collect browsing and Usage Data in the pages where it is installed, even if the Users do not actively use the service.


Hotjar Recruit User Testers (Hotjar Ltd.)

The Hotjar Recruit User Testers widget is a service for interacting with the Hotjar data collection platform provided by Hotjar Ltd. Hotjar honors generic „Do Not Track” headers. This means the browser can tell its script not to collect any of the User's data. This is a setting that is available in all major browsers. Find Hotjar’s opt-out information here.

Personal Data processed: Trackers; Usage Data; various types of Data.
Place of processing: Malta – Privacy Policy – Opt Out.

Category of Personal Information collected according to the CCPA: identifiers; internet or other electronic network activity information.


Interaction with external social networks and platforms

This type of service allows interaction with social networks or other external platforms directly from the pages of Website:
www.eStepsHealth.com.
The interaction and information obtained through Website: www.eStepsHealth.com are always subject to the User’s privacy settings for each social network.
This type of service might still collect traffic data for the pages where the service is installed, even when Users do not use it. It is recommended to log out from the respective services in order to make sure that the processed data on Website:
www.eStepsHealth.com isn’t being connected back to the User’s profile.


Facebook Like button and social widgets (Meta Platforms, Inc.)

The Facebook Like button and social widgets are services allowing interaction with the Facebook social network provided by Meta Platforms, Inc.

Personal Data processed: Trackers; Usage Data.

Place of processing: United States – Privacy Policy – Opt out.

Category of Personal Information collected according to the CCPA: internet or other electronic network activity information.


Interaction with live chat platforms

This type of service allows Users to interact with third-party live chat platforms directly from the pages of Website:
www.eStepsHealth.com, in order to contact and be contacted by Website: www.eStepsHealth.com‘s support service. If one of these services is installed, it may collect browsing and Usage Data in the pages where it is installed, even if the Users do
not actively use the service. Moreover, live chat conversations may be logged.


HubSpot Chat ( HubSpot, Inc.)

HubSpot Chat is a service for interacting with the HubSpot live chat platform provided by HubSpot, Inc.

Personal Data processed: Trackers.

Place of processing: United States – Privacy Policy

Category of Personal Information collected according to the CCPA: internet or other electronic network activity information.


Interaction with online survey platforms

This type of service allows Users to interact with third-party online survey platforms directly from the pages of Website:
www.eStepsHealth.com. If one of these services is installed, it may collect browsing and Usage Data in the pages where it is installed, even if the Users do
not actively use the service.


Hotjar Poll & Survey widgets (Hotjar Ltd.)

The Hotjar Poll & Survey widgets are services that enable interaction with the Hotjar platform provided by Hotjar Ltd. Hotjar honors generic „Do Not Track” headers. This means the browser can tell its script not to collect any of the User's data. This is a setting that is available in all major browsers. Find Hotjar’s opt-out information here

Personal Data processed: Trackers; Usage Data; various types of Data.

Place of processing: Malta – Privacy Policy – Opt Out.

Category of Personal Information collected according to the CCPA: identifiers; internet or other electronic network activity information.


Managing data collection and online surveys

This type of service allows Website: www.eStepsHealth.com to manage the creation, deployment, administration, distribution and analysis of online forms and surveys in order to collect, save and reuse Data from any responding Users.
The Personal Data collected depend on the information asked and provided by the Users in the corresponding online form. These services may be integrated with a wide range of third-party services to enable the Owner to take subsequent steps with the Data processed - e.g. managing contacts, sending messages, analytics, advertising and payment processing.


Hotjar surveys (Hotjar Ltd.)

Hotjar surveys is a survey builder and data collection platform provided by Hotjar Ltd. Hotjar surveys may use cookies to track User behavior. Users can Opt-Out of Hotjar surveys cookie tracking by visiting this opt-out page. Hotjar surveys respects the Do Not Track option available in most modern browsers that, if activated, sends a special signal to stop tracking User activity. Users can find more information on how to enable Do Not Track for each supported browser here.

Personal Data processed: Trackers.

Place of processing: Malta – Privacy Policy – Opt Out.

Category of Personal Information collected according to the CCPA: internet or other electronic network activity information.


Tag management

This type of service helps the Owner to manage the tags or scripts needed on Website: www.eStepsHealth.com in a centralized fashion. This results in the Users' Data flowing through these services, potentially resulting in the retention of this Data.


Google Tag Manager (Google LLC)

Google Tag Manager is a tag management service provided by Google LLC. In order to understand Google's use of Data, consult their partner policy and their Business Data page.

Personal Data processed: Trackers; Usage Data.

Place of processing: United States – Privacy Policy.

Category of Personal Information collected according to the CCPA: internet or other electronic network activity information.


User database management

This type of service allows the Owner to build user profiles by starting from an email address, a personal name, or other
information that the User provides to Website: www.eStepsHealth.com, as well as to track User activities through analytics features. This Personal Data may also be matched with publicly available information about the User (such as social networks'
profiles) and used to build private profiles that the Owner can display and use for improving Website: www.eStepsHealth.com.
Some of these services may also enable the sending of timed messages to the User, such as emails based on specific actions performed on Website: www.eStepsHealth.com.


HubSpot CRM ( HubSpot, Inc.)

HubSpot CRM is a User database management service provided by HubSpot, Inc.

Personal Data processed: Trackers.

Place of processing: United States – Privacy Policy.

Category of Personal Information collected according to the CCPA: internet or other electronic network activity information.

In addition to any opt-out feature provided by any of the services listed in this document, Users may learn more on how to
generally opt out of interest-based advertising within the dedicated section of the Cookie Policy

Website: www.eStepsHealth.com uses Trackers. To learn more, Users may consult the Cookie Policy.

This section applies to all Users in the European Union, according to the General Data Protection Regulation (the “GDPR”), and, for such Users, supersedes any other possibly divergent or conflicting information contained in the privacy policy. Further details
Regarding the categories of Data processed, the purposes of processing, the categories of recipients of the Personal Data, if any, and further information about Personal Data can be found in the section titled “Detailed information on the processing of Personal Data” within this document.


Legal basis of processing

The Owner may process Personal Data relating to Users if one of the following applies: Users have given their consent for one or more specific purposes. provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof; processing is necessary for compliance with a legal obligation to which the Owner is subject; processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner; processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party. In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.


Further information about retention time

Unless specified otherwise in this document, Personal Data shall be processed and stored for as long as required by the purpose they have been collected for and may be retained for longer due to applicable legal obligation or based on the Users’ consent. Therefore: Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed. Personal Data collected for the purposes of the Owner’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by the Owner within the relevant sections of this document or by contacting the Owner. The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing,
as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to fulfil a legal obligation or upon order of an authority. Once the retention period expires, Personal Data shall be deleted. Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

This section applies to Users in Switzerland, and, for such Users, supersedes any other possibly divergent or conflicting information contained in the privacy policy. Further details regarding the categories of Data processed, the purposes of processing, the categories of recipients of the personal data, if any, the retention period and further information about Personal Data can be found in the section titled “Detailed information on the processing of Personal Data” within this document.


The rights of Users according to the Swiss Federal Act on Data Protection

Users may exercise certain rights regarding their Data within the limits of law, including the following: right of access to Personal Data; right to object to the processing of their Personal Data (which also allows Users to demand that processing of Personal Data be restricted, Personal Data be deleted or destroyed, specific disclosures of Personal Data to third parties be prohibited); right to receive their Personal Data and have it transferred to another controller (data portability); right to ask for incorrect Personal Data to be corrected.

This section of the document integrates with and supplements the information contained in the rest of the privacy policy and is provided by the entity running Website: www.eStepsHealth.com and, if the case may be, its parent, subsidiaries and affiliates (for the purposes of this section referred to collectively as “we”, “us”, “our”). This section applies to all Users in Brazil (Users are referred to below, simply as “you”, “your”, “yours”), according to the "Lei Geral de Proteção de Dados" (the "LGPD"), and for such Users, it supersedes any other possibly divergent or conflicting information contained in the privacy policy. This part of the document uses the term “personal information“ as it is defined in the LGPD.



The grounds on which we process your personal information

We can process your personal information solely if we have a legal basis for such processing. Legal bases are as follows: your consent to the relevant processing activities; compliance with a legal or regulatory obligation that lies with us; the carrying out of public policies provided in laws or regulations or based on contracts, agreements and similar legal instruments; studies conducted by research entities, preferably carried out on anonymized personal information;
the carrying out of a contract and its preliminary procedures, in cases where you are a party to said contract;
the exercising of our rights in judicial, administrative or arbitration procedures;
protection or physical safety of yourself or a third party; the protection of health – in procedures carried out by health entities or professionals; our legitimate interests, provided that your fundamental rights and liberties do not prevail over such interests; and credit protection. To find out more about the legal bases, you can contact us at any time using the contact details provided in this document.

This part of the document integrates with and supplements the information contained in the rest of the privacy policy and is provided by the business running Website: www.eStepsHealth.com and, if the case may be, its parent, subsidiaries and affiliates (for the purposes of this section referred to collectively as “we”, “us”, “our”). The information contained in this section applies to all Users (Users are referred to below, simply as “you”, “your”, “yours”), who are residents in the following states: California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Nevada, Delaware, Iowa, New Hampshire, New Jersey, Nebraska, Tennessee, Minnesota, Maryland, Indiana, Kentucky, Rhode Island and Montana. For such Users, this information supersedes any other possibly divergent or conflicting provisions contained in the privacy policy. This part of the document uses the term Personal Information (and Sensitive Personal Information).



Notice at collection

The following Notice at collection provides you with timely notice about the categories of Personal Information collected or disclosed in the past 12 months so that you can exercise meaningful control over our use of that Information. While such categorization of Personal Information is mainly based on California privacy laws, it can also be helpful for anyone who is not a California resident to get a general idea of what types of Personal Information are collected.


Internet or other electronic network activity information

Personal Information collected or disclosed: Trackers, Usage Data, number of Users, session statistics, email address, various types of Data as specified in the privacy policy of the service, various types of Data, Email, device information, first name, last
name, phone number, contact details, data relating to the point of sale
Sensitive Personal Information collected or disclosed ℹ️: payment info
Purposes: Analytics Interaction with live chat platforms AdvertisingDisplaying content from external platforms User database management Contacting the User Heat mapping and session recording Interaction with online survey platforms Interaction with data collection platforms and other third parties
Managing data collection and online surveys Hosting and backend infrastructure Access to third-party accounts Tag management
Interaction with external social networks and platforms Handling payments
Retention period: for the time necessary to fulfill the purpose Sold or Shared ℹ️: No Targeted Advertising: ℹ️: No Third-parties: Google LLC, HubSpot, Inc., Meta Platforms, Inc., Hotjar Ltd., SiteGround Hosting Ltd., OpenStreetMap
Foundation , Apple Inc., Klarna AB, PayPal Inc., Satispay Europe S.A., Shopify Inc., Stripe, Inc.
Service providers or contractors: Website: www.eStepsHealth.com