Consumer Health Data Privacy Notice
This Consumer Health Data Privacy Notice (the “Notice”) describes how [website] (“we”, “us”, or “our”) collects, uses, shares, retains, and protects consumer health data in connection with our online ordering website, mobile-optimized pages, account features, and related digital services (collectively, the “Service”). It supplements our Privacy Policy and our Terms of Service. To the extent of any conflict between this Notice and the Privacy Policy with respect to consumer health data, this Notice controls.
1. Who This Notice Applies To
This Notice applies to all consumers in the United States who provide health-related information through the Service. It applies regardless of where you live, but certain rights described below are available only to residents of states whose laws grant those rights (for example, Washington for the My Health My Data Act).
2. What Is “Consumer Health Data”?
“Consumer health data” generally means personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status. In the context of our Service, consumer health data may include information you provide for the purpose of ordering food, such as:
- Food allergies and intolerances (e.g., “peanut allergy,” “shellfish allergy,” “lactose intolerance”);
- Celiac or gluten-related conditions (e.g., “celiac — strict gluten-free”);
- Other dietary restrictions tied to health (e.g., diabetic-friendly, low-sodium, low-FODMAP, ketogenic for medical reasons);
- Pregnancy- or nursing-related dietary instructions;
- Accessibility needs that may relate to a disability (e.g., requests related to assistance or packaging accommodations);
- Inferences drawn from any of the above.
Consumer health data does not include voluntary dietary preferences that are not health-related (such as a non-medical preference for spicy food or a flavor preference).
3. What Consumer Health Data We Collect
We collect only consumer health data that you choose to provide for the purpose of safely fulfilling your order. Typical fields are:
- Free-text allergy or dietary notes you enter at checkout (e.g., in “Special Instructions”);
- Allergen or dietary tags you select from menu-item options or filters;
- Profile preferences you save to your account (e.g., “always exclude peanuts”);
- Information you provide when contacting customer support regarding an allergic reaction, illness, or dietary-related complaint.
You are not required to provide consumer health data to use the Service. Providing it is voluntary; however, omitting it may affect our ability to safely fulfill an order that requires special handling.
4. Sources
We collect consumer health data only directly from you (through the Service, in person at the establishment, or through customer-support channels). We do not purchase consumer health data from data brokers or other third parties.
5. How We Use Consumer Health Data
We use consumer health data only for the following purposes:
- Preparing and fulfilling your specific order safely (kitchen instructions, allergen handling, special accommodations);
- Communicating with you about your order (including refunds, replacements, or follow-up regarding a complaint);
- Quality assurance and staff training with respect to food-safety handling, on a de-identified or aggregated basis where reasonably feasible;
- Complying with applicable food-safety, public-health, and consumer-protection laws and regulations;
- Defending or asserting legal claims involving alleged allergic reactions, foodborne illness, or similar matters; and
- Any additional purpose for which you provide separate, specific, affirmative opt-in consent that complies with Section 5.1.
We do not use consumer health data for targeted advertising, cross-context behavioral advertising, profiling for decisions producing legal or similarly significant effects, training of advertising or marketing models, or to infer characteristics about you beyond what is necessary to fulfill your order.
5.1 Consent Required for Non-Fulfillment Uses
Consistent with the Washington My Health My Data Act (RCW 19.373.030–.040) and similar state laws, we collect, use, and share consumer health data without your separate affirmative opt-in consent only to the extent strictly necessary to provide the product or service you have requested (i.e., to prepare, fulfill, deliver, refund, or support the specific order you placed), or as expressly permitted by applicable law. For any other purpose — including advertising, marketing analytics, profiling, or sharing with parties not engaged in fulfillment — we will first obtain your separate, specific, affirmative opt-in consent that clearly discloses: (a) the categories of consumer health data involved; (b) the purpose of the additional processing; (c) the categories of recipients; and (d) the method by which you may withdraw consent. Such consent is requested in a stand-alone disclosure, not bundled with these or any other terms.
6. We Do Not Sell Consumer Health Data
We do not sell consumer health data for monetary or other valuable consideration, and we do not share consumer health data for cross-context behavioral advertising or for targeted advertising.
6.1 Valid Authorization to Sell (Washington Residents)
If, in the future, we sought to sell the consumer health data of a Washington resident, we would first obtain a valid, written authorization meeting all requirements of RCW 19.373.070, including each of the following elements:
- The specific consumer health data concerning the consumer that the person intends to sell;
- The name and contact information of the person collecting and selling the consumer health data;
- The name and contact information of the person purchasing the consumer health data from the seller;
- A description of the purpose of the sale, including how the consumer health data will be gathered and how it will be used by the purchaser;
- A statement that the provision of goods or services to the consumer may not be conditioned on the consumer signing the valid authorization;
- A statement that the consumer has a right to revoke the valid authorization at any time and a description of how to submit a revocation;
- A statement that the consumer health data sold pursuant to the authorization may be subject to redisclosure by the purchaser and may no longer be protected by RCW 19.373;
- An expiration date that expires one year from when the consumer signs the valid authorization;
- The signature of the consumer and the date; and
- A copy of the signed valid authorization will be provided to the consumer, and the authorization will be retained by us and by the purchaser for at least six years from the date of signature or the date when it was last in effect, whichever is later.
A sale authorization will always be a stand-alone document. It will not be bundled into checkout, account creation, the Terms of Service, the Privacy Policy, or any other agreement.
7. Who We Share Consumer Health Data With
We share consumer health data only with the following categories of recipients, and only for the purposes listed in Section 5:
- Establishment staff and contractors directly involved in preparing or delivering your order;
- Service providers / processors who provide order-management, customer-support, or hosting services to us under contractual confidentiality and data-protection obligations limiting their use of the data to providing services to us;
- Affiliates who operate the Service or related operations under common ownership or control, bound by this Notice;
- Legal and safety — law enforcement, regulators, courts, or public-health authorities when required by valid legal process or to protect health or safety; and
- Business transfers — counterparties to a merger, acquisition, financing, reorganization, or sale of assets, subject to confidentiality protections and continued application of this Notice.
We do not share consumer health data with advertisers, analytics providers, ad networks, or data brokers.
8. No Geofencing of Health-Care Facilities
Consistent with RCW 19.373.080, we do not implement, operate, or use a geofence around any entity that provides in-person health-care services where the geofence is used to (a) identify or track consumers seeking health-care services; (b) collect consumer health data from consumers; or (c) send notifications, messages, or advertisements to consumers related to their consumer health data or health-care services. To the extent the Service collects location information for order pickup or delivery, that information is used only to fulfill your order and is not used to infer use of, or proximity to, any health-care facility.
9. Retention
We retain consumer health data only as long as reasonably necessary to fulfill the purposes for which it was collected, and as required by applicable food-safety, tax, accounting, and legal-retention obligations. Order-level allergen and dietary notes are typically retained for the duration of your account plus the legally required record-retention period (commonly 3–7 years), after which they are deleted or de-identified. Aggregated, de-identified patterns may be retained longer for menu planning and food-safety improvement, in a form that does not identify you. Any signed sale authorization (Section 6.1) is retained for at least six years from the date of signature or the date when it was last in effect, whichever is later, as required by RCW 19.373.070.
10. Data Security; Breach Notice
We use reasonable administrative, technical, and physical safeguards designed to protect consumer health data against unauthorized access, disclosure, alteration, and destruction. These safeguards include access controls, encryption of data in transit, restricted internal access on a need-to-know basis, and contractual protections with our service providers.
In the event of a security breach involving consumer health data, we will provide notice as required by applicable law, including (where applicable to Washington residents) the Washington data-breach-notification law, RCW 19.255, and analogous laws of other states. Notices will be made to consumers and to regulators within the timeframes required by applicable law.
11. Your Rights Regarding Consumer Health Data
Depending on the state in which you live, you may have the following rights regarding your consumer health data. We honor each right to the extent required by applicable law:
| Right | What it means |
|---|---|
| Confirm Collection & Access (Including Recipient List) | Confirm whether we collect, share, or sell consumer health data about you; access the consumer health data we have collected; and receive a list of all affiliates and third parties with whom we shared or sold the data, including an active email address or other online mechanism for each, as required by RCW 19.373.040. |
| Delete | Request deletion of your consumer health data, including from our archives and backups, to the extent and within the timeframes required by law. Deletion requests are honored through the data flow to our service providers and affiliates. |
| Withdraw Consent | Withdraw any prior consent you provided for the collection, sharing, or use of consumer health data. Withdrawal is prospective and does not affect prior lawful processing. |
| Opt Out of Sale or Sharing | Opt out of any “sale” or “sharing” of consumer health data and out of any targeted advertising involving consumer health data. (We do not currently sell or share consumer health data; this right is available to you on a precautionary basis.) |
| Non-Discrimination | We will not deny goods or services, charge different prices, or provide a different level of service because you exercise any of these rights. |
| Appeal | If we deny a request, you may appeal by replying to our written denial within 60 days. We will respond within 45 days. If we deny your appeal, you may contact your state Attorney General to lodge a complaint. |
11.1 How to Exercise Your Rights
You may submit a verifiable request through either of the following two designated methods:
- Email: contact.gcpcard@gmail.com with “Consumer Health Data Request” in the subject line; or
We will verify your request using reasonable measures proportionate to the sensitivity of the data (for example, by matching your account email and recent order history). You may authorize an agent to submit a request on your behalf by providing the agent with signed written permission and verifying your identity directly with us. We will acknowledge receipt and respond within the timeframes required by applicable law (generally within 45 days of receipt, extendable where permitted).
Where applicable Connecticut law (Conn. Gen. Stat. ch. 743jj) governs, we will give effect to a revocation of consent as soon as practicable, and in any event no later than 15 days after receipt of the revocation, and we will cease processing the affected consumer health data based on the revoked consent within that timeframe.
12. Specific Disclosures by Jurisdiction
12.1 Washington Residents (My Health My Data Act, RCW 19.373)
- The categories of consumer health data we collect and the purposes for collection are set out in Sections 3 and 5 above.
- The categories of sources of consumer health data are set out in Section 4.
- The categories of consumer health data we share, and the categories of recipients with whom we share consumer health data, are set out in Section 7.
- We do not sell consumer health data, as described in Section 6. We will not sell consumer health data without a valid written authorization that meets every element of RCW 19.373.070, as described in Section 6.1.
- We do not implement geofences around health-care facilities, as described in Section 8.
- You have the rights set out in Section 11, including the right to confirm collection and access (with recipient list), the right to delete, the right to withdraw consent, and the right to appeal.
- A violation of the My Health My Data Act is an unfair or deceptive act or practice under Washington’s Consumer Protection Act, RCW 19.86, with the private right of action and remedies available under that chapter, in addition to enforcement by the Washington Attorney General.
- For complaints, you may contact the Washington State Attorney General’s Office at www.atg.wa.gov or by telephone at the numbers listed on that site.
12.2 Nevada Residents (NRS 603A.500–.530)
Nevada law gives consumers the right to opt out of the sale of certain “covered information,” including consumer health data. We do not sell consumer health data; nevertheless, to confirm opt-out, contact us using the methods in Section 11.1.
12.3 Connecticut, California, and Other State Residents
Connecticut, California, and other states provide rights with respect to consumer health data either as part of their comprehensive privacy laws or through stand-alone provisions. For Connecticut residents, additional consumer-health-data obligations and the 15-day revocation timeframe in Section 11.1 apply under the Connecticut Data Privacy Act (Conn. Gen. Stat. ch. 743jj). For California residents, additional rights regarding sensitive personal information are described in our Privacy Policy, Section 9. Other state-law rights are honored to the extent required by applicable law.
13. Children
We do not knowingly collect consumer health data from children under 13. Account creation, payment, and order placement are restricted to adults under our Terms of Service. If you are a parent or guardian and believe a child under 13 has provided us with consumer health data, please contact us so we can delete it.
14. Changes to This Notice
We may update this Notice from time to time. We will update the “Effective Date” date and, where appropriate, provide additional notice (for example, by email or a prominent notice on the Service). Material changes affecting the categories of consumer health data we collect, the purposes for which we use it, or the categories of recipients with whom we share it will be notified in advance to the extent required by applicable law.
15. Contact Us
If you have questions about this Notice or your consumer-health-data rights:
Consumer Health Data Requests: contact.gcpcard@gmail.com