Last [Updated/Reviewed] on: 4/2/23
This Privacy Policy describes how the Institute for Meditation and Inner Harmony, LLC (“IMIH”) collects, shares, uses, and safeguards your personal information.
When you visit our website at www.imih.org, use our Innergy mobile app (Innergy) or use the web portal (www.innergyapp.com) to access our Innergy mobile app (collectively, the “IMIH Digital Sites”) we appreciate that you are trusting us with your personal information. We take your privacy very seriously. In this Privacy Policy, we seek to explain to you in the clearest way possible what information we collect through the IMIH Digital Sites, how we use such information and what rights you have in relation to such information. Please read this Privacy Policy carefully, as it is important. If there are any terms in this Privacy Policy that you do not agree with, please discontinue use of the IMIH Digital Sites immediately.
This Privacy Policy applies to information we collect:
- On our website at imih.org;
- In email, text, and other electronic messages between you and our website;
- From the Innergy mobile app; and
- From the web portal (innergyapp.com) on our website to access Innergy
It does not apply to information collected by:
- Us offline or through any other means, including on any other website operated by IMIH or any third party; or
- Any third party, including through any application or content (including advertising) that may link to or be accessible from or on the IMIH Digital Sites.
If you do not agree with the terms of this Privacy Policy, your choice is not to use the IMIH Digital Sites. By accessing or using the IMIH Digital Sites, you agree to this Privacy Policy. This Privacy Policy may change from time to time as described below. Your continued use of the IMIH Digital Sites after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates.
A. WHAT TYPE OF PERSONAL INFORMATION DO WE COLLECT?
Information You May Provide. While using the IMIH Digital Sites, you may provide personal information about yourself. Personal information we may collect from you includes your name, e-mail address, user name, password, social media handle and additional information you enter into the IMIH Digital Sites, including comments and feedback. We do not collect any of this information unless you provide it to us voluntarily.
Heart Rate Data
When you use the Innergy mobile app in conjunction with wearable devices (such as smartwatches or fitness trackers) and voluntarily provide consent, we collect heart rate data transmitted from these devices. This data includes:
- Real-time Heart Rate Measurements: Current heart rate readings (e.g., beats per minute).
- Historical Heart Rate Data: Past heart rate trends and patterns, if available.
Device and Wearable Device Data
We collect information from the wearable devices you use, including:
- Device Identifier: Unique identifiers or serial numbers assigned to your wearable device.
- Device Usage Data: Information about how frequently and for how long you use the wearable device.
- Connection Information: Details about how the wearable device connects to your mobile device (e.g., Bluetooth connectivity).
Information We May Collect Automatically. When you use the IMIH Digital Sites, we may automatically collect non-personally identifiable information about you through cookies and other technology as described below.
Web logs. We may automatically collect information about you that is made available by your browser, computer hardware and/or software, or mobile device, including but not limited to the Internet domain and website address from which you accessed the IMIH Digital Sites and your Internet Protocol (IP) address, the state or country from which you accessed the website, the date and time you used or visited the IMIH Digital Sites, the pages accessed by you on and from the IMIH Digital Sites, and other standard information included with every communication sent on the Internet, such as browser type, browser language, operating system, or service provider.
Cookies. We do occasionally use cookies (small files stored on your device or browser), tracking pixels (tiny graphic images embedded in a website or email), HTML/CSS/Java-based coding, and other similar technologies to automatically collect information when you use the IMIH Digital Sites. Your browser software can be set to warn you of cookies or reject all cookies. You are free to opt-out and reject all cookies when prompted by your browser. We may use cookies, web beacons, and other storage technologies to recognize you or to collect or receive information from your use of the IMIH Digital Sites and elsewhere on the internet. We may aggregate the information collected through storage technologies with your information, and the information collected may be used to speed your use of the IMIH Digital Sites, to provide measurement services, or to provide targeted advertisements on the basis of legitimate interests.
Tracking and/or Analytics Services. We may also contract with third-party advertising or analytics companies to track user behavior and analyze user activity, improve efficiency, create a better experience with the IMIH Digital Sites, or to serve you online ads on other websites. These third parties may use cookies or similar technologies to collect information about your interactions with the IMIH Digital Sites and interactions with other websites. These advertising companies may use the information gathered to deliver ads more tailored to your interests. We receive aggregate information from these third parties to understand our advertising effectiveness.
Wearable Devices. Heart rate data is collected automatically from wearable devices when you connect them to the Innergy mobile app. The data is transmitted via Wi-Fi from Apple Health or Health Connect App if you have paired your wearable device with it and is processed in real-time or stored for future analysis.
Through the Innergy Mobile App. We may also collect data directly through the Innergy mobile app when you interact with its features, configure settings, or input additional information.
Information We May Receive from Third Parties. We also may collect information regarding how you interact with the IMIH Digital Sites and other websites, such as content on social media platforms. For example, if you “like” a photo on one of our social media sites, we may collect information related to that interaction. In some cases, we may receive information about you from third parties that you directly provided to a third party.
Apple and Google collect credit or debit card (“Payment Card”) data with respect to purchases made through the IMIH Digital Sites. In addition, our payment processor collects Payment Card data with respect to purchases made through the IMIH Digital Sites. Such payment processors generally provide us with some limited data related to you, such as a unique, anonymous token that enables you to make additional purchases using the data they've stored, and your card's type, expiration date, billing address, and the last four digits of your card number.
B. HOW DO WE USE THIS PERSONAL INFORMATION?
We may use your personal information to, among other things:
- Send you communications, including confirmations, notices, updates, alerts, and administrative messages;
- Provide recommendations for relevant content choices.
- Communicate with you by mail and/or e-mail about IMIH services, events, special offers, business developments, and promotional information;
- Operate and improve the IMIH Digital Sites, business and services. We may keep a user database and other business records;
- To administer surveys and special promotions;
- To conduct internal research, reporting, and data analytics;
- To analyze usage patterns and performance of our Services and to improve our Services;
- Tailor content, recommendations, and notifications based on your heart rate trends and device data;
- Analyze and monitor to perform analytics on heart rate data for health and wellness insights;
- With your consent, we send push notifications to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.
- Detect, prevent and enforce against fraudulent, malicious or illegal acts;
- Meet legal, regulatory, insurance, audit, security and processing requirements; and
- For other purposes with your consent or as permitted or required by law.
C. WHEN DO WE DISCLOSE YOUR PERSONAL INFORMATION TO THIRD PARTIES?
We may disclose your personal information to third parties:
- As needed to meet legal, regulatory, insurance, audit, security and processing requirements;
- As permitted or required by law, including to respond to lawful requests and legal process, to protect the rights and property of our agents, users, and others, to enforce our agreements, policies and terms of use, in an emergency to protect the safety of a person from imminent harm;
- Who perform certain services or functions on our behalf (for example, we may share your information with a hosting service provider who hosts the IMIH Digital Sites);
- To fulfill the purpose for which you provide such information;and
- In connection with any proposed or actual merger, sale of company assets, financing or acquisition of all or a part of our business to another company to evaluate and/or perform the transaction.
We may also share information that does not directly identify you and is in an aggregated and anonymous form.
We may allow you to comment on or rate activities, services, and products on the IMIH Digital Sites.
D. HOW DO WE MAINTAIN THE SECURITY OF YOUR PERSONAL INFORMATION?
IMIH takes reasonable, industry standard steps to help protect personal information that we have or control against loss or theft, as well as unauthorized access, disclosure, copying, use or modification. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted through the IMIH Digital Sites. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the IMIH Digital Sites.
E. WHAT IS THE POLICY FOR DATA ACCESS AND DATA DELETION?
Subject to certain limits and conditions provided under law, we honor the exercise of the right of access or deletion for all of our users, regardless of their location. Any user of the IMIH Digital Sites may exercise this right by contacting us at privacy@imih.org.
F. WHO CAN I CONTACT WITH ADDITIONAL QUESTIONS OR CONCERNS?
If you have questions or concerns about how we use your personal information, please contact our Privacy Officer at:
- Email: privacy@imih.org
- Postal Mail: Institute for Meditation and Inner Harmony, 4151 Naperville Road, Lisle, IL 60532
Please be sure to include your full name, postal address, and e-mail address. Please also describe your concern so we can better help you.
G. USE OF IMIH DIGITAL SITES BY MINORS
The IMIH Digital Sites are not intended for children under 18 years of age. No one under age 18 may provide any personal information to or on the IMIH Digital Sites. We do not knowingly collect personal information from children under 18. If you are under 18, do not use or provide any information on the IMIH Digital Sites. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us at privacy@imih.org.
H. WHAT IS IMIH'S DATA RETENTION POLICY?
We retain personal information for no longer than is necessary for the purposes for which it is processed, unless applicable law requires storage for a longer period of time.
- For data relating to your account: such data will be permanently and irrevocably anonymized in the event that your account is: (i) inactive for a period of two (2) years; and (ii) not subscribed to the IMIH Digital Sites. Moreover, we will permanently and irrevocably anonymize your account data within thirty (30) days of your written request to do so via email to privacy@imih.org.
- For transactional data relating to your purchases: such data is kept for the entire period of the contractual relationship, then in accordance with legal obligations and applicable statute of limitation periods. Please note that this data does not include Payment Card information, which is processed by Apple & Google through the IMIH Digital Sites, and not IMIH.
- For data collected based on your consent to receive our marketing communications: we will use such data until you opt out, withdraw consent or applicable law requires that such data is no longer used.
- When your data is collected in the context of requests/queries: such data is kept for the period necessary to process and reply to such requests or queries.
- When cookies or other trackers are placed on your terminal, they are kept for a period of 12 months. Other data will be kept as long as necessary for the purposes pursued and in compliance with our legal obligations, including the applicable statute of limitations.
I. EUROPEAN AND GDPR COMPLIANCE
A European Union law called the General Data Protection Regulation (“GDPR”) gives certain rights to individuals located in certain countries/regions in relation to their personal data. We will comply with GDPR with respect to those individuals that are located in countries/regions in which we are required to comply with GDPR. As required under GDPR, the rights afforded to such individuals are:
- A right of access: you have the right to obtain (i) confirmation as to whether personal data concerning you is processed or not and, if processed, to obtain (ii) access to such data and a copy thereof.
- A right to rectification: you have the right to obtain the rectification of any inaccurate personal data concerning you. You also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- A right to erasure: in some cases, you have the right to obtain the erasure of personal data concerning you. Upon request, IMIH will permanently and irrevocably anonymize your data such that it can never be reconstructed to identify you as an individual. However, this is not an absolute right and IMIH may have legal or legitimate grounds for keeping such data.
- A right to restriction of processing: in some cases, you have the right to obtain restriction of the processing of your personal data.
- A right to data portability: you have the right to receive the personal data concerning you which you have provided to IMIH, in a structured, commonly used and machine-readable format, and you have the right to transmit those data to another controller without hindrance from IMIH. This right only applies when the processing of your personal data is based on your consent or on a contract and such processing is carried out by automated means.
- A right to object to processing: you have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you when such processing is based on the legitimate interest of IMIH. IMIH may, however, invoke compelling legitimate grounds for continued processing. When your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of such data. You may, in particular, exercise that right by clicking on the “unsubscribe” link provided at the bottom of any messages received.
- A right to lodge a complaint with the competent supervisory authority: you have the right to contact the supervisory authority to complain about IMIH's personal data protection practices.
- A right to give instructions concerning the use of your data after your death: as required by applicable law, you may have the right to give IMIH instructions concerning the use of your personal data after your death.
To exercise one or more of these rights, you can email privacy@imih.org. You may access your personal data to modify or update at any time via an online account, or by emailing privacy@imih.org. We will respond to your request in a reasonable timeframe in accordance with applicable law.
J. STATE SPECIFIC PRIVACY RIGHTS
Colorado, Connecticut, Virginia, and Utah each provide their state residents with rights to:
- Confirm whether we process their personal information.
- Access and delete certain personal information.
- Data portability.
- Opt-out of personal data processing for targeted advertising and sales.
Colorado, Connecticut, and Virginia also provide their state residents with rights to:
- Correct inaccuracies in their personal information, taking into account the information's nature processing purpose.
- Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.
To the extent that IMIH is subject to the state specific requirements described above, IMIH shall comply with such requirements. If you are located in one of the foregoing states, to exercise any of your above described rights (to the extent applicable to IMIH), please contact us at privacy@imih.org. To appeal a decision regarding a consumer rights request, please contact us at privacy@imih.org.
Nevada provides its residents with a limited right to opt-out of certain personal information sales. Residents who wish to exercise this sale opt-out rights may submit a request to this designated address: privacy@imih.org. However, please know we do not currently sell data triggering that Nevada's opt-out requirements.
As a non-profit entity, IMIH is not currently subject to the California Consumer Privacy Act of 2018, as amended.
California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of the IMIH Digital Sites that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@imih.org or write us at our contact address set forth above.
K. RESPONSE TO DO NOT TRACK SIGNALS
Some internet browsers include the ability to transmit “Do Not Track” signals. We do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will update this Privacy Policy.
L. THIRD-PARTY LINKS
The IMIH Digital Sites may contain links to third-party sites not owned or operated by us. We are not responsible for the privacy practices or the content of any websites operated by third parties and expressly disclaim any liability with respect to your use of any third party services or websites. Once you have left the IMIH Digital Sites, we suggest you check the applicable privacy policy of the third-party website to determine how they will handle any information they collect from you.
M. CHANGES & UPDATES TO THIS POLICY
We may revise this Privacy Policy at any time. Any amendments or modifications to this Privacy Policy will be posted on the IMIH Digital Sites and effective immediately upon posting. The date of last modification will be indicated above. You are responsible for periodically visiting the IMIH Digital Sites and this Privacy Policy to check for any changes.