Last Updated: [10 April, 2026]
[eNutrition Network Corporation] (“Company,” “we,” “us,” or “our”) operates the website enutrition.me (the “Website”). We are committed to protecting your privacy and respecting your rights under applicable data protection laws worldwide.
This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our Website or purchase our products. It also explains your privacy rights and how the law protects you.
We are a Canadian company based in Ontario and comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) , Canada’s federal private sector privacy law. Because we operate globally, this policy also addresses requirements under:
Please read this Privacy Policy carefully to understand our practices regarding your personal information.
Data Controller: Under PIPEDA, the GDPR, and other privacy laws, we act as the “data controller” of your personal information. This means we determine the purposes and means of processing your personal data.
We are accountable for the personal information under our control and have implemented policies and practices to give effect to these principles, including training our staff about privacy and establishing procedures to receive and respond to complaints and inquiries .
By using our Website or purchasing our products, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy.
We will obtain your express consent when the information we are collecting is sensitive or when required by applicable law (such as for placing non-essential cookies). In some circumstances, we may rely on implied consent where it is appropriate based on the circumstances and the sensitivity of the information .
You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. To withdraw consent, please contact our Privacy Officer. Withdrawal of consent may affect our ability to provide you with certain products or services .
Personal information means any information about an identifiable individual. We may collect the following categories of personal information:
Category | Specific Data Elements | Sensitivity Level |
Identity Information | Name, username, author name (for book purchases) | Standard |
Contact Information | Email address, shipping address, billing address, phone number | Standard |
Financial Information | Credit card details, payment method (processed through third-party payment processors—we do NOT store full payment details) | Sensitive |
Account Information | Login credentials, order history, purchase preferences | Standard |
Technical Data | IP address, browser type and version, time zone setting, browser plug-in types, operating system, platform, device type | Standard |
Usage Data | How you interact with our Website, pages visited, products viewed, search queries, referral URLs | Standard |
Marketing and Communications | Your preferences in receiving marketing from us, communication preferences, newsletter subscriptions | Standard |
Cookies and Tracking Technologies | Cookie IDs, pixel tags, web beacons, analytics identifiers | Standard |
Sensitive Personal Information (SPI) : Under the CPRA, sensitive personal information includes certain categories requiring enhanced protection . The only sensitive information we collect is payment card data, which is processed directly by our third-party payment processors (Stripe, PayPal, etc.). We do not store or have access to your full payment card details.
We collect personal information through various methods:
5.1 Direct Interactions
You may provide us with your identity, contact, and financial information when you:
5.2 Automated Technologies or Interactions
As you interact with our Website, we automatically collect Technical Data and Usage Data about your equipment, browsing actions, and patterns. We collect this data using cookies, server logs, and similar technologies .
5.3 Third Parties or Public Sources
We may receive personal information about you from:
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
Purpose | Type of Data | Lawful Basis for Processing (GDPR) | PIPEDA Compliance |
To register you as a new customer | Identity, Contact | Performance of a contract | Consent |
To process and deliver your orders, including managing payments and shipping | Identity, Contact, Financial, Transaction | Performance of a contract | Consent |
To manage our relationship with you, including notifying you about changes to our terms or policies | Identity, Contact, Profile | Performance of a contract; Necessary for our legitimate interests | Consent |
To administer and protect our business and Website (including troubleshooting, data analysis, testing, system maintenance, security) | Identity, Contact, Technical | Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security) | Consent |
To deliver relevant website content and advertisements to you and measure effectiveness | Identity, Contact, Profile, Usage, Marketing, Technical | Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business) | Consent (implied or express as required) |
To use data analytics to improve our Website, products/services, marketing, customer relationships and experiences | Technical, Usage | Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Website updated and relevant, to develop our business) | Consent |
To make suggestions and recommendations to you about goods or services that may be of interest to you | Identity, Contact, Technical, Usage, Profile | Necessary for our legitimate interests (to develop our products/services and grow our business) | Consent |
To comply with legal obligations | All relevant categories | Necessary for compliance with a legal obligation | Required by law |
Legitimate Interests: Under the GDPR, we rely on “legitimate interests” as a lawful basis for certain processing activities where our interests are not overridden by your data protection rights . Our legitimate interests include operating and improving our Website, marketing our products, and understanding our customers.
Our Website uses cookies and similar tracking technologies to enhance user experience, analyze usage, and for advertising.
7.1 What Are Cookies?
Cookies are small text files stored on your device when you visit a website. They help us remember your preferences and understand how you interact with our Website .
7.2 Types of Cookies We Use
Cookie Type | Purpose | Consent Required? |
Strictly Necessary Cookies | Essential for Website functionality (e.g., shopping cart, account login) | No (implied consent) |
Performance/Analytics Cookies | Collect anonymous information about how visitors use our Website (e.g., Google Analytics) | Yes (for EU/UK visitors) |
Functionality Cookies | Remember choices you make to provide enhanced features | Yes (for EU/UK visitors) |
Targeting/Advertising Cookies | Record your visit, pages visited, and links followed to deliver relevant ads | Yes (for all regions where required) |
7.3 Cookie Consent
7.4 Managing Cookies
You can control and manage cookies in various ways. Most browsers allow you to refuse or accept cookies. Please note that removing or blocking cookies may impact your user experience and parts of our Website may no longer be fully accessible.
We do NOT sell your personal information. We do not rent, trade, or exchange your personal information for monetary consideration. However, under the CCPA/CPRA, certain disclosures for cross-context behavioral advertising may be considered a “sale” or “sharing” . We only share information as necessary to provide our services.
We may share your information with the following categories of third parties:
Third-Party Category | Examples | Purpose | Location |
Payment Processors | Stripe, PayPal, Square | Process your payments securely | May process data outside Canada (including USA) |
Shipping Carriers | Canada Post, UPS, FedEx | Deliver your orders | Canada, USA |
Email Marketing Platforms | Mailchimp, Klaviyo, ConvertKit | Send newsletters and marketing communications | May process data outside Canada (including USA) |
Analytics Providers | Google Analytics | Analyze Website usage and improve our services | May process data outside Canada (including USA) |
IT and Hosting Services | Web hosts, cloud storage providers | Maintain our Website and store data | Canada, USA |
Customer Support Tools | Help desk platforms | Manage customer inquiries | May process data outside Canada (including USA) |
Advertising Partners | Facebook, Instagram, Google Ads | Deliver relevant advertisements | May process data outside Canada (including USA) |
Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, or sale of all or a portion of our assets, your information may be transferred as part of such transaction .
Legal Requirements: We may disclose your information where required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency) .
Data Processing Agreements: We have data processing agreements in place with all third-party service providers who process personal information on our behalf, ensuring they comply with applicable privacy laws and provide adequate protection for your information .
9.1 Cross-Border Processing
As a Canadian business operating globally, your personal information may be transferred to, stored, and processed in countries outside of Canada, including the United States. These countries may have data protection laws different from those in your country of residence .
9.2 Safeguards for International Transfers
When we transfer your personal information internationally, we take steps to protect it in accordance with applicable laws:
9.3 EU Representative
Because we offer goods and services to individuals in the European Union, we are required under GDPR Article 27 to appoint an EU representative. If you are in the EU, you may contact our EU representative regarding GDPR matters:
[Insert EU Representative Name or Service]
Email: [Insert EU Rep Email]
Address: [Insert EU Rep Address]
Note: If you have fewer than 250 EU customers, this requirement may not apply, but it’s best practice to have representation if you actively market to EU residents .
9.4 UK Representative
Similarly, for individuals in the United Kingdom, we have appointed a UK representative:
[Insert UK Representative Name or Service]
Email: [Insert UK Rep Email]
Address: [Insert UK Rep Address]
We will only retain your personal information for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements .
Data Type | Retention Period | Rationale |
Account Information | Until account deletion + 30 days | To allow for account reactivation |
Order History | 7 years | Canadian tax and accounting legal requirements |
Payment Information | Not stored by us | Processed and retained by payment processors per their policies |
Email Marketing Data | Until unsubscribe + 30 days | To honor opt-out requests |
Website Usage Data | 26 months (Google Analytics default) | Analytics and Website improvement |
Customer Support Communications | 3 years | Service improvement and dispute resolution |
In some circumstances, we may anonymize your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you .
We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction .
11.1 Security Measures Include:
11.2 No Guarantee
However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security .
11.3 Data Breach Procedures
In the event of a data breach that poses a risk to your rights and freedoms, we will:
Depending on your location, you have various rights regarding your personal information. We respect all applicable privacy rights and will honor requests to exercise them.
12.1 RIGHTS FOR ALL USERS (Under PIPEDA)
Right | Description |
Right of Access | You may request access to the personal information we hold about you . |
Right to Correction | You may request correction of inaccurate or incomplete information. If you successfully demonstrate inaccuracy, we will amend your information . |
Right to Withdraw Consent | You may withdraw consent for certain data uses (e.g., marketing emails) at any time, subject to legal or contractual restrictions. |
Right to Challenge Compliance | You may challenge our compliance with privacy laws by contacting our Privacy Officer. |
12.2 ADDITIONAL RIGHTS FOR EU/UK USERS (Under GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following additional rights :
Right | Description |
Right to Erasure (Right to be Forgotten) | You may request deletion of your personal information where there is no good reason for us continuing to process it. |
Right to Data Portability | You may request that we provide your personal information to you in a structured, commonly used, machine-readable format, and you have the right to transmit that data to another controller . |
Right to Restrict Processing | You may request that we suspend the processing of your personal information in certain circumstances. |
Right to Object | You may object to our processing of your personal information where we are relying on legitimate interests as our legal basis. |
Right to Lodge a Complaint | You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement. |
12.3 ADDITIONAL RIGHTS FOR CALIFORNIA RESIDENTS (Under CCPA/CPRA)
If you are a resident of California, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights :
Right | Description |
Right to Know | You have the right to request that we disclose the personal information we collect, use, disclose, and sell about you. This includes categories of personal information, sources, business purpose, and third parties with whom we share it. |
Right to Delete | You have the right to request deletion of personal information we have collected from you, subject to certain exceptions. |
Right to Correct | You have the right to request correction of inaccurate personal information. |
Right to Opt-Out of Sale/Sharing | We do NOT sell your personal information. However, our use of cookies for advertising may be considered “sharing” under the CPRA. You have the right to opt out of such sharing. Please see our “Do Not Sell or Share My Personal Information” link in our website footer . |
Right to Limit Use of Sensitive Personal Information | You have the right to limit our use of sensitive personal information to only that which is necessary to provide you with our services. The only sensitive information we collect is payment data, which is necessary for processing orders. |
Right to Non-Discrimination | We will not discriminate against you for exercising any of your CCPA/CPRA rights. This means we will not deny you goods or services, charge you different prices, or provide you with a different level of quality . |
Financial Incentives: We do not offer financial incentives for the collection of personal information.
Verification: To protect your privacy, we will take reasonable steps to verify your identity before fulfilling your request. This may involve matching the information you provide with information we already have on file .
Authorized Agent: You may designate an authorized agent to make a request on your behalf. We will require proof of authorization and identity verification.
12.4 Exercising Your Rights
To exercise any of your rights, please contact us using one of the following methods:
We will respond to all verified requests within:
Our Website is not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 .
Under 13: If you are a parent or guardian and believe your child under 13 has provided us with information, please contact us immediately. If we become aware that we have collected personal information from a child under 13 without verification of parental consent, we will take steps to delete that information .
Ages 13-16: Under the CCPA, we do not and will not sell the personal information of consumers we know to be between 13 and 16 years of age without affirmative authorization .
For EU/UK: Under the GDPR, the age of consent for data processing activities is 16 (or lower in some member states). We do not knowingly process data of children under 16 without parental consent .
Our Website may contain links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you . We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy policy of every website you visit.
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors .
Material Changes: If we make material changes to this Privacy Policy, we will notify you by:
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.
If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact our Privacy Officer:
Privacy Officer
eNutrition Network Corporation
Suite #302
3041 Dougall Avenue
Windsor, Ontario,
N9E 1S3
Canada
For EU Individuals: You may also contact our EU Representative (see Section 9.3).
For UK Individuals: You may also contact our UK Representative (see Section 9.4).
Supervisory Authorities:
