GET MY FREE MEAL PLAN 👉 HERE
Login

GDPR

Updated: December 19, 2025

The European Union’s General Data Protection Regulation (GDPR) went into fffect. If you are domiciled within the European Union or the United Kingdom, you are entitled to certain information and have certain rights under the General Data Protection Regulation (“GDPR”) or UK GDPR. Throughout this policy, we have disclosed what information we collect and how it is used. Under these laws, we are a data controller and must provide you with certain information regarding the data we collect, our legal bases for doing so, and your rights related to your data. This Policy is provided by Rachel Paul Nutrition LLC (“Company”) as a supplement to its Privacy Policy to discuss the rights available regarding the rights of those domiciled in regions affected by these laws. 

We adhere to the principles of the GDPR with respect to Personal Data provided by: (i) individuals who visit our website and voluntarily provide their information, and (ii) from our participants, vendors, contractors, affiliates, and agents.

Company provides educational programs, support research, and various types assistance with land use projects and related policy-making. Through providing such services, the Personal Data we may collect may include:

  1. First and last names
  2. Email addresses
  3. Phone numbers
  4. Mailing Address
  5. Username and password for your Company account
  6. Personal information you submit to us via our customer service methods or through leaving reviews and testimonials
  7. Usage, viewing, and technical data, including device identifier and/or IP address, or location information
  8. Billing information
  9. Log files, information collected by cookies or similar technologies about actions taken when accessing our platform
  10. Data submitted through our accountability group

Company collects, uses and processes Personal Data for the purposes of:

  1. Providing information about our services and projects
  2. Providing services and support
  3. Communicating with business partners, vendors, agents and contractors about business matters
  4. Analysis of information in order to improve business practices and services
  5. Conducting related tasks for legitimate business purposes
  6. Other purposes disclosed at the time of collection
  7. Compliance with legal requirements

Company will only process Personal Data in ways that are compatible with the purpose for which Company collected the Personal Data, or for purposes that the individual or participant providing the Personal Data authorizes. If Company desires to use your Personal Data for a purpose that is materially different than the purpose for which it was collected or that you authorized, we will provide you with the opportunity to opt in.

  1. Subcontractors. We transfer Personal Data to our subcontractors that perform consulting services and other functions on our behalf. We enter into written agreements with each of our subcontractors requiring them to provide the same level of protection that Company provides for its participants and as required by the GDPR, limiting their use of the Personal Data to the specified services provided on our behalf. We take reasonable and appropriate steps (i) to ensure that subcontractors process Personal Data in accordance with our company policies and GDPR obligations and (ii) to stop and remediate any unauthorized processing. We remain liable for the acts of our subcontractors that perform services on our behalf for their handling of Personal Data that we transfer to them.
  2. Third Party Agents or Service Providers. We may transfer Personal Data to our third-party agents or service providers that perform functions on our behalf. You can access our current list of sub processors listed on here. We enter into written agreements with those third-party agents and service providers requiring them to provide the level of protection required by the GDPR if applicable to such third-party agents and service providers, and if not, then the same level of protection that Company provides, limiting their use of the Personal Data to the specified services provided on our behalf. We take reasonable and appropriate steps (i) to ensure that third-party agents and service providers process Personal Data in accordance with our company policies and GDPR obligations and (ii) to stop and remediate any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers that perform services on our behalf for their handling of Personal Data that we transfer to them.

Under certain circumstances, we may be required to disclose your Personal Data in response to valid requests by public authorities or to meet national security or law enforcement requirements.

Company maintains reasonable and appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction.

Remember that no method of transmission over the internet or method of electronic storage is 100% secure. Company cannot promise, and you should not expect, that your personal information or private communications will always remain private. Company cannot guarantee complete security.

Company currently stores user information via secure cloud-based web hosting services, provided by the Squarespace and Woocommerce and the information is stored on servers located within the United States.

Legal Bases

Our legal bases for collecting your personal data: 

  • Consent – Company may process information if you have provided us with your consent. This includes all voluntarily captured personal information or any information for which you have given us consent. 
  • Performance of a contract – We may process your information to perform a contract, which may include the performance of purchases you make through the website in accordance with any applicable terms of service. 
  • Legitimate Interest – We have a legitimate interest in capturing information related to marketing activities and fraud prevention. Additionally, we capture information regarding your interactions with the Site to ensure that the Site is operating properly and to allow us to make improvements. We may also keep information regarding your interactions with the Site as a form of recordkeeping. We do not process your personal information on this basis if it is outweighed by the impact such processing may have on you. 
  • Legal Requirement – We may process your personal information if it is necessary for a legal obligation, such as security. 
  • Vital Interest – We do not process your personal information on this basis. 
  • Public Interest – We do not process your personal information on this basis.

Your Rights

You may have the right to access the Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of applicable law. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your Personal Data, you can submit a written request to the contact information provided below. We may request specific information from you to confirm your identity. If your Personal Data was provided to us by a Company subscribing user, we may facilitate your access to such data by directing you to the user that provided your data to us.

Company would like to make sure you are fully aware of all of your data protection rights under GDPR. If you are a resident of the EU, you are entitled to the following:

  • Right to Be Informed – You may be informed as to how we use your personal information. This notice, in addition to our Privacy Policy, includes much information about this, but you may also inquire with us. 
  • Right to Access – You may access the personal information we have about you by submitting a request.
  • Right to Opt-out – You may opt-out of future email communications by following the unsubscribe links in our emails. You may also contact us at the email below to be removed from our mailing list. 
  • Right to Amend/Rectify – You may contact us to amend or update your personal information. 
  • Right to Erase or Be Forgotten – In certain situations, you may request that we erase or forget your personal data. 
  • Right to Restrict Processing – Similar to the right to erase, you may request that we restrict processing of your personal data. 
  • Right to Data Portability – You have the right to port your personal data, when applicable. 
  • Right to Object – In some situations, you may have the right to object to how your personal data is being processed by filing a complaint.  
  • Rights related to Automatic Decision Making and Profiling – You may have the right to not be subject to automatic decision making and profiling.

You may exercise any of these rights by emailing: rachel@nutritionbyrachel.com

Please note that we may need to retain certain information for recordkeeping purposes or to complete transactions, or when required by law. Unless you exercise such rights, we reserve the right to retain your data.

Any questions, concerns, or comments regarding this Statement or our use of your Personal Data, please contact us at:

Rachel Paul Nutrition LLC

Attn: GDPR

251 Little Falls Drive

Wilmington, DE 19808

We reserve the right to amend this Policy from time to time consistent with GDPR requirements and other applicable law.