Privacy Policy


Effective January 1, 2020

What is MemberLeap's Commitment To Privacy?

Your privacy is important to us (Vieth Consulting). We understand that you are aware of and care about your own privacy interests, and we take that seriously. To better protect your privacy, we provide this privacy notice (the Policy) explaining our online information practices and the choices you can make about the way your personal information (Personal Data) is collected and used. Your Personal Data is kept private and is never shared for a commercial reason with third parties. 

Please read this Policy carefully. If you have any questions or concerns about this privacy policy or about the way we protect and use your Personal Data, info@viethconsulting.com or at 800.336-3008 if you have any questions or concerns. 

What Is Covered By This Policy?

This Policy addresses individuals or households whose Personal Data we may receive from our customers (Customer(s)) in our web-based membership management application MemberLeap (collectively, the Services). In these cases, we do not decide why or how that Personal Data will be processed. Our Customers use our platform to store and process their own customers Personal Data. In these cases, we act only as a storage and service provider. We do not decide what Personal Data is being stored, and in general we will only access such Personal Data at our Customers request in connection with Customer support or account administration matters. We will only access your Personal Data to provide the services that our Customer has directed us to provide, or if we are required by law.

When you give your Personal Data to one of our Customers or when we collect your Personal Data on their behalf, our Customers privacy policy, rather than this Policy, will apply to our processing of your Personal Data. If you have a direct relationship with one of our Customers, please contact them to exercise your privacy rights.

What Is Our Role With Respect To Your Personal Data?

Vieth Consulting acts as an agent, also known as a data processor or service provider, for the Personal Data we process for our Customers when providing our Services. This means that our Customers determine the type of Personal Data they provide for us to process on their behalf. We typically have no direct relationship with the individuals whose Personal Data we receive from our Customers.

What Is The Lawful Basis For Processing?

Within the scope of this Policy, we process Personal Data based on the instructions of our Customers. To learn about their lawful bases for processing your Personal Data, please read the privacy policy of our Customers.

What Personal Data We Process and How We Obtain It?

The categories Personal Data we collect are:

Identifiers, such as:

  • Name
  • Postal Address
  • Email address
  • Phone number
  • IP Address

Other Categories of Personal Data, such as:

  • Credit/Debit Card Information (for use in payments made to Vieth Consulting for the Services)

Commercial Information, such as:

  • Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

How Do We Obtain Your Personal Data?

We receive your Personal Data when you sign-up or provide it directly to one of our Customers (including our Customers employees, contractors, and other representatives of their companies) and they in turn provide the information to us, or when you provide it directly to us as part of using our Services.

How Do We Use Your Personal Data?

We use your Personal Data in the following ways: 

  • To perform Services to you including maintaining or servicing accounts, providing Customer service, addressing technical related issues (example: in the case of a programming error that needs to be corrected);
  • To maintain the integrity and security of our websites, products, features, databases, services and business and to prevent and to detect any security threats, fraud or other criminal or malicious activity that might compromise your information;
  • To assist you and our Customers in completing transactions and orders of our Services;
  • To respond to questions, inquiries, complaints, and requests you or our Customers may have, including investigating addressing those concerns and monitoring and improving our responses;
  • To create, maintain, customize, and secure your or our Customers accounts with us;
  • To manage our Customer base.
  • We may use the member email addresses provided to us by our Customers to contact members regarding a technical-related issue (for example, in the case of a programming error that needs to be corrected).

Do We Disclose Your Personal Data To Third Parties?

We use Personal Data solely and exclusively for the purposes for which the Personal Data, or access to it is provided pursuant to (1) the Online Service Agreement, (2) as our Customers direct and pursuant to our contracts with those Customers, or (3) as required by law. We do not provide any of your information to third party advertisers. MemberLeap is free of advertising.

We use third parties service providers, and we may disclose Personal Data to those service providers only for business purposes. We do not share your Personal Data with third parties for commercial purposes. We use return email addresses to answer the email we receive. Such addresses are not used for any other purpose and are not shared with outside parties. We never use or share the Personal Data provided to us online in ways unrelated to the functioning of the MemberLeap for your organizations use and benefit.

Some of these third parties may be located outside of the European Union or the European Economic Area. In some cases, the European Commission may have determined that in some countries, their data protection laws provide a level of protection equivalent to European Union law. You can see here the list of countries that the European Commission as recognized as providing an adequate level of protection to personal data. We will only transfer your Personal Data to third parties in countries not recognized as providing an adequate level of protection to personal data when there are appropriate safeguards in place. These may include the European-Commission-approved standard contractual data protection clauses under Article 46.2 of the GDPR, or transfers on the basis of the Privacy Shield Framework.

We may disclose your Personal Data to the extent required by law, or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by governmental/law enforcement officials, or private parties). If we have to disclose your Personal Data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your Personal Data.

We may also disclose your Personal Data if we sell or transfer all or some of our company's business interests, assets, or both, or in connection with a corporate restructuring. Finally, we may disclose your Personal Data to our subsidiaries or affiliates, but only if necessary, for business purposes.

We reserve the right to use, transfer, sell, and share aggregated, anonymous data for any legal purpose. Such data does not include any Personal Data. The purposes may include analyzing usage trends or seeking compatible advertisers, sponsors, and customers.

What Is Our Data Retention Policy?

We retain Personal Data for as long as instructed by the respective Customer (who typically acts as a data controller or business under the Applicable Laws). We delete the Personal Data submitted to us by our Customers within six months of the end of the Online Service Agreement with the Customer, unless applicable laws require otherwise

Our Commitment to Data Integrity and Security

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of Personal Data, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure your Personal Data from unauthorized processing. Unauthorized processing includes unauthorized access, exfiltration, theft, disclosure, alteration, or destruction. For more details, please see our Data Security Policy.

What Privacy Rights Do You Have?

You have specific rights regarding your Personal Data. Because, in most cases, it is our Customers who decide how and why your Personal Data will be processed, these rights should usually be exercised with our Customer. To exercise your rights with respect to Personal Data processed by us on behalf of one of our Customers, please read the privacy policy of our Customer. 

You can nevertheless view and edit your Personal Data in the Members Area.  To better protect your security, we will also take reasonable steps to verify your identity before granting access or making corrections. However please note that with respect to all of the rights below, if we are merely processing your information on behalf of a Customer, we may re-direct your request or ask you to re-direct your request to the Customer.

Your Right To Know What Happens To Your Personal Data

This is called the right to be informed. It means that you have the right to obtain from us all information regarding our data processing activities that concern you (or your child), such as how we collect and use your Personal Data, how long we will keep it and who it will be shared with, among other things.

We are informing you of how we process your Personal Data with this Policy.

We will always try to inform you about how we process your Personal Data. However, if we do not collect the Personal Data directly from you, as is usually the case, the GDPR exempts us from the obligation to inform you (i) when providing the information is either impossible or unreasonably expensive; (ii) the gathering and/or transmission is required by law, or if (iii) the Personal Data must remain confidential due to professional secrecy or other statutory secrecy obligations.

Your Right to Know What Personal Data We Have About You

This is called the right of access. This right allows you to ask for full details of the Personal Data we hold on you.

You have the right to obtain from us confirmation as to whether or not we process Personal Data concerning you (or your child), and, where that is the case, a copy or access to the Personal Data and certain related information.

Once we receive and confirm that it was effectively you or your authorized agent who made the request, we will disclose to you:

  • The categories of Personal Data we collected about you;
  • The categories of sources for the Personal Data we collected about you;
  • Our purposes of processing that Personal Data;
  • Where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
  • The categories of third parties with whom we share that Personal Data;
  • If we carry out automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you;
  • The specific pieces of Personal Data we collected about you (this is also called a data portability request); and
  • If we sold or disclosed your Personal Data for a business purpose, two separate lists disclosing:
  • sales, identifying the Personal Data categories that each category of recipient purchased; and
  • disclosures for a business purpose, identifying the Personal Data categories that each category of recipient obtained; and
  • If we rely on legitimate interests as a lawful basis to process your Personal Data, the legitimate interests pursued by us or by a third party;
  • The appropriate safeguards for transferring data from the EU to a third country, if applicable. 

Please take into account that the GDPR allows us not to satisfy your access request when:

  • You already have the information;
  • Providing such information proves impossible or would involve a disproportionate effort, or in so far providing such information is likely to render impossible or seriously impair the achievement of the objectives of that processing; and
  • That Personal Data must remain confidential subject to an obligation of professional secrecy regulated by Union or Member State law, including a statutory obligation of secrecy.

Please know that the CCPA does not allow us to disclose Social Security numbers, drivers license numbers or other government-issued identification numbers, financial account numbers, any health insurance or medical identification numbers, account passwords, or security questions and answers. We can inform you that we have this information generally, but we may not provide the specific numbers, passwords etc. to you for security and legal reasons.

Your Right to Change Your Personal Data

This is called the right to rectification. It gives you the right to ask us to correct without undue delay anything that you think is wrong with the Personal Data we have on file about you (or your child), and to complete any incomplete Personal Data. 

If your account settings do not allow you to change it, please contact us and we will do our best to change the Personal Data for you.

Your Right To Erasure/Deletion

This is called the right to erasure, right to deletion or the "right to be forgotten". This right means you can ask for your Personal Data to be deleted. Please contact us if you want your Personal Data to be deleted. Again, and as with all of these rights, if we are merely processing your information on behalf of a Customer, we may re-direct your request or ask you to re-direct your request to the Customer.

Sometimes we can delete your Personal Data, but other times it is just not possible, like when the law tells us we cannot. If that's the case, we will consider if we can limit how we use it.

Occasions Where We Cannot Fulfill a Deletion Request Under the GDPR or the CCPA:

The GDPR and the CCPA allow us to deny erase of your Personal Data if we or our service providers need to retain the Personal Data to: 

  • Complete the transaction for which we collected the Personal Data
  • Fulfill the terms of a written warranty or product recall conducted in accordance with federal law
  • Provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  • Debug products to identify and repair errors that impair existing intended functionality;
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights or exercise another right provided for by law.
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent;
  • Enable solely internal uses reasonably aligned with your expectations based on your relationship with us;
  • Comply with a legal obligation, including (but not limited to) obligations from the California Electronic Communications Privacy Act; or
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Your Right To Request Change In How We Process Your Personal Data

This is called the right to restrict processing. It is the right to ask us to only use or store your Personal Data for certain purposes. You have this right in certain occasions, such as where you believe the data is inaccurate or the processing activity is unlawful. This right enables you to ask us to suspend the usage of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.

Your Right to Ask Us To Stop Using Your Personal Data

This is called the right to object. This is your right to tell us to stop using your Personal Data. You have this right where we rely on a legitimate interest of ours (or of a third party). Also, you have the right to object at any time to the processing of your Personal Data for direct marketing purposes.

We will stop processing the relevant Personal Data unless: (i) we have compelling legitimate grounds for the processing that override your interests, rights, or freedoms; or (ii) we need to continue processing your Personal Data to establish, exercise, or defend a legal claim.

Your Right to Port or Move Your Personal Data

This is called the right to data portability. It's the right to ask for and download Personal Data about you that you have given us or that you have generated by virtue of the use of our services, so that you can:

  • Move it;
  • Copy it;
  • Keep it for yourself; or
  • Transfer it to another organization

We will provide your Personal Data in a structured, commonly used and machine-readable format. When you request electronically to know which Personal Data, we have about you, we will provide you a copy in electronic format.

Your Right Related To Automated Decision Making

Our Customers could use computers to study your Personal Data, and might use this Personal Data to know how you use their or our services. For decisions that may seriously impact you, you have "the right not to be subject to automatic decision-making, including profiling". But in those cases, our Customers should always explain to you when they might do this, why it is happening and the effect. MemberLeap does not use computers for this purpose.

Your Right Not To Be Discriminated Against For Exercising Your Privacy Rights

We will not discriminate against you for exercising any of your privacy rights. Unless the applicable data protection laws permit it, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Your Right To Lodge a Complaint With a Supervisory Authority

If the GDPR applies to the processing of your Personal Data with us, the GDPR grants data subjects to lodge a complaint with a supervisory authority if youre not satisfied with how we process your Personal Data. 

In particular, you can lodge a complaint in the Member State of the European Union of your habitual residence, place of work or of an alleged violation of the GDPR.

Your Right To Opt-Out of The Sale of Personal Data

MemberLeap does not sell your Personal Information. If you are a California resident, you have the right to ask our Customers to not sell your Personal Data at any time. This is called the right to opt out. To exercise the right to opt-out, you (or your authorized agent) should contact our Customers directly. 

What Should You Know About The Privacy of Children?

Our Services are not directed at, or intended for use by, children under the age of 13.

Do We Use Cookies or Other Tracking Technologies?

A cookie is a small file stored on your device that contains information about your device. We may use cookies to provide website functionality, authentication (session management), usage analytics (web analytics), and to remember your settings, and generally improve our websites and Services.

We use session and persistent cookies. Session cookies are deleted when you close your browser. Persistent cookies may remain even after you close your browser, but always have an expiration date. Most of the cookies placed on your device through our Services are first-party cookies, since they are placed directly by us. Other parties, such as Google, may also set their own (third-party) cookies through our Services. Please refer to the policies of these third parties to learn more about the way in which they collect and process information about you.

If you would prefer not to accept cookies, you can change the setup of your browser to reject all or some cookies. Note, if you reject certain cookies, you may not be able to use all of our Services features. For more information, please visit https://www.aboutcookies.org/.

You may also set your browser to send a Do Not Track (DNT) signal. For more information, please visit https://allaboutdnt.com/. Please note that our Services do not have the capability to respond to Do Not Track signals received from web browsers.

What Is an Authorized Agent?

You may appoint an authorized agent to exercise your rights on your behalf. You should appoint such agent via written permission or a power of attorney pursuant to Probate Code sections 4000 to 4465 (if you reside in the State of California) or the applicable rules for authorizing somebody else to exercise your rights in your country of residence.

To verify that your authorized agent acts on your behalf, we will ask for this written permission from your agent or for the power of attorney. In case you provided your authorized agent with a written permission, we will require that you also verify your identity.

Why And How Do We Verify Your Identity?

Bear in mind that to evaluate your privacy rights requests (except the requests to stop the sale of your Personal Data), we need to be sure it was you who made the request. Consequently, we might need some identification to check that you are who you say you are. We will only use the Personal Data you provide us in a request to verify the requestor's identity or authority to make the request. Please note that you may only make a consumer request to know or data portability twice within a 12-month period.

What Is Our Response Timing And Format of Our Responses?

As mentioned above, it is likely that requests should be made to one of our Customers, because we are only processing your Personal Data at their direction. If we receive a Request that should be handled by one of our Customers, we will communicate this to you within ten (10) days of receiving your request.

For the rare cases when we are the correct party to make a request to, we will follow the procedure below.

We will confirm the receipt of your request in ten (10) days and, in that communication, we will also describe our identity verification process (if needed) and when you should expect a response, except when we have already granted or denied the request. 

Please allow us up to 30 days to reply to your requests from the day we received your request. If we need more time (up to 90 days in total), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will send our written response by mail or electronically, at your option. 

Consider that we will only cover the twelve-month period preceding the moment we receive the request in any disclosures we provide you with. 

If we cannot satisfy a request, we will also explain why in our response. For data portability requests, we will choose a format to provide your Personal Data that is readily useable and should allow you to transmit the Personal Data from one entity to another entity without difficulty.

We promise we will not charge a fee for processing or responding to your requests. Exceptionally, we may charge a fee if we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.

What Else Should You Know About Your Privacy?

Please keep in mind that whenever you voluntarily disclose Personal Data online that Personal Data can be collected and used by others. In short, by posting Personal Data online that is publicly accessible, you may receive unsolicited messages from other parties in return. Furthermore, while we strive to protect your Personal Data, we cannot ensure or warrant the security of any Personal Data you transmit to us over the Internet, and you do so at your own risk. You are solely responsible for maintaining the secrecy of your passwords and/or any account information. Please be careful and responsible whenever you are online.

What Happens If Changes Are Made to The Policy?

We reserve the right to change this Policy, but will notify you of such changes through email and/or by posting a notice on the site. In the event of any material change, this notification will be prior to that change becoming effective. 

How To Contact Us?

Should you have other questions or concerns about this Policy, please call us at 800.336.3008 or send us an email at info@viethconsulting.com.

European Union - General Data Protection Regulation

VeraSafe has been appointed as Vieth Consulting's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. VeraSafe can be contacted in addition to Vieth Consulting, only on matters related to the processing of Personal Data. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative

Alternatively, VeraSafe can be contacted at:

VeraSafe Czech Republic s.r.o
Klimentská 46
Prague 1, 11002
Czech Republic

VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland