California Consumer Privacy Act (CCPA)

Since January 1, 2020, Medifast, Inc. and OPTAVIA LLC have been in compliance with California Consumer Privacy Act (CCPA), a statewide data privacy law that regulates how businesses must  address requests to view personal information (PI) and to delete (PI) of California residents.

CCPA applies to OPTAVIA Clients personal information/data which is held within the Medifast Inc./OPTAVIA LLC ; however, in addition to honoring requests from OPTAVIA Clients in California, Medifast, Inc. will apply CCPA’s requirements and timeline to Client requests from every state in the US.

This has minimal impact on Coaches. After a Client’s personal data is purged, the Coach will see the deletion of that data from the Client’s path on OPTAVIA CONNECT.

Additionally, OPTAVIA Coaches (inactive or active) cannot submit a request to delete their personal data from our systems due to their past or current business relationship with Medifast, Inc. OPTAVIA LLC. 

An OPTAVIA  Coach cannot make any requests to the Company on behalf of a Client, as well, but should direct them to fill out this form or click here to learn other ways to submit a formal request.


FAQs

What is the California Consumer Privacy Act (CCPA)?

The California Consumer Privacy Act (CCPA) is a statewide data privacy law that regulates how businesses all over the world are allowed to handle the personal information (PI) requests to view personal information (PI) and to delete  (PI) of California residents.

This law provides individuals certain rights to their personal data companies may retain in the normal course of doing business. The CCPA applies to any business entity in the US that collects a consumer’s personal data, which does business in California, if that company meets certain criteria. 


Is Medifast, Inc. OPTAVIA LLC is required to comply with CCPA?

Yes, Medifast, Inc., OPTAVIA LLC is a US company, and is required to comply with this Privacy Act.


What if I do not live in California, but I want Medifast, Inc. OPTAVIA LLC to delete my personal data?

As a company, Medifast, Inc. OPTAVIA LLC has made the decision to comply with the mandates and timeline required by CCPA for Clients in every state across the US. Therefore, if you do not live in California, but would like us to purge your personal data, we will honor this request.


How do I inform the Company that I would like to delete my personal data?

If you have a complaint or problem, including a request to access or to remove your personal data from the Company’s systems, please fill out this form, which will allow us to validate your identity and fulfill your request. You can also call our Client Support Team at 1.888.OPTAVIA (1.888.678.2842) and a representative will forward your request to the appropriate internal Company department for a response or resolution. You may also write your request to:

Attn: Privacy Officer
 100 International Drive
 18th Floor
 Baltimore, MD 21202


Are there any limitations or restrictions when purging personal data from the Company’s systems?

Upon your request, we will delete your Personal Data from our active databases and, where feasible, from our back-up media. You should be aware that it may not be possible to remove each and every record of the information you have provided to the Company Websites from our servers.

In addition, you may have certain rights regarding your Personal Data, subject to local law. These include the following rights to:

  • Access your information;
  • Rectify the information we hold about you;
  • Erase your information;
  • Restrict Our use of your information;
  • Object to Our use of your information;
  • Receive your information in a usable electronic format and transmit it to a third party (right to data portability);
  • Learn more about the sources from which we collect information, the purposes for which we collect and share information, the information we hold, and the categories of parties with whom we share your information;
  • Exercise rights without fear of being denied goods or services;
  • Lodge a complaint with your local data protection authority; and
  • Where the processing of your information is based on your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

*Please note that we will likely require additional information from you in order to honor your requests.


Are there any limitations to requesting personal data being removed from the Company’s systems?

Yes, there is one important requirement when requesting personal data by removed from Medifast Inc OPTAVIA LLC systems. That is that the Client must notify the Company directly using one of the contact methods above. The Client’s Coach may NOT submit a data deletion request on his/her Client’s behalf.


How does the Company currently ensure the privacy of my personal data and security internally?

Here is a list of some of the security procedures the Company uses to protect your privacy:

  • Requires both an email address and a password in order for users to access their Personal Data, including Personal Health Information.
  • Uses encryption technology to protect your Personal Data, including credit card information, as it is transmitted to us.
  • Uses firewalls and other intrusion detection and prevention technologies to protect information stored on our servers.
  • Closely monitors the limited number of Company employees who have potential access to your Personal Data.
  • Requires all Company employees to abide by Our Privacy Policy and be subject to disciplinary action if they violate it.
  • Systems back-ups to protect the integrity of your Personal Data.
  • Provides secure messaging within the Company Websites so that information related to your personal health is sent through a secure, encrypted connection.

Despite Company efforts to protect your personal data, including personal health information, there is always some risk that an unauthorized third party may find a way around our security systems or that transmissions of your information over the Internet will be intercepted.


OPTAVIA Coach


How does CCPA impact me as a Coach? 

The impact is minimal. After Medifast Inc. OPTAVIA LLC deletes your Client’s personal date, this will be reflected in CONNECT, as you will see deleted data in that Client’s path. 


How will the Coach experience in CONNECT change? 

Client Orders Report


Scheduled Premier Orders Report


Team Activity Feed


Profile Card


Can a Coach request personal data be deleted on behalf of their Client?

No, a Coach cannot request personal data be deleted on behalf of their Client. The Client must connect the Company directly to make their request using one of the ways to connect outlined here:

Clients can request to access or to remove their personal data from the Company’s systems, by fill out this form, which will allow us to validate their identity and fulfil their request. You can also refer your Client to call our Client Support Team at 1.888.OPTAVIA (1.888.678.2842) and a representative will forward their request to the appropriate internal Company department for a response or resolution. 

They can also write their request to:

Attn: Privacy Officer
 100 International Drive
 18th Floor
 Baltimore, MD 21202


What if a Client requests their Coach delete personal data from their information/records?

A Coach is not responsible for fulfilling any Client requests to delete personal data stored by Medifast and/or OPTAVIA. Only the Company should handle this by having the Client fill out this form or click here to learn other ways to make a formal request.


Can current and past Coaches request their data be purged?

No, a current or past OPTAVIA Coach cannot request their data be deleted due to their past or present business relationship with Medifast, Inc. OPTAVIA LLC.


What is the best way to handle Client requests that the Company delete their personal data?

If a Coach receives a Client complaint or problem, with a request to access or to remove their personal data from the Company’s systems, please share this link and have them complete this form, which will allow us to validate their identity and fulfil their request. You can also refer your Client to call our Client Support Team at 1.888.OPTAVIA (1.888.678.2842) and a representative will forward their request to the appropriate internal Company department for a response or resolution. 

They can also write their request to:

Attn: Privacy Officer
 100 International Drive
 18th Floor
 Baltimore, MD 21202