- Personal Data you provide us
- Other Personal Data we receive about you
- Who we share your Personal Data with
- How we protect your Personal Data
- International transfers of your Personal Data and Privacy Shield
- What your rights are to your Personal Data, and how you can exercise them
- Our Personal Data retention policy
- Any questions or concerns?
- You have certain rights regarding the Personal Data we collect from you, which you can learn about below.
- As noted in our Terms and Conditions, we do not knowingly collect or solicit Personal Data from anyone under the age of 18. If you are under the age of 18, please do not access or use the Services, or attempt to send us any Personal Data. If we learn that we have collected Personal Data from an individual under the age of 18, we will delete that information as quickly as possible.
PERSONAL DATA YOU PROVIDE US
We collect your email address and the password you enter when you register for an account with us, and we use them to verify your identity, based on our legitimate business interests in keeping your account secure and preventing fraudulent transactions.
We also use your email address:
- to send you confirmations, notifications and other information regarding your account, your Subscribe & Save plans and your purchases, as may be necessary to complete our contractual obligations to you. Without your email address, we wouldn't be able to provide you this information in a timely and effective manner;
- to send you information and materials about us, our products and our services that we think may be of interest to you, based on our legitimate business interest in marketing to individuals who have indicated an interest in our products and services. You can choose not to receive such information when you register an account with us, and you can decide to stop receiving this information at any time by emailing us at firstname.lastname@example.org; and
- to send you information and materials about third parties with whom we partner or do business and their products and services, but only where you have given us your consent to do so. You can opt in to receive such messages when you register an account with us and you can always decide to stop receiving these emails at any time by emailing us at email@example.com.
You may be able to register for or access the Services using Third Party Services, such as Facebook. If you've registered for an account with us through Facebook or another Third Party Service, we will collect and receive your login credentials for such Third Party Service in connection with providing you with the Services if you expressly provide us with such information. We will only use such login information for the purposes described above. In any case, we urge you to review your privacy settings on any Third Party Service and their associated privacy policies to understand more about disclosures of information from your applicable Third Party Services.
Shipping and Payment Information
When you subscribe to a Subscribe & Save plan or purchase products through the Services or over the phone with one of our customer service representatives, we collect your first and last name, your email address, your shipping address and your telephone number (collectively, "Shipping Information"), as well as certain payment information, including your billing address and your credit or debit card type, number, security code and expiration date (collectively, "Payment Information"), and we use this information in order to process, fulfill, confirm, or notify or inform you about your Subscribe & Save plans and purchase orders, as may be necessary to complete a contract with you. Without this information, we would be unable to complete your transaction with us and/or deliver your purchases to you.
We also use your Payment Information to verify your identity when you manage your account, your Subscribe & Save plan or your orders, or make a new purchase, based on our legitimate business interests in keeping your account secure and preventing fraudulent transactions. As stated above, we do not store your Payment Information – our Payment Processor does, and we must collect your Payment Information from our Payment Processor and/or from you in order to use it to verify your identity or to process and fulfill your orders.
We use and store your Shipping Information to make it easier for you to make a purchase, or to sign up for a Subscribe & Save plan if you do not have one, based on our legitimate business interest in making the Services more convenient for your continued use.
We may also use your Shipping Information to mail you information and materials about us and our products and services that we think may be of interest to you, based on our legitimate business interest in marketing to individuals who have indicated an interest in our products and services. You can always choose not to receive such communications when you register an account with us, and you can stop receiving these communications at any time by emailing us at firstname.lastname@example.org. You can always have us delete your Shipping Information at any time by emailing us at email@example.com.
Information You Share With Us in Communications or Interactions
When you communicate with us or our customer service representatives, including when you call us, email us or interact with us through the Services, we automatically record that communication, and use that record and the information you provide us in those communications, to address your questions and complaints about us, our products and our services, and to train our customer service representatives, based on our legitimate business interest in providing quality customer service. We also use the information you provide us to address your requests regarding your account and purchase orders, as may be necessary to complete a contract with you. Without this information, we may not be able to address these requests.
When you respond to a survey we provide you, or leave a written comment or review on the Services about us, our products or the Services, we record that survey response, comment or review, and use the information you provide us in them, in order to assess and/or address your responses, comments or reviews regarding us, our products or our services, based on our legitimate business interest in providing quality products and customer service.
Other Personal Data we receive about you
In addition to the information you directly provide us, we automatically receive and record certain information about you when you access or use the Services, or otherwise communicate or interact with us (including through other websites or mobile applications). Additionally, like many e-retailers, we collect certain information about you from third parties, including advertising and analytics companies.
When you access or use the Services, we collect information from your web browser, including your IP address and your device's settings and unique identifiers, and use that information to determine your general location, based on our legitimate business interests in reliably and accurately providing you with Services and information that apply to you, and in learning more about where the Services are being accessed or used.
- enable you to access and use our website and other features or content on the Services that you request or seek to use, based on our legitimate business interest in providing you with the Services. For example, certain Cookies enable you to log into your account or use the "shopping cart" functionality on the Services. Such Cookies are generally known as "essential cookies." You can disable these Cookies, but doing so will encumber the performance of the Services and may make certain of its features and services unavailable to you;
- determine whether you have previously visited or otherwise used the Services, and if so, whether you indicated any preferences during your previous visits or use, based on our legitimate business interest in personalizing the Services for repeat visitors. Such Cookies are generally known as "functionality cookies," and are persistent Cookies. You can disable these Cookies, but doing so will impair our ability to personalise the Services for you. Our functionality cookies include, for example:
- h_cart: notes the contents of your cart before checkout so that if you navigate away from your basket and return to us, we will remember what was in your cart;
- h_sess: identifies you to our servers after you log in to your account;
- flash: temporarily stores messages and alerts that we display on-screen to you;
- h_personalization: identifies your relationship with us (e.g., whether you have previously made a purchase from us or signed up for a Subscribe & Save plan);
- followed_incentive_code: this Cookie is delivered by us to verify that a referral link is genuine so that we can reward you accordingly. Without this Cookie, we cannot authenticate the code and the reward cannot be applied;
- h_geoip: determines from which country you are accessing the site so that we can present a country-specific experience (e.g., currency, language, products, shipping options);
- h_public: stores your public user ID which helps us serve a personalised site experience;
- h_mobile: determines if you are on a mobile device to serve a mobile optimised site experience;
- h_signed_once: remembers if you have logged in before to default your login option to login instead of create account;
- h_user: identifies you as being logged-in;
- h_dc: remembers if you applied a discount code to apply that discount at checkout;
- h_gdpr_cookie_agree: remembers if you agree to being tracked via Cookies; and
- multi_step_builder_state: remembers your progress in completing the checkout experience for a subscription;
- learn about the pages on our website and on Third Party Services that you visit, and thus enhance our understanding of your interests and preferences, so that we can serve you with advertisements for our products or services that we believe may be of interest to you (on the Services and elsewhere), based on our legitimate interest in marketing to individuals we believe may be interested in our products and services. Such Cookies are generally known as "retargeting and advertising cookies," and are persistent Cookies. Through these Cookies, we collect information about your online activity after you leave our Services. We use a number of third parties to help deliver these Services, including, for example, Google. Please see the section below titled "Additional information about interest-based advertisements" for more information; and
- understand how visitors use the Services, such as by collecting information about the number of visitors to our website, what pages visitors view on our website and how long visitors are viewing pages on the website, based on our legitimate business interest in improving and maintaining the accessibility and functionality of our Services. Such Cookies are generally known as "performance/analytical cookies," and are persistent Cookies. Through these Cookies, we may collect information about your online activity after you leave our Services. We also use these Cookies to help us measure the performance of our advertising campaigns, based on our legitimate business interest in improving our advertising campaigns and the content on the Services to better market to individuals who we think may be interested in our products and services. We use a number of third parties, as described below, to help deliver these Services. Our performance/analytical cookies include, for example:
- h_eph_sess: a short-lived unique identifier that we use to see if you arrive to our website and whether this could be linked to any offline advertising like TV or radio advertisements;
- h_custype: lets us know if you have purchased from us in the past, so that we can show you relevant information on our website;
- ga: Google Analytics session information, a third party Cookie served by Google; and
- gid: Google Analytics user identifier, a third party Cookie served by Google.
Your browser may offer you a "Do Not Track" or "DNT" option, which allows you to signal to operators of Third Party Services that you do not wish such operators to track certain of your online activities over time and across different websites. However, because we collect browsing and persistent identifier data, our Services do not support DNT requests at this time, which means that we may collect information about your online activity both while you are using the Services and after you leave them. You should also know that certain Third Party Services may not support DNT requests either – you should check their respective privacy policies for more information.
You can decide whether or not to accept most Cookies. Most browsers allow you to delete Cookies and have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on the sophistication of your browser software) allowing you to decide whether to accept each new Cookie in a variety of ways. To explore what Cookie settings are available to you, look in the "preferences" or "options" section of your browser's menu. You can always choose to stop us from collecting your Cookie Information by turning off the Cookie feature on your browser or by ceasing to use the Services. However, if you do prevent us from collecting your Cookie Information, you should know that some of the Services may not work properly.
If you'd like to know more about Cookies, including information about how to manage, disable and delete them, you can visit http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm, https://ico.org.uk/for-the-public/online/cookies/, http://www.youronlinechoices.com/uk/ or http://www.allaboutcookies.org/.
Additional information about interest-based advertisements
We serve advertisements, and also allow third party ad networks, including third party ad servers, ad agencies, ad technology vendors and research firms, to serve advertisements through the Services. These advertisements are sometimes targeted to users who fit certain general profile categories or display certain preferences or behaviors (such advertisements, "Interest-Based Ads"). Information for Interest-Based Ads (including Personal Data) may be provided to us by you, as outlined above, as well as derived from the usage patterns of particular users on the Services and/or Third Party Services over time. Such information may be gathered by us or our third party service providers through Cookies, which may include a file known as a "web beacon" from an ad network to you through the Services. Web beacons allow ad networks to view, edit or set their own Cookies on your browser, just as if you had requested a web page from their website, allow them to serve Interest-Based Ads to you when you visit other websites, and also allow them to provide us and our advertisers with anonymized, aggregated auditing, research and reporting about advertisements.
Remember, you can always choose to stop us from collecting your Cookie Information by turning off the Cookie feature on your browser or by ceasing to use the Services. Also, you can opt out of Interest-Based Ads sourced by Google using Google's Ads Settings. For more information on how to make choices about Interest-Based Ads from participating third parties, and to learn how to opt out of receiving them from participating organizations, please visit the European Interactive Digital Advertising Alliance's user information website at http://www.youronlinechoices.eu/.
Links and Confirmations
When you open an email or an SMS, MMS or other text message, or a push notification (each, a "Message") sent by us, or click on any links in that Message, we receive a confirmation that you did so (and when), as well as Cookie Information. We also receive confirmation and Cookie Information when you click on any links elsewhere throughout the Services, including on our website and our branded pages on social media. We use the information described in this paragraph to assess the effectiveness of our Messages and associated marketing campaigns, to learn more about the audience for our Messages, and to better understand your preferences, all based on our legitimate business interest in marketing to individuals who may be interested in our services and products. You can stop receiving Messages from us at any time by emailing us at firstname.lastname@example.org.
Information from Advertising and Analytics Partners
We work with advertising and analytics companies that provide us with certain information about you, your interactions with us and the Services, and your usage of both the Services and Third Party Services, including your age or birthday, demographic or interest data, Cookie Information, hashed email addresses, unique identifiers assigned to you by our Advertising Partners, as well as pages or content you've viewed, links you've clicked or other actions you've taken on both the Services and on Third Party Services. We use this information in order to enhance our understanding of your interests and preferences, so that we can serve you with Interest-Based Ads and measure their effectiveness, based on our legitimate business interest in marketing to individuals who we think may be interested in our services and products. We sometimes attempt to direct Interest-Based Ads to individuals who fit a certain general category, and as a result of the information our advertising and analytics partners provide us, Interest-Based Ads or other advertisements or recommendations may appear on Third Party Services that you visit.
To collect the information described above, as well as to serve targeted advertisements to you, our advertising and analytics partners sometimes integrate their own Cookies, including web beacons, into the Services and/or into Third Party Services that you visit, as mentioned above. Remember, you can elect not to have these Cookies collect your information on the Services. Also, your browser or device may offer you a "Do Not Track" or "DNT" option, which allows you to signal to operators of Third Party Services (including, without limitation, behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites; however, we cannot and do not make any promises about how such Third Party Services will react when you set this signal on your browser.
You may also consider changing your settings to block third party Cookies generally, where possible. Again, if you'd like to know more about Cookies, including information about how to manage, disable and delete them, you can visit http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm, https://ico.org.uk/for-the-public/online/cookies/, http://www.youronlinechoices.com/uk/ or http://www.allaboutcookies.org/.
Information from Other Service Providers
In addition to our advertising and analytics partners, we contract with various third party entities in order to operate our business and provide you with the Services and our products. These third parties provide us with various services described throughout this policy, including shipping and logistics, name and address verification, email distribution, market research, fraud prevention, promotions management and payment processing, and may share with us information about you that they have independently developed or acquired (in accordance with their own privacy policies and practices) for those purposes, as may be necessary for us to complete a contract with you or in furtherance of our legitimate business interests.
We sometimes request and receive information about your transaction history from our Payment Processor in order to process your purchase orders and Subscribe & Save plans, or to enroll you in discount, rebate and other programs in which you have elected to participate and use it to verify your identity by combining it with information you provide us, based on our legitimate business interest in protecting against fraudulent transactions.
Who we share your Personal Data with
We share your Personal Data within our corporate family. We also share your Personal Data with third party vendors, service providers and agents, for the purposes and on the legal bases discussed herein, including:
- with shipping and logistics companies, our Payment Processor and others that we rely on to provide you with the Services or process and fulfill your Subscribe & Save plans and purchase orders, in each case, as may be necessary to complete a contract with you under our Terms and Conditions or your purchase orders or Subscribe & Save plans; and
We also share your Personal Data with other third parties where you have given us your consent to do so, including for marketing purposes, based on your consent, which you may withdraw at any time, by emailing us at email@example.com. As stated above, you can always choose to stop receiving these messages from us by emailing us at firstname.lastname@example.org. Additionally, we share certain Cookie Information with Third Party Services where you have chosen to interact with them through the Services, such as by clicking on a link or advertisement on the Services.
If you post information or content publicly on or through the Services (including when you submit comments or reviews of our products or Services), or post content publicly elsewhere, including on your social media accounts, that relates to us or the Services, we may receive and share that public information with third parties, based on our legitimate business interest in marketing our products and services.
Change of Ownership or Control
Laws and Safety
We also reserve the right to access, read, preserve and disclose your Personal Data as we reasonably believe is necessary to:
- satisfy any applicable law, regulation, legal process or governmental request;
- protect our rights, property or safety, and those of our users, customers and the public.
How we protect your Personal Data
We seek to protect your Personal Data using appropriate technical and organisational measures, taking into account the nature of the applicable Personal Data and processing activity. For example, all Payment Information regularly collected through the Services is encrypted and maintained using industry standard methods designed to ensure its security against loss or theft, including during transmission to our Payment Processor. However, we cannot and do not guarantee or warrant that such techniques will prevent unauthorized access to Personal Data or other information about you that we collect and store. Unauthorised entry or use, hardware or software failure, and other factors may compromise the security of such information at any time.
You can help us prevent unauthorised access to your account with us and your Personal Data by selecting and protecting your password appropriately and limiting access to your device and browser by signing off after you have finished accessing your account.
International transfers of your Personal Data and Privacy Shield
We sometimes transfer your Personal Data outside of the European Union, Iceland, Norway or Lichtenstein to our authorised third party agents, vendors and service providers. When we do so, it is our practice to use contracts with standard provisions approved by the European Commission that give Personal Data the same protection it has in Europe, or, where we use third party agents, vendors and service providers based in the United States, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to Personal Data shared between Europe and the United States.
What your rights are to your Personal Data, and how you can exercise them
You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request with respect to these rights, you can email email@example.com. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous, inaccurate or extremely impractical, if it jeopardizes the rights of others or if it is not required by law, but in those circumstances we will still respond to notify you of such a decision. In some cases, we may need you to provide us with additional information, which may include Personal Data, as necessary to verify your identity and the nature of your request.
Right of access
- Where permissible, you can request more information about the Personal Data we hold about you and you can request a copy of your Personal Data. If you have an active account with us, you can also access your Personal Data by visiting your account settings on our website.
Right of rectification
- If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such Personal Data. You can also correct some of this Personal Data directly by visiting your account settings on our website.
Right of erasure
- Where permissible, you can request that we erase some or all of your Personal Data from our systems. You can also delete your account with us at any time by emailing us at firstname.lastname@example.org.
Right to withdraw consent
- If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent to this processing at any time, which you can do by emailing us at email@example.com. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilise some or all of our Services.
Right to object to processing and to restrict processing
- Where permissible, you can let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as marketing to you (to name one example), and you can also ask us to restrict further processing of your Personal Data.
Right of portability
- Where permissible, you can ask for a copy of your Personal Data in a machine-readable format, and you can also request that we transmit the data to another controller where technically feasible.
Right to lodge a complaint with a supervisory authority
- You have the right to lodge a complaint about our practices with respect to your Personal Data with the supervisory authority of your country or EU Member State. Please visit http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm for more information.
Our Personal Data retention policy
We retain your Personal Data for as long as you have a working account with us, or as otherwise necessary to provide you with the Services. In some cases we retain Personal Data for longer, if doing so is necessary to pursue our legitimate business interests (but only if those interests are not overridden by your own interests, rights and freedoms), comply with our legal obligations, resolve disputes or collect fees owed, conduct audits, or if doing so is otherwise permitted or required by applicable law, rule or regulation. Afterwards, we dispose of your Personal Data securely, but may retain some information in a depersonalised or aggregated form but not in a way that would identify you personally.
As stated above, you can request us to erase some or all of your Personal Data from our systems, and you can delete your account with us at any time, by emailing us at firstname.lastname@example.org.
Any questions or concerns?
If you have any questions or concerns regarding how we collect, use, protect or share your Personal Data, including, for example, about our legitimate business interests or the legitimate business interests of others that we describe above, please send a detailed message to email@example.com. We will make every effort to resolve your concerns.
1 June 2018