Personal and Non-Personal Information We Collect:
Information You Provide: When using the Website, in order to utilize some of our services, you may choose to upload, or we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Information”). Personally identifiable information may include, but is not limited to:
- Email address
- Mailing/physical address
- Telephone number
- Credit card number
- User name
- Date of birth
- “Usage Data,” which is data collected automatically, generated by either the use of the Website or from the Website infrastructure itself (for example, the duration of a page visit).
In connection with our product review system, you might provide other voluntary personal information including your:
- Age range
- Skin tone
- Skin color
We collect Personal Information from you when you choose to participate in our offers and programs or when you otherwise provide information directly to us, including when you register with us, purchase products, review products, participate in our interactive features or otherwise interact with us on the Website.
If you are under 18 years of age, please do not submit any Personal Information to us. If you are the parent or guardian of a person under 18 years of age who has provided Personal Information to us, please inform us at email@example.com.
Non-Personal Information: In addition, we may also collect non-personally identifiable information, such as IP addresses (which identify your device), pages viewed, computer type, screen resolution, operating system version, Internet browser type and version, information collected through cookies, pixel tags, web beacons, and other technologies, and other data (“Non-Personal Information”). Because Non-Personal Information does not personally identify you, we may collect, use and disclose Non-Personal Information for any purpose. Non-Personal Information will be retained only for so long as to fulfill a legitimate business need.
Aggregate Information: We may aggregate Personal Information so that the aggregated information does not personally identify you or anyone else, such as by using Personal Information to calculate the percentage of our customers who live in a particular area (“Aggregate Information”). In some instances, we may combine Non-Personal Information with Personal Information (such as combining your name with your geographical location). If we combine any Non-Personal Information with Personal Information, the combined information will be treated by us as Personal Information as long as it is combined, and may aggregate any information collected in a manner which does not identify any individual.
Use of Information:
Personal Information to Provide Services: We may use Personal Information to process and fulfill any orders that you have placed, contact you about our products and services, personalize your experience with us including by presenting products or offers tailored to you, and allow you to use, communicate and interact with others on our Website, including our product review system. This may include sharing information with third parties that provide us with services such as website hosting, data analysis, payment processing, order fulfillment, infrastructure provision, information technology services, customer service, e-mail delivery services, credit card processing, auditing, training, and other similar services. These third parties may have access to Personal Information necessary to perform their functions, but may not use it for other purposes.
Website and Marketing:
Distributors and Other Offers: We may at times share our customers’ email addresses with distributors, manufacturers and/or other service providers that we believe will be of interest to the Exa™ audience. From time to time, we may give you the opportunity to opt in to participate in special third party offers that require us to share certain Personal Information with such third parties. We will disclose this anticipated sharing of Personal Information at the time we make such opportunities available to you. If you opt in to participate in such an offer, we may disclose your Personal Information to such third parties for their direct marketing purposes. We recommend that you consult such third parties' privacy policies in advance if you wish to participate in these offers.
Email and Telephone Communications:
We may use “browse abandon” and “cart abandon” tracking functions (if we have your email address we may send you an email about the products you viewed or left in your cart). If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. We will process your request within a reasonable time after receipt. Note that you will continue to receive transaction-related emails regarding products or services you have requested. We may also contact you from time to time via telephone regarding customer service inquiries pertaining to your orders.
As you use the Internet, a trail of electronic information is left at each website you visit. This information, which is sometimes referred to as "clickstream data," can be collected and stored by a website's server. Clickstream data can tell us the type of computer and browsing software you use and the address of the website from which you linked to the Website. We may collect and use clickstream data as a form of Aggregate Information to anonymously determine how much time visitors spend on each page of our Website, how visitors navigate throughout the Website and how we may tailor our web pages to better meet the needs of visitors. This information will be used to improve our Website and our services. Any collection or use of clickstream data will be anonymous and aggregate, and will not intentionally contain any Personal Information.
We may work with third-party service providers who use the technologies described in this section to conduct website analytics to help us track and understand how visitors use our Website.
Social Network and Interactive Tools:
Certain features on our Website may give you an opportunity to interact with us and others. These may include blogs, message boards, messaging functionality, chat functionality, and creating community profiles. When you use these features you should be aware that any information you submit, including your name, location and e-mail address, may be publicly available to others. We are not responsible for any information you choose to submit through these interactive features and we strongly discourage you from disclosing any sensitive Personal Information (such as health or credit card information) through these features. If you use these features, your Personal Information may remain on the Website even after you cease use of the Website.
The security of your Personal Information is very important to us. We attempt to provide for the secure transmission of your information from your computer to our servers by utilizing encryption software. However, due to the inherent open nature of the Internet, we cannot guarantee that communications between you and Exa™, or information stored on the Website or our servers, will be free from unauthorized access by third parties such as hackers and your use of the Website demonstrates your assumption of this risk. We have put in place reasonable physical, electronic, and managerial procedures to safeguard the information we collect. Only those employees who need access to your information in order to perform their duties are authorized to have access to your Personal Information. We store only the last four digits of your credit card number and the full number, expiration date, and security code are transmitted to our payment processor in encrypted form. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the Contact section below.
Our Website may contain links to other websites not maintained by Exa™. Other websites may also reference or link to our Website. The inclusion of a link on the Website does not imply endorsement of the linked site by us. We are not responsible for the privacy practices of websites operated by third parties that are linked to or integrated with our Website, or for the privacy practices of third-party Internet advertising companies. We encourage you to be aware when you leave our Website, or surf the Internet, and to read the privacy statements of each and every website that you visit.
“Do Not Track”:
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
Privacy of Minors:
We do not intentionally collect or maintain information from persons under the age of 13. If we determine upon collection that a user is under this age, we will not use or maintain his/her Personal Information without the parent/guardian’s consent. If we become aware that we have unknowingly collected personally identifiable information from a child under the age of 13, we will make reasonable efforts to delete such information from our records. We also recommend that parents monitor their children’s Internet activities and learn and employ software or other tools that can help their children enjoy their online experience without compromising their personal safety or allowing them to use the Internet in a manner inconsistent with their parent/guardian’s preferences.
California Privacy Rights:
California law permits users who are California residents to request and obtain from us once a year, free of charge, information regarding (i) the categories of personal information collected, (ii) the categories of sources for the personal information collected, (iii) the business purpose for collecting that information, (iv) the categories of third parties with whom Exa™ shares that information, (v) the specific pieces of personal information Exa™ collects about the consumer, and (vi) whether Exa™ sold or disclosed the personal information for a business purpose, Exa™ will also provide two separate lists disclosing: a) sales, identifying the personal information categories that each category of recipient purchased; and, b) disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
If you are under 18 years of age please do not use the Site. If you are under 18 years of age and already have an account, believe we have collected your personal information, or are the parent or guardian of a minor under 18 years of age with an account or information collected by us, please inform us at firstname.lastname@example.org, (844)692-7336 or 1169 Gorgas Ave, Suite A. San Francisco, CA 94129.
Any user may request the discontinuation (or opt-out) of our sharing of the information with third parties and/or that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your California Privacy Rights Request (see below), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.) ("CCPA").
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Please submit any requests (“California Privacy Rights Request”) by:
- emailing us at email@example.com with a subject line of “Your California Privacy Rights”
- sending us a letter to addressed to 1169 Gorgas Ave, Suite A San Francisco, CA 94129 or
- calling us at (844)692-7336
For each California Privacy Rights Request, please clearly state the following:
- sufficient detail of your request such that it allows us to properly understand, evaluate, and respond to it;
- that the request is related to "Your California Privacy Rights;"
- your name, street address, city, state, zip code, and email address; and
- whether you prefer to receive a response to your request by mail or email.
We cannot respond to your California Privacy Rights Request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Exa™ is not responsible for a California Privacy Rights Request that is incomplete, incorrectly labeled, or incorrectly sent. Making a California Privacy Rights Request does not require you to create an account with us. It may take us up to 45 days to process your California Privacy Rights Request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Opt Out or Change Your Information:
How to change your information on our Website:
- Login to Exabeauty.com using your username and password
- Go to Exabeauty.com/account where you will see the email address we have on file as well as all the address you have shipped to
- You can update and delete the addresses
- To change your email address, please email firstname.lastname@example.org
- You cannot change the email address on your account as it is how you login. To disable your account and remove your email address, email email@example.com
To opt out of our email marketing campaigns:
- Click the unsubscribe link at the bottom of an email from us or you can email firstname.lastname@example.org.
To opt out of apps that we use, to receive a copy your Personal Information, to request that we delete or erase your Personal Information, to restrict our use of your Personal Information or to obtain an exportable copy of your Personal Information:
- Email email@example.com we will make a request for your data to be erased.
Learn more about your privacy rights at http://www.aboutads.info/choices or http://www.optout.networkadvertising.org
Visitors From Outside The United States—Cross-Border Transfer:
The Website is hosted in the United States. If you are visiting our Website from outside the United States, your information may be transferred to, stored in, and processed in, the United States or any other country where we or our affiliates, subsidiaries, or third-party service providers maintain facilities.
The European Commission has not determined that the United States ensures an adequate level of protection for Personal Information. The data protection and other applicable laws of the United States or other countries may not be as comprehensive as those laws or regulations in your country or may otherwise differ from the data protection or consumer protection laws in your country. Your information may be available to government authorities under lawful orders and law applicable in such jurisdictions.
General Data Protection Regulation (GDPR) Privacy Rights:
Data Controller: Eco Chic LLC is the controller of your personal data provided to, or collected by or for, or processed in connection with, your use of the Website. Please see the “Cross-Border Transfer” section for more information about the transfer of your personal data to the United States or other countries.
Purposes of Processing and Legal Basis for Processing: If you are a resident of the European Economic Area (EEA), you have certain data protection rights. As explained above, we process Personal Information in various ways depending upon your use of our Website. We process Personal Information on the following bases: (1) with your consent; (2) as necessary to fulfill orders when you purchase products; and (3) as necessary for our legitimate interests in providing you with our products and services, enhancing our web services, conducting analytics, and delivering relevant advertising.
Your Rights Regarding Personal Information: The GDPR requires that we inform our EEA users about certain specific rights:
- the right to object, for legitimate purposes, to the processing of personal data;
- the right to request copies of your personal data held by us in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technically feasible);
- the right to request that we delete or block your personal data without undue delay; and
- the right to lodge a complaint with a supervisory authority.
Withdrawing Consent: If you wish to withdraw your consent, please contact us at firstname.lastname@example.org. Please note that if you withdraw consent, we may not be able to provide or continue to provide certain services or marketing communications to you.
Objection and Requests for Copies: If you wish to (i) object, for legitimate purposes, to the processing of personal data as provided under applicable law, or (ii) to request copies of your personal data held by us in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technically feasible), please contact us at email@example.com.
Requests for Deletion: If you wish to request that we delete your personal data, please contact us using the contact information detailed in the “Communications with Exa™” section. We will promptly send you a response to ensure that the request was not made in error. We will respond to your request to delete your information within one month of receipt of your verification. Our response period may be extended by 60 additional days where necessary, taking into account the complexity and number of requests we receive. We may need to retain certain records, for example those relating to open orders, payments, or customer service matters, for legal and accounting purposes. EEA based individuals can learn more about their privacy rights and opt-out mechanisms at http://www.youronlinechoices.eu.
Lodging Complaints: You have the right to lodge a complaint about our data collection and processing actions with the supervisory authority in your country. For more information, please contact your local data protection authority in the EEA.
Existence of Automated Decision-Making:
We may use automated decision-making processes to personalize the Website to enhance your shopping and consumer experience on our Website (for example, by recommending certain products to you) or, if you have opted into receiving promotional material from us, to send you personalized promotional emails. We do not believe any of these automated decision-making processes will produce legal effects concerning our users or similarly significantly affects our users.
Communications with Exa™:
By providing your email address to Exa™, you expressly consent to receive emails from us. We may use email to communicate with you, to send information that you have requested or to send information about other products or services developed or provided by us or by other third-party manufacturers, services and/or distributors that Exa™ believes will be of interest to its audience. If you receive an unwanted email from us, you can simply reply and ask not to receive future emails. We also give you the option to remove your personal information from our list of active users completely. All unsubscribe or opt-out requests should be sent to us at firstname.lastname@example.org and we will process your request within a reasonable time after receipt. We are not responsible for removing your personal information from the lists of any third party who has been provided your information in accordance with this policy, such as a business partner.
For questions or concerns relating to privacy, we can be contacted at: email@example.com.
Changes to policy: