Privacy Policy

Innersense Organic Beauty, Inc. (“Company”) values your privacy and is committed to maintaining your trust.  We provide this Privacy Policy to inform you of our policies and procedures regarding the collection, use, and disclosure of personally identifiable information received from users of this website located at www.innersensebeauty.com (the “Website”) and all of the Company’s other products and/or services, interactive features, widgets, and/or other online services that post a link to this Privacy Policy, and all content offered as a part thereof (the “Services”).  

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject (“Personal Information” or “Personal Data”) shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the Company. By means of this Privacy Policy, our Company would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

PERSONAL INFORMATION.

 “Personal Information” may include, but is not limited to information that identifies you as an individual or relates to an identifiable person, such as name, postal address, telephone number, email address, etc.  The Company does not collect any Personal Information or Personal Data from clients or visitors to its Website that is not voluntarily provided. The Company only collects your Personal Information if you submit it via register for an account with the Company’s Website, when you use the Company’s Services, and when you send the Company communications in connection with your use of the Services.

LEGITIMATE BUSINESS INTEREST.

We collect your Personal Information in furtherance of our legitimate interest is to carry out our business in favor of the well-being of all our employees and the shareholders.  Our use of your information is based on the grounds that:

(1) The use is necessary in order to fulfill our commitments to you under our Terms of Service or other agreements with you or is necessary to administer your account – for example, in order to enable access to our Website on your device or charge you for our Services;

(2) The use is necessary for compliance with a legal obligation;

(3) The use is necessary in order to protect your vital interests or those of another person or entity;

(4) We have a legitimate interest in using your information – for example, to provide and update our Website or Services, to improve our Website or Services so that we can offer you an even better user experience, to safeguard our Website or Services, to communicate with you, to measure, gauge, and improve the effectiveness of our advertising, and better understand user retention and attrition, to monitor and prevent any problems with our Services, and to personalize your experience; and/or

(5) You have given us your consent.

THIRD PARTY PERSONAL INFORMATION.

We may obtain your Personal Information from third parties, such as third parties with whom we affiliate in providing the Company’s services.  If you provide the Company with Personal Information about third parties, you warrant to the Company that any Personal Information that you provide to the Company about any third party individuals was obtained by you with full consent, and that the individual has not communicated to you that they wish to opt out of receiving communication from the Company or having the Company collect information about him or her.

HOW WE USE THE INFORMATION WE COLLECT.

We use the information we collect from our Website and your use of our Services to provide and improve existing Services; to develop new Services; and to protect you and the Company.  We also may use this information to offer you tailored content when you visit our Website. We will not share your personal information with anyone except for our Company’s authorized service providers¹, business affiliates², and business partners³ for business purposes; or unless we specifically inform you and give you an opportunity to opt out of our sharing your personal information.

In general, we may use and/or share your Personal Information:

(1) To respond to your inquiries and your requests regarding our Services.

(2) To send you information regarding our services and changes to our terms, conditions, and policies.

(3) To complete your registration, process your payments, and communicate with you regarding your purchase of our Services.

(4) To send you marketing communication and newsletters about our Services.

(5) To personalize your experience on our Website.

(6) To inform you and allow you to participate in our promotions. 

(7) To collaborate with business affiliates, partners, vendors, or service providers to provide you with our Services.

(8) In connection with our business purposes, including but not limited to data analysis, audits, fraud monitoring and prevention, developing or enhancing new and existing products and/or services, expanding our business activities, etc.

We will not use and/or share your Personal Information in any other way, except as designated above.

We do not engage in any practices related to the sale of your Personal Information.

However, we reserve the right to disclose Personal Information that we believe to be necessary or appropriate in the following circumstances:

(1)As required by law, such as to comply with a subpoena, or similar legal process.

(2)When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

(3)To enforce our Terms and Conditions.

(4)To allow us to pursue available remedies or limit the damage we may sustain.

PERSONALLY NON-IDENTIFIABLE INFORMATION:

We may collect personally non-identifiable information, including but not limited to your geographic location, from you at the time of registration, or when you choose to use our Services. This information is not, by itself, sufficient to identify or contact you.  The Company may store such information, or it may be included in databases owned and maintained by partners, affiliates, agents, or service providers of the Company. The Company may use such information and pool it with other information to track data related to growing the business, such as the total number of visitors to our Website and the domain names of our visitors’ Internet service providers.  

LOCATION-BASED INFORMATION.

Our Service may use location-based services in order to locate you so we may verify your location, deliver you relevant content based on your location as well as to share your location with our vendors as part of the location-based services we offer. We may, from time to time provide settings in the Services that permit you to disable location-based services. Changing setting options may not result in immediate changes to the settings, which are subject to our operations and maintenance schedules. Users should carefully consider the use of such settings to improve information display options and to ensure the settings are properly set and functioning in the manner desired. Notwithstanding the availability of privacy preference settings, you should be aware that these settings are for convenience only, do not employ complex data security protection and may not be error free. However, please note that we will only directly provide third parties we work with access to your exact location information if you first give us permission to do so. You should consider the risks involved in disclosing your location information to other people.

PASSIVELY COLLECTED INFORMATION:

Your visit to our Website may allow us to obtain certain additional, personally non-identifiable information that is collected passively using various technologies.  This information includes but is not limited to, for example, IP addresses, browser types, date and time of page views, location information associated with your IP address, domain names, your interactions to an ad delivered by us or our ad technology partners and other anonymous statistical data involving your use of the Website and/or our services.  This information cannot presently be used to specifically identify you.

AGGREGATED PERSONAL DATA:

The Company may analyze your personal data provided through the Website or in connection with rendering the Services, in aggregate form.   This aggregate information does not identify you personally. We may share this aggregate data with our partners, affiliates, agents, or service providers for business purposes.   We may also disclose aggregated statistics to explain our Services to current and prospective business partners, and to other third parties for other lawful, business-related purposes.

WEBSITE CART PROVIDER INFORMATION.

The Company uses a third party service provider, WooCommerce, which is owned and operated by Automattic, Inc. (“WooCommerce”).  WooCommerce is an open-source, completely customizable eCommerce platform for entrepreneurs. You expressly agree to WooCommerce’s privacy policy, which is located here: https://automattic.com/privacy/.  You may contact WooCommerce directly regarding any questions or concerns you have about your private information submitted through their website located at https://www.woocommerce.com by submitting written correspondence to privacypolicyupdates@automattic.com.

CUSTOMER CREDIT CARD INFORMATION.

The Company uses a third party payment processor, CyberSource Corporation (“CyberSource”), to keep a protected copy of your credit card number.  By agreeing to process your payment(s) vis a vis our third-party payment processor, CyberSource, you expressly agree to its privacy policy, which may be found here: https://www.cybersource.com/privacy/.  You may contact CyberSource directly regarding any questions or concerns you have about your private information submitted through their website located at https://www.cybersource.com, by submitting written correspondence to: CyberSource Corporation, P.O. Box 8999, San Francisco, CA 94128, ATTN: Data Use and Privacy Office, Fax: (650) 286-6547

We use SSL (Secure Sockets Layer) encryption when collecting or transferring sensitive data such as credit card information.  Credit card numbers are only used for processing payments and are not used for other purposes. We do not see or retain any of your Personally Identifiable Information other than name and authorized amount of payment.  This billing data belongs to you, and by utilizing the Services, you grant the Company a license to use this data to bill you for Services rendered and/or products delivered to you by the Company.

SHIPPING SERVICE PROVIDER.

The Company uses a third party service provider, Auctane d/b/a ShipStation (“ShipStation”) to process its shipments of products to you.  In doing so, it transmits your Personal Information to ShipStation. You expressly agree to ShipStation’s privacy policy, which is located here: https://www.shipstation.com/privacy-policy/.  You may contact ShipStation directly regarding any questions or concerns you have about your private information submitted through their website located at https://www.shipstation.com by submitting written correspondence to privacy@ShipStation.com or via mail to ShipStation, Attention: Customer Care – Privacy Policy Issues, 3800 North Lamar Blvd., #220, Austin, TX 78756.

YOUR PRIVACY RIGHTS UNDER THE GDPR.   

The GDPR includes the following rights for European Union (EU) data subjects who provide their information to the Company in connection with the Services or visiting our Website:

(1) The right to be informed about how we store, use, or share your data;

(2)The right to access your data;

(3)The right to rectify your data;

(4)The right to have us erase your data;

(5)The right to prevent us from processing your data;

(6)The right to request copies of your data from us in a commonly-used and machine-readable format, free of charge, for the purposes of transfer to a third party, where technically feasible;

(7)The right to object to use or sharing of your data; and

(8)The right not to be subject to automated decision-making, including profiling.

DATA CONTROLLER.   

With the exception of processing payments, for which Cybersource is the Payments Data Controller; the Company is the “data controller,” as defined under the GDPR, or the legal entity which determines the purposes and means of the processing of personal data of the customers of the Company and visitors to its Website.  The Company is responsible for collecting your consent, managing consent-revoking, enabling right to access, etc. If you wish to revoke consent for us to store, use, or share your personal data, you may contact us at info@innersensebeauty.com.

DATA PROCESSOR.   

The Company is the “data processor,” as defined under the GDPR, or the legal entity which processes your personal data.  The Company maintains records of any processing activities it performs, and is able to show how the Company complies with data protection principles under the GDPR.  It has effective policies and procedures in place.

TRACKING AND ADVERTISING.

The Company’s Website may use the foregoing technologies to track your activity on our Website:

COOKIES.

When you visit our Website or otherwise interact with the Service, we may send one or more “cookies” to your computer or other devices.  Cookies are alphanumeric identifiers stored on your computer through your web browser and are used by most websites to help personalize your web experience.  Some cookies may facilitate additional site features for enhanced performance and functionality such as remembering preferences, allowing social interactions, analyzing usage for site optimization, providing custom content, allowing third parties to provide social sharing tools, and serving images or videos from third party websites.  Some features on this site will not function if you do not allow cookies. We may link the information we store in cookies to any Personal Information that you submit while visiting our Website.

We may use both session ID cookies and persistent cookies.  A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time.  Persistent cookies enable us to track and target the interest of our users to enhance the experience on our site.

Functional cookies, persistent and session type, store information to enable core site functionality, such as Live Chat and Client ID remembrance.

Analytics cookies allow us to count page visits and traffic sources so we can measure and improve the performance of our site and our marketing campaigns.

Advertising cookies may be set through our Website by our advertising partners. Data may be collected by these companies that enable them to serve up advertisements on other sites that are relevant to your interests.

If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to automatically decline cookies, or be given the choice of declining or accepting the transfer to your computer of a particular cookie (or cookies) from a particular site.  You may also wish to refer to http://www.allaboutcookies.org/manage-cookies/index.html.  

If you reject cookies, you may still use our site, but some features on the site will not function properly.

LOG FILES.

A Log File is a file that records either events that occur in an operating system or other software runs, or messages between different users of a communication software.  Log file information is automatically reported by your browser or mobile application each time you access the Website or our Services. Along with cookies and web beacons, log files help provide additional functionality to the Website and Services and help us analyze Website and Services usage more accurately.  We and our third party tracking-utility partners may use log files on our Service to gather automatically gather and store information including, but not limited to, internet protocol (“IP”) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data, for business purposes.  We may use Google Analytics, which uses cookies and other, similar technologies to collect and analyze information about use of the Service and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.

EMBEDDED SCRIPTS.

An embedded script is programming code that is designed to collect information about your interactions with the Service, such as the links you click on. The code is temporarily downloaded onto your Device from our web server or a third party service provider, is active only while you are connected to the Service, and is deactivated or deleted thereafter.

We may, either directly or through third party companies and/or individuals we engage to provide services to us, also:

(1) Track your use of our Website and the Services for purposes of our own customer support, analytics, research, product development, fraud prevention, risk assessment, regulatory compliance, investigation, etc.;

(2)Track your use of the Website and the Services to enable you to use and access the Services and pay for your activities on the Website and through the Services; and/or

(3)Track your behavior on our own Website and use of the Services to market and advertise our services to you on our Website platform and third party websites.  You may opt out of receiving advertisements by visiting the Network Advertising Initiative (http://www.networkadvertising.org/choices/) and/or the Digital Advertising Alliance (http://www.aboutads.info/choices/).  

Please note that even if you choose to opt-out of receiving targeted advertising, you may still receive advertising on the Services, generally.  The advertising will simply not be targeted or specific to your interests.

CHILDREN.

The Children’s Online Privacy Protection Act of 1998 (COPPA) and its accompanying FTC regulation protects the privacy of American children using the Internet.  The GDPR sets the age at which a child can give their own consent in order to process their Personal Data at 16 years of age.

Out of an abundance of caution, we have designed our Website to block our knowing acceptance of information from children under 18 whenever age-related information is requested.  The Website and our related Services are not intended for anyone under 18, and we do not knowingly collect information from anyone under the age of 18. Anyone aged 18 or under should not submit any Personal Information without the permission of their parents or guardians.  By using the Website and our related Services, you are representing that you are at least 18 years old.

It is possible that by fraud or deception by others, we may receive information pertaining to children under 18.  If we are notified of this, as soon as we verify the information, we will immediately obtain parental consent or otherwise delete the information from our servers.  If you want to notify us of our receipt of information by children under 18, please do so by emailing us at info@innersensebeauty.com. We are committed to protecting the privacy needs of children, and we encourage parents to take an active role in their children’s online activities and interests.

YOUR CALIFORNIA PRIVACY RIGHTS.

Effective Date: Jan 1, 2023                                                                                 

Last Updated: Jan 1, 2024

California Consumer Privacy Act (CCPA) & California Privacy Rights Act (CPRA)

Effective January 1, 2023, if you are a California resident, then you have the following Rights:

(1)You have the right to request that we disclose to you, not more than twice in a 12-month period, the personal information about you that we collect, use, and disclose during the 12-month period preceding your request, which shall include as follows:

(2)The categories of personal information that we have collected about you

(3)The categories of sources from which the personal information is collected

(4)The business or commercial purpose for collecting or selling that personal information

(5)The categories of third parties with whom we share that personal information

(6)The specific pieces of personal information we have collected about you

(7)The categories of personal information that we have disclosed about you for a business purpose. You may request this information by clicking on this link

(8)You have the right to request the deletion of the personal information that we have collected from you. You may request that your personal information be deleted by clicking on this link.

(9)You have the right not to be discriminated against because you exercised your rights under this section of the Privacy Policy, and we will not discriminate against you for doing so.

(10)You have the right to opt-out of the sale of your personal information; however, we do not sell your personal information.

(11)You have the right to request that your personal information be corrected. You may request your personal information be corrected by clicking on this link.

(12)You have the right to request a portable copy of your personal information that we have collected about you by clicking on this link.

(13)You have the right to limit the use of your sensitive personal information. You may limit the use of your personal information by clicking on this link.

Once your request to delete, correct, opt-out, opt-in, or limit the use of your sensitive personal information is received, we will update our records and contact our contractors, service providers, and relevant third parties to facilitate your Request.

For purposes of exercising your rights above, please note the following regarding how we collected and used your personal information during the 12-month period preceding the effective date of this Privacy Policy: In the preceding 12 months, we collect the categories of personal information as recited in this Privacy Policy in the section entitled “Personal Information.” We disclose the following categories of personal information for a business purpose: Identifiers; payment information; commercial information; Internet of other electronic network activity information; geolocation data; audio, electronic, visual or similar information. We have not sold consumers’ personal information in the preceding 12 months. We use the above categories of personal information for our legitimate interests, meaning our interests in conducting our business, fulfilling orders and processing transactions, and managing and providing services to you, which include the activities set forth in the above section of this privacy policy entitled “How We Use the Information We Collect.”

Effective January 1, 2023, if you wish to contact us to submit a request under the California

Consumer Privacy Act & California Privacy Rights Act, please contact us by telephone at 1-877-254-7385 or click here. We may need to verify your identity to enable us to process your request. Disclosure and deletion is subject to our receipt of a verifiable consumer request and exceptions or limitations established by applicable laws and regulations. You may have an authorized agent contact us to submit a request under the California Consumer Privacy Act & California Privacy Rights Act; however, to do so, we require You (1) provide the authorized agent with signed permission to do so and (2) verify Your own identity. If the authorized agent is not an individual having power of attorney, We also require (3) You directly confirm that You provided the authorized agent permission to submit the Request. Our data retention policy for consumer data is 2 years after the consumer’s last date of purchase or browsing activity on our Website.

We Sell/Share Information with Third Parties. If you are a California resident and would like to request a list of whom we share information, please submit your request in writing to info@innersensebeauty.com.

LINKS TO OTHER WEBSITES.

This Privacy Policy applies only to this Website and the Company’s Services.  It does not apply to any third-party sites to which our Website may link. Some examples of websites to which our Website may link include, but are not limited to, the following:

• http://www.thinkdirtyapp.com/, https://www.facebook.com/, https://twitter.com, https://www.instagram.com, https://www.pinterest.com, https://www.lunahairstudio.com/, http://www.oprah.com, http://hellocurls.com/, http://www.nolastudio.com/, http://www.gildedfoxbeauty.com/, http://abloomsalon.com/, http://www.refinery29.com/, https://southerncurlatl.com/, https://www.curlyhairartistry.com/; and
• https://www.midtowncurls.com/, http://kellyelaine.com/, https://www.ringletsandroots.com/, http://www.safecosmetics.org/, https://www.ewg.org/, https://www.ewg.org, http://www.moisturesalon.com/, https://www.theorganicbunny.com, https://www.citrinenaturalskin.com, https://www.naturallycurly.com and https://www.youtube.com

 

This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties or their websites.  The inclusion of a link does not imply endorsement of the linked site or service by us or by our affiliates.

FACEBOOK/INSTAGRAM INTEGRATION.   

On this Website, the Company has integrated components of the enterprise Facebook. Facebook is a social network.  Instagram is a company owned by Facebook, and is likewise a social network. A social network is a place for social meetings on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences, or enable the Internet community to provide personal or business-related information. Facebook allows social network users to include the creation of private profiles, upload photos, and network through friend requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a person lives outside of the United States or Canada, the controller is the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

With each call-up to one of the individual pages of this Internet website, which is operated by the controller and into which a Facebook component (Facebook plug-ins) was integrated, the web browser on the information technology system of the data subject is automatically prompted to download display of the corresponding Facebook component from Facebook through the Facebook component. An overview of all the Facebook Plug-ins may be accessed under https://developers.facebook.com/docs/plugins/. During the course of this technical procedure, Facebook is made aware of what specific sub-site of our website was visited by the data subject.

If the data subject is logged in at the same time on Facebook, Facebook detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-site of our Internet page was visited by the data subject. This information is collected through the Facebook component and associated with the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our website, e.g. the “Like” button, or if the data subject submits a comment, then Facebook matches this information with the personal Facebook user account of the data subject and stores the personal data.

Facebook always receives, through the Facebook component, information about a visit to our website by the data subject, whenever the data subject is logged in at the same time on Facebook during the time of the call-up to our website. This occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of information to Facebook is not desirable for the data subject, then he or she may prevent this by logging off from their Facebook account before a call-up to our website is made.

The data protection guideline published by Facebook, which is available at https://facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. In addition, it is explained there what setting options Facebook offers to protect the privacy of the data subject. In addition, different configuration options are made available to allow the elimination of data transmission to Facebook, e.g. the Facebook blocker of the provider Webgraph, which may be obtained under http://webgraph.com/resources/facebookblocker/. These applications may be used by the data subject to eliminate a data transmission to Facebook.

More information regarding how Facebook complies with the GDPR is located here: https://www.facebook.com/business/gdpr.

TWITTER INTEGRATION.   

On this Website, the Company has integrated components of Twitter. Twitter messages (tweets)  are available for everyone, including those who are not logged on to Twitter. The tweets are also displayed to so-called followers of the respective user. Followers are other Twitter users who follow a user’s tweets. Furthermore, Twitter allows you to address a wide audience via hashtags, links or retweets.

The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a Twitter component (Twitter button) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding Twitter component of Twitter. Further information about the Twitter buttons is available under https://about.twitter.com/de/resources/buttons. During the course of this technical procedure, Twitter gains knowledge of what specific sub-page of our website was visited by the data subject. The purpose of the integration of the Twitter component is a retransmission of the contents of this website to allow our users to introduce this web page to the digital world and increase our visitor numbers.

If the data subject is logged in at the same time on Twitter, Twitter detects with every call-up to our website by the data subject and for the entire duration of their stay on our Internet site which specific sub-page of our Internet page was visited by the data subject. This information is collected through the Twitter component and associated with the respective Twitter account of the data subject. If the data subject clicks on one of the Twitter buttons integrated on our website, then Twitter assigns this information to the personal Twitter user account of the data subject and stores the personal data.

Twitter receives information via the Twitter component that the data subject has visited our website, provided that the data subject is logged in on Twitter at the time of the call-up to our website. This occurs regardless of whether the person clicks on the Twitter component or not. If such a transmission of information to Twitter is not desirable for the data subject, then he or she may prevent this by logging off from their Twitter account before a call-up to our website is made.

The applicable data protection provisions of Twitter may be accessed under https://twitter.com/privacy?lang=en.

SECURITY.

We maintain reasonable and appropriate, although not infallible, security precautions.  This Website has security measures in place to protect the loss, misuse and alteration of the information under our control. This includes a firewall and 24-hour monitoring of site activities by our hosting service provider as well as use of SHA-256 encrypted SSL (where allowable by law) on all transaction-oriented operations between you and Innersense Organic Beauty via our transaction service provider.

While we use SSL encryption to protect sensitive information online, we also do everything in our power to protect user information off-line.  All of our Website users’ information, not just the sensitive information mentioned above, is restricted in our offices. Only our employees who need the information to perform a specific job (for example, our billing clerk or a customer service representative) are granted access to Personally Identifiable Information.  

Our employees must use password-protected screen savers when they leave their desk. When they return, they must re-enter their password to regain access to your information.

Furthermore, ALL employees are kept up-to-date on our security and privacy practices.  Every quarter, as well as any time new policies are added, our employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure our customers’ information is protected.

Finally, the servers on which we store Personally Identifiable Information on are kept in a secure environment, behind a locked cage.

That being said, we cannot guarantee that hackers or unauthorized personnel will not gain access to your Personal Information, despite our reasonable efforts.  You should note that in using the Website and our related Services, your information will travel through third party infrastructures which are not under our control. Please feel free to raise any questions, concerns or specific directions you may have regarding the privacy and security of your information to info@innersensebeauty.com.

BREACH.

The Company has internal policies and procedures in place to effectively detect, report, and investigate a data breach.  The GDPR defines a personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.”  The Company will notify you of a personal data breach where the personal data breaches are likely to present a risk to data subjects to data protection authorities (“DPAs”) without undue delay, and within 72 hours if feasible, after becoming aware of the breach; and communicate high-risk breaches to affected data subjects without undue delay.  The Company will provide you with: (i) contact details of the Data Protection Officer (DPO) or other contact person, (ii) a description of the nature of the breach, (iii) likely consequences of the breach, (iv) measures the organization has taken or proposes to take to address the breach, and (v) advice on steps data subjects can take to protect themselves.

DATA PROTECTION OFFICER.  

The Company is not formally required to designate a Data Protection Officer (“DPO”) because it is not: (1) a public authority; (2) an organization that carries out regular and systematic monitoring of individuals on a large scale; or (3) an organization that carries out large scale processing of special categories of data, such as health information or information about criminal convictions.  Nonetheless, the Company voluntarily elects to appoint Joanne Starkman, Vice President/COO of the Company, as the DPO for this Company.  Ms. Starkman is responsible for data protection compliance and can answer any questions you may have about your Personal Information. She may be reached at info@innersensebeauty.com.

DATA RETENTION/ERASURE.

We will retain your Personal Information for as long as needed to provide the applicable Services.  If, at any time after agreeing to this Privacy Policy, you: (1) change your mind about receiving information from us; (2) wish to revoke permission for us to retain and use your Personal Information; (3) wish to object to processing of your Personal Information; or (4)  wish for us to erase a copy of your data, please make a request to the Company at info@innersensebeauty.com.  If you request erasure of your data, we may retain some of your Personal Information only for legitimate business interests, such as fraud detection, prevention, and enhancing the safety of our Website; and to comply with our legal obligations, specifically our tax, legal reporting, and auditing obligations.

OUR RESPONSE TO YOUR REQUESTS.  

 If you make any requests regarding your Personal Information, we will not charge you for compliance with the request.  The Company will respond and comply within one month. The Company reserves the right to refuse or charge for requests that are manifestly unfounded or excessive.  If we refuse your request, we will tell you why we are refusing your request.  You have the right to complain to the relevant supervisory authority and to a judicial remedy, but you must do so within one month of our refusal.

COMPLAINTS.  

Without prejudice to any other administrative or judicial remedy, every EU data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement of the data subject considers that the processing of personal data relating to him or her infringes this Regulation.

DATA PROTECTION IMPACT ASSESSMENT (DPIA).   

Note: The Company is not required to undergo a DPIA because data processing is not likely to result in a high risk to data subjects, such as in cases where: (1) new technology is being deployed; (2) profiling operations may significantly affect individuals; or (3) processing is on a large scale and involves special categories of data.

DO NOT TRACK.

Your browser setting may allow you to automatically transmit a “Do Not Track” signal to websites and online service you visit. The Company’s Website does not respond to “Do Not Track” signals or other mechanisms from a visitor’s browser. If, in the future, we create a program or protocol to respond to such web browser “Do Not Track” signals, we will inform you of the details of that protocol in this Privacy Policy.  To find out more about “Do Not Track,” please visit https://www.allaboutdnt.com.

GOOGLE ADWORDS.

On this Website, the Company has integrated Google AdWords. Google AdWords is a service for Internet advertising that allows the advertiser to place ads in Google search engine results and the Google advertising network. Google AdWords allows an advertiser to pre-define specific keywords with the help of which an ad on Google’s search results only then displayed, when the user utilizes the search engine to retrieve a keyword-relevant search result. In the Google Advertising Network, the ads are distributed on relevant web pages using an automatic algorithm, taking into account the previously defined keywords.

The operating company of Google AdWords is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES.

The purpose of Google AdWords is the promotion of our website by the inclusion of relevant advertising on the websites of third parties and in the search engine results of the search engine Google and an insertion of third-party advertising on our website.

If a data subject reaches our website via a Google ad, a conversion cookie is filed on the information technology system of the data subject through Google. The definition of cookies is explained above. A conversion cookie loses its validity after 30 days and is not used to identify the data subject. If the cookie has not expired, the conversion cookie is used to check whether certain sub-pages, e.g, the shopping cart from an online shop system, were called up on our website. Through the conversion cookie, both Google and the controller can understand whether a person who reached an AdWords ad on our website generated sales, that is, executed or canceled a sale of goods.

The data and information collected through the use of the conversion cookie is used by Google to create visit statistics for our website. These visit statistics are used in order to determine the total number of users who have been served through AdWords ads to ascertain the success or failure of each AdWords ad and to optimize our AdWords ads in the future. Neither our company nor other Google AdWords advertisers receive information from Google that could identify the data subject.

The conversion cookie stores personal information, e.g. the Internet pages visited by the data subject. Each time we visit our Internet pages, personal data, including the IP address of the Internet access used by the data subject, is transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.

The data subject may, at any time, prevent the setting of cookies by our website, as stated above, by means of a corresponding setting of the Internet browser used and thus permanently deny the setting of cookies. Such a setting of the Internet browser used would also prevent Google from placing a conversion cookie on the information technology system of the data subject. In addition, a cookie set by Google AdWords may be deleted at any time via the Internet browser or other software programs.

The data subject has a possibility of objecting to the interest based advertisement of Google. Therefore, the data subject must access from each of the browsers in use the link www.google.de/settings/ads and set the desired settings.

Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/.

ANALYTICS SOFTWARE.

We and our third party tracking-utility partners use log files on our Service to automatically gather certain information, including but not limited to internet protocol (“IP”) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data, for analytics purposes.  Specifically, we analyze trends, administer the site, track users’ movements around the Website, and gather demographic information about our user base as in the aggregate.

On this Website, the Company has integrated the component of Google Analytics. Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.

The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.

The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our Website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us.

Google Analytics places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google is enabled to analyze the use of our website. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and into which a Google Analytics component was integrated, the Internet browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of Personal Information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.

The cookie is used to store Personal Information, such as the access time, the location from which the access was made, and the frequency of visits of our Website by the data subject. With each visit to our Internet site, such personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.

The data subject may, as stated above, prevent the setting of cookies through our Website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.

In addition, the data subject has the possibility of objecting to a collection of data that are generated by Google Analytics, which is related to the use of this Website, as well as the processing of this data by Google and the chance to preclude any such. For this purpose, the data subject must download a browser add-on under the link https://tools.google.com/dlpage/gaoptout and install it. This browser add-on tells Google Analytics through a JavaScript, that any data and information about the visits of Internet pages may not be transmitted to Google Analytics. The installation of the browser add-ons is considered an objection by Google. If the information technology system of the data subject is later deleted, formatted, or newly installed, then the data subject must reinstall the browser add-ons to disable Google Analytics. If the browser add-on was uninstalled by the data subject or any other person who is attributable to their sphere of competence, or is disabled, it is possible to execute the reinstallation or reactivation of the browser add-ons.

Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link https://www.google.com/analytics/.

REFERRALS.

If you choose to use our referral service to tell a friend about our Services by email, we will ask for your friend’s email address, and send your friend a one-time email inviting them to visit our Website and inform them of our Services.  We will only store your friend’s email address for the sole purpose of sending this one-time message and tracking the success of the referral program. Your friend may contact us at info@innersensebeauty.com to request that we remove this information from our database at any time.

If you submit any Personal Information relating to other people to us or to our service providers in connection with our Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.  

TESTIMONIALS, RATINGS AND REVIEWS.

If you submit testimonials, ratings, or reviews of the Services vis a vis our third party platform, Yopto Ltd., any Personal Information you include will be displayed in connection with your review.  If you provide our third-party service provider with your Personal Information in the process of submitting your rating and review, the content and Personal Information collected by a third party will be posted on its/our Website, absent your express instruction not to do so.  If you want your testimonial, rating, or review removed from its/our Website at any time, please contact us at info@innersensebeauty.com. By submitting an online review on Yopto Ltd., you herein expressly agree to follow its Terms of Service (https://www.yotpo.com/terms-of-service/) and Privacy Policy (https://www.yotpo.com/privacy-policy/).

OPT-OUT POLICY.

If, at any time after registering, you change your mind about receiving information from us or about the use of information volunteered by you, or if you prefer that we do not share your Personal Information with third parties for marketing purposes, please contact us at info@innersensebeauty.com.

CHANGES.   

This Privacy Policy may be updated from time to time for any reason, at our sole discretion.  We will notify you of any material changes to our Privacy Policy by posting the new Privacy Policy on our Website.  You are advised to consult this Privacy Policy regularly for any changes.

INCORPORATION INTO TERMS OF SERVICE.   

By using or accessing the Website or the Services, you are accepting the practices described in this Privacy Policy, and you are consenting to our processing of your information as set forth in this Privacy Policy now and as amended by us. This Privacy Policy is incorporated into, and considered a part of, the Company’s Terms of Service.

CONTACT US.

If you have any questions or concerns relating to our use of your Personal Information, please email info@innersensebeauty.com.  Additionally, you may reach us by postal mail at: Innersense Organic Beauty, Inc., 2301 Arnold Industrial Way, Suite A, Concord, CA 94520.