Privacy Policy 2023

Last Updated and Effective as of: January 1, 2023

At theBalm Cosmetics (“we”, “us” or “theBalm”), we are committed to safeguarding your privacy and protecting your information against unauthorized use. The following statements explain the policies we adhere to regarding the collection of data on our site https://thebalm.com/ (“Web site”) or through our other interactions with you, including over the phone or by email or text (“Other Interactions”).  This privacy policy also explains our information security and privacy standards. However, this privacy policy does not apply to any other website including social media outlets that we may use, such as Instagram, Facebook, TikTok, Pinterest or Twitter. theBalm is not the data controller for data collected on other web sites. BY USING OR ACCESSING THIS WEB SITE, YOU SIGNIFY YOUR AGREEMENT TO BE BOUND BY TO OUR PRIVACY POLICY. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, YOU MAY NOT ACCESS OR OTHERWISE USE THE WEB SITE.

For more information about how users with disabilities can access this Privacy Policy in an alternative format, please see our Accessibility Statement here.  

Please note that our privacy practices are subject to the applicable laws of the states and territories in which we operate. Accordingly, and as more fully set forth below, some additional state-specific disclosures, including California, Colorado, Connecticut, Utah and Virginia (“Applicable States”), will only apply to customers who reside in those geographic regions.  If you are a member of the EU, the UK or Switzerland, you may also have additional rights.

The following links will take you directly to the corresponding sections of this Privacy Policy.

Overview:

  • We collect Personal Information (as defined below) from users of our Web site and through Other Interactions when it is voluntarily provided to us and use it for the purposes for which it was provided (see Personal Information We Collect and How We Collect It).
  • Additionally, we automatically collect information, that in some cases is Personal Information and in some cases is Non-Personal Information, from users of our Web site including for advertising and analytical purposes (see Non-Personal Information and Interest-Based Advertising).

Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, you should not use the Web site. By accessing or using this Web site, you agree to this Privacy Policy.  If you have questions, you can always contact us using the information in the section below titled Contact.

Personal Information We Collect and How We Collect It:

“Personal Information” is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you.  Although we do collect Personal Information automatically, your provision of certain Personal Information to us is voluntary when it is provided by you directly to us, such as when you choose to participate in our offers and programs, including when you register an account with us or purchase products, or when you choose to provide such information to participate in certain interactive features or through Other Interactions. Categories of Personal Information we collect include:

  • Identity Data, which includes name or other similar identifiers.
  • Contact Data, which includes address, email address and telephone numbers.
  • Financial Data, which includes payment card details.

Additionally, we may also collect certain other types of information that, along with the categories described above may be considered and specifically named “personal data” in certain jurisdictions, including the European Union (“EU”), United Kingdom (“UK”), Switzerland and/or Applicable States, such as:

  • Transaction Data, which includes details about payments.
  • Technical Data, which includes internet protocol (IP) address, your login data.
  • Profile Data, which includes your username and password, information about your past purchases, loyalty rewards account information.
  • Usage Data, which includes information about how you use our Web site and services.
  • Marketing and Communications Data, which includes your preferences in receiving marketing from us

We also collect the following information, protected as “personal information” or “personal data” under the laws of some Applicable States, and have collected such information from visitors within the most recent twelve (12) month period:

  • Personal identifiers, such as name, telephone number, email address, physical address and internet protocol (IP) address.
  • Personal information covered by the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as name, physical address, telephone number and payment card details, Some Personal Information included in this category may overlap with other categories.
  • Commercial information, such as products or services purchased by you or which you considered purchasing or other purchasing or consuming tendencies.
  • Internet or other similar network activity, such as browsing history, search history, information on your interaction with a website (including the Web site), application, or advertisement.
  • Location data, such as the region where a device used to access the Website is located and location data derived from your IP address.
  • Visual information, in the form of photos, if you use certain Social Functions (see Other Websites and Social Networking Services).
  • Inferences drawn from other personal information for profiling purposes, such as information used to create a profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

 

For more information on your rights as a resident of California or other Applicable States, please see California and Additional State Privacy Rights below.

Note - Some information we collect (like a device ID or cookie ID) does not enable us to directly identify you or other users (e.g., we do not know your name or contact information), however, that information may be still be protected under certain privacy laws. In such cases, we will protect that information in the same manner described herein regarding Personal Information.

Such information may include data collected by the following methods:

Cookies and Similar Technology:

We or our vendors may store some information on your device or device hard drive as a cookie or similar type of file (such as clear gifs, web beacons, tags, and similar technologies that work on mobile devices) to collect data related to usage of the Web site. "Cookies" are pieces of information that may be placed on your computer by a web site for the purpose of collecting data to facilitate and enhance your communication and interaction with that web site.   Such data may include, without limitation, the address of the websites you visited before and after you visited the Web site, the type of browser you are using, your Internet Protocol (IP) address, what pages in the Web site you visit and what links you clicked on, the region where your device is located, and geo-IP data. We may use cookies to customize your visit to the Web site and for other purposes to make your visit more convenient or to enable us to enhance our service.   In addition to the tracking technologies described below under “Site Analytics”, you can learn more about the cookies we use by clicking here.

Clickstream:

As you use the Internet, a trail of electronic information is left at each web site you visit.  This information, which is sometimes referred to as "clickstream data," can be collected and stored by a web site's server. Clickstream data can tell us the type of computer and browsing software you use and the address of the web site from which you linked to the Web site.  We may collect and use clickstream data as a form of Aggregate Information to anonymously determine how much time visitors spend on each page of our Web site, how visitors navigate throughout the Web site and how we may tailor our web pages to better meet the needs of visitors.  This information will be used to improve our Web site and our services. Any collection or use of clickstream data is intended to be anonymous and/or aggregate. “Aggregate Information” means the use of information in a form (often combined with other data), such that the aggregated information does not personally identify you or anyone else.

Site Analytics:

We may work with third-party service providers who use the technologies described in this section to conduct website analytics to help us track and understand how visitors use our Web site.  One such provider is Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help analyze how users use the Web site. The information generated by the cookie about your use (including your IP address) will be transmitted to and stored by Google on servers in the United States of America. Google will use this information for the purpose of evaluating your use of the Web site, compiling reports on activity for its staff and providing other services relating to web page activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. You may refuse the use of cookies by selecting the appropriate settings in your browser. By using the Web site and accepting cookies, you consent to the processing of data about you by Google in the manner and for the purposes set out above. Please refer to the Google Analytics’ currently available opt-outs for the web, found at https://tools.google.com/dlpage/gaoptout/.

Non-Personal Information:

As noted above, we may collect information that is not Personal Information (“Non-Personal Information”).  For example, we may use information that is Aggregate Information to calculate the percentage of our customers who live in a particular area.  Because Non-Personal Information does not personally identify you, we may collect, use and disclose Non-Personal Information for any purpose permitted by law and subject to the sections titled “Additional EU , UK and Swiss Privacy Rights” and “California and Additional State Privacy Rights”.  In some instances, we may combine Non-Personal Information with Personal Information.  If we combine any Non-Personal Information with Personal Information, the combined information will be treated by us as Personal Information.

Information Usage and Disclosure:

Besides using your Personal Information ourselves, we may send your Personal Information to other companies, affiliates and third parties to help us process your Personal Information for the purposes set out in this policy.

We use Personal Information and other information as described herein, including as follows:

  • to process and fulfill any orders that you have placed and to carry out core business functions,
  • to contact you about our products and services, provide you with our products and services and to otherwise maintain and service your account,
  • to personalize your experience with us including by presenting products or offers tailored to you, including by means of Interest-Based Advertising (as described below),
  • to allow you to use, communicate and interact with others on our Web site and through Other Interactions,
  • to administer our loyalty rewards program and similar programs,
  • to respond to your direct inquiries,
  • to add you to our mailing lists and send you emails and other communications from time to time.  
  • For marking and promotional purposes, including to show you advertisements tailored to your interests on social media and other digital media.
  • to carry out our obligations and enforce our rights arising from any contracts entered into between you and us (including our Terms and Conditions), including for billing and fulfillment.
  • As described to you when collecting your Personal Information or as otherwise set forth and allowed under applicable law.
  • to help maintain the safety, security, and integrity of our Web site, products and services, databases and other technology assets, and business.
  • for internal research for technological development and demonstration and to improve, upgrade or enhance our products or services or to perform analytics and reporting.
  • to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of theBalm's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by theBalm about our Web site users is among the assets transferred.

Our uses of your Personal Information require us to disclose that information in certain cases. For example, we may disclose or share your information with third parties such as website hosting, data analysis, advertising networks, payment processing, order fulfillment, infrastructure provision, information technology services, customer service, e-mail delivery services, credit card processing, auditing, training, and other similar services. These third parties may have access to Personal Information necessary to perform their functions. One such third party is Shopify, provider of our online storefront platform. To see how Shopify will use your Personal Information, please review their privacy policy here. To view their Terms of Use, click here.

Additionally, we may disclose Personal Information and other information as we believe necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; (g) to allow us to pursue available remedies or limit the damages that we may sustain; and (h) for legitimate business interests. 

We may use Aggregate Information and Non-Personal Information in a variety of ways, including to improve and enhance your experience on the Web site and for our market research activities. For example, and subject to any legal limitations in certain jurisdictions, we may disclose  Aggregate Information and Non-Personal Information to  unaffiliated third parties, such as business partners, manufacturers, distributors and retailers, in a form in which case the disclosed information will not contain nor be linked to any Personal Information.   

Please note that if you specifically consent to additional uses of your Personal Information, we may use your Personal Information in a manner consistent with that consent. Finally, we reserve the right to supplement your Personal Information with information we gather from other sources which may include information we gather from online and offline sources.

Interest-Based Advertising:

We may ourselves, or with third party vendors, use information we collect when you visit the Web site and use or interact with our services through cookies and other tracking technologies, to deliver targeted advertising to you when you visit other websites or our Web site. Cookies, clickstream data, and other similar technologies described above may be used in this process. For example, if you are searching for information on a particular product, we or our vendor may cause an advertisement to appear on other websites you view with information on that product. This form of advertising, sometimes called “behavioral advertising” or “cross-context behavioral advertising,” enables us and our vendors to know your interests in connection with the delivery of that specific ad. We believe that such advertising is helpful because you will see advertisements that are relevant to your interests. However, if you would like to opt out of these interest-based advertisements, please follow the opt-out process described below under “Opt-Out.” 

Interactive Tools on our Web site:

Certain features on our Web site may give you an opportunity to interact with us and others. These may include review boards, blogs, message boards, messaging functionality, chat functionality, and creating community profiles. When you use these features you should be aware that any information you submit, including your name and e-mail address, may be publicly available to others. We are not responsible for any information you choose to submit through these interactive features and we request that you not disclose any sensitive Personal Information (such as health or financial information) through these features. If you use these features, your Personal Information may remain on the Web site even after you cease use of the Web site.


Security (How We Protect Your Information):

The security of your Personal Information is very important to us.  We attempt to provide for the secure transmission of your information from your computer to our servers by utilizing encryption software. However, due to the inherent open nature of the Internet, we cannot guarantee that communications between you and theBalm, or information stored on the Web site or our servers, will be free from unauthorized access by third parties such as hackers and your use of the Web site demonstrates your assumption of this risk. We have put in place reasonable physical, electronic, and managerial procedures to safeguard the information we collect. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the Contact section below.

Data Retention:

We will retain your information only for as long as your account or inquiry is active or as needed to provide you with the Web site and other services and for a reasonable time thereafter in accordance with our standard procedures or as necessary to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Even if we delete some or all of your information, we may continue to retain and use anonymous or aggregated data previously collected. Please note that we will not be liable for disclosures of your data due to errors or unauthorized acts of third parties.

Protection for Children:

Our Web site is intended for ages 18 and over. We do not knowingly collect Personal Information from children.  When we become aware that Personal Information (or other information that is protected under applicable law) from a child under 13 (or such other age as may be restricted under local law) has been collected, we will use all reasonable efforts to delete such information from our database. If you believe we might have any Personal Information from or about a child under 13, please contact us at

Other Websites and Social Networking Services:

Our Web site may contain links to other web sites not maintained by theBalm. Other web sites may also reference or link to our Web site.  The inclusion of a link on the Web site does not imply endorsement of the linked site by us.  We are not responsible for the privacy practices of websites operated by third parties that are linked to or integrated with our Web site, or for the privacy practices of third party Internet advertising companies.  We encourage you to be aware when you leave our Web site, or surf the Internet, and to read the privacy statements of each and every web site that you visit.

Our Web site may allow you to engage with social media services, such as Facebook, Twitter, Pinterest and Instagram (“Social Networks”), and widgets such as the social media icon buttons, or interactive mini-programs that run on our Website or which link from Social Networks to our Web site (“Social Functions”). These Social Functions may access, collect and integrate with your Social Network accounts and information. For example, these Social Functions may collect your IP address, identify which page you are visiting on our Web site, or set a cookie. Social Functions may also be used to register you as a Web site user.  For example, if you are not currently registered as a Web site user and you use certain Social Functions, you will be asked to enter your Social Network credentials and then be given the option to register and join the Web site. If you choose to use these Social Functions, you may be sharing certain Social Network profile elements with us, including your name, birthday (month/day), comments, contacts, email address, photos or favorite teams. This sharing is subject to each Social Network’s own privacy policy and terms of use. We do not control those Social Networks or your profiles on those services. Nor do we modify your privacy settings on those services or establish rules about how your Personal Information on those services will be used. Social Functions are either hosted by a third party or hosted directly on our Web site. Your interactions with them are governed by the privacy policy of the company providing them. Please refer to the privacy settings in your Social Network account to manage the data that is disclosed to us through your account. Information you include and transmit online in a publicly accessible blog, chat room or Social Network, or that you share in an open forum such as an in-person panel or survey, may be viewed and used by others without any restrictions. We do not control such uses of your Personal Information, and by using such services you assume the risk and acknowledge that the Personal Information provided by you may be viewed and used by us and/or third parties for any number of purposes and that the usage restrictions set forth in this Privacy Policy do not apply to such services. To request removal of your Personal Information from a blog, community forum or other publicly-accessible part of the Web site, contact us at privacy@thebalm.com. In some cases, we may not be able to remove your Personal Information, in which case we will let you know if we are unable to do so.

Opt-Out:

To opt-out of any future promotional email messages from us, you should send an unsubscribe request to us at info@thebalm.com. We will process your request within a reasonable time after receipt. 

The online advertising industry provides a service through which you may opt-out of receiving targeted ads from certain data partners and other advertising partners that participate in self-regulatory programs. Through the Digital Advertising Alliance (DAA) you can opt-out of targeted advertising from certain providers at www.aboutads.info/consumers. EU residents who have provided their consent to our use of cookies and similar technologies can also use the European Interactive Digital Advertising Alliance (“EDAA”) opt out tool which can be found at http://www.youronlinechoices.eu/. Please note that by opting out, you will continue to see generic advertising that is not tailored to your specific interests and activities. To be clear, cookie-based opt-outs must be performed on each device and browser that you wish to have opted-out. For example, if you have opted out on your device browser, that opt-out will not be effective on your mobile device. You must separately opt out on each device.  

If you want to stop or restrict the placement of cookies or flush any cookies that may already be on your computer or device, please refer to and adjust your web browser preferences. Further information on cookies is available at www.allaboutcookies.org. By deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our Web site or some of its functionality may be affected. Cookies and similar items are not used by us to automatically retrieve Personal Information from your device without your knowledge.

Some browsers have a “do not track” (also known as DNT) feature that lets you tell websites that you do not want to have your online activities tracked. Please note that, unless required by law, we do not respond to or honor “do not track” signals or similar mechanisms transmitted by web browsers. However, we treat Global Privacy Control signals as opt-out of selling or sharing of Personal Information under the California Consumer Privacy Laws (as defined below) where the users’ web browsers support this signal and where the GPC signal remains present and readable.

If you are a resident of one of the Applicable States, you may have additional opt-out rights as set forth in the section below entitled: “California and Additional State Privacy Rights.”

Changes to policy:

We reserve the right, at our discretion, to change, modify, add, or remove portions from this policy at any time, provided that any such modifications will only be applied prospectively. Your continued use of the Web site following the posting of any changes to this policy means you accept such changes.

Communications with theBalm:

By providing your email address to us, you expressly consent to receive emails from us. We may use email to communicate with you, to send information that you have requested or to send information about other products or services developed or provided by us or by other third party manufacturers, services and/or distributors that we believe will be of interest to its audience.  If you receive an unwanted email from us, you can simply reply and ask not to receive future emails.  We also give you the option to remove your Personal Information (and other information required by law) from our list of active users completely.  All unsubscribe or opt-out requests should be sent to us at info@thebalm.com and we will process your request within a reasonable time after receipt. Subject to applicable law, we are not responsible for removing your information from the lists of any third party who has been provided your information in accordance with this policy, such as a business partner.

Text Marketing and Notifications:

By entering your phone number in the checkout and initializing a purchase, subscribing via our subscription form or a keyword, you agree that we may send you text notifications (for your order, including abandoned cart reminders) and text marketing offers. Text marketing messages will not exceed 10 a month. You acknowledge that consent is not a condition for any purchase.

If you wish to unsubscribe from receiving text marketing messages and notifications, reply with STOP to any mobile message sent from us or use the unsubscribe link we provided you with in any of our messages. You understand and agree that alternative methods of opting out, such as using alternative words or requests will not be accounted as a reasonable means of opting out. Message and data rates may apply.

For any questions please text HELP to the number you received the messages from. You can also contact us for more information. If you wish to opt out please follow the procedures above.

Web site Terms and Conditions:

Use of this Web site is governed by, and subject to, the legal notices contained in our Terms and Conditions. Your use, or access, of the Web site constitutes your agreement to be bound by these provisions.

Contact:

For questions or concerns relating to privacy, we can be contacted at: privacy@thebalm.com. If you are situated in the EU, UK or Switzerland and have any complaints regarding our privacy practices, you have the right to complain to a supervisory authority.

Site Maintenance:

Our Web site is maintained in the United States of America. Subject to the subsection “Data Transfer” in the section titled Additional EU, UK and Swiss Privacy Rights”, by using the Web site or engaging in Other Interactions, you authorize the export of your information to the USA and its storage and use as specified in this policy.

California and Additional State Privacy Rights:

This section provides additional information about our Personal Information processing practices relating to individual residents of the Applicable States. Note – the terms and commitments herein that apply to an Applicable State, apply to us and govern our processing of your Personal Information solely to the extent the Applicable State law applies to us as a business or controller of your information (on a case-by-case basis). Also, please note that except for California and Virginia, the relevant laws of the other Applicable States may not yet be in effect and in all cases we are granting you the rights in this section only to the extent they apply to you and are in effect and enforceable.

Certain of the provisions below may apply only to California consumers under the California Consumer Privacy Act of 2018 (“CCPA”) and the California Privacy Rights Act of 2020 (“CPRA”), which are sometimes collectively referred to as “California Consumer Privacy Laws” below.

California and other Applicable State laws provide residents of the Applicable States (respectively) with specific rights regarding Personal Information. If you are a resident of any of the aforementioned states, this section describes your rights and explains how to exercise those rights. When we refer to “Personal Information” in this section, we intend that term to have the meaning as “personal information” or “personal data” as defined under the California Consumer Privacy Law or the privacy law of the Applicable State you reside in. 

We request that you do not provide us with Sensitive Personal Information (“SPI”). If you do, you have the right to limit the use or disclosure of your SPI if we are using your SPI beyond what is reasonable and proportionate to provide the requested goods or services. You can make a request for us to limit the use or disclosure of your SPI by clicking here. However, please note that we do not currently use or disclose SPI for any purposes that require disclosure or opt-out rights under the California Consumer Privacy Laws as we understand those laws.

 

Information We Collect; How We Collect It; How We Use It

Via the Web site and Other Interactions, we collect certain Personal Information further specified above under Personal Information We Collect and How We Collect It. While we refer you to the details above for more information, for ease of reference in the chart below we have summarized the categories of Personal Information collected from California and other Applicable States residents within the last twelve (12) months, the categories of purposes for which we collect it, the categories of sources, and the categories of third parties with whom we disclose Personal Information:

Category

Purposes for Which Such Information Was Collected in the Preceding 12 Months or Will be Collected

Categories of Sources From Which Personal Information Has Been Collected in the Preceding 12 Months or Will be Collected

Categories of Third Parties With Whom We Disclose Personal Information

Personal identifiers

To process your orders, to contact you about our products and services and to add you to our mailing list for that purpose, to personalize your experience with us including by presenting products or offers tailored to you, to allow you to use, communicate and interact with others on our Web site and though Other Interactions, to administer our loyalty rewards program, and to respond to your direct inquiries.

 

From you, such as when you choose to participate in our offers and programs or otherwise provide information directly to us, including when you register with us, purchase products, participate in our interactive features or otherwise interact with us on the Web site or though Other Interactions.

From social media services, if you use certain Social Functions (see Other Websites and Social Networking Services).

Service providers and other third parties, including providers of the following services: website hosting, data analysis, payment processing, targeted advertising, order fulfillment, infrastructure provision, information technology services, customer service, e-mail delivery, credit card processing, auditing, training, and other similar services.

 

Personal Information covered by the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

To process your orders, to contact you about our products and services and to add you to our mailing list for that purpose, to personalize your experience with us including by presenting products or offers tailored to you, to allow you to use, communicate and interact with others on our Web site, to administer our loyalty rewards program, and to respond to your direct inquiries.

 

From you, such as when you choose to participate in our offers and programs or otherwise provide information directly to us, including when you register with us, purchase products, participate in our interactive features or otherwise interact with us on the Web site or through other Interactions.

From social media services, if you use certain Social Functions (see Other Websites and Social Networking Services).

 

Service providers and other third parties, including providers of the following services: website hosting, data analysis, payment processing, order fulfillment, infrastructure provision, information technology services, customer service, e-mail delivery, credit card processing, auditing, training, and other similar services, including services that deliver targeted advertising about goods and services that may be of interest to you.

.

 

Commercial information

If you provide information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns, to contact you about our products and services, to personalize your experience with us including by presenting products or offers tailored to you, to administer our loyalty rewards program, and to respond to your direct inquiries.

 

From you, automatically, such as when you make a purchase from the Web site or through Other Interactions.

 

Service providers and other third parties, including providers of the following services: website hosting, data analysis, payment processing, order fulfillment, infrastructure provision, information technology services, customer service, e-mail delivery, credit card processing, auditing, training, and other similar services including services that deliver targeted advertising about goods and services that may be of interest to you.

 

Internet or other similar network activity

To personalize your experience with us, including by presenting products or offers tailored to you, to allow you to use, communicate and interact with others on our Web site, and as otherwise described herein.

 

From you, automatically, when you interact with the Web site.

From social media services, if you use certain Social Functions (see Other Websites and Social Networking Services).

Service providers and other third parties, including providers of the following services: website hosting, data analysis, payment processing, order fulfillment, infrastructure provision, information technology services, customer service, e-mail delivery, credit card processing, auditing, training, and other similar services, including services that deliver targeted advertising about goods and services that may be of interest to you.

.

 

Location data

To personalize your experience with us, including by presenting products or offers tailored to you, and as otherwise described herein.

 

From you, automatically, when you interact with the Web site.

 

Service providers and other third parties, including providers of the following services: website hosting, data analysis, payment processing, order fulfillment, infrastructure provision, information technology services, customer service, e-mail delivery, credit card processing, auditing, training, and other similar services, including services that deliver targeted advertising about goods and services that may be of interest to you.

 

Visual information

With your permission, to share on our social media channels.

From social media services, if you use certain Social Functions (see Other Websites and Social Networking Services).

None, except with your permission.

Inferences drawn from other Personal Information for profiling purposes

To personalize your experience with us, including by presenting products or offers tailored to you, and as otherwise described herein.

 

See other categories.

 

Service providers and other third parties, including providers of the following services: website hosting, data analysis, payment processing, order fulfillment, infrastructure provision, information technology services, customer service, e-mail delivery, credit card processing, auditing, training, and other similar services, including services that deliver targeted advertising about goods and services that may be of interest to you.

 

 

In addition to the purposes set forth above, each of these categories of Personal Information may be collected and used as set forth above in Information Usage and Disclosure

Sharing of Personal Information

theBalm may disclose your Personal Information to a third party for a business purpose or commercial purpose and in some cases we may also “share” or “sell” your Personal Information to third parties, as those terms are defined under the California Consumer Privacy Laws or under the privacy laws of other Applicable States, including for purposes of cross-context behavioral advertising as defined under CPRA. 

The chart above lists the categories of third parties with which we may disclose, share or sell your Personal Information.

In the preceding twelve (12) months, theBalm has disclosed the following categories of Personal Information for a business purpose and we may have “sold” or “shared” these categories or Personal Information as well under the California Consumer Privacy Laws for the purposes noted in the chart and otherwise noted in this privacy policy:

  • Personal identifiers
  • Personal information covered by the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
  • Commercial information
  • Internet or other similar network activity
  • Location data
  • Inferences drawn from other Personal Information for profiling purposes

See above under Information Usage and Disclosure for more information regarding each category and our disclosure and usage practices more generally. Additional disclosures and information relevant under the California Consumer Privacy Laws and other Applicable State laws may also be found in the other Privacy Policy sections above.

 

Right to opt out of selling or sharing

You have the right, to opt out of the sale or sharing of your Personal Information, along with the right to opt in to the sale of such information. If we are considered by law to sell or share any of your Personal Information (which may depend on whether or not you are a resident of an Applicable State), you may, at any time, tell us not to sell or share your Personal Information. You can make this request by clicking here. We will also treat Global Privacy Control browser signals as opt-out of sale/share requests to the extent provided above in Opt-Out. We do not sell your Personal Information for monetary consideration, but the disclosure of your information to certain third parties may be considered a “sale” or “sharing” under CPRA, including sharing in connection with cross-context behavioral advertising. We may have also shared your identifiers and information collected from your purchases with other third parties, which may be also be deemed a sale under the CCPA.

Right to Know About Personal Information Collected, Disclosed or Sold

As a resident of an Applicable State, you have the right to request that we disclose certain information to you about our collection, use, disclose or sale of your Personal Information in the prior 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, Correction and Deletion Rights), and subject to certain limitations that we describe below, we will disclose such information. You have the right to request any or all of the following:

  • The categories of Personal Information we collected about you.
  • The categories of Personal Information that we have sold or disclosed about you for a business purpose.
    • The categories of sources from which the Personal Information is collected.
    • Our business or commercial purpose for collecting or selling that Personal Information.
    • The categories of third parties with whom we share that Personal Information.
    • The specific pieces of Personal Information we collected about you (also called a data portability request).

Deletion Request Rights

You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies. However, we maybe retain Personal Information that has been de-identified or aggregated. Furthermore, we may deny your deletion request if retaining the information is necessary for us or our service provider(s) in order to perform certain actions set forth under applicable law, such as detecting security incidents and protecting against fraudulent or illegal activity.

Without limitation of the foregoing, please note that if you request deletion of your Personal Information, we may deny your request or may retain certain elements of your Personal Information if it is necessary for us or our service providers to:

  • Complete the transaction for which the Personal Information was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between our business and you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
  • Debug to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent.
  • To enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Otherwise use the Personal Information, internally, in a lawful manner that is compatible with the context in which you provided the information.

If we refuse your request, you have the right to appeal such refusal by submitting a request to appeal through any means listed under “Exercising Access, Data Portability, Correction and Deletion Rights” below. Within 60 days of receipt of an appeal, we will inform you in writing via email of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.

Exercising Access, Data Portability, Correction and Deletion Rights

To exercise any of your rights described herein, please submit a request to us by emailing us at info@thebalm.com, by clicking here, or by contacting us toll-free at 1-866-I-OPT-OUT (1-866-467-8688) using service code 731.

You have the right to correct inaccurate Personal Information that we have collected and maintain about you.

You may designate an authorized agent to submit a request on your behalf to access, correct or delete your Personal Information. To do so, you must: (1) provide that authorized agent written and signed permission to submit such request; and (2) verify your own identity directly with us (i.e., provide sufficient information that allows us to reasonably verify that you are the person about whom we collected the Personal Information). Please note, we are required to validate any request to exercise these rights, including any authorized agent request and we may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf. For more information about verification, see Response Timing and Format immediately below.

If you have been designated as an authorized agent to submit a request on behalf of another consumer, you must (1) download and complete this and have it signed by the consumer, and (2) provide the signed form when you submit a request here to exercise your rights under the California Consumer Privacy Laws. 

 

Response Timing and Format

We will respond to consumer requests in a reasonably timely manner. If we require extra time to respond, we will inform you of the reason and extension period in writing. Subject to applicable law, in order to protect the security of your Personal Information, we will not honor a request if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. The method used to verify your identity will depend on the type, sensitivity and value of the information, including the risk of harm to you posed by any authorized access or deletion. Generally speaking, verification will be performed by matching the identifying information provided by you to the Personal Information that we already have.

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request (and will not be made more than twice in a 12-month period). If we cannot comply with a request, or cannot fully comply with a request, the response we provide will also explain the reasons we cannot comply.

Personal Information Sales Opt-Out and Opt-In Rights

You have the right to direct businesses to not sell your Personal Information at any time (the "right to opt-out"). If, we are deemed to sell your information under Applicable State law, you may exercise this right to opt-out by submitting a request to us (or by having your authorized representative submit a request) through the following Internet Web page: Click Here

Non-Discrimination

We will not discriminate against you for exercising any of your rights hereunder, including, but not limited to, by:

  • Denying you goods or services.
  • Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Providing you a different level or quality of goods or services.
  • Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Notice of Financial Incentive

We may at times offer our customers programs that provide certain perks associated with us, such as rewards and exclusive offers, including but not limited to our “BalmBucks” program. We may also provide other programs, such as sweepstakes, contests, or other similar promotional campaigns (collectively, the “Programs”). When you sign up for one of these Programs, we typically ask you to provide your name and contact information (such as email address and/or telephone number). Because our Programs involve the collection of Personal Information, they may be considered a “financial incentive” program under the California Consumer Privacy Laws. The value of your Personal Information to us is related to the value of the free or discounted products or services, or other benefits that you obtain or that are provided as part of the applicable Program, less the expense related to offering those products, services, and benefits to Program participants.

You may withdraw from participating in a Program at any time by contacting us using the designated method set forth in the applicable Program rules. Visit the terms and conditions page of each Program to view full details, including how to join. You may also withdraw from, or opt in to the Program by contacting us at info@thebalm.com or by using the designated method set forth in the applicable Program rules. Additionally, in connection with our BalmBucks program, if you ask us to delete your email address as set forth above in the Deletion Request Rights section, we will use reasonable efforts to offer you a limited opportunity to redeem the “BalmBucks” points that you’ve received prior to our deletion of your email address, following which you will be disenrolled from the program. For more information regarding “BalmBucks”, please refer to our FAQs or email info@thebalm.com.

California Shine The Light Law

California’s “Shine the Light” law, permits our users who are California residents to request and obtain from us a list of what Personal Information (if any) we disclosed to third parties for their own direct marketing purposes in the previous calendar year and the names and addresses of those third parties. Requests may be made only once per year per person, must be sent to info@thebalm.com, and are free of charge. However, note, we do not disclose Personal Information protected under the “Shine the Light” law to third parties for their own direct marketing purposes.


 

Privacy Disclosures for Nevada Residents

If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Information to third parties who intend to license or sell that Personal Information. You can exercise this right by contacting us at by clicking here or by emailing us info@thebalm.com with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account.

Additional EU, UK and Swiss Privacy Rights:

IF YOU ARE SITUATED IN THE EU, SWITZERLAND OR THE UK, THIS SECTION APPLIES TO OUR COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL DATA AND ADDITIONAL RIGHTS YOU HAVE UNDER APPLICABLE LAW.

Legal Basis:

We will only use your personal data as defined by the EU General Data Protection Regulation (“GDPR”) when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where you have consented to a certain use of your personal data.
  • Where we need to comply with a legal or regulatory obligation.

To the extent permitted under applicable laws, we will also process, transfer, disclose and preserve personal data when we have a good faith belief that doing so is necessary.

Data controller:

Shipman Associates, LLC d/b/a theBalm cosmetics Is the data controller of all personal data collected through our Web site and Other Interactions. To contact us, please see the section titled “Contact”.

If you are situated in the EU, UK or Switzerland and have any complaints regarding our privacy practices, you have the right to make a complaint at any time to your local Supervisory Authority. We would, however, appreciate the chance to deal with your concerns before you approach your Supervisory Authority so please contact us in the first instance. If you have a complaint, please contact our EU privacy manager located in Slovenia at: privacy@thebalm.com.

Provision of personal data and failure to provide personal data:

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we will not be able to provide services to you.


 

Third parties or publicly available sources

We may receive personal data about you from various third parties such as Social Networks (as described above) and Shopify to assist us with your sale and refund procedures.

Withdrawing your consent:

If we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time. You have the right to withdraw your consent at any time by contacting us at privacy@thebalm.com.

Data Transfer:

We may transfer personal data from the EU, UK or Switzerland to the USA and other countries, some of which have not been determined by the European Commission or the UK to have an adequate level of data protection. If we transfer personal data outside the EU. UK or Switzerland (as applicable) to a processor, such transfer will be in compliance with the requirements of the GDPR. Where we use certain vendors, we may use specific contracts approved by the European Commission or the UK Secretary of State which give personal data the same protection it has in Europe. For more information about how we transfer your data, please contact us at privacy@thebalm.com.

Use of your personal data for marketing purposes:

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising:

  • Promotional offers from us: We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us if you have requested information from us or used our services and, in each case, you have consented to our use of your personal data for marketing purposes.
  • Third-party marketing: We will get your express opt-in consent before we share your personal data with any company outside our company for their marketing purposes.

To see how you can opt out of marketing communications, please see the section above titled “Opt-Out”.

Data Subject Rights:

If you are a situated in the EU UK or Switzerland, under the GDPR as a data subject you have the following rights:

  • Right to access – This right allows individuals to obtain confirmation as to whether or not personal data concerning him or her is being process and provide access to such personal data. It also allows individuals to request details of the processing of their personal data, including, without limitation, categories of recipients to whom the personal data have been or will be disclosed and purposes of processing.
  • Right to rectify – This right allows individuals to rectify any inaccurate personal data about him or her.
  • Right to restrict processing – This right allows individuals to block or suppress processing of personal data under certain circumstances.
  • Right to be forgotten (also known as right to erasure) – This right is also known as the “right to erasure”. It is an individual’s right to have personal data erased or to prevent processing in specific circumstances. You have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Right of data portability – This right allows individuals to move, copy or transfer personal data from one place to another in a secure manner without interrupting the integrity and usability of the information. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Right to object to processing – This right allows individuals to object to certain types of processing, including direct marketing, profiling and providing for purposes of scientific or historical research and statistics. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Right to withdraw consent – This right allows individuals to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

To exercise your rights under the GDPR and other applicable laws, please contact us at privacy@thebalm.com. Please note that in order for you to assert these rights, we may need to verify your identity to confirm your right to access your personal data.  This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. In order to verify your identity, we may need to gather more personal data from you than we currently have.

Your Cart

Your cart is currently empty.
Click here to continue shopping.