Privacy Policy

Last Updated and Effective as of: January 1, 2020

At theBalm Cosmetics (“we”, “us” or “theBalm”), we are committed to safeguarding your privacy and protecting your information against unauthorized use. The following statements explain the policies we adhere to regarding the collection of data on our site https://thebalm.com/ (“Web site”), information security, and privacy standards. This privacy policy does not apply to any other website including social media outlets such as Instagram, Facebook, or Twitter, which we use for business purposes. theBalm is the data controller for data collected on our Web site only. BY USING OR ACCESSING THE WEB SITE, YOU SIGNIFY YOUR AGREEMENT TO BE BOUND BY TO OUR PRIVACY POLICY. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, YOU MAY NOT ACCESS OR OTHERWISE USE THE WEB SITE.

Overview:

  • We collect Personally Identifiable Information (as defined below) from users of our Web site when it is voluntarily provided to us and use it for the purposes for which it was provide (see Personally Identifiable Information We Collect).
  • We automatically collect information from users of our Web site for advertising and analytical purposes (see Non-Personally Identifiable Information and Interest-Based Advertising).
  • You can control certain uses of your information, and, if you are a California resident as defined in Section 17014 of title 18 of the California Code of Regulations, as that section read on September 1, 2017 (“California Consumer”), you can access and delete certain information. If you are a California Consumer, please see California Consumer’s Rights below.
  • We will not use or share your Personally Identifiable Information with anyone except as described in this Privacy Policy.

 

Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, you should not use the Web site. By accessing or using this Web site, you agree to this Privacy Policy.  If you have questions, you can always contact us using the information in the section below titled CONTACT.

Personally Identifiable Information We Collect:

Your provision of your Personally Identifiable Information to us is completely voluntary. “Personally Identifiable Information” is information that can specifically identify you.  We do not collect Personally Identifiable Information unless you submit that information to us, such as when you choose to participate in our offers and programs or otherwise provide information directly to us, including when you register with us, purchase products, participate in our interactive features or otherwise interact with us on the Web site. Categories of Personally Identifiable Information we collect include:

  • Identity Data,which includes name or other similar identifiers.
  • Contact Data,which includes address, email address and telephone numbers.
  • Financial Data,which includes payment card details.

Additionally, we may also collect certain other types of information that, along with the categories described above may be considered and specifically named “personal data” in certain jurisdictions, including the European Union (“EU”), such as:

  • Transaction Data,which includes details about payments.
  • Technical Data,which includes internet protocol (IP) address, your login data.
  • Profile Data,which includes your username and password, information about your past purchases, loyalty rewards account information.
  • Usage Data,which includes information about how you use our web site and services.
  • Marketing and Communications Data,which includes your preferences in receiving marketing from us

IF YOU ARE SITUATED IN THE EU, PLEASE SEE THE SECTION “ADDITIONAL EU DISCLOSURES” THAT PERTAIN TO OUR COLLECTION, USE AND DISCLOSURE OF YOUR PERSONAL DATA AND ADDITIONAL RIGHTS YOU HAVE UNDER APPLICABLE LAW.

Lastly, we collect information (some of which may also constitute Personally Identifiable Information) that identifies, relates to, describes, references, or is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. The California Consumer Privacy Act of 2018 (“CCPA”) refers to such information as “personal information”. The Web site collects the following categories of personal information, and the Web site has collected the following categories of personal information from visitors within the last twelve (12) months:

  • Personal identifiers, such as name, telephone number, email address, physical address and internet protocol (IP) address.
  • Personal information covered by the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as name, physical address, telephone number and payment card details, Some personal information included in this category may overlap with other categories.
  • Commercial information, such as products or services purchased by you or which you considered purchasing or other purchasing or consuming tendencies.
  • Internet or other similar network activity, such as browsing history, search history, information on your interaction with a website (including the Web site), application, or advertisement.
  • Location data, such as the region where a device used to access the Website is located and location data derived from your IP address.
  • Visual information, in the form of photos, if you use certain Social Functions (see Other Websites and Social Networking Services).
  • Inferences drawn from other personal information for profiling purposes, such as information used to create a profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

 

Personal information does not include:

  • Information that is lawfully made available from federal, state or local government records.
  • Deidentified or aggregated information.
  • Information excluded from the scope of CCPA, like:
    • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
    • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.

If you are a resident of California, please see the section “California Consumer Rights” for specific disclosures with respect to our collection, use, and disclosure of your personal information and additional rights you have under applicable law.

Non-Personally Identifiable Information:

As noted above, we may collect information that is not Personally Identifiable Information (“Non-Personally Identifiable Information”).  We may aggregate Personally Identifiable Information so that the aggregated information does not personally identify you or anyone else, such as by using Personally Identifiable Information to calculate the percentage of our customers who live in a particular area ("Aggregate Information").  Because Non-Personally Identifiable Information does not personally identify you, we may collect, use and disclose Non-Personally Identifiable Information for any purpose permitted by law and subject to the sections titled “Additional EU Disclosures” and “California Consumer Rights”.  In some instances, we may combine Non-Personally Identifiable Information with Personally Identifiable Information.  If we combine any Non-Personally Identifiable Information with Personally Identifiable Information, the combined information will be treated by us as Personally Identifiable Information.

Information Usage and Disclosure:

Besides using your Personally Identifiable Information ourselves, we may send your Personally Identifiable Information to other companies, affiliates and third parties to help us process your Personally Identifiable Information for the purposes set out in this policy.

We use Personally Identifiable Information and other information as described herein:

  • to process and fulfill any orders that you have placed,
  • to contact you about our products and services and provide you with our products and services,
  • to personalize your experience with us including by presenting products or offers tailored to you,
  • to allow you to use, communicate and interact with others on our Web site,
  • to administer our loyalty rewards program,
  • to respond to your direct inquiries,
  • to add you to our mailing lists and send you emails from time to time.  

We may also share your information with third parties such as website hosting, data analysis, payment processing, order fulfillment, infrastructure provision, information technology services, customer service, e-mail delivery services, credit card processing, auditing, training, and other similar services.  These third parties may have access to Personally Identifiable Information necessary to perform their functions.  One such third party is Shopify, provider of our online storefront platform. To see how Shopify will use your Personally Identifiable Information, please review their privacy policy here. To view their Terms of Use, click here.

We will not sell your Personally Identifiable Information to any third party not affiliated with theBalm without your consent except in connection with the sale or merger of theBalm or the division responsible for such services.  

Additionally, we may disclose Personally Identifiable Information and other information as we believe necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; (g) to allow us to pursue available remedies or limit the damages that we may sustain; and (h) for legitimate business interests. 

We may use Aggregate Information and Non-Personally Identifiable Information to improve and enhance your experience on the Web site and for our market research activities. For example, and subject to section titled “Additional EU Disclosures”, we may share Aggregate Information and Non-Personally Identifiable Information with unaffiliated third parties, such as business partners, manufacturers, distributors and retailers, in a form in which means the shared information will not contain nor be linked to any Personally Identifiable Information.   

Please note that if you specifically consent to additional uses of your Personally Identifiable Information, we may use your Personally Identifiable Information in a manner consistent with that consent. Finally, we reserve the right to supplement your Personally Identifiable Information with information we gather from other sources which may include information we gather from online and offline sources.

California Consumer Rights:

California law provides California Consumers with specific rights regarding your personal information. This section describes the rights that California Consumers have (subject, in all cases, to any limitations set forth in the CCPA) and explains how to exercise those rights.

Information We Collect; How We Collect It; How We Use It

The Web site collects the following categories of personal information (as further specified above under Personally Identifiable Information We Collect), and the Web site has collected the following categories of personal information from its California Consumers within the last twelve (12) months, for the following categories of purposes and from the following categories of sources, and the Web site shares personal information with the following categories of third parties:

 

Category

Purposes for Which Such Information Was Collected in the Preceding 12 Months or Will be Collected

Categories of Sources From Which Personal Information Has Been Collected in the Preceding 12 Months or Will be Collected

Categories of Third Parties With Whom We Share Personal Information

Personal identifiers

To process your orders, to contact you about our products and services and to add you to our mailing list for that purpose, to personalize your experience with us including by presenting products or offers tailored to you, to allow you to use, communicate and interact with others on our Web site, to administer our loyalty rewards program, and to respond to your direct inquiries.

 

From you, such as when you choose to participate in our offers and programs or otherwise provide information directly to us, including when you register with us, purchase products, participate in our interactive features or otherwise interact with us on the Web site.

From social media services, if you use certain Social Functions (see Other Websites and Social Networking Services).

Service providers, including providers of the following services: website hosting, data analysis, payment processing, order fulfillment, infrastructure provision, information technology services, customer service, e-mail delivery, credit card processing, auditing, training, and other similar services.

 

Personal information covered by the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

To process your orders, to contact you about our products and services and to add you to our mailing list for that purpose, to personalize your experience with us including by presenting products or offers tailored to you, to allow you to use, communicate and interact with others on our Web site, to administer our loyalty rewards program, and to respond to your direct inquiries.

 

From you, such as when you choose to participate in our offers and programs or otherwise provide information directly to us, including when you register with us, purchase products, participate in our interactive features or otherwise interact with us on the Web site.

From social media services, if you use certain Social Functions (see Other Websites and Social Networking Services).

 

Service providers, including providers of the following services: website hosting, data analysis, payment processing, order fulfillment, infrastructure provision, information technology services, customer service, e-mail delivery, credit card processing, auditing, training, and other similar services.

 

Commercial information

If you provide information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns, to contact you about our products and services, to personalize your experience with us including by presenting products or offers tailored to you, to administer our loyalty rewards program, and to respond to your direct inquiries.

 

From you, automatically, such as when you make a purchase from the Web site.

 

Service providers, including providers of the following services: website hosting, data analysis, payment processing, order fulfillment, infrastructure provision, information technology services, customer service, e-mail delivery, credit card processing, auditing, training, and other similar services.

 

Internet or other similar network activity

To personalize your experience with us, including by presenting products or offers tailored to you, to allow you to use, communicate and interact with others on our Web site, and as otherwise described below.

 

From you, automatically, when you interact with the Web site.

From social media services, if you use certain Social Functions (see Other Websites and Social Networking Services).

Service providers, including providers of the following services: website hosting, data analysis, payment processing, order fulfillment, infrastructure provision, information technology services, customer service, e-mail delivery, credit card processing, auditing, training, and other similar services.

 

Location data

To personalize your experience with us, including by presenting products or offers tailored to you, and as otherwise described below.

 

From you, automatically, when you interact with the Web site.

 

Service providers, including providers of the following services: website hosting, data analysis, payment processing, order fulfillment, infrastructure provision, information technology services, customer service, e-mail delivery, credit card processing, auditing, training, and other similar services.

 

Visual information

With your permission, to share on our social media channels.

From social media services, if you use certain Social Functions (see Other Websites and Social Networking Services).

None, except with your permission.

Inferences drawn from other personal information for profiling purposes

To personalize your experience with us, including by presenting products or offers tailored to you, and as otherwise described below.

 

See other categories.

 

Service providers, including providers of the following services: website hosting, data analysis, payment processing, order fulfillment, infrastructure provision, information technology services, customer service, e-mail delivery, credit card processing, auditing, training, and other similar services.

 

      In addition to the purposes set forth above, each of these categories of personal information may be collected and used:

  • To fulfill or meet the reason you provided the information.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us (including our Terms of Use), including for billing and fulfillment.
  • As described to you when collecting your personal information or as otherwise set forth in the CCPA.
  • To help maintain the safety, security, and integrity of our Web site, products and services, databases and other technology assets, and business.
  • For internal research for technological development and demonstration and to improve, upgrade or enhance our products or services.
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
  • In emergency situations to protect the personal safety of us, our users, or the public.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of theBalm's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by theBalm about our Website users is among the assets transferred.

Sharing of Personal Information

theBalm may disclose your personal information to a third party for a business purpose.  

The chart found above under Information We Collect; How We Collect It; How We Use It lists the categories of third parties with which we may share your personal information. The CCPA defines a “sale” as selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party (excluding qualified service providers) for monetary or other valuable consideration. We do not believe that we share your personal information in a manner that constitutes a sale.

 

In the preceding twelve (12) months, theBalm has disclosed the following categories of personal information for a business purpose:

  • Personal identifiers
  • Personal information covered by the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
  • Commercial information
  • Internet or other similar network activity
  • Location data
  • Inferences drawn from other personal information for profiling purposes

See above under Personally Identifiable Information We Collect and Information We Collect; How We Collect It; How We Use It for more information regarding each category.

 

Right to Know About Personal Information Collected, Disclosed or Sold

 

As a California Consumer, you have the right to request that we disclose certain information to you about our collection, use, disclosure or sale of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access and Deletion Rights), and subject to certain limitations that we describe below, we will disclose such information. You have the right to request any or all of the following:

  • The categories of personal information we collected about you.
  • The categories of sources from which the personal information is collected.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).

 

Deletion Request Rights

 

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.  However, we maybe retain personal information that has been de-identified or aggregated. We need your email address to facilitate your participation in our “BalmBucks” loyalty and rewards program. If you ask us to delete your email address, we will use reasonable efforts to offer you a limited opportunity to redeem the “BalmBucks” points that you’ve received prior to our deletion of your email address, following which you will be disenrolled from the program. For more information regarding “BalmBucks”, please refer to our FAQs or email info@thebalm.com.

 

Exercising Access and Deletion Rights

To exercise the access and deletion rights described above, please submit a request to us by emailing us at info@thebalm.com, by clicking here, or by contacting us toll-free at 1-866-I-OPT-OUT (1-866-467-8688) using service code 731.

Only you, or a person or business entity registered with the California Secretary of State that you authorize to act on your behalf (an “authorized agent”), may make the requests set forth above.

The request should include your contact information and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. In addition, you should provide sufficient information that allows us to reasonably verify that you are the person about whom we collected the personal information or an authorized representative of that person.

For more information about verification, see Response Timing and Format immediately below.

Response Timing and Format

 

We will respond to consumer requests in a reasonably timely manner. If we require extra time to respond, we will inform you of the reason and extension period in writing.. In order to protect the security of your personal information, we will not honor a request if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. The method used to verify your identity will depend on the type, sensitivity and value of the information, including the risk of harm to you posed by any authorized access or deletion. Generally speaking, verification will be performed by matching the identifying information provided by you to the personal information that we already have.

 

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request (and will not be made more than twice in a 12-month period). If we cannot comply with a request, or cannot fully comply with a request, the response we provide will also explain the reasons we cannot comply.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights, including, but not limited to, by:

  • Denying you goods or services.
  • Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Providing you a different level or quality of goods or services.
  • Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Interest-Based Advertising:

We may ourselves, or with third party vendors, use information we collect or vendor information to deliver targeted advertising to you when you visit other websites or our Web site. Cookies, clickstream data, and other similar technologies described below may be used in this process. For example, if you are searching for information on a particular product, we or our vendor may cause an advertisement to appear on other websites you view with information on that product. This form of advertising, sometimes called “behavioral advertising,” which enables us and our vendors to know your interests in connection with the delivery of that specific ad. We believe that such advertising is helpful because you will see advertisements that are relevant to your interests. However, if you would like to opt out of these interest-based advertisements, please follow the opt-out process described below under “Opt-Out.”

Cookies and Similar Technology:

We may store some information on your device or device hardrive as a cookie or similar type of file (such as clear gifs, web beacons, tags, and similar technologies that work on mobile devices) to collect data related to usage of the Web site. "Cookies" are pieces of information that may be placed on your computer by a web site for the purpose of collecting data to facilitate and enhance your communication and interaction with that web site.   Such data may include, without limitation, the address of the websites you visited before and after you visited the Web site, the type of browser you are using, your Internet Protocol (IP) address, what pages in the Web site you visit and what links you clicked on, the region where your device is located, and geo-IP data.We may use cookies to customize your visit to the Web site and for other purposes to make your visit more convenient or to enable us to enhance our service.   We do not use cookies to retrieve Personally Identifiable Information from your computer for purposes that are unrelated to the Web site or your interaction with the Web site. In addition to the tracking technologies described below under “Site Analytics”, we also use the following cookies, tags and trackers:

COOKIE

DURATION/TYPE

PURPOSE

MORE INFORMATION

Google Analytics

Persistent, first party

Google Analytics collects information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect certain information, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

Click here for more information on Google Analytics: https://support.google.com/analytics/answer/6004245 

DoubleClick

Persistent, session and third party

 

DoubleClick provides information about visitors, such as the websites they visit before and/or after visiting a website

 

Click here for more information about DoubleClick: http://www.google.com/intl/en/policies/privacy/ 

Facebook Custom Audience

Persistent, session and third party

 

Facebook uses a business's CRM data to match it to people in their database to create a custom audience for advertising campaigns.

Click here for more information on Facebook connect: https://www.facebook.com/about/privacy/your-info-on-other

 

Okendo.io

 

Persistent, session and third party

 

Okendo collents information provided by customers when they choose to leave a review on the website.           

Click here for more information on Okendo:

https://www.okendo.io/privacy-policy/

FourSixty

Persistent, session and third party

 

Foursixty provides social commerce and social content management services for brands, including an API and related website services to enable a shoppable Instagram feed.

Click here for more information on Foursixty:

http://www.foursixty.com/460/privacy

Facebook Connect

Persistent, session and third party

 

When a user chooses to access a third-party website through Facebook Connect, they allow that website to retrieve information they have given to Facebook, including their full name, pictures, wall posts, friend information, etc. This not only allows the user to skip the basic registration steps required by most websites, but it also allows the website to update the user's Facebook wall and news feed with their activities. By gaining access to the user's friends list, the website is able to show the user which of their friends have also accessed the website through Facebook Connect.

 

Click here for more information on Facebook connect: https://www.facebook.com/about/privacy/your-info-on-other

Sweet Tooth (Smile.io)

Persistent, session and third party

 

Smile.io collects and processes data entered upon account creation for the purpose of our loyalty and rewards program. 

 

Click here for more information on Sweet Tooth: https://smile.io/privacy-policy

 

 

Clickstream:

As you use the Internet, a trail of electronic information is left at each web site you visit.  This information, which is sometimes referred to as "clickstream data," can be collected and stored by a web site's server.  Clickstream data can tell us the type of computer and browsing software you use and the address of the web site from which you linked to the Web site.  We may collect and use clickstream data as a form of Aggregate Information to anonymously determine how much time visitors spend on each page of our Web site, how visitors navigate throughout the Web site and how we may tailor our web pages to better meet the needs of visitors.  This information will be used to improve our Web site and our services. Any collection or use of clickstream data will be anonymous and aggregate, and will not intentionally contain any Personally Identifiable Information.

Site Analytics:

We may work with third-party service providers who use the technologies described in this section to conduct website analytics to help us track and understand how visitors use our Web site.  One such provider is Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help analyze how users use the Web site. The information generated by the cookie about your use (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the Web site, compiling reports on activity for its staff and providing other services relating to web page activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. You may refuse the use of cookies by selecting the appropriate settings in your browser. By using the Web site and accepting cookies, you consent to the processing of data about you by Google in the manner and for the purposes set out above. Please refer to the Google Analytics’ currently available opt-outs for the web, found at https://tools.google.com/dlpage/gaoptout/.

Interactive Tools on our Web site:

Certain features on our Web site may give you an opportunity to interact with us and others.  These may include review boards, blogs, message boards, messaging functionality, chat functionality, and creating community profiles.  When you use these features you should be aware that any information you submit, including your name and e-mail address, may be publicly available to others.  We are not responsible for any information you choose to submit through these interactive features and we strongly discourage you from disclosing any sensitive Personally Identifiable Information (such as health or financial information) through these features.  If you use these features, your Personally Identifiable Information may remain on the Web site even after you cease use of the Web site.

Security:

The security of your Personally Identifiable Information is very important to us.  We attempt to provide for the secure transmission of your information from your computer to our servers by utilizing encryption software. However, due to the inherent open nature of the Internet, we cannot guarantee that communications between you and theBalm, or information stored on the Web site or our servers, will be free from unauthorized access by third parties such as hackers and your use of the Web site demonstrates your assumption of this risk. We have put in place reasonable physical, electronic, and managerial procedures to safeguard the information we collect.  Only those employees who need access to your information in order to perform their duties are authorized to have access to your Personally Identifiable Information.  If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the Contact section below.

Data Retention:

We will retain your information for as long as your account or inquiry is active or as needed to provide you with the Web site and for a reasonable time thereafter in accordance with our standard procedures or as necessary to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Even if we delete some or all of your information, we may continue to retain and use anonymous or aggregated data previously collected. Please note that we will not be liable for disclosures of your data due to errors or unauthorized acts of third parties.

Protection for Children

Our Web site is intended for ages 18 and over. We do not knowingly collect Personally Identifiable Information from children.  When we become aware that Personally Identifiable Information (or other information that is protected under applicable law) from a child under 13 (or such other age as may be restricted under local law) has been collected, we will use all reasonable efforts to delete such information from our database. If you believe we might have any individually identifiable information from or about a child under 13, please contact us at (510) 522-3610.

Other Websites and Social Networking Services:

Our Web site may contain links to other web sites not maintained by theBalm. Other web sites may also reference or link to our Web site.  The inclusion of a link on the Web site does not imply endorsement of the linked site by us.  We are not responsible for the privacy practices of websites operated by third parties that are linked to or integrated with our Web site, or for the privacy practices of third party Internet advertising companies.  We encourage you to be aware when you leave our Web site, or surf the Internet, and to read the privacy statements of each and every web site that you visit.

Our Web site may allow you to engage with social media services, such as Facebook, Twitter, Pinterest and Instagram (“Social Networks”), and widgets such as the social media icon buttons, or interactive mini-programs that run on our Website or which link from Social Networks to our Web site (“Social Functions”). These Social Functions may access, collect and integrate with your Social Network accounts and information. For example, these Social Functions may collect your IP address, identify which page you are visiting on our Web site, or set a cookie. Social Functions may also be used to register you as a Web site user.  For example, if you are not currently registered as a Web site user and you use certain Social Functions, you will be asked to enter your Social Network credentials and then be given the option to register and join the Web site. If you choose to use these Social Functions, you may be sharing certain Social Network profile elements with us, including your name, birthday (month/day), comments, contacts, email address, photos or favorite teams. This sharing is subject to each Social Network’s own privacy policy and terms of use. We do not control those Social Networks or your profiles on those services. Nor do we modify your privacy settings on those services or establish rules about how your Personal Identifiable Information on those services will be used.  Social Functions are either hosted by a third party or hosted directly on our Web site. Your interactions with them are governed by the privacy policy of the company providing them. Please refer to the privacy settings in your Social Network account to manage the data that is shared with us through your account. Information you include and transmit online in a publicly accessible blog, chat room or Social Network, or that you share in an open forum such as an in-person panel or survey, may be viewed and used by others without any restrictions. We do not control such uses of your Personally Identifiable Information, and by using such services you assume the risk and acknowledge that the Personally Identifiable Information provided by you may be viewed and used by us and/or third parties for any number of purposes and that the usage restrictions set forth in this Privacy Policy do not apply to such services. To request removal of your Personally Identifiable Information from a blog, community forum or other publicly-accessible part of the Web site, contact us at privacy@thebalm.com. In some cases, we may not be able to remove your Personally Identifiable Information, in which case we will let you know if we are unable to do so.

The Web site may integrate with social networking services.  You understand that we do not control such services and are not liable for the manner in which they operate.  While we may provide you with the ability to use such services in connection with our Web site, we are doing so merely as an accommodation and, like you, are relying upon those third party services to operate properly and fairly.

Opt-Out:

To opt-out of any future promotional messages from us, you should send an unsubscribe request to us at info@thebalm.com. We will process your request within a reasonable time after receipt. 

The online advertising industry provides a service through which you may opt-out of receiving targeted ads from certain data partners and other advertising partners that participate in self-regulatory programs.  We comply with the Self-Regulatory Principles for Online Behavioral Advertising set forth by the Digital Advertising Alliance (DAA) and the European Interactive Digital Advertising Alliance (“EDAA”). You can opt-out of targeted advertising from certain providers at www.aboutads.info/consumers. Please note that by opting out, you will continue to see generic advertising that is not tailored to your specific interests and activities. To be clear, cookie-based opt-outs must be performed on each device and browser that you wish to have opted-out. For example, if you have opted out on your device browser, that opt-out will not be effective on your mobile device. You must separately opt out on each device. EU residents who have provided their consent to our use of cookies and similar technologies can use the EDAA’s opt out tool which can be found at http://www.youronlinechoices.eu/

 

If you want to stop or restrict the placement of cookies or flush any cookies that may already be on your computer or device, please refer to and adjust your web browser preferences. Further information on cookies is available at www.allaboutcookies.org. By deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our Web site or some of its functionality may be affected. Cookies and similar items are not used by us to automatically retrieve Personally Identifiable Information from your device without your knowledge.

Please note that, unless required by law, we do not respond to or honor “do not track” (a/k/a/ DNT) signals or similar mechanisms transmitted by web browsers.

Changes to policy:

We reserve the right, at our discretion, to change, modify, add, or remove portions from this policy at any time, provided that any such modifications will only be applied prospectively. Your continued use of the Web site following the posting of any changes to this policy means you accept such changes.

Communications with theBalm:

By providing your email address to us, you expressly consent to receive emails from us.  We may use email to communicate with you, to send information that you have requested or to send information about other products or services developed or provided by us or by other third party manufacturers, services and/or distributors that we believe will be of interest to its audience.  If you receive an unwanted email from us, you can simply reply and ask not to receive future emails.  We also give you the option to remove your Personally Identifiable Information (and other information required by law) from our list of active users completely.  All unsubscribe or opt-out requests should be sent to us at info@thebalm.com and we will process your request within a reasonable time after receipt.  We are not responsible for removing your information from the lists of any third party who has been provided your information in accordance with this policy, such as a business partner.

Additional EU Disclosures:

Legal Basis:

We will only use your personal data as defined by the EU General Data Protection Regulation (“GDPR”) when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where you have consented to a certain use of your personal data.
  • Where we need to comply with a legal or regulatory obligation.

To the extent permitted under applicable laws, we will also process, transfer, disclose and preserve personal data when we have a good faith belief that doing so is necessary.

Data controller:

Shipman Associates, LLC d/b/a theBalm cosmetics Is the data controller of all personal data collected through our Web site. To contact us, please see the section titled “Contact Us”.

If you are situated in the EU and have any complaints regarding our privacy practices, you have the right to make a complaint at any time to your local Supervisory Authority. We would, however, appreciate the chance to deal with your concerns before you approach your Supervisory Authority so please contact us in the first instance. If you have a complaint, please contact our EU privacy manager located in Slovenia at: privacy@thebalm.com.

Provision of personal data and failure to provide personal data:

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we will not be able to provide services to you.

Third parties or publicly available sources. We may receive personal data about you from various third parties such as Social Networks (as described above) and Shopify to assist us with your sale and refund procedures.

Withdrawing your consent:

If we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time. You have the right to withdraw your consent at any time by contacting us at privacy@thebalm.com.

Data Transfer:

We may transfer personal data from the EU to the USA and other countries, some of which have not been determined by the European Commission to have an adequate level of data protection. If we transfer personal data outside the EU to a processor, such transfer will be in compliance with the requirements of the GDPR.

Use of your personal data for marketing purposes:

 We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising:

  • Promotional offers from us: We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us if you have requested information from us or used our services and, in each case, you have consented to our use of your personal data for marketing purposes.
  • Third-party marketing: We will get your express opt-in consent before we share your personal data with any company outside our company for their marketing purposes.

To see how you can opt out of marketing communications, please see the section titled “Opt-Out”.

Data Subject Rights:

If you are a situated in the EU, under the GDPR as a data subject you have the following rights:

  • Right to access – This right allows individuals to obtain confirmation as to whether or not personal data concerning him or her is being process and provide access to such personal data. It also allows individuals to request details of the processing of their personal data, including, without limitation, categories of recipients to whom the personal data have been or will be disclosed and purposes of processing.
  • Right to rectify – This right allows individuals to rectify any inaccurate personal data about him or her.
  • Right to restrict processing – This right allows individuals to block or suppress processing of personal data under certain circumstances.
  • Right to be forgotten – This right is also known as the “right to erasure”. It is an individual’s right to have personal data erased or to prevent processing in specific circumstances.
  • Right of data portability – This right allows individuals to move, copy or transfer personal data from one place to another in a secure manner without interrupting the integrity and usability of the information.
  • Right to object to processing – This right allows individuals to object to certain types of processing, including direct marketing, profiling and providing for purposes of scientific or historical research and statistics.

To exercise your rights under the GDPR, please contact us at privacy@thebalm.com. Please note that in order for you to assert these rights, we may need to verify your identity to confirm your right to access your personal data.  This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. In order to verify your identity, we may need to gather more personal data from you than we currently have.

Text Marketing and Notifications:

By subscribing to text notifications you agree to receive recurring automated marketing messages at the phone number provided. Consent is not a condition of purchase. Reply STOP to unsubscribe. HELP for help. Msg & Data rates may apply.

Web site Terms and Conditions:

Use of this Web site is governed by, and subject to, the legal notices contained at “Term and Conditions”. Your use, or access, of the Web site constitutes your agreement to be bound by these provisions.

Contact:

For questions or concerns relating to privacy, we can be contacted at: privacy@thebalm.com. If you are situation in the EU and have any complaints regarding our privacy practices, you have the right to complain to a supervisory authority.

Site Maintenance:

Our Web site is maintained in the United States of America. Subject to the subsection “Data Transfer” in the section titled “Additional EU Disclosures”, by using the Web site, you authorize the export of your information to the USA and its storage and use as specified in this policy.