When you join Spiritú, you not only treat yourself to a seasonal collection of beauty and lifestyle goods (each, a “Subscription Box” or “Box”) you open up the opportunity to shop, connect, and be inspired by others. Every season we will pack up and ship out a Box filled with our favorite products and send them straight to you. You will also have access to our online shop and content. Spiritú is an ongoing subscription service and each member acknowledges the activation of his/her subscription upon purchase.
Note: This statement applies solely to information collected at or through the Web Site. However, we will frequently link to other online destinations, so we advise you carefully review their respective privacy policies. Please be aware that Spiritú is not responsible for the contents and the privacy practices of such other sites.
CALIFORNIA PRIVACY RIGHTS
Section 1798.83 of the California Civil Code provides that residents of California can obtain certain information about their personal information (as defined under Section 1798.83(e)(6) of the California Civil Code) that companies have shared with third parties for direct marketing purposes during the preceding calendar year, as well as the identity of those third parties. Personal information, as defined under the California Civil Code, includes, but is not limited to, data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller. To request a copy of your personal information maintained by us, please contact us at firstname.lastname@example.org.
INFORMATION YOU PROVIDE TO US
In order to provide you with the best experience via our Site, our Boxes, and our e-commerce shop, Spiritú collects Personal Information through the Web Site at several points. For example, to subscribe to Spiritú, we require your e-mail address, shipping, and billing information. However, Spiritú does not collect any Personal Information that you do not expressly provide and will not sell, rent, or share your Personal Information to any third party for marketing purposes without your consent.
We (or our service providers) collect information from you when you: (1) purchase products from us on our Sites; (2) create an account with us (the “Account”), or otherwise sign up for a subscription, service or feature; (3) complete a survey; (4) participate in a sweepstakes, contest or other promotion; (5) communicate with us via third-party social media sites; (6) apply for a job with us; or (7) contact us, or otherwise communicate with us or provide information to us.
When you visit our Site, we also collect anonymous information such as your IP address or domain name to analyze Site traffic, but this information is not personally identifiable. We will use this information to help diagnose problems with our server, to administer our Site, or to display the content according to your preferences. Traffic and transaction information may also be shared with business partners and advertisers on an aggregate and anonymous basis.
In some cases, you may provide information to us about another person, such as when you purchase a gift card for someone and request that we deliver it to that person, when you share Site content or send a message to a friend through a Site or otherwise, or when you decide to ship products you purchase to someone else. In such cases, you represent that you have the authorization of such person to provide us with such information.
We may combine your (and others’) information that we’ve collected from you (or others) with information we may receive from other sources, such as third-party social media platforms (e.g., when you choose to log in to our Sites through a third-party social media platform, subject to your actions and settings thereon), address update services and co-promotion partners. By accessing our Sites, you signify your consent to the above collection of your Personal Information.
When you are creating an Account for the first time on a Site with an email address that you have previously provided to us in another circumstance (e.g., when signing up for our emails, by entering one of our sweepstakes or other promotions), we may recognize that email address and, once you have completed the account set-up process, you may be able to see your contact information already included in your new online Account. This is happening because we have recognized your email address and, for your convenience, have added your information to your Account.
If you do not want us to collect your Personal Information, please do not provide it to us. You can update your information or change marketing and subscription settings by accessing your Account via the Site. In addition, you can revoke your consent in accordance with the procedures set forth below.
If you receive an email or other correspondence requesting that you provide any sensitive information (including your Site password or credit card information) via email or to a web site that does not seem to be affiliated with the Site, or that otherwise seems suspicious to you, please do not provide such information, and report such request to us at email@example.com.
SITE INFORMATION & OTHER INFORMATION COLLECTED AUTOMATICALLY
Site Usage Information includes, but is not limited to: (i) your browser type, device type, carrier (if applicable), device address, operating system, operating system address, IP address and the domain name from which you accessed a Site; (ii) information about your region, continent, country, city, zip code, time zone, and general location; and (iii) information about your browsing activities on and through a Site (also known as “Click Stream” data), such as (a) the date and time you visit one of the Sites, (b) the areas or pages of a Site that you visit, (c) the amount of time you spend viewing a Site or specific areas of a Site, (d) the number of times you return to a Site or a specific area of a Site, (e) the web sites or pages you visited prior to visiting a Site, (f) the websites or pages you visit after you leave a Site; (g) searches you have performed on a Site and on other websites that led you to our Sites; (h) social plug-ins with which you have interacted on our Sites; and (j) other similar Site usage data (collectively, the “Site Usage Information”).
If you provide or connect your third-party account credentials to an account with our Site, some content and/or information in those accounts may be transmitted into your account with us. For example, when you connect with Facebook, we receive and collect your name, email address and profile photo.
COOKIES AND OTHER TRACKING TECHNOLOGIES
We may use Flash cookies and other similar technologies, which allow a website to store certain information locally on an individual’s computer or device and then access and use that information to enhance and facilitate certain Site experiences, processes and functionality. Flash cookies are different from other cookies and may not be removed in the same manner. More information about both kinds of cookies is available at www.allaboutcookies.org.
We also use web beacons (also known as “clear GIFs” or “pixel tags”) for similar purposes as cookies. These beacons are typically one-pixel images that are embedded in the Site or in a communication, such as an email message. These technologies help us to verify when a certain page of a Site is viewed, when a message is opened and when links or other content in a message are clicked or viewed.
We may use third party web analytics services, such as Google Analytics and Adobe services, to help us track and analyze the use of our Site and to measure the effectiveness of our advertising, Site content, and communications. These service providers’ tools, including, for example, cookies, tags and web beacons, help us to gain this understanding.
DO NOT TRACK
We currently do not participate in any “Do Not Track” frameworks that would allow us to respond to signals or other mechanisms from you regarding the collection of your information. We may engage third parties, such as marketing or analytics partners, who may collect information about your online activities over time and across different websites when you use our website. To learn more about browser tracking signals and “Do Not Track,” please visit http://allaboutdnt.org.
THIRD PARTY ADVERTISING
Some of the window dressing appearing on our Site may be delivered to you by our Web advertising partner or partners. Information about your visit to a partner site or sites, such as number of times you have viewed an ad (but not your name, e-mail, or other Personal Information), is used to serve ads to you.
We may use the information we collect from and about you (including both Personal Information and Site Usage Information) for a variety of purposes, including but not limited to the following:
(i) To fulfill your requests for products and services and to keep you informed about your orders; (ii) to provide you with targeted offers and advertising on and at the Sites; (iii) subject to your communications preferences and, where required by applicable law, subject to your consent, to contact you (via postal mail, email and the like) with promotional materials about us, our products, our services and our events, as well as about select partners; (iv) to contact you when necessary or appropriate; where appropriate, for market research and to review and improve our merchandise selections, customer service, online and offline operations and overall shopping experience; (v) to protect the security or integrity of the Sites and our business; (vi) and otherwise, with your permission or as permitted by law.
We (and our service providers) also analyze and use Site Usage Information and information collected through cookies, web beacons and other tracking technologies, alone and in combination with Personal Information, to assess the behavior of our users, to measure the interest in and use of the Sites and communications, and to customize the Sites and our communications with you. We do this both on an individual basis and in the aggregate.
The table below shows you a description of all the ways we plan to use personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
PAYMENT CARD INFORMATION
To use certain aspects of our e-commerce Services, such as subscribing to our quarterly boxes and/or purchasing products from our e-commerce shop, we may require credit or debit card account information. By submitting your credit or debit card account information through the Services, you expressly consent to the sharing of your information with third party merchants, subscription and billing processors, and payment processors. These third parties may store your credit or debit card account information so you can use our Services in the future. We do not have your complete credit or debit card account information, store your credit or debit card account information, or have direct control over or responsibility for your credit or debit card account information. While we require that such third party merchants, subscription and billing processors, and payment processors use reasonable procedures to help protect your credit or debit card information, we cannot guarantee that transmissions of your credit or debit card account information or Personal Information will always be secure or that unauthorized third parties will never be able to defeat the security measures taken by us or our third-party service providers. We assume no liability or responsibility for disclosure of your information due to errors in transmission, unauthorized third-party access, or other causes beyond our control.
We may disclose information we collect (including Site Usage Information and Personal Information) in the following ways to third parties, to the extent permitted by law:
- To our service providers and suppliers, who collect or use such information for us or on our behalf (such as website or database hosting companies, address list hosting companies, email service providers, analytics companies, distribution companies, fulfillment companies, and other similar entities that help us to operate the Site and/or provide functionality, content and services);
- Spiritú affiliated entities;
- Auditors and professional advisers like bankers, lawyers, accountants and insurers;
- To respond to subpoenas or other judicial processes, or to provide information as requested by law;
- In the event that Spiritú or substantially all of its assets are acquired by one or more third parties as a result of an acquisition, merger, sale, consolidation, bankruptcy, liquidation or other similar corporate reorganization, where your information may be one of the transferred assets;
- To third party marketers, as permitted by law;
- When you contribute to a social, community or other publicly available area or feature of the Sites, the information and content that you post may be made available to the general public, depending on your settings (which is why we recommend that you do not submit or post any sensitive Personal Information, such as your full name, home address, phone number or other information that would enable others to contact or locate you); and
- As otherwise, with your permission or as permitted by law.
Content and information that you submit on or through Facebook, Twitter, Instagram, Tumblr and other third-party platforms may appear on the Site through feeds from and other interfaces with those platforms. We are not responsible for the information, content and/or privacy practices of any such third-party platforms.
YOUR CHOICES / YOUR PRIVACY RIGHTS / HOW TO UNSUBSCRIBE
If you would like to opt out of receiving direct mail from us, please contact us at firstname.lastname@example.org. Please understand that if you opt out of receiving promotional correspondence from us, we may still contact you in connection with your Account, relationship, activities, transactions and communications with us.
If you would like to opt out of receiving promotional emails from us, please follow the unsubscribe instructions located in each such email or contact us at email@example.com. Please understand that if you opt out of receiving promotional correspondence from us, we may still contact you in connection with your Account, relationship, activities, transactions and communications with us.
If you would prefer that we not share your Personal Information with third-party marketers, please contact us at firstname.lastname@example.org. Please understand that if you do request that we stop sharing your Personal Information with third parties for their direct marketing purposes, such request will only apply as of the date of your request, and we will not be responsible for any communications that you may receive from third parties that received your Personal Information prior to that request. In these cases, please opt out from or contact the third party directly.
By consenting to this privacy notice you are giving us permission to process your Personal Information specifically for the purposes identified.
Where we are asking you for sensitive Personal Information we will always tell you why and how the information will be used.
You may withdraw consent at any time by contact us at email@example.com. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
MAINTENANCE AND PROCESSING OF INFORMATION IN THE U.S. AND OTHER COUNTRIES
Your personal and other information may be stored, transferred and processed in and to the United States. By providing Personal Information to us, you consent to the collection, maintenance, processing and transfer of such information in and to the United States and other countries and territories, pursuant to the laws of the United States or such other jurisdictions, which may provide lesser privacy protection than the laws of other countries, and you acknowledge that your information may thus be subject to U.S. laws and accessible to the U.S. government, courts, law enforcement and regulatory agencies.
ACCESS TO YOUR PERSONAL INFORMATION
At any point while we are in possession of or processing your Personal Information, you, the data subject, have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organization.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
- Right to judicial review: in the event that Rachel Zoe refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below.
All of the above requests will be forwarded on should there be a third party involved in the processing of your Personal Information.
To provide you with increased security, access to certain Personal Information stored in your Account is protected with your username and password. You are responsible for maintaining the confidentiality of your Account credentials, and we strongly recommend that you do not disclose your account username or password to anyone. We will never ask you for your password in any unsolicited communication. Please notify us immediately of any unauthorized use of your Account credentials or any other suspected breach of security.
The Sites are not directed to children under the age of thirteen (13). If you are under thirteen (13), do not provide your Personal Information on or to the Site. We do not knowingly collect on the Sites any Personal Information from children under thirteen (13). Users outside of the United States who are below the age of eighteen (18) (or the age of the majority in the applicable jurisdiction) should not use the Sites without authorization from a parent or legal guardian. If a parent or guardian becomes aware of his or her child has provided us with Personal Information without their consent, please contact us at: firstname.lastname@example.org.
We will process Personal Information for six (6) years and will store the Personal Information for those six years, based on the renewal term of two successive annual memberships.
HOW WE USE THE PERSONAL INFORMATION COLLECTED ABOUT YOU
We will process (collect, store and use) the information you provide in a manner compatible with the GDPR. We will endeavor to keep your information accurate and up to date, and not keep it for longer than is necessary. Spiritú is required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of Personal Information should be kept may also be governed by specific business-sector requirements and agreed practices. Personal Information may be held in addition to these periods depending on individual business needs.
HOW TO FIND OUT PERSONAL INFORMATION HELD BY SPIRITÚ
Spiritú at your request, can confirm what information we hold about you and how it is processed. If Spiritú does hold Personal Information about you, you can request the following information:
- Identity and the contact details of the person or organization that has determined how and why to process your data. In some cases, this will be a representative in the EU.
- Contact details of the data protection officer, where applicable.
- The purpose of the processing as well as the legal basis for processing.
- If the processing is based on the legitimate interests of Spiritú or a third party, information about those interests.
- The categories of Personal Information collected, stored and processed.
- Recipient(s) or categories of recipients that the data is/will be disclosed to.
- If we intend to transfer the Personal Information to a third country or international organisation, information about how we ensure this is done securely. The EU has approved sending Personal Information to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information.
- How long the data will be stored.
- Details of your rights to correct, erase, restrict or object to such processing.
- Information about your right to withdraw consent at any time.
- How to lodge a complaint with the supervisory authority.
- Whether the provision of Personal Information is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the Personal Information and the possible consequences of failing to provide such data.
- The source of Personal Information if it wasn’t collected directly from you.
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
Spiritú accepts the following forms of ID when information on your personal data is requested: Passport, Driver’s License, or other valid photo ID.
In the event that you wish to make a complaint about how your Personal Information is being processed by Spiritú or third parties, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and Spiritú’s data protection representatives Data Protection Officer (DPO).
To contact our Data Protection Officer:
Data Protection Officer
c/o Spiritú, Inc.
730 Arizona Ave
Santa Monica, CA 90401
DISPUTE RESOLUTION / ARBITRATION
|Purpose/Activity||Type of data||Lawful basis for processing|
|To register you as a new customer||Identity
|Performance of a contract with you|
To process and deliver your order including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us
Marketing and Communications
Performance of a contract with you
Necessary for our legitimate interests (including to recover debts due to us)
To manage our relationship with you which will include:
(b) Asking you to leave a review or take a survey
Marketing and Communications
Performance of a contract with you
Necessary to comply with a legal obligation
Necessary for our legitimate interests (to keep our records updated and to study how customers use our products / services)
|To deliver direct marketing to you||
Marketing and Communications
|For most direct marketing communications, we rely on consent, however there are situations in which it is in our legitimate interests to use your personal data in this way|
|To enable you to take part in a prize draw, competition or complete a survey||
Marketing and Communications
Performance of a contract with you
Necessary for our legitimate interests (to study how customers use our products / services, to develop them and grow our business)
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)
Necessary to comply with a legal obligation
|To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||
Marketing and Communications
|Necessary for our legitimate interests (to study how customers use our products / services, to develop them, to grow our business and to inform our marketing strategy)|
|To use data analytics to improve our website, products / services, marketing, customer relationships and experiences||
|Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
|To make suggestions and recommendations to you about goods or services that may be of interest to you||
|Necessary for our legitimate interests (to develop our products / services and grow our business)|
|To prevent and detect unlawful acts||
Necessary for our legitimate interests (to protect our business and our customers by way of undertaking fraud monitoring and suspicious transaction monitoring)
Necessary to comply with a legal or contractual obligation to share personal data for the purposes of law enforcement
|In order to resolve legal claims or disputes involving you or us||All relevant data categories, depending on the nature of the allegation or claim||Necessary to bring or defend a claim|