Privacy Policy
ANDALOU NATURALS PRIVACY POLICY
Effective Date: January 29, 2020
Andalou Naturals is serious about customer privacy. This Privacy Policy describes the type of personal information we may collect from you or you may provide to us when you visit our website at www.Andalou.com (our “Website”) or purchase our products. This Privacy Policy also explains our practices for collecting, using, maintaining, protecting and disclosing such data, which may include, but not be limited to personal information.
By accessing or using our Website, you agree to the terms of this Privacy Policy, including but not limited to our collection and processing of your Data. IF YOU DO NOT AGREE TO THE TERMS OF THIS PRIVACY POLICY, DO NOT ACCESS OUR WEBSITE.
SECTION 1 - LAWFUL BASES FOR COLLECTION AND PROCESSING OF DATA THROUGH OUR WEBSITE; PERSONAL DATA WE COLLECT AND PROCESS
When you visit our Website, we automatically collect certain information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse our Website, we collect information about web pages or products that you view, the websites or search terms that referred you to our Website, and information about how you interact with our Website.
When you make a purchase or attempt to make a purchase through our Website, we also collect certain information from you, including your name, billing address, shipping address, payment information (such as credit card numbers), email address, and phone number. This personal information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device herein is collectively referred to as “Data.”
In the past twelve (12) months, the categories of personal information that we have collected from consumers visiting this website include
- Contact information, such as name, postal address, email address, phone number.
- Online identifiers, such as username and IP address.
- Usage information, such as how you and your device interact with our website (e.g., the pages you visit, the search terms you enter).
- Other information, such as credit card information, that you provide to conduct transactions.
We have collected such personal information solely from the following categories of sources:
- Directly from customers when engaged in transactions through this website or other manner of direct communications.
- Directly and indirectly from activity on our website (Andalou.com). For example, from requests through our website portal or website usage details collected automatically.
SECTION 2 - WHAT DO WE DO WITH YOUR DATA?
The Data we collect from customers is used to fulfill orders placed through our Website, which includes the processing of payment information, preparing orders for shipment, and providing order confirmations and other order-related communication. In addition, we’ll use Data from your visit to our Website to improve and optimize the customer experience, to screen for potential risk and fraud, to provide the most relevant advertisements and email communications to you, and to assess the success of our current marketing and advertising campaigns. Pursuant to General Data Protection Regulations (GDPR), we are considered a “controller” of Data and we may engage third party “processors” of Data.
We may use or disclose the Data we collect for one or more of the following business purposes:
- To fulfill or meet the reason for which the information is provided. For example, we will use address information you provide us in order to have the product delivered to you.
- To provide you with information concerning our products or services that you request or consent to receiving from us.
- To carry out our obligations and enforce our rights arising from any sales transactions entered into between you and us, including for billing and collections.
- To improve our website and present its contents to you.
- For testing, research, analysis and product development.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information.
SECTION 3 - YOUR RIGHTS
Through your access of our Website and provision of Data as described herein, you have provided your consent for our use and collection of your Data. However, in the event you change your mind, and no longer wish that we utilize your Data, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information at any time, or modify your contact information, by contacting us at usa@andalou.com and indicate on the subject line, “Privacy Compliance,” or by mailing us at: 1470 Cader Ln., Petaluma CA 94954, Attention: Privacy Compliance.
If you are a California resident, the California Consumer Privacy Act of 2018 (the “CCPA”) provides California residents with certain rights as to personal information maintained by businesses subject to the statute. Those rights include the following:
(1) The right to request disclosure of personal information, including the categories of personal information collected, the source of the personal information, any use made of the personal information, and, if personal information was disclosed or sold to third parties, the categories of such personal information and the categories of third parties to whom such information was disclosed or sold.
(2) The right to request a copy of the specific personal information collected about the requesting individual during the 12 months before the request;
(3) The right – with certain exceptions – to have personal information deleted;
(4) The right to request that personal information not be sold to third parties; and
(5) The right not to be discriminated on the basis of having asserted privacy rights.
California residents may make a request for their personal information to any business subject to the CCPA twice within a twelve-month period. The responding business will need to obtain information from the requesting party so that it can verify their identity. The business must respond within forty-five (45) days of receiving a request for personal information. If you would like to exercise these rights, please contact us on our website at: https://andalou.com/pages/data-request and fill in the requested information. You may alternatively contact us at the following toll-free number: 888-898-6955.
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us usa@andalou.com and indicate on the subject line, “Privacy Compliance,” or by mailing us at: 1470 Cader Ln., Petaluma CA 94954, Attention: Privacy Compliance.
In addition, European residents who believe any concerns regarding their Data have not been adequately addressed by us may lodge a complaint with the supervisory authority of their particular Member State, as defined under GDPR Chapter 6.
SECTION 5 - DATA RETENTION
Andalou Naturals is located in the United States. By submitting your Data through our Website, you agree to the transfer, storing and processing of your Data, which, depending on the use of third party services, may be processed, transferred and stored outside of the country where you reside. When you place an order through our Website, we will take reasonable steps to ensure that your Data is treated securely and in accordance with this Privacy Policy.
SECTION 6 - COOKIES
We, and third parties we utilize, use cookies and other similar technologies. Cookies are small text files placed on your device that uniquely identify your device and which a website can transfer to a consumer’s hard drive to keep records of the consumer’s visit to a website. We, or third parties, may use session cookies or persistent cookies. Session cookies only last for the specific duration of your visit and are deleted when you close your browser. Persistent cookies remain on your device’s hard drive until you delete them or they expire. Different cookies are used to perform different functions, which we explain below:
- Some cookies are essential in order to enable you to move around our website and use its features, such as accessing secure areas of our website. Without these cookies, we cannot enable appropriate content based on the type of device you are using.
- We use Google Analytics to measure how you interact with our website and to improve your user experience. To learn more about Google Analytics privacy practices and opt-out mechanisms, please visit the Google Analytics Security and Privacy Principles page at https://support.google.com/analytics/answer/6004245?hl=en. Google also provides a complete privacy policy and instructions on opting out of Google Analytics at https://tools.google.com/dlpage/gaoptout.
- Targeted Advertising. We use cookies to compile information on our users’ interactions with our website. We use this information to serve ads to you off of our website.
There are several ways to manage cookies. You can control the use of cookies at the browser level, by instructing your browser to accept cookies, disable cookies, or notify you when receiving a new cookie. Please note that if you reject cookies, you may still use our website, but your ability to use some features or areas of our website may be limited. The Network Advertising Initiative also offers a means to opt-out of a number of advertising cookies. Please visit www.networkadvertising.org to learn more.
SECTION 7 – ONLINE STORE / THIRD PARTY SERVICES
Our Website store utilizes Shopify as our third-party e-commerce and payment partner, which allows us to sell our products and services to you. Your Data is stored through these databases and applications. They store your Data on a secure server behind a firewall. If you choose a direct payment through our store to complete your purchase, then our partner stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as necessary to complete your purchase transaction. Once complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS, as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
When you click on links on our Website, they may direct you away from our Website. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements. Once you leave our Website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy.
SECTION 8 - DISCLOSURE OF YOUR INFORMATION
We do not sell, trade, rent or disclose your Data to third parties, except as provided herein:
(a) We will disclose Data (i) if it is required by law enforcement or judicial authorities, or to cooperate with a law enforcement investigation; (ii) if we have a good faith belief that we are required or permitted to do so by law or legal process; (iii) to protect our rights, reputation, property, or the safety of us or others; (iv) to defend or enforce our rights or your obligations; (v) if the disclosure is required by mandatory professional standards; (vi) to a third party with your prior consent; (vii) if we are under a duty to disclose or share your Data in order to enforce or apply any contracts or agreements that may exist between you and us, including this Privacy Policy; and/or (viii) if we are required to exchange information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
(b) We obtain support through third party service providers to maintain our Website, offer our products for sale, process customer orders, and deliver products. For example, we must release your credit card information to the card-issuing bank to confirm payment for products and services purchased on our Website and we provide order information to third parties that may package and deliver your product order including your address, name, phone if required for delivery, order totaled, and what was ordered.
(c) In the event we sell our stock or assets to an acquiring entity or merges with another entity, we reserve the right to provide your Data to the acquiring or surviving entity.
SECTION 9 - DATA SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with an AES-256 encryption. We follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your Data, you acknowledge that: (a) there are security and privacy limitations of the Internet that are beyond our control; (b) the security, integrity, and privacy of any and all information and Data exchanged between you and us through our Website cannot be guaranteed and we shall have no liability to you or any third party for loss, misuse, disclosure or alteration of such information; and (c) any such information and Data may be viewed or tampered with in transit by a third party.
In the unlikely event that we believe the security of your Data in our control may have been compromised, we will try to notify you. To the extent you have provided us with your email address, we may notify you by email and you agree to our use of email as a means of such notification. If you prefer for us to use another method to notify you in this situation, please contact us using the information contained in Section 3, above, with the alternative contact information you wish to be used.
SECTION 10 – DO NOT TRACK DISCLOSURES
Some websites have “do not track” features that allow users to instruct a website not to track them. These features are not all uniform. We do not currently respond to those signals; however, our marketing partners may be members of the Network Advertising Initiative or the Digital Advertising Alliance, which have agreed to honor consumers’ opt-out preferences submitted through those organizations’ websites. To learn more about your choices regarding this type of data collection or to opt out of interest-based advertising by members of the NAI or the DAA, please visit the choices websites of the NAI and DAA at https://www.aboutads.info) You also may locate Google Analytics’ currently available opt-outs for the web here: https://tools.google.com/dlpage/gaoptout/. You can obtain more information about how to opt-out of Adobe Analytics here: http://www.adobe.com/privacy/opt-out.html.
SECTION 11 - AGE OF CONSENT
We are not a site targeted at children or those under the age of 16. By using our Website, you represent that you are at least the age of majority in your country, state or province of residence, or that you are the age of majority in your country, state or province of residence and you have given us your consent to allow any of your minor dependents to use our Website.
SECTION 12 - CHANGES TO THIS PRIVACY POLICY
We reserve the right to modify this Privacy Policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on our Website. If we make material changes to this Privacy Policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
SECTION 13 – CONTACT US
If you have any questions, comments, or concerns about our privacy practices or this Policy, please contact us at: usa@andalou.com, 1470 Cader Ln., Petaluma CA 94954, and/or toll-free phone number 1-415-941-5607.
.
Rakuten Advertising may collect personal information when you interact with our digital property, including IP addresses, digital identifiers, information about your web browsing and app usage and how you interact with our properties and ads for a variety of purposes, such as personalization of offers or advertisements, analytics about how you engage with websites or ads and other commercial purposes. For more information about the collection, use and sale of your personal data and your rights, please use the below links.
Privacy policy : https://rakutenadvertising.com/legal-notices/services-privacy-policy/
Your rights : https://rakutenadvertising.com/legal-notices/services-privacy-rights-request-form/