This Privacy Policy describes how your personal information is collected, used, and shared when you visit or make a purchase from bestlife-herbals.com (the “Site”).
PERSONAL INFORMATION WE COLLECT
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information”.We collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site.
Additionally when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers, email address, and phone number. We refer to this information as “Order Information”.
When we talk about “Personal Information” in this Privacy Policy, we are talking both about Device Information and Order Information.
HOW DO WE USE YOUR PERSONAL INFORMATION?
We use the Order Information that we collect generally to fulfill any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:- Communicate with you;
- Screen our orders for potential risk or fraud; and
- When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
SHARING YOUR PERSONAL INFORMATION
We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use Shopify to power our online store--you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy. We also use Google Analytics to help us understand how our customers use the Site -- you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
BEHAVIOURAL ADVERTISING
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.You can opt out of targeted advertising by using the links below:
- Facebook: https://www.facebook.com/settings/?tab=ads
- Google: https://www.google.com/settings/ads/anonymous
- Bing: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
DO NOT TRACK
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.CHANGES
We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.CONTACT US
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e‑mail at contact@bestlife-herbals.com or by mail using the details provided below:Best Life Herbals
[Re: Privacy Compliance Officer]
7000 W. Palmetto Park Road, Suite 210, Boca Raton, FL 33433.
SPECIFIC TERMS PERTAINING TO CALIFORNIA CITIZENS ONLY UNDER THE CCPA
The California Consumer Privacy Act (“CCPA”) provides California residents with the additional rights listed below, subject to certain exceptions. This section applies only to those California residents to whom the CCPA applies (“California Resident” or “You”) and does not apply to any Personal Information, as defined in the CCPA (“PI”), that is excepted from the CCPA. All capitalized words in this section have the definitions given to them in the CCPA unless noted.California Residents have the right to:
- Request disclosure of our data Collection and sales practices in connection with you, including the categories of PI we have collected, the source of that PI, our use of that PI and, if the disclosed or Sold to third parties, the categories of PI disclosed or Sold to third parties and the categories of third parties to whom such PI was disclosed or Sold;
- Request a copy of the specific PI collected about you during the 12 months before your request made under the previous paragraph;
- Have such PI deleted (with exceptions);
- Request that your PI not be Sold to third parties, if applicable (Right to Opt Out); and
- Not be discriminated against because you exercised any of these rights.
Right to Request and Right to Know. You have the right to know and what PI we have Collected about you over the pas 12 months, and the right to request that PI, including:
- The categories of PI we have collected about you;
- The categories of sources from which the PI is collected;
- The Business purpose or Commercial purpose for Collection of your PI;
- The categories of Third parties with whom we have shared your PI; and
- The specific PI we have Collected about you
You may exercise the Right to Request no more than twice a year.
Categories of Information We Collect.
Category | Source | |
1. |
Identifiers (such as contact information, government IDs, cookies, etc.) | A, B, C |
2. | Information protected against security breachers (such as your name and financial account, driver's license, social security number, user name and password, health/medical information) | A (website login information) |
3. | Protected classification information (like race, gender, ethnicity, etc.) | A |
4. | Commercial information | [NOT COLLECTED] |
5. | Internet/electronic activity | A, B, C |
6. | Geolocation | C (based on IP address) |
7. | Audio/video data | [NOT COLLECTED] |
8. | Professional or employment related information | [NOT COLLECTED] |
9. | Education information | [NOT COLLECTED] |
10. | Biometrics | [NOT COLLECTED] |
11. | Inferences from the foregoing | A, B, C |
Key to Sources:
Source: | |
A | Individual submitting the information |
B | Third party from whom we receive the information |
C | Observing activities and recording the information (i.e., through cookies) |
We collect Personal Information for one or more of the following commercial and business purposes, in addition to what is otherwise disclosed in this Privacy Policy:
- Providing you with our products and services, including the Site;
- Auditing related to a current interaction with the consumer and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with laws and other standards:
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
- Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business;
- Marketing and advertising our products and services to you based on your advertising preferences;
- Debugging to identify and repair errors that impair existing intended functionality;
- Undertaking internal research for technological development and demonstration; and
- Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the company, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.
If we collect any additional PI for any other purpose, we will notify you of that purpose at the time we collect the PI for that purpose.
If we disclose PI for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that PI confidential and not use it for any purpose except performing the contract. We share PI with the following categories of Third parties: payment processors and shipment vendors, business consultants, select marketing and advertising providers, and other service providers. We do not sell PI.
Right to Opt Out. We do not Sell PI. If we do engage in an activity determined to be a Sale of your PI, you have the right to direct us to not Sell your PI by clicking on a link, Do Not Sell My Personal Information, which will be added to the website.
Right to Delete. You have the right to request that we delete the PI we have Collected from you (and direct our service providers to do the same). There are a number of exceptions, however, that include, but are not limited to, when the PI is necessary for us or a Third party to do any of the following:
- Complete your transaction
- Provide you a good or service;
- Perform a contract between us and you;
- Protect your security and prosecute those responsible for breaching it;
- Fix our system in the case of a bug;
- Protect the free speech rights of you or other users;
- Comply with the California Electronic Communications Privacy Act;
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interests that adheres to all other applicable ethics and privacy laws;
- Comply with a legal obligation; or
- Make other internal and lawful uses of the information that are compatible with the context in which you provided it.
Other Rights. You can request certain information about our disclosure of PI to third parties for their own direct marketing purposes during the preceding calendar year. This request is free and may be made once a year. You also have the right not to be discriminated against for exercising any of the rights listed above.
If you are a California Resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your PI to third parties for the third parties’ direct marketing purposes. To make such a request, please send an email to [contact@bestlifeherbals.com]. Pursuant to California Civil Code Section 1798.83(c)(2), we do not share your PI with third parties’ direct marketing use without your consent.
Exercising Your California Privacy Rights. To request access to or deletion of your PI, or to exercise any other data rights under California law, please email us. You must include your full name, email address, and other identifying information such that we will be able to verify your identity and California residency, along with why you are writing, so that we can properly process your request. We are only able to handle your request if you provide the requested information needed to verify your identity. If we are unable to verify your identify and match it with corresponding PI, we are unable to, and not required to, take any action.
Before we take any action on any request exercising a CCPA right, we must reasonably verify your identity. If we attempt to, but cannot do so, we will not be obligated to you under the CCPA.
Any subsequent interaction with the Site after a request for deletion, or deletion, of PI will require new requests for action on your data.
Response Timing and Format. We aim to respond to a consumer request for access or deletion within 45 days of receiving that request. If we require more time, we will inform you of the reason and extension period in writing.
SPECIFIC TERMS PERTAINING TO COVERED PERSONS UNDER THE EUROPEAN GENERAL DATA PROTECTION REGULATION (GDPR).
If you are a European resident and considered a Data Subject under the GDPR, these terms apply to you. We process your information in order to fulfill contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed in this document. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States, for data processing.
Data Retention
When you place an order through the Site, we will maintain your order and certain related information for our records unless and until you ask us to delete this information.
Who is responsible for the personal data we collect?
Best Life Herbals, 7000 W. Palmetto Park Road, Suite 210, Boca Raton, FL 33433, USA, is the data controller responsible for the processing of personal data described in this privacy policy.
What is personal data and what constitutes the processing of personal data?
Personal data is defined in the GDPR and refers to any information that can be linked directly or indirectly (together with other information) to a natural, living person. We process personal data by collecting, recording, organizing, structuring, storing, transferring and/or erasing it.
From what sources do we retrieve your personal data?
In addition to the information you provide us or that we collect from you based on your purchases and how you use our services, we may also collect personal data From one or more third parties. This data is used to provide our services, marketing and advertising, research and development, and internal analytics.
Who do we share your personal data with?
The data processor. We may disclose your data to other companies, such as data processors, when it is necessary for us to offer our services or fulfill our commitments to you. Data processors are companies that process data on our behalf and according to our instructions (including to fulfill your requests – such as to complete the sale of goods to you).
When your personal data is shared with a data processor, it is only for purposes that are compatible with the purposes for which we have collected the data. We have written agreements with all our data processors through which they guarantee the security of the personal data processed and undertake to comply with our security requirements as well as restrictions and requirements regarding the international transfer of personal data.
Personal data may also be disclosed by us if it is necessary to comply with applicable legal or governmental requirements, to safeguard our legal interests or to detect, prevent or be attentive to fraud and other security or technical issues.
Companies that are independent data controllers. We also share your personal data with companies that are independent data controllers. Sharing data with an independent data controller means that it is not us who control how the data will be processed.
When your personal data is shared with a company that is an independent data controller, that company’s privacy policy and personal data management guidelines apply.
Where do we process your personal data?
Personal data may be transferred between different companies within our group, and will be transferred into and out of the United States. When personal data is processed by a third party outside the EU, the receiving data processor shall only be granted access to data relevant to the purpose.
Regardless of the country in which your personal data is processed, we take all the necessary legal, technical and organizational measures to ensure that the level of protection is the same as within the EU/EEA.In this circumstance, the level of protection is guaranteed either by a decision of the EU Commission that the country concerned ensures an adequate level of protection or through the use of so-called appropriate safeguards (including an approved code of conduct in the destination country, Standard Contract Clauses (SCCs), Binding Corporate Rules (BCRs) or the Privacy Shield.
What are your rights as data subject?
Right of access (Subject Access Request). You can request access to the personal data we have that pertains to you. Please note that if we receive a subject access request, we may ask for additional data to ensure the effective handling of your request and that the information is given to the correct person.
Right to rectification. If your personal data is incorrect, you may request its correction. Within the stated purpose, you also have the right to supplement any incomplete personal data.
We may also, on its own initiative, correct, disassociate, delete or supplement data that is found to be incorrect, incomplete or misleading.
Right to erasure. You may request the deletion of the personal data we process about you if:
- The data is no longer necessary for the purposes for which it has been collected or processed.
- You oppose a balance of interest that we have made based on a legitimate interest, and, on balance, your reason for the objection weighs heavier than our legitimate interest.
- You oppose processing for direct marketing purposes.
- The personal data is processed in an unlawful way.
- The personal data must be deleted to comply with a legal obligation we are subject to.
- Personal data has been collected pertaining to a child (under 13 years) for which you have parental responsibility, and collection has been made in connection with the offer of information society services (e.g. social media).
Please note that we may have the right to deny your request if there are legal obligations that prevent us from immediately deleting certain personal data.
These obligations are related to accounting and tax legislation, banking and money laundering, and consumer law. It may also be possible that the processing is necessary for us to determine, enforce or defend legal claims. Should we be prevented from meeting a request for deletion, we will instead block personal data from being used for purposes other than the purpose that prevents the requested deletion.
Right to restriction. You have the right to request that our processing of your personal data be limited when the processing is based on a legitimate interest.
You may, have the right to demand that the processing of your personal data is limited. Limitation, means that the personal data is processed only for certain limited purposes.
This right to restriction also applies when p data is incorrect and relates to a request for it to be corrected. In such cases, you may also request that the data processing be restricted during the time that the data is being corrected.
If processing is restricted, we may, in addition to storage, only process the data in order to apply or defend legal claims to protect someone else’s rights or if you have given your consent.
Direct marketing: You may object to the processing of your personal data for direct marketing purposes by sending an email to [contact@bestlifeherbals.com]. Once we have received your objection, we will discontinue the processing of your personal data for that purpose, as well as cease all types of direct marketing actions.
Right to data portability. If our right to process your personal data is based on your consent or performance of an agreement with you, you have the right to request for the data that relates to you and which you have provided to us to be transferred to another data controller (so-called data portability). A prerequisite for data portability is that the transfer is technically feasible and can be automated.
Protection of Personal Data
We have taken appropriate technical operational measures to protect your personal data against unlawful and unauthorized processing.
Contact
Please do not hesitate to contact us at [contact@bestlifeherbals.com] if you have any questions regarding this Privacy Policy, the processing of your personal data, or if you wish to request subject access. We may be required to make changes to our privacy policy. The latest version of our privacy policy is always available on our website.
Categories of Information We Collect and Purpose of Collection and Processing.
Category | Source | |
1 |
Identifiers (such as contact information, government IDs, cookies, etc.) |
A, B, C |
2 |
Information protected against security breaches (such as your name and financial account, driver’s license, social security number, user name and password, health/medical information) |
A (Website login information) |
3 |
Protected classification information (like race, gender, ethnicity, etc.) |
A |
4 | Commercial information | [NOT COLLECTED] |
5 | Internet/electronic activity | A, B, C |
6 | Geoloction | C (based on IP address) |
7 | Audio/video data | [NOT COLLECTED] |
8 | Professional or employment related information | [NOT COLLECTED] |
9 | Education information | [NOT COLLECTED] |
10 | Biometrics | [NOT COLLECTED] |
11 | Inferences | A, B, C |
Key to Sources:
Source: | |
A |
Individual submitting the information |
B |
Third party from whom we receive the information |
C |
Observing activities and recording the information (i.e., through cookies) |
Purposes: We collect Personal Information for one or more of the following commercial and business purposes, in addition to what is otherwise disclosed in this Privacy Policy:
- Our legitimate interest in operating the Site, providing services via the Site, and fulfilling our contractual obligations to you, including the sale of goods.
- Providing you with our products and services, including the Site;
- Auditing related to a current interaction with the consumer and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with laws and other standards;
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
- Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business;
- Marketing and advertising our products and services to you based on your advertising preferences;
- Debugging to identify and repair errors that impair existing intended functionality;
- Undertaking internal research for technological development and demonstration; and
- Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the company, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.
If we collect any additional PI for any other purpose, we will notify you of that purpose at the time we collect the PI for that purpose.