THIS IS HOW WE COLLECT AND USE YOUR INFORMATION
LAST UPDATED AUGUST 2021
WHAT PERSONAL INFORMATION WE COLLECT
In connection with our business, we collect and process the following categories of Personal Information of individuals:
- contact information (name, physical address, telephone, and email address)
- other personal information such as age and gender
- account information (username and password)
- payment information, such as credit card and payment card information (type, number, expiration date, security code), bank account number, billing address, etc. However, please note that we and our employees will not have access to payment data of Goodhabit customers or store such data on our servers, other than minimal information such as the last four digits of a credit card or bank account. Additional payment information is accessed and collected only by our payment processor.
- purchasing history, such as past product purchases, order numbers, identification of products and quantities purchased.
- information regarding your electronic device(s) and IP address and your use of the Site.
- information contained in our Site and Off-Line communications with you, including survey responses, contact preferences and responses to our marketing efforts.
- Information about your interaction with our Site, such as which items you browse.
HOW WE COLLECT PERSONAL INFORMATION
We may collect Personal Information from you in a number of ways. For example, we may collect Personal Information from you if you choose to create an account with us, complete an online survey or feedback form, visit our Site, rate or review products, sign up to receive communications from us, email us, or order any products or e-gift cards.
We also collect information from other sources. Goodhabit automatically receives and records Personal Information on our server logs from your browser as well as through other analysis of the Site. Information collected may include but is not limited to your browser type, your operating system, your language preference, any referring web page you were visiting before you came to our Site, the date and time of each visitor request, and information you search for on our sites. We can also track the path of page visits on the Site and monitor aggregate usage and web traffic routing on the Site. We may collect Personal Information using cookies, web beacons, pixels or similar technologies, or through third parties using similar technologies. For convenience, in this policy, we refer to all of those technologies as cookies. A “cookie” is a piece of data stored on your computer. When you visit the Site, your web browser may store cookies on your computer, which will better enable you to navigate the Site upon return. You can change your web browser settings at any time to stop accepting cookies or to prompt you before accepting a cookie from the sites you visit. You may use the Site even if you choose to reject or delete the cookies; however, some functions of the Site may not be available to if you do so. Cookies also may be used by some of the other websites for which a link is placed on the Site. If you are in the United Kingdom, the European Union or another country where we need your consent in order to drop non-essential cookies on your device, we will not do this without obtaining your consent.
We may access Personal Information about you from third-party sources and platforms like Facebook, other social media and marketing platforms, marketing or ad firms. The Personal Information we collect may include your username and connection services, age range, gender, interests, advertisement interaction and viewing data and unique identifiers like a mobile identification number.
CHILDREN AND PRIVACY
If you are under 13, DO NOT USE THIS SITE. We do not knowingly collect Personal Information from children under age 13. If you are under age 13, you are not permitted to use the Site.
If you are 13 - 17 years of age, you may visit, browse and use the information on the Site but you may not register an account or submit any Personal Information. If you are 13 - 17 years old, by browsing the Site you confirm that you have the permission of a parent or guardian to do so. If you are a parent or guardian and believe that we may have inadvertently collected Personal Information from your child, please notify us immediately by sending an email to email@example.com.
HOW WE USE PERSONAL INFORMATION
We use the Personal Information we collect to communicate with you, advertise and of course, improve our Site.
We may use any of the information we collect from you to serve you, respond to you, provide customer service and improve the Site and our products and services, including to:
• process and fulfill your orders, and process payments;
• alert you to new features, products, events, or services (if you have opted into receiving marketing communications, as described below);
• process and respond to your customer service and support requests or feedback;
• contact you about your account or profile; for example, we send all registered users a welcome email to confirm registration;
• administer and improve the Site and our products and services, perform security functions, analyze data, perform surveys, and create marketing plans;
• implement credit fraud protection and risk reduction measures;
• make other marketing offers from our affiliates and marketing partners that we think may be of interest of you, subject to your having opted into receiving electronic marketing communications;
• remind you about your basket if you do not complete your purchase;
• enforce our Terms of Service;
• comply with laws and regulations, collect debts and protect our rights, protect us against fraud, misuse of our Site or services, comply with tax reporting requirements; and
• for any other reason for which you provided the Personal Information.
We may de-identify and anonymize Personal Information to create statistical data or system usage data, by removing all personal identifiers and/or aggregating your data with other’s data so that it is not identifiable as to any particular person. Anonymized data may be retained and used by us to improve our products and services, provided to third parties, and used for any other proper purposes, subject to any limitations of applicable laws.
SHARING PERSONAL INFORMATION WITH THIRD PARTIES
No sale of Personal Information. We never sell or rent Personal Information to third parties.
Disclosures of Personal Information. We can disclose the Personal Information we have collected to others in the following circumstances:
• to our service providers, sponsors, suppliers, vendors and others who help us provide the Goodhabit Site and our services to you. This includes providing Personal Information to third parties for their processing in performing functions on our behalf, particularly the functions listed above in the “HOW WE USE PERSONAL INFORMATION” section. These third party providers will be contractually and/or legally required to protect Personal Information from additional processing (including for marketing purposes) and transfer in accordance with applicable laws;
• to our affiliates;
• to merchants, licensors, activity and event partners and sponsors, social media platforms, digital marketing networks, ad exchanges and other advertising partners, and other third parties for their own marketing purposes, such as to provide information to you about their new developments, special events, programs, services, activities, products, attractions, stores, promotions and sweepstakes activities, and other important information, but only if you have specifically opted-in to receiving such communications;
• to third parties to provide analytics or to confirm or update Personal Information provided by you;
• to third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer or disposition of all or any portion of our business or operations (including without limitation in connection with bankruptcy or any similar proceedings);
• to our professional advisers, such as auditors and legal counsel; or
• as otherwise authorized by you.
Those third parties may use your Personal Information for their own purposes. You may read Facebook's privacy notice at https://www.facebook.com/privacy/explanation.
We also may disclose your Personal Information in response to a subpoena, legal order or official request; when we believe you have acted in violation of the Terms of Service; to investigate, prevent or take action regarding suspected illegal activities, fraud or potential threats; to exercise legal rights or defend against claims; or as otherwise permitted or required by law.
We also may disclose or sell non-personally identifiable information, such as aggregated and anonymized data, to third parties. Such data will not be in a form that is identifiable or re-identifiable as to any individual person.
If you elect to participate in any promotions, sweepstakes, surveys, questionnaires, or other events during your visit to the Site, the rules or terms and conditions for those events may indicate that your Personal Information will be shared with third parties with your consent. Please review the applicable rules or terms and conditions for any promotions, sweepstakes, surveys, questionnaires or events.
RETENTION OF PERSONAL INFORMATION
We process and retain Personal Information to fulfill the purposes identified above. Personal Information is retained and archived for the time periods permitted by law. Typically, this is the period of your relationship with us and the following period during which you or we could bring a claim against each other. We will delete an individual’s Personal Information in response to that individual’s request, as set forth in the “YOUR RIGHTS RELATING TO YOUR PERSONAL INFORMATION” section below.
We reserve the right to retain usage data relating to our products and services, as well as data that has been anonymized and/or aggregated, to the extent permitted by applicable laws. With respect to any Personal Information collected by us for marketing or for our own internal purposes, we will retain that data for a reasonable time in order to fulfill those purposes.
YOUR RIGHTS RELATING TO YOUR PERSONAL INFORMATION
Opting into and out of communications. You don't have to hear from us or from our marketing partners, like perfume brands, if you don't want to. We share your Personal Information with our marketing partners only if you opted-in to receiving communications from them. You may opt out of receiving future opt-in communications by contacting us as set forth in the “YOUR RIGHTS RELATING TO YOUR PERSONAL INFORMATION” section below. You may also click the “unsubscribe” link at the bottom of any emails you receive from us and follow the instructions provided.
Your California privacy rights. This section applies to California residents only.
- Shine the Light law. Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of Personal Information the business shares with third parties for direct marketing purposes by such third party and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. We share your Personal Information with third parties (primarily perfume brand companies) for their direct marketing purposes only if you have expressly opted-in to receiving communications from such third parties. However, to submit a request for such information or to withdraw your consent to such communications, you can contact us as set forth below.
- California Minors. California residents under age 18 (“California Minors”) have additional privacy rights under California law. A California Minor who uses our Site has the right to either remove content or information posted on the Site by such user, or, if removal of such information by the user himself or herself is not enabled or possible, the user may request and obtain removal of such content or information. To have any content or information provided by a California Minor removed by us, contact us at the contact information provided below. This removal does not ensure complete or comprehensive removal of any such content or information posted.
Your Canadian privacy rights. This section applies to Canada residents only.
Under various Canadian privacy laws, including the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), you have certain data subject rights, including:
- Access: If you request access to your Personal Information that is in our system, by contacting us as set forth below, we will provide you with a copy of that information within 30 days. Upon your request, we will also inform you if we have any of your Personal Information, explain how we’ve you’re your Personal Information, and provide a list of any other organizations to which your Personal Information has been disclosed.
- Correction: If you wish to update or make corrections to your Personal Information that is in our system, you can make certain updates and correction by logging into your account and make the necessary changes. You can also contact us at the Goodhabit Contact Information below.
If you wish to exercise any of your rights or make any requests relating to your Personal Information or data under the principles outlined above, you may contact our Data Privacy Officer at the contact information set forth below. We may be unable to remove, correct or provide access to Personal Information to the extent that we are processing it on behalf of our customer, it is permitted or required to be retained by applicable law or document retention and data backup policies, or if removal is not practicable due to technological reasons. Please note that removal of your Personal Information may prevent or hinder us from providing further services and information to you.
We may require you to provide sufficient information to permit us to provide an account of the existence, use, and disclosure of Personal Information. The information provided shall only be used for this purpose.
Your Personal Information may be transferred outside of Canada for processing and storage. We and our service providers may store Personal Information on servers located in other jurisdictions, including the United States. Please note that privacy laws in such jurisdictions differ from Canadian privacy laws (e.g., PIPEDA) and that in some jurisdictions your Personal Information may be accessed by law enforcement authorities or the courts in such jurisdictions.
Your United Kingdom and European Economic Area privacy rights. This section applies only to individuals in a country in the United Kingdom and European Economic Area
For the purposes of data protection law in the United Kingdom and European Economic Area countries, Scentbird, Inc. is the "controller" of your Personal Data as described in this notice.
The laws of those countries provide a number of reasons for which we may collect and use your Personal Data. Our reasons are as follows:
- Performance of a contract with you or taking steps to perform a contract where you buy our products and services or register as a user on our Site.
- Your consent where you tick a box or other specifically agree to receive email newsletters about our services and products or those of third parties such as our affiliates and marketing partners, or where you consent to our using cookies.
- Necessity in our legitimate interest in operating our business, for example, when obtaining your feedback, administering or improving the functionality of the Site, or conducting analyses to understand your interests or complying with US tax reporting. Here, we will only use your Personal Data in a way which you might reasonably expect and which does not materially affect your rights.
- Legal compliance, for example, in relation to a criminal investigation.
We will transfer your Personal Data to the United States, Turkey, or other countries, which might not ensure the same level of protection as the data protection laws of those countries. When we receive your Personal Data in the United States we will comply with the General Data Protection Regulation or UK data protection law to the extent it applies to our use of your Personal Data.
You have certain rights over your Personal Data used by us. These rights are explained below but they are subject to certain exemptions.
- Right of access – the right to request a copy of the Personal Information we have about you and to request supporting information explaining how the Personal Information is used.
- Right of rectification – the right to request that we rectify inaccurate Personal Information about you.
- Right of erasure – the right to request that we erase Personal Information about you in certain circumstances. These include where we are using Personal Data because you have given us your consent and where you have objected (see below) to our use of your Personal Data based on our or a third party's legitimate interests and we don't have an overriding reason to continue to use it.
- Right to restrict processing – in some situations, you have the right to request that we do not use the Personal Information you have provided (e.g. if you believe it to be inaccurate).
- Right to data portability – you have the right to receive certain of your Personal Information in a structured, commonly used and machine-readable format and to transmit such information to another controller but only if we are using your information based on your consent or to perform a contract with you.
- Right to withdraw consent – where we process your Personal Information based on your consent, you have the right to withdraw consent at any time. However, this will not affect the lawfulness of the processing based on consent before its withdrawal. Furthermore, even in case of a withdrawal we may continue to use your Personal Information as permitted or required by law.
- Right to object - where we are processing your Personal Information based on a legitimate interest (or those of a third party) you may challenge this. However, we are entitled to continue processing your information based on our legitimate interests if we compelling legitimate interests which override yours or where this is relevant to legal claims.
If you would like to exercise any of these rights, please contact us using the information below. We may ask you to verify your identity before carrying out a request.
You are also free to lodge complaint with the supervisory authority or regulatory body, should you feel that we process your Personal Information in a way that is against applicable law.
THIRD PARTY LINKS
UPDATING YOUR INFORMATION
We don’t want to send your perfume to the wrong home. You must keep your Personal Information current and updated. You may update your shipping information by logging into your account and making edits to the “Billing & Shipping” tab. Similarly, you may update your Personal Information and password by logging into your account.
STORAGE OF PERSONAL INFORMATION
We may store Personal Information that we have collected (through the means described above) on our premises and in our information system at our facilities, in third party data centers, in the systems of third party service providers, and in cloud storage solutions. Scentbird (which provides the Goodhabit Site) is located in the United States.
We use appropriate physical, organizational and technological measures to protect the Personal Information you provide to us against loss or theft, and unauthorized access, disclosure, copying, use, or modification. If we use third parties to host our products, we will use third parties who meet required privacy and security standards. However, no electronic data transmission can be guaranteed to be secure from access by unintended recipients and we will not be responsible for any breach of security unless this breach is due to our gross negligence. In transacting business with us through our Site, you assume the normal risks inherent in transacting business online.
We use reasonable administrative, physical and electronic security measures to protect against the loss, misuse and alteration of Personal Information.
We try our best to make sure all our information is safe, but the Internet is not completely secure. Any transmissions you make over the internet are at your own risk. No transmission of data over the internet is guaranteed to be completely secure. It may be possible for third parties not under our control to intercept or access transmissions or private communications unlawfully. While we strive to protect Personal Information, neither we nor our service providers can ensure or warrant the security of any information you transmit to us over the internet. Any such transmission is at your own risk.
GOODHABIT CONTACT INFORMATION
If you have any questions, comments, or concerns about our privacy practices, or would like to exercise any of your rights related to your Personal Information, please contact us at firstname.lastname@example.org or mail us at:
1600 Perrineville Road
Ste. 2 – 395
Monroe Twp., NJ 08831
Attention: Data Privacy Officer
When contacting us, please include your name, address, email address, and your specific request. Please allow thirty (30) days for a response. We are only required to respond to one privacy request per customer each year, and are not required to respond to requests made by means other than through the above email and mail addresses.