Privacy Policy

Effective: October, 2022

This Privacy Policy describes how HerbaTerma, Und Inc. and its subsidiaries and affiliates (“HerbaTerma,” “we,” “us,” and/or “our”) handle personal data we collect online (through our websites) and offline (through customer support channels, our retail locations, and in-person promotional activities). We call all of these the “Services”. This Privacy Policy explains the types of personal data we collect and process, how we may use and share the data, and the choices that are available to you with respect to our handling of your personal data.

 

Information We Collect

Information we collect directly from you

We collect the information you provide directly to us, such as when you open an account, place an order, ask to receive emails, contact customer service, or interact with us on social media. The types of personal data we may collect directly from you include:

  • Contact information, such as your name, email address, mailing address, and phone number;
  • Account information, such as your username and password;
  • Billing information, such as credit card details and billing address;
  • Optional information you may choose to provide, such as your social handles, makeup and color preferences, age range, gender; and
  • Any other information you choose to provide, such as product reviews, responses to surveys or quizzes or to receive customer support.

Information about your use of our Services

We collect information about your use of the Services, such as the products you buy or express interest in.

Information we collect from other sources

We may collect information about you from other sources, including:

  • Other users, such as through our refer-a-friend program or e-gift card offerings. If you choose to participate in our refer-a-friend program or purchase an e-gift card for someone else, we will collect information about your friend (such as a name and email address) in order to invite your friend to shop with us or send them their e-gift card.
  • Third-party social media services. When you access the Services through a social network, we collect information about you from the social network in accordance with your settings on the social network. If you interact with us on social media, we will collect information about those interactions. The information we may collect includes your name and email address.
  • Other unaffiliated third parties, including advertising networks, media monitoring companies, and publicly available sources.

Information we collect by automated means

When you visit our sites, interact with our communications, or visit our stores, we collect certain information automatically. To collect this information, we may use cookies, web beacons, and similar technologies. A “cookie” is a text file that websites send to a visitor‘s computer or other internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as a pixel tag or clear GIF, is used to transmit information back to a web server. We may also collect information about your online activities over time and across third-party websites. The information we collect automatically may include:

    • URLs that refer visitors to our websites;
    • Search terms used to reach our websites;
    • Details about the emails we send, such as opens, clicks, and unsubscribes;
    • Details about the devices that are used to access our websites (such as IP address, browser information, device information, and operating system information);
    • Details about your interaction with our websites (such as the date, time, length of stay, and specific pages accessed during your visits to our websites, referral activity, and which emails you may have opened);
    • Information about activity in our stores, such as through closed circuit TVs for security monitoring or geofencing to identify traffic in our stores; and
    • Usage information (such as the number and frequency of visitors to our websites).
    • We use Hotjar in order to better understand our users’ needs and to optimize our website user experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.), and this enables us to build and maintain our website based on user feedback, actions and/or preferences. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.
      For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.
    • We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.
    • We may associate this information with your HerbaTerma account if you have one, the device you use to connect to our Services, or email or social media accounts that you use to engage with HerbaTerma.

For more information about how we use cookies click …

Advertising and Analytics Services Provided by Others

We may allow others to provide analytics services and serve advertisements on our behalf across the Internet and in mobile applications. They may use cookies, web beacons, and other technologies to collect information about your use of the Services and other websites and applications, including your IP address, device ID, web browser, mobile network information, pages viewed, time spent on pages or in apps, links clicked, and conversion information. This information may be used by HerbaTerma and others to, among other things, analyze and track data, determine the popularity of content, deliver advertising and content targeted to your interests on our Services and other websites, and better understand your online activity. For more information about interest-based ads, or to opt out of having your web browsing information used for interest-based advertising purposes, please visit www.aboutads.info/choices. European users may opt out of receiving targeted advertising through the European Interactive Digital Advertising Alliance.

We may also work with third parties to serve ads to you as part of a customized campaign on third-party platforms (such as Facebook or Google). As part of these ad campaigns, we or third-party platforms may convert information about you, such as your email address, into a unique value that can be matched with a user account on these platforms to allow us to learn about your interests and to serve you advertising that is customized to your interests. Note that the third-party platforms may offer you choices about whether you see these types of customized ads.

How We Use Your Information

We may use the information we collect to deliver the products and Services you request, to maintain and customize your account and our interactions with you (such as on our digital properties), and to provide, maintain, and improve our Services. We also use the information we collect to:

  • Create and manage your online accounts and profiles;
  • Communicate with you about our Services, including to tell you about products and services that may be of interest to you;
  • Complete the transactions you request, perform our contractual obligations, and use as otherwise anticipated within the context of our ongoing business relationship;
  • Respond to your requests, inquiries, comments, and suggestions;
  • Facilitate your engagement with the Services, including to enable you to post comments and reviews, to engage with other customers, and to post on social media;
  • Offer contests, sweepstakes, loyalty programs or other promotions;
  • Personalize your online experience and the advertisements you see when you use the Services or third-party platforms based on your preferences, interests, purchasing history and browsing behavior;
  • Monitor, audit and analyze trends, usage, and activities in connection with our Services;
  • Carry out short-term activities and other internal uses related to the products or services you purchase from us or your ongoing relationship with us;
  • Conduct internal research and development;
  • Detect, investigate, and respond to security incidents and protect against illegal or objectionable activities, including the unauthorized use of the Services, and protect the rights and property of HerbaTerma and others;
  • Debug, identify and repair errors that impair existing intended functionality of our Services;
  • Comply with our legal obligations, including those required for you to benefit from the rights recognized by law, or any regulatory requirements or provisions;
  • Conduct or administer surveys and other market research;
  • Email marketing (if applicable): With your permission, We may send you emails about Our store, new products and other updates; and
  • Text marketing (if applicable): With your permission, We may send text messages about Our store, new products, and other updates. Updates include Checkout Reminders. Webhooks will be used to trigger the Checkout Reminders messaging system.

Who May Have Access to Your Information

Within HerbaTerma: We may disclose certain of your personal information to HerbaTerma affiliates and personnel who need to know the information for the purposes described above, including personnel in the customer service and information technology departments.

Third-Party Service Providers: We may use third party service providers acting on HerbaTermas’s behalf to perform some of the services described above. For example, we share certain information with service providers who assist with the processing of credit cards and payments, hosting, managing and services our data, distributing emails, conducting research and analytics, advertising, analytics, or administering certain services and features. We also may share information about you with our professional advisors, including accountants, auditors, lawyers, insurers and bankers, if needed. These service providers may change over time, but we will always use trusted service providers who we require to take appropriate security measures to protect your personal information in line with our policies. We only permit them to process your personal information for specified purposes and, as appropriate, in accordance with our instructions and the provisions of this Policy and applicable law.

Other Third Parties: In certain limited circumstances, we share and/or are obligated to share your personal information with other third parties, including (a) to comply with our obligations, to protect the rights and property of HerbaTerma, our customers and the public, to cooperate with law enforcement investigations, and to detect and respond to suspected illegal activity and threats to the health or safety or any person or of our systems or services; (b) in connection with, or during negotiations of, any merger, joint venture, sale of company assets, financing, or acquisition of all or a portion of our business, assets or stock by another company (including in connection with any bankruptcy or similar proceedings); and/or (c) with your consent and at your direction.

When you provide a product review or post other user content, that content may be publicly posted. Other users may be able to see your name or other information about you that you post. In certain instances, we may also share aggregated or de-identified information that cannot reasonably be used by those third parties to identify you.

Your Rights and Choices

Managing or deactivating your HerbaTerma account

You may review, update, or modify your account information, including profile, contact, payment and shipping information, at any time by logging into your HerbaTerma account. You may also deactivate your HerbaTerma account by emailing support@herbaterma.com.

Opting out of email marketing

You may unsubscribe from our promotional emails at any time by following the instructions included in those emails. If you opt out of receiving such communications, note that we may continue to send you non-promotional emails (such as order confirmation emails or emails about changes to our legal terms).

Opting out of text marketing

You may unsubscribe from Our promotional texts at any time by replying STOP, END, CANCEL, UNSUBSCRIBE, or QUIT. You may receive an additional mobile message confirming your decision to opt out. If you opt out of receiving such communications, note that we may continue to send you non-promotional SMS (such as order confirmation SMS or SMS about changes to Our legal terms) if you have opted-in to receive them.

Restricting cookies

Most web browsers are set to accept cookies by default. You can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our websites.

Web Push Notifications/Alerts

With your consent, we may send promotional and non-promotional push notifications or alerts to your browser. You can deactivate these messages at any time by changing the notification settings on your browser.

Children

Our Services are not designed for children. If you have reason to believe that a child has provided personal data to us, please contact us.

Data Transfers and Privacy Shield

HerbaTerma is headquartered in the United States, and we have operations and entities in the United States and other countries. As such, we may transfer your personal data to, or store or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which we process it.

When we transfer personal data from the European Union, the United Kingdom or Switzerland to the United States, we comply with the EU-U.S. Privacy Shield Framework and the Swiss - U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union and Switzerland to the United States, respectively (collectively, the “Privacy Shield Principles”). HerbaTerma has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

In compliance with the Privacy Shield Principles, we are committed to resolving complaints about our processing of your personal data. EU, UK and Swiss individuals with inquiries or complaints regarding our compliance with the Privacy Shield program should first contact us. We have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim for more information or to file a complaint. The services of JAMS are provided at no cost to you.

Under certain conditions, you may be able to invoke binding arbitration to resolve your complaint. HerbaTerma is subject to the investigatory and enforcement powers of the Federal Trade Commission.

If we share personal data transferred to the U.S. under the Privacy Shield with a third-party service provider that processes such data on our behalf, then we will be liable for that third party’s processing in violation of the Privacy Shield Principles, unless we can prove that we are not responsible for the event giving rise to the damage.

European Residents

If you are a European Resident, defined for the purposes of this Privacy Policy to include residents of the European Economic Area, United Kingdom and Switzerland, you have certain rights and protections under the law regarding the processing of your personal data.

Legal Basis for Processing

If you are a European Resident, we process your personal data when:

  • We need to use your personal data to perform our responsibilities under our contract with you (e.g., processing payments for and providing the HerbaTerma products you have ordered).
  • We have a legitimate interest in processing your personal data. For example, we may process your personal data for performance marketing activities, to conduct data analytics and to provide, secure, and improve our Services.
  • We need to do so to comply with a legal obligation to which we are subject.
  • We need to do so to protect your vital interests or those of others.
  • We have your consent to do so, which you may withdraw at any time.

Data Subject Requests

If you are a European Resident, you have the right to access personal data we hold about you and to ask that your personal data be corrected, updated, or erased. You may also have the right to object to, or request that we restrict, certain processing. If you would like to exercise any of these rights, you may contact us as indicated below. If you have a HerbaTerma account, you may also review, update, and delete certain personal data by logging into your account.

Questions or Complaints

If you are a European Resident and have a concern about how we process personal data that we are not able to resolve, you have the right to lodge a complaint with the data privacy authority where you live. For contact details of your relevant local Data Protection Authority, please see http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm or, if you are a resident of Switzerland, https://www.edoeb.admin.ch/edoeb/de/home/der-edoeb/kontakt.html.

California Privacy Rights

California law permits residents of California to request notice of how their information is shared with third parties for direct marketing purposes or to opt out of such sharing. If you are a California resident and would like a copy of this notice or to opt out, please email us at support@herbaterma.com.

Additionally, if you are a California resident, the California Consumer Privacy Act (“CCPA”) requires us to disclose the following information with respect to our collection, use, and disclosure of personal data.

  • Categories of Personal Data Collected: In the preceding 12 months, we have collected the following categories of personal data: identifiers; commercial information; demographic information (note that some demographic information may be considered characteristics of protected classifications under state or federal law); internet or electronic network activity; geolocation data; audio, electronic, visual, thermal, olfactory, or similar information; inferences; and other categories of personal data that relates to or is reasonably capable of being associated with you. For examples of the precise data points we collect, please see “Information We Collect” above.
  • Business or Commercial Purpose for Collecting and Using Data: We collect each category of personal data listed above for the business or commercial purposes described in the “How We Use Your Information” section above.
  • Categories of Sources of Personal Data: We collect each category of personal data listed above from you and the third-party sources described in the “Information we collect from other sources” section above.
  • Categories of Personal Data Disclosed: In the preceding 12 months, we have disclosed the following categories of personal data for business or commercial purposes: identifiers; commercial information; demographic information (note that some demographic information may be considered characteristics of protected classifications under state or federal law); internet and electronic network activity; geolocation data; audio, electronic, visual, thermal, olfactory or similar information; inferences; and other categories of personal data that relates to or is reasonably capable of being associated with you.
  • Categories of Third Parties With Whom We Share Personal Data: We may share each category of personal data listed above with the third parties as described in the “How We Share Your Information” section above.

Your Consumer Rights

California consumers have the right to request access to their personal data, additional details about our information practices and deletion of their personal data (subject to certain exceptions). California consumers also have the right to opt out of sales of personal data, if applicable. We describe how California consumers can exercise their rights under the CCPA below. Please note that you may designate an authorized agent to exercise these rights on your behalf by providing a notarized power of attorney evidencing that you have empowered the authorized agent to exercise your CCPA rights on your behalf. We will not discriminate against you if you choose to exercise your rights under the CCPA.

Right to Know: You may request access to the specific pieces of personal information we have collected about you in the last 12 months. You may also request additional details about our information practices, including the categories of personal information we have collected, the sources of collection, the purpose for collecting information, the categories of information we share, and the categories of third parties with whom we share information. You may make an access request by calling (628) 800-6728. We will verify your request by contacting you after receiving your request to verify your identity.

Deletion: You may request that we delete the personal data we have collected about you (subject to certain exceptions). Please note that we may retain certain information as required or permitted by applicable law. You may make these requests by emailing support@herbaterma.com. We will verify your request by contacting you after receiving your request to verify your identity. If you request to delete your personal data, certain of our products and services may no longer be available to you.

No Sale of Personal Data: HerbaTerma does not and will not sell personal data as the term “sell” is defined by the CCPA.

Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.

Links to Other Websites and Third-Party Content

We may provide links to third-party websites, services, plug-ins and applications, such as Facebook and Google, that are not operated or controlled by HerbaTerma. This Privacy Policy does not apply to such third-party services, and we cannot take responsibility for the content, privacy policies, or practices of third-party services. We encourage you to review the privacy policies of any third-party services before providing any information to or through them.

The Services may offer social sharing features and other integrated tools (such as the Facebook "Like" or "Share" button or the Twitter “Tweet” button) which let you share actions you take on our Services with other media. Your use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the entity that provides the social sharing feature. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of the entities that provide these features.

Data Retention

Our retention periods for personal data are based on business needs and legal requirements. We retain personal data for as long as is necessary for the processing purpose(s) for which the data was collected, and any other permissible, related purpose. For example, we may retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired. When we no longer need to use your personal data, it is removed from our systems and records or anonymized so that you can no longer be identified from it.

SMS/MMS Mobile Messaging Marketing Program

We respect your privacy. HerbaTerma/Unda Inc. will only use information you provide through the Program to transmit your mobile messages and respond to you, if necessary. This includes, but is not limited to, sharing information with platform providers, phone companies, and other vendors who assist us in the delivery of mobile messages.  WE DO NOT SELL, RENT, LOAN, TRADE, LEASE, OR OTHERWISE TRANSFER FOR PROFIT ANY PHONE NUMBERS OR CUSTOMER INFORMATION COLLECTED THROUGH THE PROGRAM TO ANY THIRD PARTY. Nonetheless, We reserve the right at all times to disclose any information as necessary to satisfy any law, regulation or governmental request, to avoid liability, or to protect Our rights or property. 

When you complete forms online or otherwise provide Us information in connection with the Program, you agree to provide accurate, complete, and true information. You agree not to use a false or misleading name or a name that you are not authorized to use. If, in Our sole discretion, We believe that any such information is untrue, inaccurate, or incomplete, or you have opted into the Program for an ulterior purpose, We may refuse you access to the Program and pursue any appropriate legal remedies.

California Civil Code Section 1798.83 permits Users of the Program that are California residents to request certain information regarding our disclosure of the information you provide through the Program to third parties for their direct marketing purposes. To make such a request, please contact us at the following address:

HerbaTerma/Unda Inc.
2370 Market Street #125
San Francisco, CA 94114

This Privacy Policy is strictly limited to the Program and has no effect on any other privacy policies that may govern the relationship between you and Us in other contexts.

Changes to Our Privacy Policy

We may change this Privacy Policy from time to time. If we do so, we will post the updated policy on our sites and will indicate when the Privacy Policy was last revised. If we make any material changes, we will provide you with additional notice. You should periodically review our current Privacy Policy to stay informed of our personal data practices.

Contacting HerbaTerma 

HerbaTerma/Unda Inc.
2370 Market Street #125
San Francisco, CA 94114

(628) 800 6728

support@herbaterma.com