Privacy Policy
BY USING OUR SITE, YOU CONSENT TO THE COLLECTION, USE AND TRANSFER OF YOUR PERSONAL DATA FOR PROCESSING AS DESCRIBED IN THIS PRIVACY POLICY.
For residents of the European Union: In order to comply with the requirements of the European General Data Protection Regulation (GDPR) for our European users, this Privacy Policy outlines the legal basis on which we process your Personal Data and provides other information required by the GDPR.
SECTION 1 - WHAT DO WE DO WITH YOUR INFORMATION?
We collect your Personal Data in a number of ways and for various purposes, including:
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address, phone number and/or email address.
When you browse our Site, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing (if applicable and when legally allowed): With your permission and provided it is legal in your jurisdiction, we may, within time limits allowed by law, send you emails about our Site, new products and services, and other updates. By “permission” we mean express and provable permission granted by you. A permission to send commercial or marketing emails may be through any of the following instances which we deem as existing business relationship with or inquiry from you:
- Entering your email address on our Site, even if you did not make any purchase, with no indication that you would not like to be emailed.
- Entering your email address as part of attempting to order or ordering a product or service from us, or even if the credit card you used was declined resulting to an unsuccessful purchase, with no indication that you would not like to be emailed.
- Entering your email address as part of an abandoned cart with no indication that you would not like to be emailed.
- Entering your email address as part of participation in any contest, event or survey conducted by us and we have informed you that we will be sending you marketing emails.
- Subscribing to an email newsletter by filling-out a form on our Site.
- Any instance where in completing a form, you have checked an opt-in checkbox indicating your willingness to be contacted through email provided the checkbox is unchecked by default and we have informed you that the nature of the emails will be commercial.
All marketing emails shall conspicuously contain a notice that at no cost to you, you can opt out of receiving more marketing emails from us. All marketing emails shall prominently display a one-click unsubscribe or opt-out option. Once you have opted out or unsubscribed, we shall immediately refrain from sending marketing emails to you.
We may use your personal information, including but not limited to your name, address, telephone, email address and other relevant data, to conduct our business, improve our Sites, develop new products and services, provide information and support, to better understand your needs and interests, personalize communications and advertising, meet contractual obligations, and generally promote a quality experience for you. For example, we may use your personal information, including your email address, to:
- Communicate, interact and build our relationship with you;
- Customize the content, products and services that are offered to you;
- Contact you with information about us and affiliated third-parties;
- Process, fulfill and follow up on transactions and requests for products, services, support, and information;
- Show, through pop-ups in our websites, that you have recently purchased products or services from us;
- Verify your authority to enter and use our services;
- Send a confirmation to the person who referred you to our site or mobile app of your making a purchase and them receiving a reward;
- Engage in market research and analysis;
- Measure, analyze and improve our products and services, the effectiveness of our websites, and our advertising and marketing;
- Comply with legal requirements;
- Provide targeting advertising, including the use of re-targeting technology;
- Send you marketing materials, for example, via email, including our newsletter, and to notify you about products and services that we believe would be of interest to you;
- Deter, detect, and prevent fraud and other prohibited or illegal activities; or
- Inform you regarding new services, releases, upcoming events and changes in our terms and conditions or privacy policy.
You may manage your receipt of marketing and non-transactional emails by clicking on the “unsubscribe” link located on the bottom of our marketing and non-transactional emails. If at any point you choose not to receive our emails or newsletters, you can also opt-out or unsubscribe by emailing info@onsenandbloom.com , by following the opt-out instructions in the email or newsletter, or by sending mail to Customer Service Team with address at Onsen and Bloom LLC. 4231 Balboa Avenue #672, San Diego, CA 92117.
Contact List Information: With your permission, we may access your contact list on your mobile device or email accounts so that you can identify your contacts and direct the invitation of your contacts through our referral services. We store and use this information to suggest referrals or connections. We make these recommendations based on your contact list information as well as, with their consent, your contacts’ information if they are also our customer. We only access your contact list information with your explicit permission.
Sharing Content with Friends or Family Members: Our referral services may allow you to forward or share certain content with a friend or family member, such as an email inviting your friend to use our services. Email addresses that you may provide for a friend or family member will be used to send your friend or family member the content or link you request, as well as a confirmation to you of your friend or family member making a purchase and you receiving a reward, but will not be collected or otherwise used by us or any other third parties for any other purpose. If you provide us with personal data from your third-party contacts, it is your responsibility to ensure that the communication of such data to, and further processing by, us is lawful. You agree that you have that person’s permission to provide us with that information and for us to use it for this limited purpose.
Telemarketing (if applicable and when legally allowed): Regardless of the fact that your telephone and/or cell number may be listed with the Federal Do-Not-Call Registry or your local State Do-Not-Call list, by providing us your telephone and/or cell number, you are providing express written consent to receive future information (including telemarketing) about products and services from us or our affiliates, and you hereby agree and consent to our contacting you using the information you have provided and will provide to us. This means that within the time limits allowed by law, we may contact you by e-mail, phone and/or cell number (including use of automated dialing equipment and/or pre-recorded calls), text (SMS) message, social networks, or any other means of communication that your wireless or other telecommunications device may be capable of receiving (i.e. video, etc.). An express written consent to receive future information (including telemarketing) about products and services may be through any of the following instances which we deem as existing business relationship with or inquiry from you:
- Entering your email address on our Site, even if you did not make any purchase, with no indication that you would not like to be emailed.
- Entering your email address as part of attempting to order or ordering a product or service from us, or even if the credit card you used was declined resulting to an unsuccessful purchase, with no indication that you would not like to be emailed.
- Entering your email address as part of an abandoned cart with no indication that you would not like to be emailed.
- Entering your email address as part of participation in any contest, event or survey conducted by us and we have informed you that we will be sending you marketing emails.
- Subscribing to an email newsletter by filling-out a form on our Site.
- Any instance where in completing a form, you have checked an opt-in checkbox indicating your willingness to be contacted through email provided the checkbox is unchecked by default and we have informed you that the nature of the emails will be commercial.
You further acknowledge that you are not required to agree directly or indirectly or enter into an agreement regarding our telemarketing efforts as a condition of purchasing any goods or services from us or our affiliates. If you do not want to receive marketing calls, please let us know via phone call. You can also opt out by sending email to info@onsenandbloom.com or by sending mail to our Customer Service Team with address at Onsen and Bloom LLC. 4231 Balboa Avenue #672, San Diego, CA 92117.
The request to opt-out from the mailing list shall be honored immediately. You may not be able to opt out of all information sharing, however, such as information sharing with credit card processors in connection with products or services that you order from us. While we offer you some control over marketing communication, certain transactional, relationship, and legally required communications will not be affected by the choices you have made about marketing communications.
We reserve the right to release and disclose any personal information relative or provided by you to law enforcement or other governmental officials as we, in our sole and absolute discretion, deem necessary to comply with any applicable law or at the request of any governmental entity or agency.
We assume that all visitors and users of our Site have carefully read this document and agree to its contents. If someone does not agree with this Privacy Policy, they should refrain from using our Site. We reserve the right to change our Privacy Policy as necessity dictates.
Any information stored in our Site is treated as confidential. All information is stored securely and is accessed by authorized personnel only. We implement and maintain appropriate technical, security and organizational measures to protect Personal Data against unauthorized or unlawful processing and use, and against accidental loss, destruction, damage, theft or disclosure.
SECTION 2 – CONSENT AS BASIS
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, you consent to our collecting your personal information and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you with future effect and without affecting the lawfulness of processing of your Personal Data based on the consent you provided before you withdrew it, at any time, by contacting us at email address info@onsenandbloom.com , by following the opt-out instructions in the email or newsletter, or by sending mail to Customer Service Team with address at Onsen and Bloom LLC. 4231 Balboa Avenue #672, San Diego, CA 92117. You may not be able to opt out of all information sharing, however, such as information sharing with credit card processors in connection with products or services that you order from us. Certain transactional, relationship, and legally required communications will not be affected by the choices you have made about information sharing. Depending on the service, collection and use of your Personal Data may be required for the services to work.
We collect and process your Personal Data for a variety of purposes outlined in this Privacy Policy. In certain cases, separate consent is not required, including:
- For the performance of our contractual obligations to you;
- To meet legal obligations or compliance with laws, regulations, court orders, or other legal obligations or to assist in an investigation; or
- For Legitimate Interests or to operate our business and provide the services, other than in performing our contractual obligations to you for our company’s "legitimate interests" for the purposes of applicable law - except where overridden by the interests or fundamental rights and freedoms that require protection of Personal Data.
You can, at any time, request to edit, update, access or delete your information by emailing us at info@onsenandbloom.com . We shall, within 30 days following receipt of notice, delete Personal Data from our records and, upon completion of all transactions, comply with all reasonable instructions with respect to the deletion of any remaining Personal Data. We will not retain data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations. You may request for a copy of your Personal Data, free of charge and in an electronic format. You may request for all Personal Data to be provided in a commonly used and machine-readable format and once obtained, you have the right to take the same to another company.
We will also delete your Personal Data, within 30 days from occurrence of any of the following events:
• If the personal data is no longer necessary for the purpose which we originally collected or processed it or for a legitimate business purpose;
• If it is no longer necessary to provide our services;
• If your account with us is deleted;
• If the platform through which our services are being used has requested deletion of your Personal Data for your protection; or
• If we are required to comply with a legal ruling or obligation.
SECTION 3 - DISCLOSURE
We may disclose your Personal Data for the purposes as described in the prior sections of this Privacy Policy, and in the following ways:
- To Affiliates and Partners: With companies or ventures that are owned or controlled by us, and internally within our company, in order to provide and improve services, for marketing purposes, and for advertising.
- To Service Providers and Vendors: With business partners, marketing partners, and vendors to provide, improve, and personalize our services.
- For Advertising and Marketing: With advertising and marketing partners for advertising and marketing purposes, with your consent, on our behalf and on behalf of third parties, including social network providers, if any.
- For Certain Analytics and Improvement: With certain companies for purposes of analytics and improvement of our services.
- For Legal Compliance, Law Enforcement, and Public Safety Purposes: With law enforcement, government or regulatory bodies, lawful authorities, or other authorized third parties in order to comply with laws, regulations, court orders, or other legal obligations or to assist in an investigation, to protect and defend our rights and property, or the rights or safety of third parties, to enforce our Terms of Use, this Privacy Policy, or agreements with third parties, or for crime-prevention purposes.
SECTION 4 – COOKIES and THIRD-PARTY SERVICES
Cookies: We may use "cookie" technology for such purposes as enhancing your online experience by making it easier for you to navigate through the Sites and making certain features work better. Cookies are text files which are commonly deposited by websites on a user's hard drive when the user visits a website. The file identifies a user's computer and can record the user's preferences and other data about the user's website visit. We do not extract information about individual users during this process. Your web browser may enable you to disable cookies, but please note that certain services may not function correctly without it and your experience on our Sites may be hindered.
Third Party Cookies: We may use third-party advertising companies to serve ads on our behalf across the Internet. These companies may collect and use information about your visits to this and other websites and your interaction with our products and services in order to provide advertisements about goods and services of interest to you. However, no personally identifiable information (such as your name, address, email address or telephone number) will be connected with such information. They may use information about your visits to this and other websites to target advertisements for goods and services and may be used to keep track of user response to each advertisement. These targeted advertisements may appear on our Websites or on other sites that you visit. The anonymous information is collected through the use of a pixel tag or cookies, which are industry standard technologies used by most major websites. If you do not want such companies to collect this information you may opt-out.
To learn more about the use of this information or choose not to have this information used by certain third-party advertising partners, please visit the Network Advertising Initiative at http://www.networkadvertising.org/choices. Please note that if you delete your cookies, use a different browser, or buy a new computer, you will need to renew your opt-out choice.
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform certain services they provide to us. Certain third-party services, such as payment gateways and other transaction or payment processors are required to abide by security standards imposed on them, such as the Payment Card Industry Data Security Standard (PCI-DSS), which is a set of security standards designed to ensure that all payment processors that accept, process, store or transmit credit card information maintain a secure environment. All direct payment gateways we utilize adhere to PCI-DSS, which is a joint effort of brands like Visa, MasterCard, American Express and Discover, to safeguard card data handling.
Whilst we shall not store your credit card information, such payment gateways and other transaction or payment processors, under PCI-DSS, may store your purchase transaction data for only as long as is necessary to complete the transaction and thereafter for only as long as it is required by law.
Such third-party payment gateways and other payment transaction processors and other third parties have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So, if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
Once you leave our Site or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.
SECTION 5 - PAYMENT
If you choose a direct payment gateway to complete your purchase, then we will store your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data, including subscription payments if applicable, is stored only to the extent necessary to process your purchase transaction, which is automatically renewed on a monthly basis.
Automatic renewal of your purchase transactions, including the purchase transaction data connected to them, may be cancelled at any time by contacting us at email address info@onsenandbloom.com
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our Site and its service providers.
SECTION 6 – ELECTRONIC COMMUNICATIONS, TELEMARKETING AND TEXT MESSAGES
By providing your prior express consent/opt-in in accordance with applicable law, you consent to receive communications from us electronically. Although we may choose to communicate with you by other means, we may also choose to solely communicate with you electronically by e-mail or by posting notices on the Site. You agree that all agreements, notices, disclosures, and other communications that we send to you electronically satisfy any legal requirement that such communications be in writing.
Where you provide “prior express written consent” within the meaning of the Telephone Consumer Protection Act (“TCPA”) or any applicable law, you consent to receive telephone calls, including artificial voice calls, pre-recorded messages and/or calls delivered via automated technology and text and SMS messages to the telephone number(s) that you provided from us listed in and hyperlinked to the consent. Message Frequency Varies. The mobile carriers are not liable for delayed or undelivered Messages. Consumers may request up to a maximum of twenty (20) messages per month, with no more than three (3) text messages in one day.
You understand that the text messages we send may be seen by anyone with access to your phone. Accordingly, you should take steps to safeguard your phone and your text messages if you want them to remain private.
If you wish to stop receiving text messages from us, reply to any text message we have sent you and simply text “STOP”, “END” or “QUIT”. You may also request to stop receiving text messages by calling us or emailing us using the following information:
By email: info@onsenandbloom.com .
If at any time you need our contact information or information on how to stop text messages, reply to any text message we have sent you and simply text HELP or click here for support. Message and Data Rates May Apply to any text/SMS communication.
SECTION 7 - LINKS
Please note that this Privacy Policy does not apply to the practices of companies that we do not own or control or to people that we do not employ or manage. We provide these links merely for your convenience. We have no control over, do not review, and are not responsible for Third-Party Sites, their content, or any goods or services available through the Third-Party Sites. Our Privacy Policy does not apply to Third Party Sites, and any data you provide to Third-Party Sites, you provide at your own risk. We encourage you to review the privacy policies of any Third-Party Sites with which you interact with.
SECTION 8 - SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with sensitive information, such as login credentials and credit card information, then such information is encrypted using secure socket layer technology (SSL) and stored with an AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards to protect your personal information.
SECTION 9 – BREACH
Unless otherwise prohibited by applicable law, we shall notify you, as soon as it is reasonably possible under the circumstances but in any event no later than within 72 hours after becoming aware, of any accidental, unauthorized, or unlawful destruction, loss, alteration, or disclosure of, or access to, Personal Data ("Security Breach") likely to result in a high risk of adversely affecting individuals’ rights and freedom. Such notification shall include: (a) a detailed description of the Security Breach, and (b) the type of data that was the subject of the Security Breach and we shall communicate (i) the name and contact details of our data protection officer or other point of contact where more information can be obtained; (ii) a description of the likely consequences of the Security Breach; (iii) a description of the measures taken or proposed to be taken by us to address the Security Breach, including, where appropriate, measures to mitigate its possible adverse effects; and (iv) additionally in such notification or thereafter as soon as such information can be collected or otherwise becomes available, any other information you may reasonably request relating to the Security Breach.
We shall take prompt action to investigate the Security Breach and shall use industry standard, commercially reasonable, efforts to mitigate the effects of any such Security Breach in accordance with its obligations hereunder and, subject to your prior written agreement, to carry out any recovery or other action necessary to remedy the Security Breach. Unless required to do so under applicable Privacy Law, we shall not release or publish any filing, communication, notice, press release, or report concerning any Security Breach. We shall also report such Security Breach as may be required by law to relevant supervisory authority within 72 hours of becoming aware, where feasible.
SECTION 10 – GEOGRAPHIC LOCATION
Where personal data originating in the European Economic Area is processed outside the European Economic Area, in a territory that has not been designated by the European Commission as ensuring an adequate level of protection pursuant to applicable Privacy Law, we agree that the transfer shall be undertaken pursuant to SECTION 8 above, which we shall maintain in full force and effect.
We have data processing agreements in place to ensure compliance with all relevant Directives. All processing is performed in accordance with the highest security regulations.
SECTION 11 - AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
If you are a minor, you must not use our Website and Apps. If you are between the ages of 13 and 18 (or the relevant age in your jurisdiction where you are considered a minor), your parent or guardian must agree to our Terms and Conditions and Privacy Policy (both for themselves and on your behalf) before you can use our Website and Apps.
SECTION 12 - CHILDREN
What kinds of information do we collect?
Information and content parents and children provide. We collect the content and information children and their parents or guardians provide and generate when registering for and using our Website and Apps.
Registration Information. This includes information parents or guardians provide when they create an account for a child, such as the child’s full name and any account login details (such as a username or password), and additional information their parent or guardian provides about them, such as their gender or birthday. We also collect information about your child’s connection to you and the consents and information you provide to approve your child’s account and activity.
Content Shared on our Websites or Apps. We collect the content and information your child sends and receives on our Websites or Apps, such as the content of information shared.
Contacts on our Websites or Apps. We also collect information about the people your child connects with on our Websites or Apps.
Device information. We collect information from or about the phone or other device where our Apps are installed. This includes, for example, information about the operating system, hardware version, device settings, device identifiers, and connection information such as the name of the mobile operator or ISP, language and time zone, and IP address.
How do we use this information?
We are able to deliver, support, and enhance our Websites or Apps by using this information. We also use the information to evaluate, improve, and create product features, conduct research to develop new products, and conduct audits and troubleshooting activities.
We also use the information we have to provide parents or guardians of children using our Websites or Apps with updates about our Websites or Apps and information about our policies, practices, and terms. We may also use this information to respond when parents or guardians contact us.
Likewise, we use the information collected to help promote safety on and off our Websites or Apps, including to help verify accounts and activity, and to look into suspicious activity or violations of our terms or policies. We do this in a variety of ways, including through human staff, automated systems, and machine learning.
How is this information shared?
Parents and guardians have control over whom their children can connect and communicate with using our Websites or Apps. Children use our Websites or Apps to share information with parent- or guardian-approved family and friends who are using our Websites or Apps. These approved friends and family can see profile information about and content received from a child they are connected with. This can include the child’s name, username, and photos or other content the child shares with that friend or family member. We may also share disclose the information described above to and through the items enumerated in Section 3 hereof.
How can parents manage or delete their child’s information?
Through their child’s account on our Websites or Apps, a parent or guardian can review and edit their child’s profile information and remove contacts to prevent further communication with their child on our Websites or Apps. In addition, a parent or guardian who has authorized our Websites or Apps can see their child’s interactions by accessing their child’s account. In order to stop further collection and use of their child’s personal information on our Websites or Apps, a parent or guardian can delete their child’s account. If you delete your child’s account, we will delete their registration information, information about their activity and contacts, and device information. However, the information your child sent to and received from others before their account was deleted may remain visible to those users.
Reporting Suspicious Activity
We provide a reporting tool for your child to use when needed. Through their account on our Websites or Apps, your child can report inappropriate content (including harassing, bullying, sexual or violent content) or suspicious activity (for example, if they think someone else is impersonating their friend or family member) and immediately block the offending individual on our Websites or Apps. If your child reports an issue, we will notify you that they did so. You can also report concerns or suspicious activity through your own account on our Websites or Apps.
How do we respond to legal requests or prevent harm?
We may access, preserve and share your child’s information in response to a legal request (like a search warrant, court order or subpoena) if we have a good faith belief that the law requires us to do so. This may include responding to legal requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law in that jurisdiction, affects people in that jurisdiction, and is consistent with internationally recognized standards. We may also access, preserve and share information when we have a good faith belief it is necessary to: detect, prevent and address fraud and other illegal activity; to protect ourselves, children and others, including as part of investigations; or to prevent death or imminent bodily harm. Information may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm. We also may retain information from accounts disabled for violations of our terms for at least a year to prevent repeat abuse or other violations of our terms.
How will parents and guardians learn of changes to this policy?
We’ll notify parents and/or guardians of children using our Websites or Apps thirty (30) days before we make changes to this policy and give them the opportunity to review the changes before allowing their children to continue to use our Websites or Apps.
SECTION 13 - CHANGES TO THIS PRIVACY POLICY
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use or disclose it. Continued use of our Site after having been informed of any such changes to these conditions implies acceptance of the revised Privacy Policy. This Privacy Policy is an integral part of our Terms of Service.
If our Company is acquired or merged with another company, we may disclose your Personal Data with our prospective or actual purchasers, investors, or successor entities in connection with a contemplated reorganization or an actual reorganization of our business, in connection with financing, a sale, or other transaction involving the disposal of all or part of our business or assets, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction, pursuant to assurances of sufficient data handling practices and safeguards.
Residents of the European Economic Area: Our disclosure is limited to situations where we are permitted to do so under applicable European and national data protection laws and regulations.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information, contact us at info@onsenandbloom.com .
We have a “Data Protection Officer” who is responsible for matters relating to privacy and data protection. This Data Protection Officer can be reached at the following address:
Onsen and Bloom LLC. 4231 Balboa Avenue #672, San Diego, CA 92117