PRIVACY POLICY
Privacy policy
This Privacy Policy describes how hellobubble.com (the “Site” or “we”) collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site, or otherwise interact with us including on social media. The information we collect about you depends on the specifics of your
interactions with the Site or with us.
By using our website, you (the visitor) agree to allow third parties to process your IP address, in order to determine your location for the purpose of currency conversion. You also agree to have that currency stored in a session cookie in your browser (a temporary cookie which gets automatically removed when you close your browser). We do this in order for the selected currency to remain
selected and consistent when browsing our website so that the prices can convert to your (the visitor) local currency.
Collecting Personal Information
When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support, sign up to our promotions or otherwise interacts with us. In this Privacy Policy, we refer to any information that can uniquely identify an individual
(including the information below) as “Personal Information”. See the list below for more information about examples of what Personal Information we collect and why.
Device information
● Examples of Personal Information collected: version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.
● Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.
● Source of collection: Collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels.
● Disclosure for a business purpose: shared with our processor.
Order information
● Examples of Personal Information collected: name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number.
● Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order
confirmations, communicate with you, screen our orders for potential risk or fraud, and when
LC0079348:44915138
in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
● Source of collection: collected from you.
● Disclosure for a business purpose: shared with our processor Shopify.
Customer support information
● Examples of Personal Information collected: all of the above information, in addition to audio and visual information (e.g., recordings of your voice when you call for support, images you provide during the course of support efforts), health and certain medical-related
information, such as skincare concerns, medical reports or medical history.
● Purpose of collection: to provide the best customer support possible, to communicate with you and respond to questions and complaints.
● Source of collection: collected from you or your family or others that communicate with us on your behalf.
● Disclosure for a business purpose: shared with our support teams and service providers who performs services based on our instructions, and to respond to your inquiries or complaints about our products, law enforcement or other government officials where required or permitted by law.
If you are a resident of Australia, we may also collect Personal Information for purposes in addition to the above, as set out in a Personal Information Collection Notice made available by us from time to time in relation to the relevant purpose.
Minors The Site is not intended for individuals under the age of 13. We do not intentionally collect Personal Information from children (see our separate COPPA policies). If you are the parent or guardian and believe your child has provided us with Personal Information, please contact us at the address below to request deletion.
Sharing Personal Information
We share your Personal Information with business partners and service providers to help us provide our services and fulfill our contracts with you, as described above. For example:
● We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
● We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
LC0079348:44915138
Transborder Disclosure
Personal Information may be stored, disclosed, processed in or transferred outside of your resident country from time to time, for example where we use cloud storage providers that have servers located outside of your resident country (including in Australia and The United States) for storage of your Personal Information. The countries in which the Personal Information is received
may not have data protection laws equivalent to those in force in your resident country.
If you are a resident of Australia, you acknowledge and agree to such international data and information transfers with respect to Personal Information. Clause 8.1 of the Australian Privacy Principles contained in Schedule 1 of the Privacy Act provides that if we disclose Personal Information about an individual to an overseas recipient, then we must take such steps as are
reasonable in the circumstances to ensure the overseas recipient does not breach the Australian Privacy Principles in relation to such information. An exception to this is if we obtain your consent.
We intend to rely on this exception in the following way: Unless you notify us in writing to the contrary, you will be taken to have consented to the disclosure by us of Personal Information to overseas recipients on the basis that:
● clause 8.1 of the Australian Privacy Principles will not apply to such disclosure;
● if the overseas recipient engages in any act that contravenes the Australian Privacy Principles, you will not be able to seek redress under the Privacy Act;
● the overseas recipient may not be subject to any privacy obligations or to any principles similar to the Australian Privacy Principles;
● you may not be able to seek redress in the overseas jurisdiction; and
● the overseas recipient is subject to a foreign law that could compel the disclosure of personal information to a third party, such as an overseas authority.
Behavioural Advertising
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:
● We may use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information
here: https://policies.google.com/privacy?hl=en.You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
● We may share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our advertising partners. We collect and share some of
LC0079348:44915138
this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (which you may consent to, depending on your location).
For more information about how targeted advertising works, you can visit the Network Advertising
Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-
advertising/how-does-it-work.
You can opt out of targeted advertising by:
● FACEBOOK - https://www.facebook.com/settings/?tab=ads
● GOOGLE - https://www.google.com/settings/ads/anonymous
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
Using Personal Information
We use your personal Information to provide our services to you, which includes: offering products for sale, processing payments, shipping and fulfillment of your order, respond to your queries and keeping you up to date on new products, services, and offers, keeping a record of our dealings with you, and achieve other purposes explained at the time of collection or submission. We may also use
your Personal Information for purposes authorized by laws or regulations, such as to prevent or investigate alleged crime or fraud.
If you are an Australian resident, to the extent you provide us with sensitive information, such as health information, such as skincare concerns, medical reports or medical history, you consent to our
collection of such sensitive information and we will only use or disclose such information:
● for the purpose for which it was provided or another directly related purpose; or as allowed by law.
.
Lawful basis
Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European
Economic Area (“EEA”), we process your personal information under the following lawful bases:
● Your consent;
● The performance of the contract between you and the Site;
● Compliance with our legal obligations;
● To protect your vital interests;
● To perform a task carried out in the public interest;
LC0079348:44915138
● For our legitimate interests, which do not override your fundamental rights and freedoms.
Retention and Security
When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of deidentification or erasure, please see the ‘Your rights’ section below. To prevent unauthorised access to, disclosure, misuse or loss of, or interference with, your Personal Information, we have implemented a number of procedures to safeguard the security and
confidentiality of your information including:
● Instructing our staff and advisers who handle personal information to respect the confidentiality of user information and the privacy of individuals;
● Encrypting data packets, implementing secure authentication and authorisation procedures (including passwords and controls) and installing equipment to safeguard your information;
● Implementing procedures and installing equipment to safeguard your information; and Continually reviewing privacy procedures and arrangements to ensure we are doing all that we can reasonably and technically feasible at the time. Unfortunately, since no system is 100% secure or error-free, we cannot guarantee that your Personal Information is totally protected, for example, from hackers or misuse. Except to the extent that liability cannot be excluded or limited due to applicable law, we assume no liability or responsibility for
disclosure of your Personal Information due to unauthorised third party access, errors in transmission or other causes beyond our control.
If you enter or upload Personal Information on our Site or social media, you should exercise due care to safeguard any passwords and usernames created by you.
Automatic decision-making
If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.
We do not engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.
Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.
Services that include elements of automated decision-making include:
LC0079348:44915138
● Temporary denylist of IP addresses associated with repeated failed transactions. This deny list persists for a small number of hours.
● Temporary denylist of credit cards associated with denylisted IP addresses. This denylist persists for a small number of days.
Your rights
GDPR
If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information
below.
Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR
Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.
CCPA
If you are a resident of California, you have the right to access the Personal Information we hold about you (also known as the ‘Right to Know’), to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below. If you would like to designate an authorized agent to submit these requests on your behalf, please
contact us at the address below.
Australian Privacy Act
If you are a resident of Australia, you have the option of not disclosing Personal Information to us or to use a pseudonym when dealing with us in relation to a particular matter. If you choose to withhold any Personal Information, we may not be able to provide you with part or all of our services or resolve a particular matter raised by you. You also have the right to ask that your Personal Information be corrected or updated, which we will respond within a reasonable timeframe. We will take reasonable steps to destroy or permanently de-identify any Personal Information from our records and systems which is no longer required by us. We may retain your Personal Information even after you have
completed your transactions with us if retention is reasonably necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes, prevent fraud or abuse or enforce this Privacy Policy and our terms and conditions. We may retain Personal Information for a limited period
of time, if requested by law enforcement.
Cookies
LC0079348:44915138
A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the
website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s
their first time visiting or if they are a frequent visitor. We use the following cookies to optimize your experience on our Site and to provide our services.
Cookies Necessary for the Functioning of the Store
Name Function
_ab Used in connection with access to admin.
_secure_session_id Used in connection with navigation through a storefront.
cart Used in connection with shopping cart.
cart_sig Used in connection with checkout.
cart_ts Used in connection with checkout.
checkout_token Used in connection with checkout.
secret Used in connection with checkout.
secure_customer_sig Used in connection with customer login.
storefront_digest Used in connection with customer login.
_shopify_u Used to facilitate updating customer account information.
Reporting and Analytics
Name Function
_tracking_consent Tracking preferences.
_landing_page Track landing pages
_orig_referrer Track landing pages
_s Shopify analytics.
_shopify_fs Shopify analytics.
_shopify_s Shopify analytics.
LC0079348:44915138
_shopify_sa_p Shopify analytics relating to marketing & referrals.
_shopify_sa_t Shopify analytics relating to marketing & referrals.
_shopify_y Shopify analytics.
_y Shopify analytics.The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies
last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device. You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully
accessible.
Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as www.allaboutcookies.org. Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioural Advertising”
section above.
Do Not Track
Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.
Changes
We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.
Text Marketing and Notifications
By entering your phone number in the checkout and initializing a purchase, subscribing via our subscription form or a keyword, you agree that we may send you text or email notifications (for your order, including abandoned cart reminders) and text marketing offers. Text marketing messages will
not exceed 20 a month. You acknowledge that consent is not a condition for any purchase. If you wish to unsubscribe from receiving text marketing messages and notifications reply with STOP to any mobile message sent from us or use the unsubscribe link we provided you with in any of our messages. You understand and agree that alternative methods of opting out, such as using alternative words or requests will not be accounted as a reasonable means of opting out. Message
and data rates may apply.
LC0079348:44915138
For any questions please text HELP to the number you received the messages from. You can also contact us for more information. If you wish to opt out please follow the procedures above. We value your privacy and the information you consent to share in relation to our SMS marketing service. We use this information to send you text notifications (for your order, including abandoned
checkout reminders), text marketing offers, and transactional texts, including requests for reviews from us.
Opt-in data and consent for text messaging will not be shared with any third-parties except for messaging partners, for the purpose of enabling and operating our text messaging program. Our website uses cookies to keep track of items you put into your shopping cart, including when you have abandoned your checkout. This information is used to determine when to send cart reminder
messages via SMS.
Contact
For more information about our privacy practices, if you have questions, or if you would like to make a
complaint, please contact us by e-mail at love@hellobubble.com or by mail using the details provided
below:
Bubble Beauty inc., 711 3rd avenue, New York NY 10017, United States
Last updated: October 16th, 2024
If you are not satisfied with our response to your complaint, you have the right to lodge your complaint
with the relevant data protection authority. You can contact your local data protection authority
here: https://ico.org.uk/make-a-complaint/. For Australian resident, you may lodge your complaint to
the Australian Privacy Commissioner, whose contact details are found on their website
http://www.oaic.gov.au/]