This policy describes our practices for collecting, using, maintaining, protecting, and disclosing the personal data we may collect from you or that you may provide when you visit our website located at www.xoafterglow.com (our “Website”), including any data you may provide when you sign up or purchase services. This policy applies to the personal data collected through our Website, regardless of the country where you are located.
1. Data we may collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store, and transfer different kinds of personal data about you which we have grouped together as follows:
· Identity Data includes username or similar identifier.
· Contact Data includes email address.
· Transaction Data includes details about payments from you and other details of services you have purchased from us.
· Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, ISP name, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Website.
· Profile Data includes your username and password, purchases made by you, your interests, preferences, feedback, and survey responses.
· Usage Data includes information about how you use our Website, products, and services.
· Marketing and Communications Data includes your preferences in receiving marketing from our third parties and us and your communication preferences.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
2. How we collect data about you
We use different methods to collect data from and about you including through:
· Direct interactions. You may give us information about you by filling in forms or by corresponding with us by email. This includes information you provide when you create an account on our Website; purchase a membership; request marketing to be sent to you; request information about our products or services; request a newsletter; enter a competition, promotion, or survey; give us feedback; and when you report a problem with the Website.
· Automated technologies or interactions. As you interact with our Website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns as specified above. We collect this information by using cookies, server logs, and other similar technologies (see Cookies and automatic data collection technologies).
· Third parties or publicly available sources. We will receive personal data about you from various third parties as set out below:
o Technical Data from the following parties:
§ analytics providers such as Google; and
§ search information providers such as Google.
Cookies and automatic data collection technologies
· Estimate our audience size and usage patterns.
· Store your preferences so we may customize our Website according to your individual interests.
· Speed up your searches.
· Recognize you when you return to our Website.
We do not control how these third-party tracking technologies operate or how they may use the collected data. If you have any questions about an application or other targeted content, you should contact the responsible provider directly.
3. How we use your personal data
We use your personal data to provide you products, offer you services, communicate with you, deliver marketing, or to conduct other business operations, such as using data to improve and personalize your experiences. Examples of how we may use the personal data we collect include to:
· Present our Website and provide you with the information, products, services, and support that you request from us.
· Meet our obligations and enforce our rights arising from any contracts with you, including for billing and payment processing purposes or complying with legal requirements.
· Respond to your inquiries related to support or other requests.
· Fulfill the purposes for which you provided the data or that were described when it was collected.
· Deliver newsletters and other information.
· Notify you about changes to our Website, products, or services.
· Ensure that we present our Website content most effectively for you and your computer or device.
· Administer our Website and conduct internal operations, including for troubleshooting, data analysis, testing, research, statistical, and survey purposes.
· Improve our Website, products or services, marketing, or customer relationships and experiences.
· Protect our Website, employees, or operations.
· Make suggestions and recommendations to you and other users of our Website about goods or services that may interest you or them.
We may also use personal data to contact you about our own and third-parties’ goods and services that may be of interest to you. If you do not want us to use your data in this way, please adjust your user preferences in your account profile or email us at firstname.lastname@example.org. For more information, see Your personal data use choices.
We may use nonpersonal data for any business purpose.
4. Disclosure of your personal data
We may share your personal data with:
· Any member of our corporate group, which means our subsidiaries, our ultimate holding company and its subsidiaries, and affiliates.
· Business partners, suppliers, service providers, subcontractors, and other third parties we use to support our business (such as analytics and search engine providers that assist us with Website improvement and optimization, third-party payment gateways and fraud prevention services to process purchases, and third-party identity verification services to verify your identity and age if you are an affiliate). For example, we use Google Analytics to help us understand how our customers use our Website (you can read more about how Google uses your personal data here). You can also opt-out of Google Analytics here. We contractually require these third parties to keep that personal data confidential and use it only for the contracted purposes.
· To fulfill the purpose for which you provide it.
· For any other purpose disclosed by us when you provide the information.
· With your consent.
We may also disclose your personal data to third parties:
· If we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of that business or those assets.
· To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, where one of the transferred assets is the personal data we hold.
· To comply with any court order, law, or legal process, including responding to any government or regulatory request.
· To enforce or apply our Terms-of-Service Agreement and other agreements, including for billing and collection purposes.
· To protect the rights, property, or safety of our business, our employees, our customers, or others. This includes exchanging information with other companies and organizations for cybersecurity, fraud protection, and credit risk reduction.
We may share nonpersonal data without restriction.
5. Cross-border data transfers
We are based in the United States of America. For operational reasons, we may process, store, and transfer the personal data we collect, in and to a country outside your own, with different privacy laws that may or may not be as comprehensive as your own. If you are located outside the United States, your personal data may at times be accessible by persons who are located worldwide including in countries that the European Commission or other geopolitical regions have not determined to provide the same adequate level of data protection in your country, province territory, or geopolitical region. By submitting your personal data or engaging with our Website, you consent to our transfer, storing, or processing, including the transfer of your data across international boundaries to jurisdictions anywhere in the world as permitted by local law.
Residents of Canada are notified that the personal data they provide to us is stored in our databases outside of Canada, including in the United States, and may be subject to disclosure to authorized law enforcement or government agencies in response to lawful demand under the laws of that country. You have the right to complain about our personal data handling practices. You may visit www.priv.gc.ca for more information about your privacy rights.
If you reside in the European Economic Area (EEA), Switzerland, or the United Kingdom (UK), please note that your information will be transferred outside of those areas, including to the United States. Nevertheless, whenever we transfer your personal data out of the EEA, Switzerland, or UK, we will use reasonable efforts to ensure a similar degree of protection is afforded to it by ensuring that the recipient third party agrees to contractual clauses or other appropriate safeguards.
6. Your personal data use choices
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following personal data control mechanisms:
· Promotional offers from the Company. If you do not want us to use your Contact Data to promote our own products and services, you can opt-out by logging into the Website and checking or unchecking the relevant boxes to adjust your account profile’s user preferences or by sending us an email with your request to email@example.com. You may also opt-out of further marketing communications by replying to any promotional email we have sent you or following the opt-out links on that message. This opt-out does not apply to information provided to the Company as a result of a product purchase, product service experience, or other transactions.
Our Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates, or plug-ins enabling third-party features. If you follow a link to any third-party website or engage a third-party plug-in, please note that these third parties have their own privacy policies, and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these third parties.
7. Accessing and correcting your personal data
You may send us an email at firstname.lastname@example.org to request access to, correct, or delete any personal data that you have provided to us. In some cases, we cannot delete your personal data except by also deleting your user account. We may not accommodate a request to change data if we believe the change would violate any law or legal requirement or negatively affect the data’s accuracy.
8. Data security
The security of your personal data is very important to us. We use physical, electronic, and administrative safeguards designed to protect your personal data from loss, misuse, and unauthorized access, use, alteration, or disclosure. We store all personal data you provide to use behind firewalls on servers employing security protections. We encrypt all personal data that we collect from you.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to take care when providing information in public areas of our Website like comment sections, which any Website visitor can view.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Website. Any transmission of personal data is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on our Website.
9. Data retention
Except as otherwise permitted or required by applicable law or regulation, we will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements. Under some circumstances, we may anonymize your personal data so that it can no longer be associated with you. We reserve the right to use that anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.
10. Children’s online privacy
We do not direct our Website to minors, and we do not knowingly collect personal data from individuals under 18-years old. If we learn we have mistakenly or unintentionally collected or received personal data from an individual under 18-years old, we will delete it. If you believe we mistakenly or unintentionally collected data from or about an individual under 18-years old, please contact us at email@example.com.
11. Do Not Track policy
Do Not Track (“DNT”) is a privacy preference that you can set in your browser. DNT is a way for you to inform websites and services that you do not want certain information about your webpage visits collected over time and across websites or online services. We are committed to providing you with meaningful choices about the information we collect and that is why we provide you the ability to opt-out. But we do not recognize or respond to any DNT signals as the Internet industry works toward defining exactly what DNT means, what it means to comply with DNT, and a common approach to responding to DNT. For more information about DNT, visit www.allaboutdnt.com.
12. Your California privacy rights
California Civil Code Section 1798.83 allows you to request information about the disclosure of your personal data by us to third parties for the third parties’ direct marketing purposes.
Further, if you are a California resident and would like to opt-out from the disclosure of your personal data to any third party for direct marketing purposes, please send an email to firstname.lastname@example.org. If you opt-out from allowing your personal data to be shared, you may still receive selected offers directly from us under California law.
13. Your Nevada privacy rights
Nevada residents who wish to exercise their sale opt-out rights under Nevada Revised Statutes Chapter 603A may submit a request to this designated address: email@example.com. However, please know we do not currently sell data triggering that statute’s opt-out requirements.
14. Special Terms Related to the European Economic Area/United Kingdom
If you live in the EEA or the UK, the following terms apply to you.
Legal Basis for Processing
We may process your personal data because you have permitted us to do so (e.g., by sending data through our Website’s contact or order forms), because the processing is in our legitimate interests and your rights do not override it, or because the Company needs to process your personal data to comply with the law.
Your Rights Under the General Data Protection Regulation (“GDPR”)
If you want to know what personal data we hold about you, to have us remove it, or otherwise to exercise your rights, please contact us at firstname.lastname@example.org. In some cases, you also have the following rights related to your personal data:
· The right to access, update, or delete your personal data.
· The right to rectification—to have your information altered if it is inaccurate or incomplete.
· The right to object to our processing of your personal data.
· The right of restriction—to request that we restrict how it processes your personal data.
· The right to data portability—to receive a copy of the information we have on you in a structured, machine-readable, and commonly used format.
· The right to withdraw consent to our processing of your personal data.
· The right to complain to an EEA or a UK data protection authority (a government agency) about our management of your personal data.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
15. Withdrawing your consent
Where you have provided your consent to the collection, use, and transfer of your personal data, you may have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, if applicable, you may contact us at email@example.com. Please note that if you withdraw your consent, we may not be able to provide you with a particular product or service. We will explain the impact to you at the time to help you with your decision.
17. Contact information
*We value your privacy and the information you consent to share in relation to our SMS marketing service. We use this information to send you text notifications and transactional texts, including notifications about new content releases and reminders to complete activities.*