Privacy and Security Policy
Privacy and Security
Our collection, use, disclosure, and processing of personal information about individuals will vary depending upon the circumstances. This privacy notice is intended to describe our overall privacy and data protection practices. In some cases, different or additional notices about our data collection and processing practices may be provided and apply to our processing of certain personal information.
SECTION 1 – WHY WE COLLECT YOUR INFORMATION
We use the information we collect in various ways, including:
- To provide, operate, and maintain our website.
- To provide the goods you purchase through us.
- To improve, personalise, and expand our website.
- To understand and analyse how you use our website.
- To develop new products, services, features, and functionality.
- To communicate with you, either directly or through one of our partners, including for user service, to provide you with updates and other information relating to the website, and for marketing and promotional purposes.
- Find and prevent fraud.
SECTION 2 – OUR COLLECTION OF PERSONAL INFORMATION
Personal information that we collect and the process will vary depending upon the circumstances. We collect personal information directly from individuals, automatically related to the use of the Services. We gather this information about you when you engage in the following ways:
- You provide your contact information and send other personal information to us
- You register or subscribe to earthaunderwear.com marketing channels
- You place an order with us
- You complete or submit a form through Eartha, for example, “Contact Us”
- You sign up for a user account
- You interact with us online via social media or any other website where Eartha is represented
- You attend an event hosted or sponsored by Eartha
Your Data Controller
We are the data controller with respect to processing your data. This means that we decide how your personal data is processed and for what purposes. We know that you care how data about you is used and shared, and we appreciate your trust that we will do so carefully and sensibly.
If you revoke your consent for the processing of Personal Information, then we may no longer be able to provide you services. In some cases, we may limit or deny your request to revoke consent if the law permits or requires us to do so, or if we are unable to adequately verify your identity.
You may, of course, decline to submit information through our website, in which case we may not be able to provide related services to you.
SECTION 3 – HOW WE USE YOUR PERSONAL INFORMATION
While the purposes for which we may process personal information will vary depending upon the circumstances, in general, we use personal information for the purposes set forth below. Where General Data Protection Regulation (GDPR) or other relevant laws apply, we have set forth the legal bases for such processing in parenthesis.
Providing support and services: including, for example, to provide services you request (and send related information), operate Eartha to communicate with you about your access to and use of our services; to respond to your inquiries; to provide troubleshooting, fulfil your requests and provide technical support; and for other user service and support purposes.
Analysing and improving our business: including better understand how users’ access and use Eartha to evaluate and improve our services and business operations, and to develop new features, offerings, and services; to conduct surveys, and other evaluations, such as member satisfaction surveys; and for other research and analytical purposes.
Personalising content and experiences: including to provide or recommend features, content, social connections, and referrals; tailor content we send or display on Eartha to offer customisation and personalised help and instructions, and otherwise personalise your experiences.
Advertising, marketing, and promotional purposes: including to reach you with more relevant ads and to evaluate, measure, and improve the effectiveness of our ad campaigns; to send you newsletters, offers, or other information we think may interest you; to contact you about Eartha or information we think may interest you;
Defending our legal rights: including to manage and respond to actual and potential legal disputes and claims, and to otherwise establish, defend or protect our rights or interests, including in the context of anticipated or actual litigation with third parties.
Complying with legal obligations: including to comply with the law, our legal obligations and legal process, such warrants, subpoenas, court orders, and regulatory or law enforcement requests.
SECTION 4 – DISCLOSURE OF PERSONAL INFORMATION
We may disclose the personal information that we collect about you as set forth below or as otherwise described at the time of collection or sharing.
Service providers: We may disclose personal information with third-party service providers who use this information to perform services for us, such as hosting providers, instructors, advisors, consultants, and user service and support providers.
Third Parties: We may employ other companies and individuals to perform functions on our behalf. Examples include sending postal mail and e-mail, removing repetitive information from user lists, analysing data, providing marketing assistance, processing payments, transmitting content, and providing user service. These third-party service providers have access to personal information needed to perform their functions but may not use it for other purposes.
Business transfers: We may disclose or transfer personal information as part of any actual or contemplated merger, sale, and transfer of our assets, acquisition, financing, or restructuring of all or part of our business, bankruptcy, or similar event, including related to due diligence conducted before such event where permitted by law.
Legally required: We may disclose personal information if we are required to do so by law (e.g., to law enforcement, courts, or others, e.g., in response to a subpoena or court order).
Protect our rights: We may disclose personal information where we believe it necessary to respond to claims asserted against us or, comply with legal process (e.g., warrants), enforce or administer our agreements and terms, for fraud prevention, risk assessment, investigation, and to protect the rights, property, or safety of us, our clients and users or others.
If you would like to know more about the 3rd parties we may share personal data with, or how to find out more on how they will use your data, please contact us.
SECTION 5 – COOKIES
SECTION 6 – LOG FILES
Most browsers collect certain information, such as your IP address, device type, screen resolution, operating system version, and internet browser type and version. This information is gathered automatically and stored in log files.
SECTION 7 – THIRD-PARTY ANALYTICS TOOLS
SECTION 8 – DO-NOT-TRACK SIGNALS
Please note that our website does not recognize or respond to any signal which your browser might transmit through the so-called ‘Do Not Track’ feature your browser might have. If you wish to disable cookies on our website, you should not rely on any ‘Do Not Track’ feature your browser might have.
SECTION 9 – SECURITY
We use technical, administrative, and physical controls in place to help protect Personal Information from unauthorized access, use, and disclosure. Even so, despite our reasonable efforts, no security measure is ever perfect or impenetrable.
SECTION 10 – DO NOT SELL MY DATA
SECTION 11 – CCPA PRIVACY RIGHTS
Under the CCPA, among other rights, California consumers have the right to:
Request that a business that collects a consumer’s personal data disclose the categories and specific pieces of personal data that a business has collected about consumers.
Request that a business deletes any personal data about the consumer that a business has collected.
Request that a business that sells a consumer’s personal data, not sell the consumer’s personal data.
SECTION 12 – LOCATION OF SITE
Our website is hosted on Shopify and is operated by Eartha in the United Kingdom. Our website information is stored in Shopify Servers in Montreal, Canada. If you are located in the European Union, please be aware that any information you provide to us will be transferred to and stored on this server. By using our Site, participating in any of our services and/or providing us with your information, you consent to this transfer.
SECTION 13 – GDPR DATA PROTECTION RIGHTS
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
Right to access: If you can prove your identity, you have the right to obtain information about the processing of your data. Thus, you have the right to know the purposes of the processing, the categories of data concerned, the categories of recipients to whom the data are transmitted, the criteria used to determine the data retention period, and the rights that you can exercise on your data.
Right to rectification of your personal data: Inaccurate or incomplete personal data may be corrected.
- Right to erasure (or “right to be forgotten”): You also have the right to obtain the erasure of your personal data under the following assumptions:
- Your personal data are no longer necessary for the intended purposes;
You withdraw your consent to the processing and there is no other legal ground for processing;
You have validly exercised your right of opposition;
Your data has been illegally processed;
Your data must be deleted to comply with a legal obligation. The deletion of data is mainly related to visibility; it is possible that the deleted data are still temporarily stored.
- Right to limitation of processing: In certain cases, you have the right to request the limitation of the processing of your personal data, especially in case of dispute as to the accuracy of the data, if the data are necessary for the context of legal proceedings or the time required to verify that you can validly exercise your right to erasure.
- Right to object: You have the right to object at any time to the processing of your personal data for direct marketing purposes. We will stop processing your personal data unless it can demonstrate that there are compelling legitimate reasons for the processing which prevail over your right to object.
Right to data portability: You have the right to obtain any personal data which you have provided us in a structured, commonly used, and machine-readable format. You are then free to transfer this data to a similar service provider.
Right to withdraw your consent: You may withdraw your consent to the processing of your personal data at any time, for example for personalized marketing communication purposes.
SECTION 14 – THIRD-PARTY WEBSITES
SECTION 15 – CLEARPAY
In order to be able to offer you Clearpay’s payment options, we will pass to Clearpay certain aspects of your personal information, such as contact and order details.
Clearpay will assess whether you qualify for their payment options and tailor the payment options for you.
SECTION 16 – SECURITY
To process an order, we need your credit/debit card number and expiry date, plus any security details that the credit card processor may require. Eartha employs trusted and reputable third-party hosting agents and payment providers to ensure the security of personal data. All credit card details that are given to us by you the customer are done so on a secure server using Shopify Payments. The transfer of the purchase details from our site to Shopify Payments are encapsulated using their encrypted and digitally signed protocol. This uses a combination of standard methods to ensure that the information passed is secure and tamper-proof. Shopify Payments is PCI DSS compliant and is regulated by qualified security assessor Trustwave. Please note, we do not store any financial information from you. Alternatively, you may process an order using Paypal, Apple Pay, Google Pay or Amazon Pay.
SECTION 17 – CHANGES TO THIS POLICY
We may amend this Policy at any time. If we make any material change in how we collect, use, disclose or otherwise process personal information, we will prominently post a notice regarding such change on the Services. Where required to do so by law, we may seek your prior consent to any material changes we make to this Policy.