Effective Date: November 15, 2019
All references to Swisse include not only Health and Happiness (H&H) Inc., located at 225 Broadway Suite 450 San Diego, CA 92101, but also our wholly owned subsidiaries, unless expressly stated otherwise.
TABLE OF CONTENTS
Swisse collects data to provide the Services you request, ease your navigation on our website, communicate with you, and improve your experience using our Services. Some of this information is provided by you directly, such as when you create an account on our website, or purchase a product or service from us. Some of the information is collected through your interactions with our Services. We collect such data using technologies like cookies and other tracking technologies, error reports, and usage data collected when you interact with Swisse website.
We also obtain data from third parties or use third parties to assist us with data collection. For example, we may supplement the data we collect as described in this section by purchasing demographic data from other companies. We also use services from other companies to help us determine a location based on your IP address notably to customize certain services to your location. In addition, we utilize third-party services to collect usage data.
The data we collect depends on the Services and features thereof that you use, and includes the following:
Name and contact data. We collect your first and last name, email address, postal address, phone number, and other similar contact data.
Credentials. We process passwords and related security information used for authentication and account access and information security purposes.
Payment data. We collect data necessary to process your payment if you make purchases, such as your payment instrument number (such as a credit card number).
Usage data. We collect personalized information about your use of our Services, to better understand uses thereof and identify potential improvements, as well as to send you promotional communications or offers tailored to your use of our Services and interest thereto.
- Information on the web pages you visit on and off our website and the search terms you enter on our website.
- Information regarding the performance of our Services and any problems you may experience while using them. This information enables us to diagnose problems and offer support in resolution.
- Data about your device and the network you use to connect to our website, including IP address, device identifiers, and regional and language settings.
Web requests. We collect information regarding every web request sent to the relevant servers. This information is used to provide support, as well as to assess usage and performance of our Services. The data collected for each request can include such things as timestamps, any exception messages, user agent, IP address, and request time and duration.
Location data. We collect your IP address and infer location such as city or postcode therefrom, when necessary in order to provide you with the Services or to send you promotional communications or for customer relationship management purposes.
Content. We may collect the content of messages you send to us, such as feedback or questions you ask our technical support representatives, when necessary to provide you with the Services you use. We will collect and utilize any data files you send to us for troubleshooting and improving our Services. When you contact us, phone conversations or chat sessions with our representatives may be monitored and recorded in order to improve our services, facilitate the processing and resolution of your request or complaint.
Surveys and Studies. We may ask you to participate in a survey or study; and may request information from you. Participation is voluntary, and you have the choice of whether to disclose any requested information.
We will only use your personal data when the law allows us to. We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Swisse uses information that we collect from customers and visitors for the purposes of:
- Providing our Services;
- Processing payments;
- Providing ongoing support;
- Evaluating you for a job or internship;
- Communicating with you, including promotional communications and customer relationship management (“CRM”);
- Providing information about other Services;
- Helping us run our company, for example to improve our Services or our security, train staff or perform marketing activities, including CRM;
- Complying with our legal obligations; and
- Accounting and other administrative purposes.
Examples of the uses of information include:
Providing Services. We use data to carry out your transactions with us and to provide Services to you. Often, this includes personal data such as email, name, and address. We may collect additional information when you register to use the Services, including contact information and credentials. We may use this data to diagnose and address problems and provide other support services
Improving Product and Services. We use data to continually improve our Services, including adding new features or capabilities. Data is collected throughout your interactions with our Services that enable us to understand customer usage and tailor future capabilities.
We track general, non-personalized information (e.g., operating system, browser version and type of device being used) to know how many people visit specific pages of our Services or utilize specific areas of our Services so that we may improve those Services. We may use your IP address to customize services to your location, such as the language displayed on our Services.
Please note that we use IP addresses on a highly restrictive basis to analyze trends, to administer the site, and to collect general information for aggregate use.
Marketing and event communication: We use personal data to deliver marketing and event communications to you across various platforms, such as email, direct mail, social media, and online via our Services.
If we send you a marketing email, it will include instructions on how to opt out of receiving these emails in the future. For information about managing email subscriptions and promotional communications, please visit the Your Rights Regarding Personal Data section of this privacy statement. Please remember that even if you opt out of receiving marketing emails, we may still send you important Service information related to your accounts and subscriptions.
Processing Payments: If you make a payment to Swisse, we will ask for payment Information and other information requested for processing your payment.
We may provide your personal data to:
- Swisse-controlled affiliates and subsidiaries, located in and outside your country or region;
- outsourced service providers who perform functions on our behalf, located inside or outside of your country or region. For example, when you provide payment data to make a purchase, we will share payment data with banks and other entities that process payment transactions or provide other financial services, and for fraud prevention and credit risk reduction;
- our authorized agents and representatives, located inside or outside of your country or region, who sell products or provide services on our behalf;
- anyone expressly authorized by you to receive your personal data;
- anyone to whom we are required by law to disclose personal data, upon valid and enforceable request thereof.
We will access, disclose and preserve personal data when we have a good faith belief that doing so is necessary to:
- comply with applicable law or respond to valid legal processes, including from law enforcement or other government agencies, upon valid and enforceable request thereof; or
- operate and maintain the security of our Services, including to prevent or stop an attack on our computer systems or networks.
Please note that some of our Services may direct you to services of third parties whose privacy practices differ from Swisse’s. If you provide personal data to any of those services, your data is governed by their privacy statements or policies. Health and Happiness (H&H) Inc. and their subsidiaries are not responsible for the privacy practices of these other websites. For example, we use Shopify to power our online store—you can read more about how Shopify uses your personal data here: https://www.shopify.com/legal/privacy. Please review the privacy policies for these websites to understand how they process your information.
Security of Personal Data
Swisse is committed to protecting the security of your personal data. Depending on the circumstances, we may hold your information in hard copy and/or electronic form. For each medium, we use technologies and procedures to protect personal data. We review our strategies and update as necessary to meet our business needs, changes in technology, and regulatory requirements.
These measures include, but are not limited to, technical and organizational security policies and procedures, security controls and employee training.
You are responsible for maintaining the security of your account credentials for the Services. Swisse will treat access to the Services through your account credentials as authorized by you. Unauthorized access to password-protected or secure areas is prohibited and may lead to criminal prosecution. We may suspend your use of all or part of the Services without notice if we suspect or detect any breach of security. If you believe that information you provided to us is no longer secure, please notify us immediately using the contact information provided below.
If we become aware of a breach that affects the security of your personal data, we will provide you with notice as required by applicable law. To the extent permitted by applicable law, Swisse will provide any such notice that Swisse must provide to you at your account’s email address. By using the Services, you agree to accept notice electronically.
Storage and Transfer of Personal Data
Swisse also collaborates with third parties such as cloud hosting services and suppliers located around the world to serve the needs of our business, workforce, and customers. In some cases, we may need to disclose or transfer your personal data within Swisse or to third parties in areas outside of your home country. When we do so, we take steps to ensure that personal data is processed, secured, and transferred according to applicable law.
If you would like to know more about our data transfer practices, please contact our Legal Department at email@example.com.
Retention of Personal Data
Swisse retains personal data for as long as necessary to provide the services and fulfill the transactions you have requested, or for other business purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. We are required by law to keep some types of information for certain periods of time (e.g. statute of limitations). If your personal data is no longer necessary for the legal or business purposes for which it is processed, we will generally destroy or anonymize that information.
Swisse respects your right to access and control your personal data. You have choices about the data we collect. When you are asked to provide personal data that is not necessary for the purposes of providing you with our Services, you may decline. However, if you choose not to provide data that is necessary to provide a Service, you may not have access to certain features, Services.
We aim to keep all personal data that we hold accurate, complete and up-to-date. While we will use our best efforts to do so, we encourage you to tell us if you change your contact details and this can be easily accomplished using the Manage Account section. However, if you believe that the information we hold about you is incorrect, incomplete or out-of-date, please contact us at firstname.lastname@example.org.
Access to personal data: In some jurisdictions, you have the right to request access to your personal data. In these cases, we will comply, subject to any relevant legal requirements and exemptions, including identity verification procedures. Before providing data to you, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data. We may also charge you a fee for providing you with a copy of your data (except where this is not permissible under local law).
If you are a corporate user of our Services (which means your employer is a Swisse customer of such Services): please first request access to your personal data with your employer. Your employer will then be in touch with us with respect to your request.
Correction and deletion: In some jurisdictions, you have the right to correct or amend your personal data if it is inaccurate or requires updating. You may also have the right to request deletion of your personal data. Please note that such a request could be refused because your personal data is required to provide you with the products or services you requested, e.g. to deliver a product or send an invoice to your email address, or that it is required by the applicable law.
Marketing preferences: If you have provided us with your contact information, we may, subject to any applicable Spam Act or similar regulation, contact you via e-mail, postal mail or telephone about Swisse products, services and events that may be of interest to you, including our newsletter.
E-mail communications you receive from Swisse will generally provide an unsubscribe link allowing you to opt-out of receiving future e-mail or to change your contact preferences. Please remember that even if you opt out of receiving marketing emails, we may still send you important Service information related to your accounts and subscriptions.
You can also request changes to your account by emailing Swisse at email@example.com.
California Shine the Light Law: California Civil Code Section 1798.83 permits users who are California residents to obtain from us once a year, free of charge, a list of third parties to whom we have disclosed personal information (if any) for direct marketing purposes in the preceding calendar year. If you are a California resident and you wish to make such a request, please send an e-mail with “California Privacy Rights” in the subject line to firstname.lastname@example.org or write us at: Health and Happiness (H&H) Inc., 225 Broadway Suite 450 San Diego, CA 92101.
We may combine the information we collect via Cookies with personal data that we have collected from you to learn more about how you use our websites to improve them.
Types of Cookies
We use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your device until you delete them). To make it easier for you to understand why we need them, the Cookies we use on our websites can be grouped into the following categories:
- Strictly Necessary: These Cookies are necessary for the websites to work properly. They include any essential authentication and authorization cookies for our websites.
- Functionality: These Cookies enable technical performance and allow us to “remember” the choices you make while browsing our websites, including any preferences you set. They also include sign-in and authentication cookies and IDs that enable you to return without additional sign-in.
- Performance/Analytical: These Cookies allow us to collect certain information about how you navigate the websites or utilize the Products running on your device. They help us understand which areas you use and what we can do to improve them.
- Targeting: These Cookies are used to deliver relevant information related to our websites to an identified machine or other device (not a named or otherwise identifiable person) which has previously been used to visit our websites. Some of these types of Cookies on our websites are operated by third parties with our permission and are used to identify advertising sources that are effectively driving customers to our websites.
Cookies Set by Third Party Services
To enhance our content and to deliver a better online experience for our users, we sometimes embed images and videos from other websites on the websites. We currently use, and may in future use content from websites such as Facebook, LinkedIn and Twitter. You may be presented with Cookies from these third-party websites. Please note that we do not control these Cookies. The privacy practices of these third parties will be governed by the parties’ own privacy statements or policies. We are not responsible for the security or privacy of any information collected by these third parties, using cookies or other means. You should consult and review the relevant third-party privacy statement or policy for information on how these cookies are used and how you can control them.
Other Similar Technologies
Swisse web pages may use other technologies such as web beacons to help deliver cookies on our websites and count users who have visited those websites. We also may include web beacons in our promotional email messages or newsletters to determine whether you open and act on them as well as for statistical purposes.
In addition to standard cookies and web beacons, our services can also use other similar technologies to store and read data files on your computer. This is typically done to maintain your preferences or to improve speed and performance by storing certain files locally.
How to Control and Delete Cookies
Cookies can be controlled, blocked or restricted through your web browser settings. Information on how to do this can be found within the Help section of your browser. All Cookies are browser specific. Therefore, if you use multiple browsers or devices to access websites, you will need to manage your cookie preferences across these environments.
If you are using a mobile device to access our websites, you will need to refer to your instruction manual or other help/settings resource to find out how you can control cookies on your device.
Please note: If you restrict, disable or block any or all Cookies from your web browser or mobile or other device, the websites may not operate properly, and you may not have access to our websites available through the websites. Swisse shall not be liable for any impossibility to use the websites or degraded functioning thereof, where such are caused by your settings and choices regarding cookies.
To learn more about cookies and web beacons, visit www.allaboutcookies.org.
Do Not Track: Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about the browser’s user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, many website operators, including Swisse, do not respond to DNT signals.
Services ARE NOT INTENDED FOR CHILDREN
You must be at least the age of majority in your place of residence to use the Services. The Services are not directed to or intended for use by minors. Consistent with the requirements of the U.S. Children’s Online Privacy Protection Act, if we learn that we received any information directly from a child under age 13 without his or her parent’s verified consent, we will use that information only to inform the child (or his or her parent or legal guardian) that he or she cannot use the Services.
California Minors: While the Services is not intended for anyone under the age of 18, if you are a California resident who is under age 18 and you are unable to remove publicly-available content that you have submitted to us, you may request removal by contacting us at: email@example.com. When requesting removal, you must be specific about the information you want removed and provide us with specific information, such as the URL for each page where the information was entered, so that we can find it. We are not required to remove any content or information that: (1) federal or state law requires us or a third party to maintain; (2) was not posted by you; (3) is anonymized so that you cannot be identified; (4) you don’t follow our instructions for removing or requesting removal; or (5) you received compensation or other consideration for providing the Content or information. Removal of your content or information from the Services does not ensure complete or comprehensive removal of that content or information from our systems or the systems of our service providers. We are not required to delete the content or information posted by you; our obligations under California law are satisfied so long as we anonymize the content or information or render it invisible to other users and the public.
Mail: Health and Happiness (H&H) Inc.
Attention: Legal Department
225 Broadway Suite 450 San Diego, CA 92101
Information We Collect
The Services collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, the Services has collected the following categories of personal information from its consumers in the last twelve (12) months. We obtain the categories of personal information listed below as set forth in the methods described in the Personal Data We Collect From You section above.
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||
A name, signature, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.Some personal information included in this category may overlap with other categories.
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||
|D. Commercial information.||
|E. Biometric information.||
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
|F. Internet or other similar network activity||
Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
|G. Geolocation data.||
Physical location or movements.
|H. Sensory data.||
Audio, electronic, visual, thermal, olfactory, or similar information.
|I. Professional or employment-related information.||
Current or past job history or performance evaluations.
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
|K. Inferences drawn from other personal information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||
Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA’s scope, including without limitation: health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following business purposes:
- To fulfill or meet the reason you provided the information.
- To provide, support, personalize, and develop our products and services.
- To create, maintain, customize, and secure your account with us.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To personalize your Services experience and to deliver content and product and service offerings relevant to your interests, including offers and ads through our Website, third-party sites, and via email (with your consent, where required by law).
- To help maintain the safety, security, and integrity of our products and services, databases and other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improve our products and services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by the Company about our users is among the assets transferred.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
We share your personal information with the following categories of third parties:
- Service providers
- Data aggregators
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
- California Customer Records personal information categories
- Commercial information
- Internet or other similar network activity
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
1) Right to Access Specific Information and Data Portability Right
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we disclosed your personal information for a business purpose, the business purpose for which personal information was disclosed, and the personal information categories that each category of recipient obtained.
- If applicable, (1) the categories of personal information we have sold; (2) the categories of personal information that we sold about the consumer and the categories of third parties to whom the personal information was sold, by category or categories of personal information for each category of third parties to whom the personal information was sold.
2) Right to Delete
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
3) Right to Opt-Out
If you are 16 years of age or older, you have the right to direct us not to sell your personal information at any time (the “right to opt-out”). We do not sell the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal information sales my opt-out of future sales at any time.
To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by sending us an e-mail at firstname.lastname@example.org. Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. However, you may change your mind and opt back in to personal information sales at any time by sending us an e-mail at email@example.com. We will only use personal information provided in an opt-out request to review and comply with the request.
4) Exercising Your Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
- E-mailing us at: firstname.lastname@example.org
- Calling us at: 855-979-4773
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make such a request for access or data portability twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response electronically. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
Mail: Health and Happiness (H&H) Inc.
Attention: Legal Department
225 Broadway Suite 450 San Diego, CA 92101