Privacy Policy

Last updated January 1, 2020.

Welcome to the Skims Website, skims.com (the “Website” or “Services”).  The Services are operated by Skims Body, Inc. (“we,” “us,” or “our”).  We believe that the privacy and security of your information and data (“Information”) is very important.  This Privacy Policy (“Policy”) explains the type of Information we collect from users of the Platform, how that Information is used, how the Information may be shared with other parties, and what controls our users have regarding their Information. We encourage you to read this Policy carefully. 

Any updates or modifications to this Policy will be posted to our Website on this page. By using or accessing the Platform, you signify that you have read, understand and agree to be bound by this Policy.

Our Services are operated in the United States but can be accessed worldwide. Residents of the European Economic Area (“EEA”), which includes the member states of the European Union, should consult the sections of this policy relating to the “Rights of EEA Residents” (under the “Your Rights” section below) and “International Data Transfers” for provisions that may apply to them.

California residents should consult the section titled “Your California Privacy Rights” for rights that apply to them.

Information We Collect and How We Use It

Types of Information

We may collect the following types of Information through our Platform:

(1) “Personal Data” such as your name, e-mail address and phone number, account or mailing address, company name (if applicable) and other information that can be used to directly identify and contact you (which, in some cases, may include certain Device Information or information from the signature block of your e-mail);

(2) “Device Information” which is information relating to the computer or device you are using when you access our Platform, such as your computer’s IP address, your mobile device identifiers (including Apple IDFA or an Android Advertising ID), the type of browser and operating system you are using, the identity of your internet service provider, and your device and browser settings.

(3) “Usage Data” which is data related to your use of the Services such as the pages you visit, the sites you use before or after visiting ours, your actions within the Platform, the type of content or advertisements you have accessed, seen, forwarded and/or clicked on, Wi-Fi connections, date and time stamps, log files, and diagnostic, crash, website, and performance logs and reports.

As described in more detail below, we collect Personal Data only when you provide it to us but may collect other types of Information whenever you use our Services through automated means such as software developer kits, cookies and web beacons (which are discussed in more detail below).

Personal Data

You may enter the Website and browse its content without submitting any Personal Data.  However, we will need to collect relevant Personal Data to provide you with certain services offered by the Platform, including if you choose to create an account on our website, contact us or otherwise communicate with us in any way, subscribe or opt in to our newsletter, alerts, or other communications, subscribe or opt in to SMS messages, sign up for product waitlists, participate in a contest or promotion, order our products, submit product reviews, questions, feedback or user comments, complete an optional survey, contact customer service or otherwise interact with the Platform.

We use the Personal Data that we collect to respond to your requests, communicate with you regarding the Services and our content, send you promotional or marketing communications, guard against potential fraud, provide product information, service your requests and orders, and provide you with the applicable services, features or functionality associated with your submission.  When you submit Personal Data through the Platform, whether by directly providing it to us upon request or voluntarily disclosing it through comments, you are giving your consent to the collection, use and disclosure of your Personal Data as set forth in this Privacy Policy.

Device Information & Usage Data

Whether or not you submit Personal Data, any time you visit our Platform, we or our service providers may collect, store or accumulate certain Device Information and Usage Data. This Information may be used in furtherance of the purposes described above with respect to Personal Data and in aggregate form for internal business purposes, such as optimizing the Platform, evaluating the popularity of content, generating statistics and developing marketing plans, and otherwise for general administrative, analytical, research, optimization, and security purposes.

Information to and from Social Networks

We may provide functionality that will allow you to connect to our Services through a third-party social network such as Facebook, Twitter or Instagram (each, a “Social Network”). If you connect through a Social Network, we may collect Personal Data from your profile, such as your name, username, and e-mail address, and we will use that Personal Data for the purposes set forth herein. In addition, our Services may offer social sharing features which will allow you to “Share” or “Like” on a Social Network. If you decide to use such features, it may allow the sharing and collection of Information both to and from such Social Network, so you should check the privacy policy of each Social Network before using such features.

Sharing of Information

In no event will we disclose, rent, sell or share any of your Personal Data to third parties for direct marketing purposes. We only share your Information with third parties for the purposes described below.

We contract with companies or individuals to provide certain services related to the functionality and features of the Platform, including content streaming, email and hosting services, software development, data management, orders, payment processing, management of forms, quizzes and polls, customer service, returns, live chat, marketing, fraud prevention, product review and questions, and administration of contests and other promotions. We call them our “Service Providers.” We may share your Information with Service Providers as appropriate for them to perform their services for us and our Service Providers are permitted to use your Information only for such purposes. 

We use Shopify, Inc. to host our website and to process our orders. Shopify’s privacy policy is located at:

https://www.shopify.com/legal/privacy

The server automatically logs the IP address you use to access our website as well as other information about your visit such as the pages accessed, information requested, the date and time of the request, the source of your access to our website (e.g. the website or URL (link) which referred you to our website), and your browser version and operating system.

In certain instances, as with Paypal and Afterpay, which process payments, you may also be directed to a third-party website which is governed by its own privacy policy:

https://www.paypal.com/us/webapps/mpp/ua/privacy-full
https://www.afterpay.com/privacy-policy

We may also share or transfer Device Information and Usage Data in aggregated, anonymized form with or to our affiliates, licensees, partners and Service Providers for administrative, analytical, research, optimization, and security purposes, but no such Information will be linked with your Personal Data or be used to identify or contact you.

Finally, we may share your Information: (i) In response to subpoenas, court orders, or other legal process; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases we reserve the right to raise or waive any legal objection or right available to us; (ii) When we believe it is appropriate to investigate, prevent, or take action regarding illegal or suspected illegal activities; to protect and defend the rights, property, or safety of our company, our users, or others; and in connection with the enforcement of our Terms of Use and other agreements; or (iii) In connection with a corporate transaction, such as a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.

Notwithstanding any of the above, we will not share your Personal Data if such sharing is prohibited by applicable privacy and data protection law, including, without limitation, the EEA’s General Data Protection Regulation effective May 25, 2018 and the California Consumer Protection Act (“CCPA”) which will come into effect on January 1, 2020.

Automated Data Collection / Cookies

We may use certain automatic analytics and tracking technologies to assist us in performing a variety of functions, including storing your Information, collecting Device Information and Usage Data, understanding your use of the Services and customizing the content offered to you on the Platform.  We may use platforms like Google Analytics to provide aggregated or anonymized information relating to demographics, geography, interests or affinities.  Other technologies we may use include:

(1) Cookies. Cookies are text files placed in your computer's browser to store your preferences. We use cookies or other tracking technologies to understand site and Internet usage and to improve or customize the Services and the content, offerings, or advertisements you see on the Services. For example, we may use cookies to personalize your experience on the Services or remember any settings you have chosen. Most web browsers automatically accept cookies, but you can usually configure your browser to prevent this. However, not accepting cookies may make certain features of the Services unavailable to you.

(2) Web Beacons. We may also use "web beacons" or clear GIFs, or similar technologies, which are small pieces of code placed on a web page or in an email, to monitor the behavior and collect data about the visitors viewing a web page or email. For example, web beacons may be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page. Web beacons may also be used to provide information on the effectiveness of our email campaigns (e.g., open rates, clicks, forwards, etc.).

(3) Mobile Device Identifiers and SDKs. We also sometimes use, or partner with publishers or app developer platforms that use, mobile Software Development Kits ("SDKs") that are incorporated into the Services to collect Information, such as mobile identifiers (e.g., IDFAs and Android Advertising IDs), geolocation information, and other information about your device or use of the Platform. A mobile SDK may act as the mobile version of a web beacon (see "Web Beacons" above). 

By visiting the Platform, whether as a registered user or otherwise, you acknowledge, and agree that you are giving us your consent to track your activities and your use of the Services through the technologies described above, as well as similar technologies developed in the future, and that we may use such tracking technologies in the emails we send to you.  Please note that no such tracking technologies will collect any Personal Data from you unless you choose to submit it to us and that data relating to you individually is not shared with any third parties.

For more information about our cookie policy, click here.

SMS Messaging

At your option, you may communicate through SMS messages regarding your orders and our products.  Normal text rates apply to such messages.  You may withdraw permission to communicate with you by SMS at any time.  We do not receive any individualized geographic information from you when you receive or reply to such messages.

Personal Data Retention

We retain the Personal Data we receive as described in this Privacy Policy for as long as you use the Services or as necessary to fulfill the purpose(s) for which it was collected, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

Privacy and Security

It is entirely your choice whether or not you provide Personal Data to us. We take reasonable precautions to protect our customers' Personal Data against loss, misuse, unauthorized disclosure, alteration, and destruction. However, please remember that no transmission of data over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your Personal Data, we cannot ensure or warrant the security of any Information that you transmit to us or from us, and you do so at your own risk. You hereby acknowledge that we are not responsible for any intercepted information sent via the Internet, and you hereby release us from any and all claims arising out of or related to the use of intercepted information in any unauthorized manner.

If you believe your Personal Data is being improperly used by us or any third party, please immediately notify us via email at privacy@skims.com.

Use of Automated Decision Making and Profiling

We use automated decision making and profiling.  We do this in order to protect our business from harm from fraud during the checkout process via a third-party service provider.

Children Under 18

The Services are intended for and targeted to adults.  We do not knowingly collect or solicit Personal Data directly from anyone under the age of 18.  If you are under 18, please do not send any Personal Data about yourself to us, including your name, address, telephone number, or email address. In the event that we learn that we have collected Personal Data from a child under age 18, we will delete that information as quickly as possible.  If you are a parent or guardian of a child under 18 years of age and you believe your child has provided us with Personal Data, please contact us at privacy@skims.com.

Links to Third Party Platforms

Our Services or communications may contain links to third party websites, over which we exercise no control, including the form of embedded content, sponsored content or co-branded content.  Except as set forth in this Policy, we do not share your Personal Data with those third parties and are not responsible for the privacy policies of any third party or their management of your Personal Data. Because they may treat your Information differently than we do, we suggest you read the privacy policies on those third-party websites prior to submitting any Personal Data to such sites. 

In addition, you may be redirected to a third-party platform for certain functions, including returns, forms, and customer service.  See above section regarding “Sharing of Information.”

Your Rights

Opting Out of Communications

As described above, we may use the Personal Data we collect from you to send you newsletters or other communications from us, including those promotional or marketing in nature. If you do not want to receive such communications, you can opt out by clicking here. 

You may also at any time opt out of receiving communications from us by sending an e-mail to privacy@skims.com with the subject line “Opt Out.”

Disallowing Cookies and Location Data Collection

You can opt out of the collection and use of certain information, which we collect about you by automated means, by changing the settings in the device you use to access the Platform.  In addition, your browser may tell you how to be notified and opt out of receiving certain types of cookies. Please note, however, that without cookies you may not be able to use all of the features of the Platform.

The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy, at:

http://optout.networkadvertising.org
http://www.youronlinechoices.eu
https://youradchoices.ca/choices
http://optout.aboutads.info

Your Right to Access, Review, and Delete Personal Data

Under certain laws, including the GDPR or, after January 1, 2020 the CCPA, which is described further below in the section headed “Your California Privacy Rights,” you may have the right to: obtain confirmation that we hold Personal Data about you, request access to and receive information about the Personal Data we maintain about you, restrict the use of the data, receive the data in a portable format, receive copies of the Personal Data we maintain about you, update and correct inaccuracies in your Personal Data, object to the continued processing or use of your Personal Data, complain to a supervisory authority, and have the Personal Data blocked, anonymized or deleted, as appropriate. The right to access Personal Data may be limited in some circumstances by local law. If you qualify, in order to exercise these rights, please contact us as set forth below.

Skims Body, Inc.
Attn: Privacy
3113 S. La Cienega Blvd.
Los Angeles, CA 90016
E-mail: privacy@skims.com

We may ask you to provide additional information for identity verification purposes, or to verify that you are in possession of an applicable email account.

Please understand, however, that we reserve the right to retain an archive of such Personal Data for a commercially reasonable time to ensure that its deletion does not affect the integrity of our data; and we further reserve the right to retain an anonymous version of such Information.

Your California Privacy Rights

The following section pertains to the rights of individuals or households in California (“California consumers”).

Civil Code Section 1798.83

Under certain circumstances, California Civil Code Section 1798.83 states that, upon receipt of a request by a California consumer, a business may be required to provide detailed information regarding how that business has shared that customer’s Personal Information with third parties for direct marking purposes.

Rights under the CCPA

After January 1, 2020, the CCPA (California Civil Code Section 1798.100 et seq.) will provide California consumers with additional rights regarding Personal Information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly with a particular consumer or household. The categories of Personal Information we collect are generally described above but differ for individual consumers depending on the Services used by such consumers.

Under the CCPA, qualifying California consumers may have the following rights:

Right to Know and Right to Delete

A California consumer has the right to request that we disclose what Personal Information we collect, use, disclose and sell. A California consumer also has the right to submit requests to delete Personal Information.

When we receive a request to know or delete from a California consumer, we will confirm receipt of the request within 10 days and provide information about how we will process the request, including our verification process. We will respond to such requests within 45 days.

Right for Disclosure of Information

A California consumer may also submit requests that we disclose specific types or categories of Personal Information that we collect.

Under certain circumstances, we will not provide such information, including where the disclosure creates a substantial, articulable and unreasonable risk to the security of that Personal Information, customers’ account with us, or the security of our systems or networks. We also will not disclose California consumers’ social security numbers, driver’s license numbers or other government-issued identification numbers, financial account numbers, any health insurance or medical identification numbers, or account passwords and security questions and answers.

Submitting Requests

If you are a California consumer and would like to make any requests under the CCPA, please click here or direct them to the following address:

Skims Body, Inc.
Attn: Privacy
3113 S. La Cienega Blvd.
Los Angeles, CA 90016
E-mail: privacy@skims.com

Verifying Requests

If we receive any request we will use a two-step process for online requests where the California consumer must first, clearly submit the request and then second, separately confirm the request. We will use other appropriate measures to verify requests received by mail or telephone.

In submitting a request, a California consumer must provide sufficient information to identify the consumer, such as name, e-mail address, home or work address, or other such information that is on record with us so that we can match such information to the Personal Information that we maintain. Do not provide social security numbers, driver’s license numbers, account numbers, credit or debit card numbers, medical information or health information with requests. If requests are unclear or submitted through means other than outline above, we will provide the California consumer with specific directions on how to submit the request or remedy any deficiencies. If we cannot verify the identity of the requestor, we may deny the request.

California Do Not Track Disclosures

Although some browsers currently offer a “do not track (‘DNT’) option,” no common industry standard for DNT exists. We therefore do not currently commit to responding to browsers’ DNT signals.

International Data Transfers

If you are resident outside the United States, including in the EEA, we transfer Personal Data provided by you for processing in the United States, including Personal Information sent via e-mails or when you make an order.  Under the GDPR, we are considered a “controller” and a “co-processor” of the Personal Data of EEA Residents.  By providing Personal Data to us for the purpose of using the Platform, you consent to the processing of such data in the United States.  The transfer of your Personal Data to the United States is necessary for the performance of a contract between you and us for your use of the Platform. 

Please note that the United States does not have data protection laws equivalent to those in the EEA and other jurisdictions.

Rights of EEA Residents

This section of the Privacy Policy is applicable to residents of the EEA, which consists of the member states of the European Union.  This section also applies to residents of Switzerland and, in the event of its departure from the EU, residents of the United Kingdom.   Residents of the EEA, UK and Switzerland are referred to here as “EEA Residents.”

From May 25, 2018, all processing of Personal Data of EEA Residents is performed by us in accordance with the General Data Protection Regulation (2016/679) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of Personal Data and on the free movement of such data (“GDPR”).

Under the GDPR, we are both the controller and a co-processor of the Personal Data of EEA Residents. Our purpose for collecting and processing Personal Data from EEA Residents is to provide them with the features and functionalities of our Services and information regarding our Services.  The legal basis for collecting Personal Data is because it is necessary for performance of a contract between us to provide you with the Services and its related features and functionality. We also rely on your consent to receive information about our Platform.  You may withdraw consent from receiving marketing and promotional communications by clicking the “Unsubscribe” link on the communication or sending an e-mail to privacy@skims.com with the subject line “Opt Out.”  If EEA Residents do not provide Personal Data to us or withdraw consent for processing such Personal Data, we may not be able to provide such residents with certain features or functionalities of the Services or information regarding the Platform, including processing orders.  Note that we do not collect any sensitive personal information about you. 

EEA Residents may obtain information about the Personal Data that we hold about them by contacting us at privacy@skims.com.

Changes to this Privacy Policy

We reserve the right to change this Policy at any time. In the event we make changes to this Policy, such policy will be re-posted in the "Privacy" section of our Services with the date such modifications were made indicated on the top of the page. Therefore, please review this Policy from time to time so that you are aware when any changes are made to this Policy.  If you have any questions about the changes that were implemented, please contact us at privacy@skims.com and include “Information Regarding Updated Policy” in the subject line.  In any event, your continued use of the Services after such change constitutes your acceptance of any such change(s), and if you do not accept any changes, you may choose not to use the Services or opt out by sending us an appropriate notice.

Your Agreements

You represent and warrant that any Personal Data you provide us is true and correct and relates to you and not to any other person. 

If you use the Platform, you are responsible for maintaining the confidentiality of your account and for restricting access to your computer or device, and you agree to accept responsibility for all activities that occur under your account.

General Legal

All other terms governing this Privacy Policy shall be those set forth in our Terms of Use which are incorporated herein by this reference.

If you have questions or comments about this Policy, please contact us at privacy@skims.com with “Privacy” in the subject line of your email.