Any updates or modifications to this Policy will be posted to our Website on this page. By using or accessing the Platform, you signify that you have read, understand and agree to be bound by this Policy. This Policy is effective as of September 09, 2019 and has not been modified since that date.
Our Platform is operated in the United States but can be accessed worldwide. Residents of the European Economic Area (“EEA”), which includes the member states of the European Union, should consult the sections of this policy relating to the “Rights of EEA Residents” (under the “Your Rights” section below) and “International Data Transfers” for provisions that may apply to them.
Information We Collect and How We Use It
We may collect the following types of Information through our Platform:
(1) “Personal Data” such as your name, e-mail address and phone number, account or mailing address, company name (if applicable) and other information that can be used to directly identify and contact you (which, in some cases, may include certain Device Information or information from the signature block of your e-mail);
(2) “Device Information” which is information relating to the computer or device you are using when you access our Platform, such as your computer’s IP address, your mobile device identifiers (including Apple IDFA or an Android Advertising ID), the type of browser and operating system you are using, the identity of your internet service provider, and your device and browser settings.
(3) “Usage Data” which is data related to your use of the Platform such as the pages you visit, the sites you use before or after visiting ours, your actions within the Platform, the type of content or advertisements you have accessed, seen, forwarded and/or clicked on, Wi-Fi connections, date and time stamps, log files, and diagnostic, crash, website, and performance logs and reports.
As described in more detail below, we collect Personal Data only when you provide it to us but may collect other types of Information whenever you use our Platform through automated means such as software developer kits, cookies and web beacons (which are discussed in more detail below).
You may enter the Website and browse its content without submitting any Personal Data. However, we will need to collect relevant Personal Data to provide you with certain services offered by the Platform, including if you choose to create an account on our website, contact us or otherwise communicate with us in any way, subscribe or opt in to our newsletter, alerts, or other communications, subscribe or opt in to SMS messages, sign up for product waitlists, participate in a contest or promotion, order our products, submit product reviews, questions, feedback or user comments, complete an optional survey, contact customer service or otherwise interact with the Platform.
Device Information & Usage Data
Whether or not you submit Personal Data, any time you visit our Platform, we or our service providers may collect, store or accumulate certain Device Information and Usage Data. This Information may be used in furtherance of the purposes described above with respect to Personal Data and in aggregate form for internal business purposes, such as optimizing the Platform, evaluating the popularity of content, generating statistics and developing marketing plans, and otherwise for general administrative, analytical, research, optimization, and security purposes.
Information to and from Social Networks
Sharing of Information
In no event will we disclose, rent, sell or share any of your Personal Data to third parties for direct marketing purposes. We only share your Information with third parties for the purposes described below.
We contract with companies or individuals to provide certain services related to the functionality and features of the Platform, including content streaming, email and hosting services, software development, data management, orders, payment processing, management of forms, quizzes and polls, customer service, returns, live chat, marketing, fraud prevention, product review and questions, and administration of contests and other promotions. We call them our “Service Providers.” We may share your Information with Service Providers as appropriate for them to perform their services for us and our Service Providers are permitted to use your Information only for such purposes.
We may also share or transfer Device Information and Usage Data in aggregated, anonymized form with or to our affiliates, licensees, partners and Service Providers for administrative, analytical, research, optimization, and security purposes, but no such Information will be linked with your Personal Data or be used to identify or contact you.
Notwithstanding any of the above, we will not share your Personal Data if such sharing is prohibited by applicable privacy and data protection law, including, without limitation, the EEA’s General Data Protection Regulation effective May 25, 2018 and the California Consumer Protection Act (“CCPA”) which will come into effect on January 1, 2020.
Automated Data Collection / Cookies
We may use certain automatic analytics and tracking technologies to assist us in performing a variety of functions, including storing your Information, collecting Device Information and Usage Data, understanding your use of the Platform and customizing the content offered to you on the Platform. We may use platforms like Google Analytics to provide aggregated or anonymized information relating to demographics, geography, interests or affinities. Other technologies we may use include:
(2) Web Beacons. We may also use "web beacons" or clear GIFs, or similar technologies, which are small pieces of code placed on a web page or in an email, to monitor the behavior and collect data about the visitors viewing a web page or email. For example, web beacons may be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page. Web beacons may also be used to provide information on the effectiveness of our email campaigns (e.g., open rates, clicks, forwards, etc.).
(3) Mobile Device Identifiers and SDKs. We also sometimes use, or partner with publishers or app developer platforms that use, mobile Software Development Kits ("SDKs") that are incorporated into the Platform to collect Information, such as mobile identifiers (e.g., IDFAs and Android Advertising IDs), geolocation information, and other information about your device or use of the Platform. A mobile SDK may act as the mobile version of a web beacon (see "Web Beacons" above).
By visiting the Platform, whether as a registered user or otherwise, you acknowledge, and agree that you are giving us your consent to track your activities and your use of the Platform through the technologies described above, as well as similar technologies developed in the future, and that we may use such tracking technologies in the emails we send to you. Please note that no such tracking technologies will collect any Personal Data from you unless you choose to submit it to us [and that data relating to you individually is not shared with any third parties]. Please confirm the highlighted section.
At your option, you may communicate through SMS messages regarding your orders and our products. Normal text rates apply to such messages. You may withdraw permission to communicate with you by SMS at any time. We do not receive any individualized geographic information from you when you receive or reply to such messages.
Personal Data Retention
Privacy and Security
It is entirely your choice whether or not you provide Personal Data to us. We take reasonable precautions to protect our customers' Personal Data against loss, misuse, unauthorized disclosure, alteration, and destruction. However, please remember that no transmission of data over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your Personal Data, we cannot ensure or warrant the security of any Information that you transmit to us or from us, and you do so at your own risk. You hereby acknowledge that we are not responsible for any intercepted information sent via the Internet, and you hereby release us from any and all claims arising out of or related to the use of intercepted information in any unauthorized manner.
If you believe your Personal Data is being improperly used by us or any third party, please immediately notify us via email at firstname.lastname@example.org.
Use of Automated Decision Making and Profiling
We use automated decision making and profiling. We do this in order to protect our business from harm from fraud during the checkout process via a third-party service provider.
Children Under 13
The Platform is intended for and targeted to adults. We do not knowingly collect or solicit Personal Data directly from anyone under the age of 13. If you are under 13, please do not send any Personal Data about yourself to us, including your name, address, telephone number, or email address. In the event that we learn that we have collected Personal Data from a child under age 13, we will delete that information as quickly as possible. If you are a parent or guardian of a child under 13 years of age and you believe your child has provided us with Personal Data, please contact us at email@example.com.
Links to Third Party Platforms
Our Platform or communications may contain links to third party websites, over which we exercise no control, including the form of embedded content, sponsored content or co-branded content. Except as set forth in this Policy, we do not share your Personal Data with those third parties and are not responsible for the privacy policies of any third party or their management of your Personal Data. Because they may treat your Information differently than we do, we suggest you read the privacy policies on those third-party websites prior to submitting any Personal Data to such sites.
In addition, you may be redirected to a third-party platform for certain functions, including returns, forms, and customer service. See above section regarding “Sharing of Information.”
Opting Out of Communications
As described above, we may use the Personal Data we collect from you to send you newsletters or other communications from us, including those promotional or marketing in nature. If you do not want to receive such communications, you can opt out by using the unsubscribe link at the bottom of our communications. You may also at any time opt out of receiving communications from us by sending an e-mail to firstname.lastname@example.org with the subject line “Opt Out.”
Disallowing Cookies and Location Data Collection
You can opt out of the collection and use of certain information, which we collect about you by automated means, by changing the settings in the device you use to access the Platform. In addition, your browser may tell you how to be notified and opt out of receiving certain types of cookies. Please note, however, that without cookies you may not be able to use all of the features of the Platform.
Your Right to Access, Review, and Delete Personal Data
Under certain laws, including the GDPR or, after January 1, 2020 the CCPA, which is described further below in the section headed “Your California Privacy Rights,” you may have the right to: obtain confirmation that we hold Personal Data about you, request access to and receive information about the Personal Data we maintain about you, restrict the use of the data, receive the data in a portable format, receive copies of the Personal Data we maintain about you, update and correct inaccuracies in your Personal Data, object to the continued processing or use of your Personal Data, complain to a supervisory authority, and have the Personal Data blocked, anonymized or deleted, as appropriate. The right to access Personal Data may be limited in some circumstances by local law. If you qualify, in order to exercise these rights, please contact us as set forth below.
Skims Body, Inc.
3578 Hayden Ave.
Culver City, CA 90232
We may ask you to provide additional information for identity verification purposes, or to verify that you are in possession of an applicable email account. Please understand, however, that we reserve the right to retain an archive of such Personal Data for a commercially reasonable time to ensure that its deletion does not affect the integrity of our data; and we further reserve the right to retain an anonymous version of such Information.
Your California Privacy Rights
Under certain circumstances, California Civil Code Section 1798.83 states that, upon receipt of a request by a California customer, a business may be required to provide detailed information regarding how that business has shared that customer’s Personal Data with third parties for direct marking purposes. However, the foregoing does not apply to businesses like ours that do not disclose Personal Data to third parties for direct marketing purposes without prior approval or give customers a free mechanism to opt out of having their Personal Data disclosed to third parties for their direct marketing purposes.
After January 1, 2020, the CCPA (California Civil Code Section 1798.100) will provide California residents with additional protections for personal information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly with a particular consumer or household. Under the CCPA, you may have a right to request disclosure of the categories and specific information that we have collected. If you wish to make such a request after January 1, 2020, please contact us at email@example.com.
California Do Not Track Disclosures
Although some browsers currently offer a “do not track (‘DNT’) option,” no common industry standard for DNT exists. We therefore do not currently commit to responding to browsers’ DNT signals.
Rights of EEA Residents
From May 25, 2018, all processing of Personal Data of EEA Residents is performed by us in accordance with the General Data Protection Regulation (2016/679) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of Personal Data and on the free movement of such data (“GDPR”).
Under the GDPR, we are both the controller and a co-processor of the Personal Data of EEA Residents. Our purpose for collecting and processing Personal Data from EEA Residents is to provide them with the features and functionalities of our Platform and information regarding our Platform. The legal basis for collecting Personal Data is because it is necessary for performance of a contract between us to provide you with the Platform and its related features and functionality. We also rely on your consent to receive information about our Platform. You may withdraw consent from receiving marketing and promotional communications by clicking the “Unsubscribe” link on the communication or sending an e-mail to firstname.lastname@example.org with the subject line “Opt Out.” If EEA Residents do not provide Personal Data to us or withdraw consent for processing such Personal Data, we may not be able to provide such residents with certain features or functionalities of the Platform or information regarding the Platform, including processing orders. Note that we do not collect any sensitive personal information about you.
EEA Residents may obtain information about the Personal Data that we hold about them by contacting us at email@example.com. You may also contact us at Skims Body, Inc., 3578 Hayden Ave., Culver City, California 90232.
International Data Transfers
If you are resident outside the United States, including in the EEA, we transfer Personal Data provided by you for processing in the United States, including Personal Information sent via e-mails or when you make an order. Under the GDPR, we are considered a “controller” and a “co-processor” of the Personal Data of EEA Residents. By providing Personal Data to us for the purpose of using the Platform, you consent to the processing of such data in the United States. The transfer of your Personal Data to the United States is necessary for the performance of a contract between you and us for your use of the Platform.
Please note that the United States does not have data protection laws equivalent to those in the EEA and other jurisdictions.
We reserve the right to change this Policy at any time. In the event we make changes to this Policy, such policy will be re-posted in the "Privacy" section of our Platform with the date such modifications were made indicated on the top of the page. Therefore, please review this Policy from time to time so that you are aware when any changes are made to this Policy. If you have any questions about the changes that were implemented, please contact us at firstname.lastname@example.org and include “Information Regarding Updated Policy” in the subject line. In any event, your continued use of the Platform after such change constitutes your acceptance of any such change(s), and if you do not accept any changes, you may choose not to use the Platform or opt out by sending us an appropriate notice.
You represent and warrant that any Personal Data you provide us is true and correct and relates to you and not to any other person. If you use the Platform, you are responsible for maintaining the confidentiality of your account and for restricting access to your computer or device, and you agree to accept responsibility for all activities that occur under your account.