Welcome to the TATCHA, LLC ("TATCHA," "we," "us," or "our") website. TATCHA offers our users (collectively, "Users," "you," or "your") high-quality, holistic skincare products made with time-tested ingredients (the "Products") through our website at www.tatcha.com (the "Site").
Information We Collect
When you interact with our Site, we collect information that alone or in combination with other information could be used to identify you ("Personal Data").
Personal Data You Provide Us:
Account Information: We collect information about you when you register for an account on the Site, such as your first and last name, email, password. If you sign-up with your Facebook account, we may receive information like your name, profile picture, and email address.
Orders. When you order Products on the Site, we request your name, email address, shipping and billing address, phone number. We also request your payment card details so our payment processor can process your order (we do not process or store your payment card data). Any payment information you provide will be processed and stored by our payment processor (please read the Sharing and Disclosure of Information section below for more information). We may also maintain a record of your Product purchases.
Whether or not you provide Personal Data to us is completely up to you, but if you choose not to provide information that is needed to process your orders or to use some features of our Site, we may be unable to process your orders or you may be unable to use those features.
Information We Receive From Your Use of the Site:
When you visit, use and interact with the Site, we may receive certain information about your visit, use or interactions. For example, we may monitor the number of people that visit our Site, peak hours of visits, which page(s) are visited on our Site, the domains our visitors come from (e.g., google.com, yahoo.com, etc.), and which browsers people use to access and visit our Site (e.g., Firefox, Microsoft Internet Explorer, etc.), broad geographical information, and Site-navigation patterns. In particular, the following information is created and automatically logged in our systems:
- Log data: Information ("log data") that your browser automatically sends whenever you visit the Site. Log data includes your Internet Protocol ("IP") address (so we understand which country you are connecting from when you visit the Site), browser type and settings, the date and time of your request, and how you interacted with the Site.
- Device information: Includes name of the device, operating system, and browser you are using. Information collected may depend on the type of device you use and its settings.
- Usage information: We collect information about how you use our Site, such as the types of content that you view or engage with, the features you use, the actions you take, and the time, frequency and duration of your activities.
HOW WE USE INFORMATION
We use your Personal Data for the following purposes:
To process your orders, including processing your payments, dispatching products, tracking orders and providing you with related customer service, including communicating with you as necessary in connection with your orders. This processing is necessary to perform our contract with you.
As necessary for certain legitimate business interests, which include the following:
- To respond to your inquiries, comments, feedback or questions;
- To send administrative information to you, for example, information regarding the Site, and changes to our terms, conditions, and policies;
- To conduct analytics to inform our marketing strategy and enable us to enhance and personalize the experience we offer to our users, including by creating User profiles to enable personalized direct marketing communications.
- If you ask us to delete your data and we are required to fulfill your request, to keep basic data to identify you and prevent further unwanted processing;
- To prevent fraud, criminal activity, or misuses of our Site, block prohibited reseller traffic, and to ensure the security of our IT systems, architecture and networks; and
- To comply with legal obligations and legal process and to protect our rights, privacy, safety or property, and/or that of our affiliates, you or other third parties.
For information about what we mean by legitimate interests and the rights of individuals in the European Union ("EU"), please see the "EU Users" section below.
Marketing. We may contact you to tell you about services or Products we believe will be of interest to you. For instance, if you elect to provide your date of birth and your skin type through your account page, we may use that information to inform you about Products we believe would work well for you or send you special offers on or near your birthday. If we do, where required by law, for example if you are a User in the EU, we will only send you marketing information if you consent to us doing so at the time you provide us with your Personal Data. You may opt out of receiving such emails by following the instructions contained in each promotional email we send you or by updating your user settings. In addition, if at any time you do not wish to receive future marketing communications, please contact us at firstname.lastname@example.org. If you unsubscribe from our marketing lists, we will continue to contact you via email regarding the provision of our Site and Products (i.e. to update you about your orders) and to respond to your requests.
CONTESTS, SURVEYS AND PROMOTIONS
Targeted Advertisements. We may display targeted advertisements based on Personal Data. TATCHA does not provide Personal Data to the advertiser when a User interacts with or views a targeted advertisement. However, please be aware that by interacting with or viewing an advertisement the third party that served the ad may assume that you meet the targeting criteria used to display the advertisement. Please read the "Cookies and other Technologies" section below for information about advertising cookies and other technologies that we use on the Site, and your choices in relation to such use.
SHARING AND DISCLOSURE OF INFORMATION
In certain circumstances we may share your Personal Data with third parties without further notice to you, unless required by applicable law, as set forth below:
- Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions: providers of hosting, cloud services and other information technology services providers; our payment processor PayPal, Inc.; order management services; e-commerce platforms; rating and reviews platforms; email communication and customer support services (including live chat); web analytics, marketing and digital advertising services (for more details on the third parties that place cookies through the Site, please see the "Cookies and Other Technologies" section below). Pursuant to our instructions, these parties will access, process or store Personal Data in the course of performing their duties to us.
- Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider, your Personal Data and other information may be transferred to a successor or affiliate as part of that transaction along with other assets.
- Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to meet national security or law enforcement requirements, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of Users of the Site, or the public, or (v) protect against legal liability.
If you have elected to receive marketing communications from us, we retain information about your marketing preferences until you opt out of receiving these communications and in accordance with our policies.
To determine the appropriate retention period for your Personal Data, we will consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we use your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances we may anonymize your Personal Data so that it can no longer be associated with you, in which case it is no longer Personal Data.
UPDATE YOUR INFORMATION
If you need to change or correct your Personal Data, or wish to have it deleted from our systems, you may contact us at email@example.com. We will address your request as required by applicable law. You may also update your Personal Data from your user settings.
CALIFORNIA PRIVACY DISCLOSURES
TATCHA does not knowingly collect Personal Data from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided Personal Data to TATCHA through the Site please Contact Us and we will endeavor to delete that information from our databases.
LINKS TO OTHER WEBSITES
Scope. This section applies if you are a User in the EU (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway and, to the extent applicable, Switzerland).
Data Controller. Tatcha, LLC is the data controller for the processing of your Personal Data. To find out our contact details, please see the "Contact Us" section below, which also provides the contact details of our representative in the EU for purposes of the General Data Protection Regulation.
Your Rights. Subject to applicable EU law, you have the following rights in relation to your Personal Data:
- Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
- Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
- Right to erasure: You may ask us to delete or remove your Personal Data, such as where you withdraw your consent. If we shared your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data with so you can contact them directly.
- Right to restrict processing: You may ask us to restrict or 'block' the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restriction on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
- Right to data portability: You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, and that is processed by automated means. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
- Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so:
- o If we are relying on a legitimate interest to process your Personal Data -- unless we demonstrate compelling legitimate grounds for the processing or o If we are processing your Personal Data for direct marketing.
- Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to withdraw consent.
- Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.
Please see the "Contact Us" section below for information on how to exercise your rights.
COOKIES AND OTHER TECHNOLOGIES
You use the Site at your own risk. We comply with industry standards to protect Personal Data both online and offline from loss, misuse, and unauthorized access, disclosure, alteration or destruction. For example, we use available technology and other techniques to implement systems like firewalls, and/or encryption to secure marketing data transfers. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from us in connection with our use of the Site, including purchases of Products, may not be secure. Therefore, you should take special care in deciding what information you send to us via the Site or e-mail. Please keep this in mind when disclosing any Personal Data to TATCHA via the internet. We cannot control the actions of other Users with whom you may choose to share information. Therefore, we cannot, and do not, guarantee that information or content posted by a User on or through the Site will not be viewed by unauthorized persons. We are not responsible for circumvention of any privacy settings or security measures contained on the Site or third party websites.