Privacy Policy

Welcome to the TATCHA, LLC ("TATCHA," "we," "us," or "our") website. TATCHA offers our users (collectively, "Users," "you," or "your") high-quality, holistic skincare products made with time-tested ingredients (the "Products") through our website at www.tatcha.com (the "Site").

This Privacy Policy explains what personal data we collect through the Site, how we use and share that data, and your choices concerning our data practices. This Privacy Policy forms part of our Terms of Use, which are available at: https://www.tatcha.com/terms-of-use.html.

By providing us with your personal data when using the Site, you agree to the practices described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not access or use the Site. Before you submit any personal data to TATCHA through the Site, please review this Privacy Policy carefully, and contact us at privacy@tatcha.com if you have any questions.

Information We Collect

When you interact with our Site, we collect information that alone or in combination with other information could be used to identify you ("Personal Data").

Personal Data You Provide Us:

Account Information: We collect information about you when you register for an account on the Site, such as your first and last name, email, password. If you sign-up with your Facebook account, we may receive information like your name, profile picture, and email address.

Orders. When you order Products on the Site, we request your name, email address, shipping and billing address, phone number. We also request your payment card details so our payment processor can process your order (we do not process or store your payment card data). Any payment information you provide will be processed and stored by our payment processor (please read the Sharing and Disclosure of Information section below for more information). We may also maintain a record of your Product purchases.

Other information that you provide. We may ask you to provide us with additional information such as your date of birth and skin type to provide you with product recommendations and special offers. We may also collect Personal Data from you when you communicate with us via email through the Site (for example if you submit customer service inquiries or engage with our "chat" feature); telephone (for example, if you speak with our customer support or beauty advisors); or fill out a registration form or request a catalog from us, post a review, subscribe to our newsletter, participate in a contest, sweepstakes, survey or other promotion. Any information submitted in connection with such activities will be treated in accordance with this Privacy Policy, except as specifically set forth in the rules for those contests, sweepstakes, surveys, or promotions.

Whether or not you provide Personal Data to us is completely up to you, but if you choose not to provide information that is needed to process your orders or to use some features of our Site, we may be unable to process your orders or you may be unable to use those features.

Information We Receive From Your Use of the Site:

When you visit, use and interact with the Site, we may receive certain information about your visit, use or interactions. For example, we may monitor the number of people that visit our Site, peak hours of visits, which page(s) are visited on our Site, the domains our visitors come from (e.g., google.com, yahoo.com, etc.), and which browsers people use to access and visit our Site (e.g., Firefox, Microsoft Internet Explorer, etc.), broad geographical information, and Site-navigation patterns. In particular, the following information is created and automatically logged in our systems:

  • Log data: Information ("log data") that your browser automatically sends whenever you visit the Site. Log data includes your Internet Protocol ("IP") address (so we understand which country you are connecting from when you visit the Site), browser type and settings, the date and time of your request, and how you interacted with the Site.
  • Information from cookies, pixel tags and other technologies. Please see the "Cookies and Other Technologies" section below to learn more about how we use cookies and other technologies.
  • Device information: Includes name of the device, operating system, and browser you are using. Information collected may depend on the type of device you use and its settings.
  • Usage information: We collect information about how you use our Site, such as the types of content that you view or engage with, the features you use, the actions you take, and the time, frequency and duration of your activities.

HOW WE USE INFORMATION

We use your Personal Data for the following purposes:

To process your orders, including processing your payments, dispatching products, tracking orders and providing you with related customer service, including communicating with you as necessary in connection with your orders. This processing is necessary to perform our contract with you.

As necessary for certain legitimate business interests, which include the following:

  • To respond to your inquiries, comments, feedback or questions;
  • To customize your browsing and shopping experience on the Site. For example, we use information on your use of Site features (including information that we obtain through cookies and other technologies), to better understand your needs and interests in order to personalize your experience by presenting Products and offers tailored to your interests. (Please read about how we use cookies and other technologies below);
  • To send administrative information to you, for example, information regarding the Site, and changes to our terms, conditions, and policies;
  • To analyze Site usage and provide, maintain and improve the content and functionality of the Site. For example, we regularly fix bugs or User experience issues that may be tied to particular User accounts. We use cookies and other technologies to analyze how Users interact with our Site. This analysis can help us improve the Site;
  • To conduct analytics to inform our marketing strategy and enable us to enhance and personalize the experience we offer to our users, including by creating User profiles to enable personalized direct marketing communications.
  • If you ask us to delete your data and we are required to fulfill your request, to keep basic data to identify you and prevent further unwanted processing;
  • To prevent fraud, criminal activity, or misuses of our Site, block prohibited reseller traffic, and to ensure the security of our IT systems, architecture and networks; and
  • To comply with legal obligations and legal process and to protect our rights, privacy, safety or property, and/or that of our affiliates, you or other third parties.

For information about what we mean by legitimate interests and the rights of individuals in the European Union ("EU"), please see the "EU Users" section below.

Marketing. We may contact you to tell you about services or Products we believe will be of interest to you. For instance, if you elect to provide your date of birth and your skin type through your account page, we may use that information to inform you about Products we believe would work well for you or send you special offers on or near your birthday. If we do, where required by law, for example if you are a User in the EU, we will only send you marketing information if you consent to us doing so at the time you provide us with your Personal Data. You may opt out of receiving such emails by following the instructions contained in each promotional email we send you or by updating your user settings. In addition, if at any time you do not wish to receive future marketing communications, please contact us at privacy@tatcha.com. If you unsubscribe from our marketing lists, we will continue to contact you via email regarding the provision of our Site and Products (i.e. to update you about your orders) and to respond to your requests.

CONTESTS, SURVEYS AND PROMOTIONS

From time to time, we may offer you the opportunity to participate in contests, giveaways and other promotions, and in surveys designed to help us improve the Site or our Products. Any Personal Data you voluntarily provide us in connection with such activities is subject to this Privacy Policy, to the extent applicable, and to any additional policies, terms and rules for those promotions and surveys provided at the time of data collection. Please ensure that you read relevant notices provided to you in the promotions and surveys web pages when we collect or process your personal data.

Targeted Advertisements. We may display targeted advertisements based on Personal Data. TATCHA does not provide Personal Data to the advertiser when a User interacts with or views a targeted advertisement. However, please be aware that by interacting with or viewing an advertisement the third party that served the ad may assume that you meet the targeting criteria used to display the advertisement. Please read the "Cookies and other Technologies" section below for information about advertising cookies and other technologies that we use on the Site, and your choices in relation to such use.

SHARING AND DISCLOSURE OF INFORMATION

In certain circumstances we may share your Personal Data with third parties without further notice to you, unless required by applicable law, as set forth below:

  • Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions: providers of hosting, cloud services and other information technology services providers; our payment processor PayPal, Inc.; order management services; e-commerce platforms; rating and reviews platforms; email communication and customer support services (including live chat); web analytics, marketing and digital advertising services (for more details on the third parties that place cookies through the Site, please see the "Cookies and Other Technologies" section below). Pursuant to our instructions, these parties will access, process or store Personal Data in the course of performing their duties to us.
  • Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider, your Personal Data and other information may be transferred to a successor or affiliate as part of that transaction along with other assets.
  • Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to meet national security or law enforcement requirements, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of Users of the Site, or the public, or (v) protect against legal liability.

DATA RETENTION

We will keep your Personal Data for as long as reasonably necessary for the purposes described in this Privacy Policy, while we have a legitimate business need to do so, or as required by law (e.g. for tax, legal, accounting or other purposes), whichever is the longer.

If you have elected to receive marketing communications from us, we retain information about your marketing preferences until you opt out of receiving these communications and in accordance with our policies.

To determine the appropriate retention period for your Personal Data, we will consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we use your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances we may anonymize your Personal Data so that it can no longer be associated with you, in which case it is no longer Personal Data.

UPDATE YOUR INFORMATION

If you need to change or correct your Personal Data, or wish to have it deleted from our systems, you may contact us at privacy@tatcha.com. We will address your request as required by applicable law. You may also update your Personal Data from your user settings.

CALIFORNIA PRIVACY DISCLOSURES

Do Not Track Signals: Our Site currently does not respond to "Do Not Track" ("DNT") signals and operate as described in this Privacy Policy whether or not a DNT signal is received. If we do respond to DNT signals in the future, we will update this Privacy Policy to describe how we do so.

CHILDREN

TATCHA does not knowingly collect Personal Data from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided Personal Data to TATCHA through the Site please Contact Us and we will endeavor to delete that information from our databases.

LINKS TO OTHER WEBSITES

The Site may contain links to other websites not operated or controlled by TATCHA ("Third Party Sites"), including social media services. The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact those sites directly for information on their privacy practices and policies.

EU USERS

Scope. This section applies if you are a User in the EU (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway and, to the extent applicable, Switzerland).

Data Controller. Tatcha, LLC is the data controller for the processing of your Personal Data. To find out our contact details, please see the "Contact Us" section below, which also provides the contact details of our representative in the EU for purposes of the General Data Protection Regulation.

Your Rights. Subject to applicable EU law, you have the following rights in relation to your Personal Data:

  • Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
  • Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
  • Right to erasure: You may ask us to delete or remove your Personal Data, such as where you withdraw your consent. If we shared your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data with so you can contact them directly.
  • Right to restrict processing: You may ask us to restrict or 'block' the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restriction on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
  • Right to data portability: You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, and that is processed by automated means. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
  • Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so:
  • o If we are relying on a legitimate interest to process your Personal Data -- unless we demonstrate compelling legitimate grounds for the processing or o If we are processing your Personal Data for direct marketing.
  • Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to withdraw consent.
  • Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.

Please see the "Contact Us" section below for information on how to exercise your rights.

Legitimate Interest. "Legitimate interests" means our interests in conducting our business, fulfilling the obligations under our contract with you and managing and delivering the best services to you. This Privacy Policy describes when we process your Personal Data for our legitimate interests, what these interests are and your rights. We will not use your Personal Data for activities where the impact on you overrides our interests, unless we have your consent or those activities are otherwise required or permitted by law.

COOKIES AND OTHER TECHNOLOGIES

We and our partners use cookies and other technologies to operate and administer our Site, make it easier for you to use the Site during future visits, gather usage data on our Site and for advertising purposes. For more information about the cookies and similar technologies used on our Site, please refer to our Cookie Policy.

SECURITY

You use the Site at your own risk. We comply with industry standards to protect Personal Data both online and offline from loss, misuse, and unauthorized access, disclosure, alteration or destruction. For example, we use available technology and other techniques to implement systems like firewalls, and/or encryption to secure marketing data transfers. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from us in connection with our use of the Site, including purchases of Products, may not be secure. Therefore, you should take special care in deciding what information you send to us via the Site or e-mail. Please keep this in mind when disclosing any Personal Data to TATCHA via the internet. We cannot control the actions of other Users with whom you may choose to share information. Therefore, we cannot, and do not, guarantee that information or content posted by a User on or through the Site will not be viewed by unauthorized persons. We are not responsible for circumvention of any privacy settings or security measures contained on the Site or third party websites.

CHANGES TO THE PRIVACY POLICY

The Site and our business may change from time to time. As a result we may change this Privacy Policy at any time and when we do we will post an updated version on this page, unless another type of notice is required by the applicable law. By continuing to use the Site or providing us with information after we have posted an updated Privacy Policy, or notified you if applicable, you consent to the revised Privacy Policy and practices described in it.

INTERNATIONAL USERS

TATCHA is based in the United States. If you are accessing the Site from the EU or other regions with laws governing data collection and use, please note that we may transfer your Personal Data to the United States for the purposes described in this Privacy Policy, and the data may be transmitted to our service providers supporting our business operations (described above). Some of our service providers (such as Google and Amazon Web Services) are certified to the Privacy Shield frameworks operated by the United States Department of Commerce for the transfer of Personal Data from the EU and Switzerland, as applicable, to the United States. The United States may have data protection laws less stringent than or otherwise different from the laws in effect in the country in which you are located. Where we transfer your Personal Data out of the EU we will take steps to ensure that your Personal Data receives an adequate level of security protection where it is processed and your rights continue to be protected. For more information, please contact us as described below.

CONTACT US

If you have any questions about our Privacy Policy or the information practices of the Site, please feel free to contact us at privacy@tatcha.com.