Skip to content
Complimentary Shipping on all U.S. Domestic Orders
Complimentary Shipping on all U.S. Domestic Orders

Privacy Shield

When it transfers personal data from the EU or Switzerland to the United States, TATCHA complies with the EU-U.S. and Swiss-U.S. Privacy Shield frameworks (“Frameworks”) as set forth by the U.S. Department of Commerce regarding the transfer of personal data from the EU and Switzerland to the U.S. (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway). TATCHA has certified that it adheres to the Privacy Shield Principles (described below). If there is any conflict between the policies in TATCHA’s Privacy Notice and the EU or Swiss Privacy Shield Principles for these personal data transfers, the Privacy Shield Principles shall govern. To learn more about the Frameworks and to view our certification page, please visit https://www.privacyshield.gov/.

General. We rely on our Privacy Shield certifications to transfer personal data that we receive from the EU and Switzerland to TATCHA in the U.S. and we process such Personal Data in accordance with the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability (“Privacy Shield Principles”), as described below.

Notice And Choice. This Privacy Policy provides notice of the personal data collected and transferred under the Privacy Shield and the choice that you have with respect to such personal data. It also provides information about other Privacy Shield Principles that are set forth below.

Accountability for Onward Transfers. We may be accountable for the personal data that we transfer to third-party service providers (as described in the “Sharing and Disclosure of Information” section above). If such service providers process personal data in a manner inconsistent with the Privacy Shield Principles, we are responsible for the harm caused.

Security. We maintain security measures to protect personal data as described in the “Security” section of this Privacy Notice.

Data Integrity and Purpose Limitation. We take reasonable steps to ensure that personal data is reliable for its intended use, and that it is accurate, complete and current for as long as we retain it. Our data retention practices are described in the Data Retention section of this Privacy Notice.

Access. EU Users have certain rights to access, correct, amend, or delete personal data where it is inaccurate, or has been processed in violation of the Privacy Shield Principles.

Recourse, Enforcement, Liability. In compliance with the Privacy Shield Principles, TATCHA commits to resolve complaints about our processing of your personal data. European Union and Swiss Users with inquiries or complaints regarding this Privacy Notice should first contact TATCHA as follows:

TATCHA, Attention: Legal, 1517 North Point St., #533, San Francisco, CA 94123

Email: privacy@tatcha.com

We have further committed to refer unresolved Privacy Shield complaints to an alternative dispute resolution provider. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider JAMS (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield. TATCHA will cooperate with JAMS pursuant to the JAMS International Mediation Rules, available on the JAMS website at www.jamsadr.com/international-mediation-rules.

If your complaint is not resolved through these channels, under certain conditions a binding arbitration[RS2] option may be available before a Privacy Shield Panel. For additional information, please visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

We are subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to personal data received or transferred pursuant to the Frameworks.