LUSH PLANT, our directors, officers, partners, employees and affiliates (“Lush”), put great efforts into making sure that we secure your personally identifiable information and use it properly.
This policy explains our privacy practices for processing your personally identifiable information on Lush website, online store, application and through other registration or contact channels (“Service“).
The summary of this policy will give you a quick and clear view of our practices. Please take the time to read our full policy.
A Summary of The Policy
The Personally Identifiable Information That You Provide Us – We receive and store information you fill-in on our website or give us in any other way. If you create an account, we may need your contact and payment details. We may receive additional personally identifiable information that you provide when you contact us.
The Personally Identifiable Information That We Collect – We collect, including by using third parties’ web analytics services, usage information about the time, type and manner of use of the Service.
What Do We Do with Personally Identifiable Information? – We provide and maintain the Service, make it better, continue developing it and protect our customers, the Service and ourselves from misuse and law violations.
Sharing Information with Others – We use service providers, for example, to process payments, provide support and send email messages. Those service providers are bound by strict privacy policies of their own. We will transfer information when we change our corporate structure, and we may share the information with our affiliated entities to help enhance your user experience.
Disclosure of Information to Authorities – We will follow lawful requirements by authorities to disclose information.
Aggregated and Analytical Information – Aggregated data is not identifiable. We use it for legitimate business purposes that include enhancing our platform and the user experience.
Your Choice – You may opt-out of our mailing lists and terminate your use of the Service. Our Service does not respond to Do Not Track (DNT) signals.
Your EU Data Subject Rights – If we process your personal data when you are in the EU, further terms apply to our processing in relation to your rights as a data subject under EU data protection laws.
Children’s Privacy – We do not intend to collect personally identifiable information about under aged individuals. If you believe that we have collected information about a person who is a child or is under the minimum age allowed to use our Service, under laws applicable to that person’s jurisdiction, please contact us.
Data retention – We retain data to provide the service and for legitimate and lawful purposes, as further explained in the data retention section.
Transfer of Data Outside your Territory – We use cloud-based services to store and process data in various territories and will store them at additional site, at our discretion. These service providers, provide adequate security and confidentiality commitments as per the standards of their industry.
Information Security – We implement systems, applications and procedures to secure your personally identifiable information, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information.
Dispute Resolution – Contact us at: email@example.com or write us with requests or concerns. We will make good-faith efforts to resolve any existing or potential issues in a timely manner.
Contact Us – You may contact us at firstname.lastname@example.org for further information. Read more.
The Personally Identifiable Information That You Provide
We receive and store any information you enter on our website, mobile application,
or that you give us in any other way. You provide your information while registering to the Service or creating an account. If you register with the Service through our website at: https://www.lushplant.com/.ca/.us, or preform an online purchase on our online store, then as part of such registration or transaction, we will ask you to provide personally identifiable information, that may include your name, your email address, postal address, phone number, origin country and your payment details. When you contact us, or when we contact you, we will receive and process any personally identifiable information that you provide us.
The Personally Identifiable Information That We Collect
Like many websites, we use “cookies”, action tags and similar technologies. Lush will collect, including by using third parties’ web analytic services, usage information about the time, type and manner of use of the Service.
This information includes for example, information regarding the Internet Protocol (IP) address and Geo-IP parameters, non-personal usage statistics (e.g. time of usages, number of clicks on each link, etc.), crash reports, your browsing history and web activities and other information regarding the use of the Service.
What Do We Do with Personally Identifiable Information?
We collect and receive personally identifiable information to provide the Service, to enable the Service’s tools and features, to enhance users’ experience with the Service, to analyze the functionality of the Service and users’ activities, to provide support, to maintain the Service and to continue making it better.
We reserve the right use your email address to contact you when necessary, to send you reminders and to provide you information and notices about the Service. We will include commercial and marketing information about our products and services.
We obey the law and expect you to do the same.
If necessary, we will use your personally identifiable information to enforce our terms, policies and legal agreements, to comply with court orders and warrants and assist law enforcement agencies as required by law, to collect debts, to prevent fraud, infringements, identity thefts and any other Service misuse, and to take any action in any legal dispute and proceeding.
Sharing Personally Identifiable Information with Others
We do not sell, rent or lease your personally identifiable information.
We will share your personally identifiable information with our service providers and other third parties, if necessary to fulfill the purposes for collecting the information. Any such third party will commit to protect your personally identifiable information as required under applicable law and this policy.
For example, we will share your payment details with the payment services providers, to process and verify your payments. Your credit card details are NOT stored by Lush BUT may be stored by the payment processor as per their service requirements. We will use a service provider to manage our email/in-app/sms message transmissions.
We will also share your personally identifiable information with our affiliates. These, mean companies within the Lush group and include subsidiaries, sister-companies and parent companies, with the express provision that their use of your personally identifiable information will comply with this policy.
Additionally, a merger, acquisition or any other structural change will require us to transfer your personally identifiable information to another entity, as part of the structural change, provided that the receiving entity will comply with this policy.
Disclosure of Information to Authorities
We will need to disclose personally identifiable information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Aggregated and Analytical Information
We use standard analytics tools. The privacy practices of these tools are subject to their own privacy policies and they use their own cookies to provide their service (for further information about cookies, please see the ‘Cookies and other tracking technologies’ section in this policy).
You can also read how Google uses data when you use Google partners’ sites or apps at: www.google.com/policies/privacy/partners/We, use anonymous, statistical or aggregated information and will share it with our partners for legitimate business purposes. It has no effect on your privacy, because there is no reasonable way to extract data from such information that we or others can associate specifically to you.
We will share your personally identifiable information only subject to the terms of this policy, or subject to your prior consent.
At any time, you can unsubscribe from our mailing lists or newsletters, by selecting the option in the correspondence OR by sending us an opt-out request to: .email@example.com
At any time, you can stop using Lush’s website, and mobile application. Termination of your account with Lush is subject to the Lush’s Terms of Service.
At any time, you can exercise your following opt-out options:
- object to the disclosure of your personally identifiable information to a third party, other than to third parties who act as our agents to perform tasks on our behalf and under our instructions, or;
- object to the use of your personally identifiable information for a purpose that is materially different from the purposes for which we originally collected such information, pursuant to this policy, or you subsequently authorized such use. You can exercise your choice by contacting us at: firstname.lastname@example.org
- to request and collect personally identifiable information that we need for the purposes that we describe in this policy.
Following an online transaction, or termination of your account, we will stop collecting any personally identifiable information from, or about you. However, we will store and continue using or making available your personally identifiable information according to our data retention section in this policy.
Please note opting-out may effect your ability to receive our Service(s).
Web browsers offer a “Do Not Track” (“DNT”) signal. A DNT signal is a HTTP header field indicating your preference for tracking your activities on a service or through cross-site user tracking. Our Service does not respond to DNT signals.
Accessing Your Personally Identifiable Information
If you find that the information on your account is not accurate, complete or up-to-date, please provide us the necessary information to correct it.
At any time, you can contact us at: email@example.com and request to access the personally identifiable information that we keep about you. We will ask you to provide us certain credentials to make sure that you are who you claim to be and will make good-faith efforts to locate your personally identifiable information that you request to access.
To the extent that you are entitled to a right of access under the applicable law, you can obtain confirmation from us of whether we are processing personally identifiable information about you, receive a copy of that data, so that you could:
- Verify its accuracy and the lawfulness of its processing;
- Request the correction, amendment or deletion of your personally identifiable information if it is inaccurate or if you believe that the processing of your personally identifiable information is in violation of applicable law.
We will use judgement and due care to redact from the data which we will make available to you, personally identifiable information related to others.
Your EU Data Subject Rights
If EU data protection laws apply to the processing of your personal data by Lush, then the following terms apply:
We process your personal data for the following lawful grounds:
- All processing of your personal data which are not based on the lawful grounds indicated below, are based on your consent.
- We process your account and payment details to perform the contract with you.
- We will process your personal data to comply with a legal obligation and to protect your and others’ vital interests.
- We will further rely on our legitimate interests, which we have good-faith belief that they are not overridden by your fundamental rights and freedoms, for the following purposes:
- Communications with you, including direct marketing where you are our client, or a user of our client, or where you contact us through our website and other digital assets.
- Cyber security.
- Support, customer relations, service operations.
- Enhancements and improvements to yours and other users’ experience with our services.
- Fraud detection and misuse of the Service.
In addition to your rights under other sections in this policy, you have the following rights:
- AT ANY TIME, CONTACT US IF YOU WANT TO WITHDRAW YOUR CONSENT TO THE PROCESSING OF YOUR PERSONAL DATA. EXERCISING THIS RIGHT WILL NOT AFFECT THE LAWFULNESS OF PROCESSING BASED ON CONSENT BEFORE ITS WITHDRAWAL.
- Request to delete or restrict access to your personal data. We will review your request and use our judgment, pursuant to the provisions of the applicable law, to reach a decision about your request.
- You may ask to transfer your personal data in accordance with your right to data portability.
- You may object to the processing of your personal data for direct marketing purposes. Additional information about this right is available under the Choice section in this policy.
- You have a right to lodge a complaint with a data protection supervisory authority of your habitual residence, place of work or of an alleged infringement of the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
A summary and further details about your rights under EU data protection laws, is available on the EU Commission’s website at: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en.
Note that when you send us a request to exercise your rights, we will need to reasonably authenticate your identity and location. We will ask you to provide us credentials to make sure that you are who you claim to be and will ask you further questions to understand the nature and scope of your request.
If we need to delete your personal data following your request, it will take some time until we completely delete residual copies of your personal data from our active servers and from our backup systems.
If you have any concerns about the way we process your personal data, you are welcome to contact our privacy team at: firstname.lastname@example.org . We will investigate your inquiry and make good-faith efforts to respond promptly.
Lush’s Service is not structured to attract or be directed to an individual who is a child or is under the minimum age allowed to use our Service, under laws applicable to that person’s jurisdiction, and we do not intentionally, or knowingly collect personally identifiable information of such users.
If you are a child or under the minimum age allowed to use Lush’s Service under the laws applicable in your jurisdiction, you are not allowed to use Lush’s website, application, or any related service.
If we learn that we have collected personally identifiable information of said individuals, we will delete that information as quickly as possible. If you believe that we have any such information, please don’t hesitate to contact us at: email@example.com
We retain different types of personally identifiable information for different periods, depending on the purposes for processing the information, our legitimate business purposes as well as pursuant to legal requirements under the applicable law.
For example, we will need to keep the information about the payment transactions that you made for several years due to tax related requirements, for accounts settling, record keeping, archiving and legal issues.
We will maintain your contact details, to help us stay in contact with you. At any time, you can contact our privacy team at: firstname.lastname@example.org and request to delete your contact details. Note that we may keep your details without using them unless necessary, and for the necessary period, for legal matters.
We will keep aggregated non-identifiable information without limitation, and to the extent reasonable we will delete or de-identify potentially identifiable information, when we no longer need to process the information.
In any case, as long as you use the Service, we will keep information about you, unless the law requires us to delete it, or if we decide to remove it at our discretion, according to the terms of this policy.
Transfer of Data Outside Your Territory
The Service is a web-based service. We store and process information in the EU. From time to time, we will make operational decisions which will have an impact on the sites in which we maintain personally identifiable information.
We make sure that our data hosting service providers, provide us with adequate confidentiality and security commitments.
If you are a resident in a jurisdiction where transfer of your personally identifiable information to another jurisdiction requires your consent, then you provide us your express and unambiguous consent to such transfer. You can contact our privacy team at: email@example.com for further information about data transfer.
Cookies and Other Tracking Technologies
We may use tracking technologies, including cookies, local storage, and pixel tags.
Cookies are small files that a web server sends to a user’s device, when the user browses online.
Your device removes session cookies when you close your browser session. Persistent cookies last for longer periods. You can view the expiry date of each cookie, through your browser settings.
We use both types. We use persistent cookies to remember your log-in details and make it easier for you to log-in the next time you access the Service. We use this type of cookies and Session Cookies for additional purposes, to facilitate the use of the Service’s features and tools and to improve the user’s experience with our Service.
Every browser allows you to manage your cookies preferences. You can block or remove certain cookies, or all of them through your browser settings. Blocking or removing cookies will influence your user experience with our Service. For example, disabling or blocking our cookies will require you to re-enter your log-in details, or even prevent you from using features of the Service.
Pixel tags are tiny graphics with a unique identifier (but do not retain any personally identifiable information), which help us count user or visitor visits/clicks to web pages while using the Service. There are many browser add-ons available online, which offer online trackers blocking.
We also use browser local storage to store data on your device. Similar to cookies, browser local storage helps us store and retrieve data from HTML pages. It allows us, for example, to save the state of the Website pages that you have visited. When you come back and visit the Website, or refresh the browser, the page will remain the same.
Unlike cookies, local storage objects (LSOs) are kept on your browser only and are not automatically transmitted to remote servers. You can disable storing LSOs through your browser’s settings. For example, if you use Chrome, go to Settings->Privacy->Content Settings and check the box next to: “Block sites from setting any data.” Please note that disabling LSOs may affect your user Website experience.
You can find more information about cookies and other online tracking technologies through the US Federal Trade Commission and the EU Commission websites at:https://www.consumer.ftc.gov/articles/0042-online-tracking, or http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm
if you wish to learn more about the types of cookies that we and our service providers use, and the ways these cookies are used, please contact us at: firstname.lastname@example.org
We and our hosting services implement systems, applications and procedures to secure your personally identifiable information, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information.
These measures provide sound industry standard security. However, although we make efforts to protect your privacy, we cannot guarantee that the Service will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.
We do periodical assessments of our data processing and privacy practices, to make sure that we comply with this policy, to update the policy when we believe that we need to, and to verify that we display the policy properly and in an accessible manner.
If you have any concerns about the way we process your personally identifiable information, you are welcome to contact our privacy team at: email@example.com or write to us at: LushPlant – 10-8707 Dufferin St. Suite 411, Vaughan, Ontario, Canada, L4J0A6
We will look into your query and make good-faith efforts to resolve any existing or potential dispute with you.
Until the new policy takes effect, if it materially reduces the protection of your privacy right under the then-existing policy you can choose not to accept it and terminate your use of the Service.
Continuing to use the Service after the new policy takes effect means that you agree to the new policy. Note that if we need to adapt the policy to legal requirements, the new policy will become effective immediately or as required by law.
Incorporation to the Terms of Service
This policy is an integral part of the Lush’s Terms of Service.
Please contact our Privacy Team at: firstname.lastname@example.org for more information.