Privacy Policy

Privacy Policy

Last updated and effective on October 26, 2021.  

This privacy policy (“Privacy Policy”) applies to activities by Hello Hazel, Inc. and its affiliates and subsidiaries (collectively “Hazel,” “Owner,” “we” or “us”). We take your privacy seriously. This Privacy Policy describes our policies and procedures about the collection, use, disclosure, and sharing of your personal information or personal data when you use the Hello Hazel services available at www.hellohazel.com, including without limitation the Hello Hazel Platform and related websites (the “Services”).  If you do not agree to this Privacy Policy or our Terms of Use, do not use any of the Services.

For purposes of European Union data protection law, Hello Hazel is the data Controller for your personal information collected through the Services. 

For purposes of this Privacy Policy, personal information or Personal Data means information relating to an identified or identifiable natural person.

This Application collects some Personal Data from its Users.

Owner and Data Controller 

Hello Hazel, Inc.

228 Park Ave South, Suite #47357, New York, NY, 10003

Owner contact email: hi@hellohazel.com

Categories of Personal Data we may collect 

The categories of Personal Data we may collect are: 

  • Personal Identifiers: Name, postal address, online identifier, Internet Protocol (IP) address, email address, account name, or other similar identifiers that a User may choose to submit;
  • Customer service information: Name, signature, address, telephone number, customer number; we also may collect the communications that we exchange with you through online forms, by email, over the phone or by mail, and summaries or voice recordings of your interactions with our customer service team;
  • Commercial information: Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
  • Device Information. We may collect and/or use third-party website analytics tools that collect information about visitor traffic on our websites and Services, including IP address, unique personal identifiers, device ID, device type, and browser and operating system type;
  • Internet or other electronic network activity information: Browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement;  
  • Location Information and Internet or other Network Activity Information: we use cookies, log files, local storage objects, and other tracking technologies to automatically collect information about your activities, such as your searches, page views, date and time of your visit, and other information about your use of the Services. We also collect information that your computer or mobile device provides to us in connection with your use of the Services such as your browser type, type of computer or mobile device, browser language, IP address, mobile carrier, unique device identifier, location, and requested and referring URLs. We also receive information when you view content on or otherwise interact with the Services, even if you have not created an account.  We may use internal and third-party analytics tools. The third-party analytics companies we work with may combine the information collected with other information they have independently collected from other websites and/or other online products and services. Their collection and use of information is subject to their own privacy policies.  For some of our Services, information from this category is also collected to support our advertising serving infrastructure;
  • Audio, electronic, visual, or similar information:  we collect and store the information and content that you create or post to Services, associated with your user account.
  • Professional or employment-related information: if you become a User through your employment on behalf of your employer. 

At the time you create an account and profile for the Services, we collect your name, your email address and other contact information.

We collect information directly from you, and automatically through the Services. If you choose not to disclose certain personal information, it may limit your access to certain services or features, including account registration.

Users are responsible for any third-party Personal Data obtained, published or shared through this Application and confirm that they have the third party's consent to provide the Personal Data to the Owner.

Purposes and Legal Bases for Our Using of Your Information

We do not sell your personal data – such as your name and contact information – to third parties to use for their own marketing purposes. We use the information we collect for our legitimate interests, which include the following:

Provide our Services. To provide you the Services, communicate with you about your use of the Services, respond to your inquiries, provide troubleshooting, operate and improve the Website;

target offers to consumers; administer the Website’s facilities for communications among and between users and the public in general; evaluate eligibility of customers for certain offers, products or services; evaluate the types of offers, products or services that may be of interest to customers; provide customer support; communicate with users regarding support, security, technical issues, commerce, marketing, and transactions; facilitate marketing, advertising, surveys, contests, sweepstakes and promotions; administer the Website, user accounts and transactions with respect to user accounts; and for other customer service purposes.

Analytics. To gather metrics to better understand how users access and use the Services; to evaluate and improve the Services, and to develop new products and services.

Comply with Law. To administer and carry out obligations under contracts and under the law, as part of our general business operations, and for other business administration purposes.

Prevent Misuse. Where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of our Terms of Service [ADD LINK TO TERMS OF SERVICE] or this Privacy Policy.

We will only use the Personal Information we collect from and about you for the purposes described in this Privacy Policy and when the law allows us to do so. We will generally use your Personal Information on the following lawful grounds:

  • Where the use of your personal information is necessary for the performance of a contract we are about to enter into or have entered into with you;
  • Where the use is necessary for the purposes of our legitimate interests (or those of a third party);
  • Where we need to comply with a legal or regulatory obligation; or
  • Where you have provided your consent, which can be withdrawn at any time.

Processing of Personal Data

Methods of processing

The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Application (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.

Location

The Personal Data is processed at the Owner's operating offices in the United States and in any other locations where the parties involved in the processing are located.

Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.

Users are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data.

If any such transfer takes place, Users can find out more by checking the relevant sections of this document or inquire with the Owner using the information provided in the contact section.

Access and Amend Your Information

You may update or correct your account information at any time by logging in to your account. You may also make a number of other adjustments to settings or the display of information about you as described in more detail in the following section about Your Choices.

How We Protect Your Information

We use reasonable security measures to protect the confidentiality of your personal information under our control and appropriately limit access to it. We implemented safeguards to prevent, and monitor for, security breaches. We use a variety of information security measures to protect your online transactions with us. If you have any questions regarding which measures and techniques we use, feel free to contact us. However, no data transmission over the Internet and no method of data storage can be guaranteed to be secure. We do not guarantee the security of any of your private transmissions against unauthorized or unlawful interception or access by third parties.  We urge User to take steps to keep your personal information safe, such as choosing a strong password and keeping it private, as well as logging out of your user account, and closing your web browser when finished using the Services on a shared or unsecured device

Data Retention 

Personal Data is processed and stored for as long as required by the purpose they have been collected for.  Therefore:

  • Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.
  • Personal Data collected for the purposes of the Owner’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by the Owner within the relevant sections of this document or by contacting the Owner.

The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.

Upon expiration of the retention period, Personal Data will be deleted. Therefore, the right to access, the right to deletion, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

Information Shared with Third Parties

We may share information as set forth and with the following categories of third parties set forth below:

  • Service Providers. We may share your information with third-party service providers who use this information to perform services for us, such as payment processors, advertisers, hosting providers, auditors, advisors, consultants, customer service and support providers.
  • Affiliates. The information collected about you may be accessed by or shared with subsidiaries and affiliates of Hello Hazel, whose use and disclosure of your personal information is subject to this Privacy Policy.
  • Business Partners. We may share your information with third-party business partners who use this information to perform services for Users, such as advertisement exchanges and other service providers.  Information provided to such business partners are subject to such business partners’ privacy policies.
  • If Legally Required. We may disclose your information if we are required to do so by law.
  • To Protect Rights. We may disclose information where we believe it necessary to respond to claims asserted against us or, comply with legal process (e.g., subpoenas or warrants), enforce or administer our agreements and terms, for fraud prevention, risk assessment, investigation, and protect the rights, property or safety of Hello Hazel, its users, or others.
  • For Metrics. We may share with our advertisers or publishers aggregate statistics, metrics and other reports about the performance of their ads or content in the Services such as the number of unique user views, demographics about the users who saw their ads or content, conversion rates, and date and time information. We do not share IP addresses or personal information, but certain features may allow you to share your personal information with advertisers on our platform, if you choose to do so. 
  • Anonymized and Aggregated Data. We may share aggregate or de-identified information with third parties for research, administrative, marketing, analytics and other purposes, provided such information does not identify a particular individual.

We also reserve the right to transfer Personal Information we have about you in the event we sell, merge or transfer all or a portion of our business or assets. Following such a sale, merger or transfer, you may contact the entity to which we transferred your Personal Information with any inquiries concerning the processing of that information.  We may also disclose information subject to confidentiality obligations consistent with this Privacy Policy as part of a capital raise of debt financing.

We also use non-personally identifiable information so that we can improve our products and services and for business, educational and administrative purposes. We may also use or share with third parties as listed above for any purpose anonymized data that contains no personally identifiable information.

Currently, we do not share your personal information with third parties for direct marketing purposes.   

Information Sharing Options

We offer you certain choices about the collection, use and sharing of your information. Withdrawing your consent to use your Personal Information may mean that you cannot take advantage of certain offerings or Services.

Cookies. Most browsers will tell you how to stop accepting new cookies, how to be notified when you receive a new cookie, and how to disable existing cookies. Please note, however, that without cookies you may not be able to take full advantage of all of our Services’ features. In addition, disabling cookies may cancel opt-outs that rely on cookies, such as web analytics or targeted advertising opt-outs. [ADD COOKIE BANNER OPT-IN IF WE USE COOKIES]

Data Analytics.  If you do not wish to have technology used to gather information about how you interact with our Services, please install the Google Analytics Opt-out Browser Add-on available here: https://tools.google.com/dlpage/gaoptout and employ it at the start of each session on our websites. A cookie will be set on your browser that instructs this technology not to start for that session. Please note that the next time you access our Services the analytics will be reactivated, so you will have to disable the technology each time. If you reject the cookies and web beacons we use, you may still use certain aspects of our Services, but you will not be maximizing the value of our Services.  Place of processing: United States.  See Google Analytics’ privacy policies.

 Hosting and backend infrastructure:  We use:

  • Shopify, a hosting and backend service provided by Shopify.com  Place of processing: United States.  See Shopify’s privacy policies: https://www.shopify.com/legal/privacy

Other Vendors and Business Partners.  Some of our Services require the services of the following third parties, and the collection, processing, use and retention of any personal information transferred by Hello Hazel or you to such third parties is subject to those parties’ privacy policies:  

Stripe.com (payment processing)

Rechargepayments.com (payment processing)

Cross-border Transfer of Information

We generally maintain servers and systems in the United States hosted by third party service providers. We also may subcontract the processing of your data to, or otherwise share your data with, other third parties in the United States or countries other than your country of residence. As a result, where the personal information that we collect through or in connection with our Services is transferred to and processed in the United States or anywhere else outside the European Economic Area (EEA) for the purposes described above, we will take steps to ensure that the information receives the same level of protection as if it remained within the EEA, including entering into data transfer agreements, using the EU Commission approved Standard Contractual Clause. You may have a right to details of the mechanisms under which your data is transferred outside the EEA.

Minors

The Services are not intended for use by anyone under the age of 13. If you are under 13, please do not attempt to create an account or send any information about yourself to us, including your name, address, telephone number, or email address. No one under the age of 13 may provide any personal information to us, and we do not knowingly collect personal information from anyone under the age of 13. If we learn that we have collected personal information from a child under age 13 without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under the age of 13, please contact us immediately.

Notice to Residents of the European Union

Under data privacy laws of the European Union, including without limitation the General Data Protection Regulation (“GDPR”), citizens and residents of the European Union have additional rights regarding their Personal Data. Please review this section to learn more.  

Legal basis of processing of Personal Data Protected by the GDPR

The Owner may process Personal Data relating to Users if one of the following applies:

  • Users have given their consent for one or more specific purposes. Note: Under some legislations the Owner may be allowed to process Personal Data until the User objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of Personal Data is subject to European Union personal data protection law;
  • as necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
  • as necessary for compliance with a legal obligation to which the Owner is subject;
  • if the processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner;
  • as necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.

In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

The rights of Users under the GDPR

Users may exercise certain rights regarding their Personal Data processed by the Owner.

In particular, Users have the right to do the following:

  • Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
  • Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
  • Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
  • Verify and seek rectification. Users have the right to verify the accuracy of their Personal Data and ask for it to be updated or corrected.
  • Restrict the processing of their Personal Data. Users have the right, under certain circumstances, to restrict the processing of their Personal Data. In this case, the Owner will not process their Data for any purpose other than storing it.
  • Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Personal Data from the Owner.
  • Receive their Personal Data and have it transferred to another Data Controller. Users have the right to receive their Personal Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Personal Data is processed by automated means and that the processing is based on the User's consent, on a contract which the User is part of or on pre-contractual obligations thereof.
  • Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

Details about the right to object to processing

Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.

Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document. 

How to exercise these rights

Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible.

Notice to California Customers - Your California Privacy Rights

Under California law, specific disclosures are required and California residents have additional rights regarding their personal information. Please review this section to learn more.  You can download a printable copy of this Privacy Policy here [ADD LINK]

The following details the Personal Information that we collect and have collected over the past twelve (12) months, if any, in the following categories:  Personal Identifiers, including full name and email address; information you submitted for purposes of the Services; Commercial Information; Device Information; Location Information and Internet or Other Network Activity Information, including Geolocation Data; and customer service information.

Under the California Consumer Protection Act of 2018 (“CCPA”), a California consumer has the following special rights:

  • right to request that the business disclose what personal information it collects, uses, discloses, and sells;
  • right to request the deletion of their personal information collected by the business; and 
  • the right, at any time, to direct a business that sells personal information about the consumer to third parties not to sell the consumer’s personal information (“right to opt-out”).

Over the past twelve (12) months, we have disclosed the following categories of Personal Information to service providers or other parties for business purposes: 

Based on our understanding of the term "sell" under the CCPA, we do not sell your Personal Information. 

For any of the above mentioned rights, you may designate an authorized agent to make a request on your behalf. In the request, you or your authorized agent must provide including information sufficient for us to confirm the identity of an authorized agent. We are required to verify that your agent has been properly authorized to request information on your behalf and this may take additional time to fulfill your request.

To exercise their rights and request copies of the data collected about them in the past 12 months, that their personal information collected by Hello Hazel be deleted or to exercise their right of opt out, California residents may make a request at hi@hellohazel.com.  Such request must include sufficient information to allow us to verify that you are the person about whom we have collected Personal Information, and describes your request in sufficient detail to allow us to understand, evaluate, and respond to it. Opt-Out Requests may be cancelled by making an Opt-In Request. 

We will work to respond to your valid request within 45 days of receipt. We will not charge you a fee for making a valid request unless your valid request(s) is excessive, repetitive, or manifestly unfounded. If we determine that your valid request warrants a fee, we will notify you of the fee and explain that decision before completing your request

We will use the information you provide to make your CCPA rights requests to verify your identity, identify the personal information we may hold about you and act upon your request. We strongly recommend that you submit the email that you used when you registered with the Services. After you submit a CCPA rights requests using one of our forms, you will be required to verify access to the email address you submitted. You will receive an email with a follow-up link to complete your email verification process. You are required to verify your email in order for us to proceed with your CCPA rights requests. Please check your spam or junk folder in case you can't see the verification email in your inbox. If you are a California resident and have any questions regarding your CCPA rights under this Privacy Notice, please contact us at hi@hellohazel.com 

Right to be free from discrimination. 

You may exercise any of the above rights without fear of being discriminated against. We are permitted to provide a different price or rate to you if the difference is directly related to the value provided to you by your data.

 

California Online Privacy Protection Act

CalOPPA requires a person or company in the United States that operates websites collecting personally identifiable information from individual consumers residing in California to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy. See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf

California Customers may request further information about our compliance with California’s privacy law, and may request to review and request changes to their personal information collected and stored by Hello Hazel e-mailing hi@hellohazel.com  or contacting us as stated below.  

Contact Information:

For questions or concerns about the business’s privacy policies and practices using a method reflecting the manner in which the business primarily interacts with the consumer or to exercise your right of Opt-Out, you may contact Hello Hazel at hi@hellohazel.com

Shine The Light Law

California’s "Shine the Light" law, Civil Code section 1798.83, requires certain businesses to respond to requests from California customers asking about the business' practices related to disclosing personal information to third parties for the third parties’ direct marketing purposes. If you wish to opt-out of our sharing of your information with third parties for the third parties’ direct marketing purposes or to find out more about your opt-out rights, please contact us at:

228 Park Ave South, Suite #47357, New York, NY, 10003

Or by email hi@hellohazel.com 

Marketing Partnerships

We partner with Rakuten Advertising, who may collect personal information when you interact with our site. The collection and use of this information is subject to the privacy policy located here. You can opt out of it here.

California Do Not Track Disclosure

Do Not Track is a privacy preference that users can set in their web browsers.  When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user.  At this time, we do not respond to Do Not Track browser settings or signals.  

 For information about Do Not Track, please visit: www.allaboutdnt.org

Additional information about Data collection and processing

Legal action

The User's Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of this Application or the related Services.
The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.

Additional information about User's Personal Data

In addition to the information contained in this privacy policy, this Application may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data upon request.

System logs and maintenance

For operation and maintenance purposes, this Application and any third-party services may collect files that record interaction with this Application (System logs) use other Personal Data (such as the IP Address) for this purpose.

Information not contained in this policy

More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document.

Changes to this privacy policy

We may need to update our Privacy Policy as technology changes, the Services evolve and legislation changes. If we make significant changes to the Privacy Policy, we'll post a prominent message on our Services.  We encourage you to periodically review this page for the latest information on our privacy practices. You can always check the “last updated” date at the top of this document to see when the Privacy Policy was last changed. 

Your continued use of our Services following the effective date of an updated Privacy Policy constitutes your consent to the contents of such policy. However, we will not apply any material changes retroactively to any information we collected from you before such changes took effect, without your affirmative consent to do so. IF YOU DO NOT AGREE TO FUTURE CHANGES TO THIS PRIVACY POLICY, YOU MUST STOP USING THE SERVICE AFTER THE EFFECTIVE DATE OF SUCH CHANGES. Please note that upon your departure from our services, any Privacy Policy in effect immediately prior to your departure shall continue to be binding on you and applicable to the data collected from you prior to such departure.  Should the changes affect processing activities performed on the basis of the User’s consent, the Owner shall collect new consent from the User, where required by applicable law.

This Privacy Policy was last updated as of the date indicated above before the first paragraph of this Privacy Policy.