GDPR COMPLIANCE NOTICE

 

NOTICE TO RESIDENTS OF THE EUROPEAN UNION AND THE UNITED KINGDOM

This notice is intended to provide you with information about how Hello Bar LLC, a limited liability company organized under the laws of the state of California (the “Company”) collects, uses, and distributes information that we collect from you. Nothing in this notice should be construed as amending, modifying, replacing, or otherwise affecting the terms and conditions of any transactions between you and the Company, except that to the extent any such terms and conditions are inconsistent with the General Data Privacy Regulations of the European Union and the equivalent rules of the United Kingdom and any other applicable jurisdiction (altogether, the “GDPR”) those terms and conditions are VOID.

The Company collects certain information from and about you. This notice will explain what this information is, how it is used, what third parties receive it, and how you may instruct the Company not to collect, retain, or use certain parts of that information, and how to instruct us to delete this information from the Company’s own records. Please see below for: What Personal Information We Collect From You, What Non-Personal Information We Collect About You, a List of Third Parties Who Receive Information You Provide Us With Their Contact Information, and Instructions For Exercising Your Right To Instruct Us To Forget Your Information.

 

What Personal Information We Collect from You.

Any information that you enter into any text field on any webpage on the domain www.hellobar.com (the “Website”) will be collected by the Company for internal use except where noted otherwise in this notice.

Information that you enter into the Website at the point of account creation will be used to create a customer profile for you, except for your password. This will include any information that you provide when creating your account, including an email address and other contact information, your name, your username, and address information. The Company maintains records of its customer profiles to facilitate checkout, enable for quick or automatic logins by customers, for purposes of counting the number of its customer profiles, and so that the Website and the Company can remember this information for future orders and visits to the website. You may change this information through your account settings at any time.

If you delete your account, the company may retain certain of this information for future use, including for counting the number of customer accounts that have been deactivated, unless you instruct us otherwise.

 

Customer Relationship Management

The Company uses a customer relationship management tool called Intercom (www.intercom.com) (the “CRM”) so that its internal staff can rapidly communicate order information to other internal Company personnel, for example a salesperson forwarding your shipping address to a fulfillment specialist in order to complete your order. The CRM does not receive a copy of your customer profile except insofar as the CRM’s software is used by the Company to manage and rapidly access customer profiles.

The CRM is a third party for purposes of the GDPR.

 

Security Service

The password that you create for your account is not known to the Company or anyone else. Your password is not stored by the Company. Company only stores a securely salted and hashed password.

You may change your password or email address through your account settings at any time.

If you delete your account, your password will be lost. The Company cannot provide you with your password, though The Website provides the ability to reset your password should you forget it.

 

Merchant Services Provider

Your payment information is collected by the Website in an encrypted form and is passed on to the Company’s merchant services provider, Cybersource (www.cybersource.com) (the “Merchant Services Provider”), for purposes of securing payment between yourself and the Company. The Merchant Services Provider only receives information necessary to verify that any payments between yourself and the Company are authorized. The Merchant Services Provider will use encrypted tools to communicate with your bank, your credit card provider, PayPal, or whatever other account you use to pay for orders to the Company. Your credit card information or other payment information is not retained by the Company except as provided below. The Company does not maintain records of your credit card number or other payment information per se, except that if your billing address is the same as your shipping address and you instruct the Website to enter the same billing address as your payment address, the Website will use your stored shipping address as your billing address.

The Merchant Services Provider may receive requests from your bank, credit card provider, PayPal, or other payment provider in order to verify your transactions. The Merchant Services Provider may therefore periodically ask the Company to confirm certain of your order information, which the Company will provide if the Company believes that an order has been placed by you.

The Merchant Services Provider is a third party for purposes of the GDPR.

 

Cookies

The Company uses “cookies.” Cookies are small pieces of information which are communicated to your web browser so that the Website can remember that you are logged in and the selections and inputs you have made from one webpage to another within the Website. If you do not wish to receive cookies from the Website, please contact us at the information below and discontinue using the Website.

Cookies are provided by the Website.

 

What Non-Personal Information We Collect About You

The Company collects certain non-personal information about you. By “non-personal information,” we mean information about you that cannot be used, and is not stored, in a way that can identify you.

The Website will collect information about your location based on your IP address. An IP address is a non-static identifier that allows the Company to know, in general terms, where its users are located. An IP address is not the same as a physical address, and is not the same as either your shipping address or your billing address.

The Company uses your IP address for internal purposes such as knowing which countries provide certain percentages of its users. The Company does not distribute your IP address to any other person. The Company does not verify your IP address or connect it to your shipping or billing address for purposes of checkout. Your IP is not and cannot be used by the Company to identify you personally. The Web Host will also know your IP address for purposes of logging visits to the Website from your IP address and for preventing distributed denial-of-service attacks, which are disruptive attacks on websites caused by very large numbers (hundreds of thousands or more) of near-simultaneous visits to the Website.

The Company collects information such as the number of users visiting the website at any given time, the times during which visitors visit the Website, the length of time that users use the website, which pages they visit, which products they order, and what other actions they take while on the website. This information is collected by the Website and is provided in an anonymized form to the Company’s data analytics providers, which are Google Analytics (https://analytics.google.com), Intercom (www.intercom.com) and Amplitude (www.amplitude.com) (the “Data Analytics Providers”). This information is used by the Company to track the engagement, general geographic origin, and headcount of its users. This information is combined together to provide general demographic information on the Website’s users. This information is not and cannot be used to identify you specifically.

The Data Analytics Providers are third party for purposes of the GDPR.

 

List of Third Parties Who Receive Information You Provide Us With Their Contact Information

The Contact Information for the CRM is:

ATTN: Legal Department
 Intercom
 55 Second Street, Suite 400
 San Francisco, CA 94105

 

The Contact Information for the Merchant Services Provider is:

CyberSource Corporation
ATTN: Data Use and Privacy Office
P.O. Box 8999
San Francisco, CA 94128
 Fax: (650) 286-6547

Stripe
ATTN: Data Use and Privacy Office
354 Oyster Point Blvd
South San Francisco, CA 94080

PayPal – Braintree
ATTN: Data Use and Privacy Office
123 Townsend St #6
San Francisco, CA 94107

The Contact Information for the Web Host is:

Amazon.com, Inc.
 P.O. Box 81226
 Seattle, WA 98108-1226

 

The Contact Information for the Data Analytics Providers are:

ATTN: Legal Department
Google Inc.
1600 Amphitheatre Parkway
 Mountain View, CA 94043

ATTN: Legal Department
Amplitude
501 2nd Street, Suite 100
 San Francisco, CA 94107

ATTN: Legal Department
Mixpanel
One Front Street, 28th floor
San Francisco, CA 94111

 

Instructions For Exercising Your Right To Instruct Us To Forget Your Information

The GDPR provides a generalized “right to be forgotten,” meaning that you have the right to instruct us to delete any and all information that the Company, the Website, or any of the third parties collects about you. Please contact us by email at [email protected], or in writing at:

ATTN: Data Use and Privacy Officer
Hello Bar LLC
4275 Executive Square, Suite 200
La Jolla, CA 92037

In order to instruct us to forget any or all of the information that the Company, the Website, or any of the third parties collects about you.