Privacy Policy
Last updated: MARCH 31, 2023
Para español haz clic aquí.
Thank you for choosing to be part of our community. Your privacy is important to us. This privacy policy (“Privacy Policy”) describes how Kroma Wellness, PBC, together with our affiliates and subsidiaries (collectively, “Kroma Wellness,” “Kroma” “we,” “us,” or “our”), collect, use, disclose, and process your information. It also explains the rights and choices available to you with respect to your information.
This Privacy Policy applies to information we collect and process when you interact with us and our products and services, such as when you access or use our websites, mobile applications, and other Kroma Wellness online services that link to this Privacy Policy (each a “Service” and collectively, the “Services”); contact our customer support; engage with our social media features and pages; or otherwise interact with us.
We hope you take some time to read this Privacy Policy carefully. You can click on the links below to go directly to the corresponding section of this Privacy Policy.
CONTENTS
- INFORMATION WE COLLECT
- HOW WE USE INFORMATION
- HOW WE SHARE INFORMATION
- ANALYTICS AND ADVERTISING SERVICES PROVIDED BY OTHERS
- YOUR CHOICES
- HOW WE PROTECT INFORMATION
- DATA TRANSFERS
- CHILDREN’S PRIVACY
- THIRD-PARTY LINKS
- INFORMATION FOR CALIFORNIA RESIDENTS
- INFORMATION FOR NEVADA RESIDENTS
- CHANGES TO THIS PRIVACY POLICY
- CONTACT DETAILS
- ACCESSIBILITY
1. INFORMATION WE COLLECT
We collect different types of information depending on the context of your interactions with us and our Services. Some of the information we collect includes personal information. We use the term “personal information” generally in this Privacy Policy to refer to information that can be used to identify you, either alone or in combination with other information.
1. Information you provide directly to us
- Account and Profile Data. We collect any information or content you provide to us when you sign up for an account or create a user profile, which may include your name, date of birth, contact information (e.g., email and phone number), password, billing and shipping address, payment information (e.g., credit card or debit card). You may choose to provide additional information about yourself to create a profile, which may include profile pictures or avatars, gender, other interactions, logins and purchases, your account anniversary date, and other information you may provide related to your experience with our products and services.
- After you create your user profile, anytime you log in to make purchases, we will collect additional information and add it to your profile.
- Communications Data. We collect information when you communicate with us (e.g., by email, SMS text message or chat sessions) or others on our Services, such as when you request additional information about products or services, interact with our customer support or with us on social media, or sign up to receive our e-mail newsletters, notification, or marketing messages. We also collect information when you interact with us on social media, such as by interacting with our social media accounts, liking or following our social media posts, tagging us and/or our products on social media or permitting us to follow your social media profile. Examples of such information include your contact information (e.g., email address, phone number, or mailing address), the date and time of your communications, online identifiers, social media profile, and the content of your communications.
- Customer Relationship Data. We collect information relating to our customer relationships, which may include customer name, contact details (e.g., email and phone number), and information contained in communications between us and our customers or their employees.
- Demographic Data. We may collect specific or general demographic data when you fill out forms or surveys on our Services. Examples of such information include age, gender, zip code, state, and country.
- Transaction Data. We collect information relating to transactions, including purchases of products and services, that you enter into with us and/or through our Services. Examples of such information include the type of products or services requested or purchased, date of purchase, order details, amount charged, delivery information, payment method and payment information (e.g., debit or credit card number), billing and shipping address, and information about any products or services you returned or exchanged with us.
- Sensitive Data. We do not proactively collect sensitive data; however, potentially sensitive data is occasionally shared with us by customer via online reviews, social media interactions, email and other methods.
2. Information provided by third parties
• Third-party sign in. If you access our Services through a third-party application, such as the Apple App Store (together with any similar applications, “App Stores”) or a social media or other third-party account, such as Facebook, Instagram, TikTok or Google, we may collect information about you from that third-party application that you have made public via your privacy settings. Depending on your privacy settings on the third-party account, information we collect through App Stores or third-party accounts may include your email address, name, username, user identification number, location, gender, birth date, profile picture and your social media network contacts. If you choose to access our Services using a third-party account, you authorize us to collect your information from that third-party service and process it in accordance with this Privacy Policy. Please note that we do not control the third party’s information practices, so please review the third party’s privacy statement and your settings on the third party’s site carefully.
3. Information collected through tracking technology
We collect certain information automatically when you access and use our Services. The types of information we collect may include:
- Audio and Visual Data. We may capture your visual image, likeness and voice recording (e.g., via photographs and/or video) if you interact with our you upload such data to your user profile.
- Device and Network Data. We collect certain information about the device you use to access our Services. Examples of such information include your device’s hardware model, browser type, Internet protocol (IP) address, operating system version, unique device identifiers and advertising identifiers.
- Location Data. Based on your interaction with the Services, the type of device you use to access the Services, and your device’s connectivity, we may collect location-based information including your IP address, city, county, zip code and region. We may use this type of information to enhance your user experience and to better understand your interaction with our products and services. Unless you provide us with your consent to do otherwise, this information will only be used by us and our third-party service providers to provide you with the Services you request or in an aggregated and anonymized format that does not identify you. If you no longer wish to have this location information collected and used by us, you may opt-out by disabling the location and Bluetooth features in the operating system of your device.
- Usage Data. We collect information about your activity on our Services via log files, cookies, web beacons, and other similar tracking technologies. Examples of such information include your access times, page view count and pages viewed, the routes by which you access our Services, website and app crashes, your use of any hyperlinks available within our Services, and identifiers associated with browser cookies, web beacons, pixels and similar technologies we deploy on our Services. We may use third-party service providers, such as Google Analytics, to collect this usage data. Learn more about how Google collects and uses data here. To opt out of Google Analytics please use this link.
We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.
For more information about our and our third-party partners' use of cookies and similar tracking technologies to collect information automatically, and any choices you may have in relation to its collection, please read our Cookie Policy.
4. Other types of information
• Inferences and Derived Data. We may derive information or draw inferences about you based on the other types of personal information we collect. For example, we may infer your location based on your IP address, or your prospective purchasing habits based on your browsing behavior on our Services.
2. HOW WE USE INFORMATION
We use personal information for a variety of purposes as described in more detail below.
1. To Provide and Maintain our Products and Services. We use the information we collect to operate and maintain our Services and to provide our products and the features and functionality of our Services. These activities may include, among other things, using information to:
- administer your account and provide you access to the Services and features you request;
- debug, identify and repair errors that impair existing intended functionality of our Services
- complete transactions you request, including to process payments and to fulfill and manage your orders, returns, and exchanges;
- contact you about your account, transactions, and/or use of the Services (e.g., account management, customer service, delivery updates, product updates and warranty information, policy changes, security updates, or system maintenance);
- enforce our terms, conditions, policies and other agreements;
- respond to or follow up on your questions, comments, reviews, and other requests, including to provide customer service; and
- verify individual identity.
2. To Improve, Personalize, and Develop Our Products and Services. We use the information we collect to improve and personalize our Services, product offerings, marketing and promotional efforts, and to develop new ones. These activities may include, among other things, using information to:
- enable and enhance your use of our Services, including to identify your product and services preferences, provide personalized information, and assist with your usage trends; and
- perform research and development activities, which may include, for example, conducting data analysis in order to develop new or improve existing products and services, and performing quality control activities.
We use cookies and similar tracking technologies for the purposes described above. For more information, please read our Cookie Policy.
3. To Provide Customer Support. When you contact us for customer support or any other reason (e.g., to help you complete the account registration process, diagnose or fix technology problems, respond to a dispute, etc.), we may use or request information, including Sensitive Information, as necessary to answer your questions, resolve disputes, and/or investigate and troubleshoot problems or complaints.
4. To Conduct Feedback Surveys and Obtain Testimonials. From time to time we (or third parties acting on our behalf) may contact you to participate in feedback surveys or to provide reviews and testimonials. We use such information to improve our products, our Services, and in any manner consistent with this Privacy Policy. If you decide to participate, you may be asked to provide certain information, which may include personal information. You are in control of the information you would like to share with us. Prior to posting a testimonial, we will obtain your permission to use your name and testimonial. If you wish to update, or delete your testimonial, please contact us at help@kromawellness.com in the United States and Canada and be sure to include your name, testimonial location, and contact information.
5. To Send You Marketing and Promotional Communications. By creating a Kroma Wellness account, you are agreeing that we may send you product and promotional emails or notifications about our Services, and offers on new products, services, promotions or contests. You may also opt-in to receiving similar notifications on the Services. We may provide you with these materials by phone, postal mail, text or email, as permitted by applicable law. Such uses include:
- To develop and display content and advertising (and work with third parties who do so) tailored to your interests and/or location; and
- To notify you about offers, products and services that may be of interest to you or about which you have previously expressed an interest.
You can opt-out of receiving our marketing communications at any time as further described in the “YOUR CHOICES” section.
6. To Comply with Legal or Regulatory Obligations or In Connection with a Legal Process. This may include using information as we believe to be necessary or appropriate to: (i) comply with judicial proceedings, court orders or legal processes or to respond to proper governmental request or investigation; (ii) detect, prevent, or otherwise address fraud, security or technical issues; (iii) protect against malicious, deceptive, fraudulent, or illegal activity, including attempts to manipulate or violate our policies, procedures, and terms and conditions; and (iv) to protect yours, ours or others’ rights, property or safety;
7. With Your Consent. We may process your information for a purpose not otherwise described in this Privacy Policy in accordance with your consent or instructions.
In addition to the specific situations discussed elsewhere in this Privacy Policy, we share information in the following situations:
- Affiliates and Subsidiaries. We may share some or all of your information with our group of companies that are under common ownership or control (this means our affiliates, subsidiaries, holding company, or any other subsidiaries owned by our holding company) for the purposes, and on the legal bases, set out in this Privacy Policy.
- Business Transactions. We may share or transfer your information in connection with, or during negotiations of a business transaction, such as a merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
- Professional Advisors. We share information with our legal, financial, insurance, and other professional advisers in connection with the management of all or part of our business or operations. Examples include obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
- Public Forums. Some of our Services or some of the features and functionality of our Services provide the opportunity to post content or share information such as messages, photos, and videos with others. If you decide to submit information to any public area of the Services, that information may be publicly available.
- Service Providers. We share information with third-party suppliers, vendors, service providers, contractors or agents who perform services for us or on our behalf, including order fulfillment and shipping, payment processing, customer support, administering our marketing and reviews platform, hosting, information technology and security, fraud prevention, mail and email distribution, events, contests, and promotion administration, marketing, advertising, and analytics services. This excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.
- Where Required or Permitted by Law or Legal Process. We may disclose information where we believe disclosure is necessary or required (i) to comply with applicable law, regulation, or legal process, or in response to requests by law enforcement authorities, government or public agencies or officials, or regulators; (ii) to exercise, establish or defend our legal rights or to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies.
- Third-Party Partners and Co-Sponsors. We may offer contests, sweepstakes, events, or other promotions with third-party partners or co-sponsors. If you decide to enter a contest, sweepstakes, or promotion that is sponsored by a third-party partner, the information you provide will be shared with us and with them. Their use of your information is not governed by this Privacy Policy.
- Other Disclosures with Your Consent. We may share your information with third-parties for purposes not described elsewhere in this Privacy Policy with your consent or at your direction.
4. ANALYTICS AND ADVERTISING SERVICES PROVIDED BY OTHERS
We use cookies and similar tracking technologies (such as web beacons, pixels, and local storage) to automatically collect information, including your email address, through our Services (like tracking your sales cart activity and notifying us of abandoned sales carts). We also work with third-party partners who provide analytics and advertising services or other functionality on our Services. These third parties, including Retention, may also use cookies and similar tracking technologies to collect information about you when using our Services (for instance through a browser) and may combine the information with other information they have access to such as your mailing address so that we may serve relevant marketing offers to you via email or direct mail. For example, if you browse our site anonymously, this information might be identified and stored in the Retention database. Where required by law, we base the use of cookies and similar tracking technologies upon consent. If you wish to change your cookies and similar tracking technologies settings, please visit the cookie banner on our homepage. For more information about how we use such technologies and how you can refuse certain cookies, please read our Cookie Policy. Even if you opt out of receiving communications from us, your data may still be retained and accessible by other sites using Retention software. You can opt out of this data sharing by visiting https://app.retention.com/optout
5. YOUR CHOICES
1. Access to your account
You may access your account to view order history information and/or adjust subscriptions on your own through the My Account section, once logged in via this link.
For any personal information changes you may need (phone, email, address, etc.) or to delete your account entirely, email us at help@kromawellness.com, and our customer service team can help you update your account.
2. Marketing Communications
- Email. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails or you can contact us at help@kromawellness.com in the United States and Canada. If you opt-out of receiving promotional communications from us, we may still send you non-promotional communications, such as those about your account, your orders, or our ongoing business relations.
- Text Messages. To opt-out of receiving text messages, follow the opt-out instructions in the text messages that you receive from us.
3. Device Permissions
Mobile platforms have permission systems for specific types of device data and notifications, such as camera and microphone as well as push notifications. Where applicable, you can change your settings on your device to either consent or oppose the collection of the corresponding information or the display of the corresponding notifications. Depending on the manner in which you make changes to your settings, certain Services may lose partial or full functionality.
4. Uninstall the Application
If you have downloaded our mobile application, you can stop all information collection by applications by disabling call forwarding and deactivating your account by following the instructions on the Service’s Settings screen and then uninstalling the applications using the standard uninstall process for your device. If you uninstall the applications from your mobile device, the unique identifier associated with your device will continue to be stored. If you reinstall the applications on the same mobile device, we will be able to re-associate this identifier to your previous transactions and activities.
5. Managing Cookies
For more information about how you can refuse certain cookies, please read our Cookie Policy.
6. “Do Not Track” Features
Some web browsers incorporate a Do Not Track (“DNT”) or a similar feature. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
6. HOW WE PROTECT INFORMATION
We have implemented reasonable and appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, please also remember that no method of transmission over the Internet, or method of electronic storage, is fully secure. Although we will do our best to protect your personal information, we cannot guarantee its absolute security. In the event we are required by law to inform you of a breach to your personal information we may notify you electronically, in writing, or by phone, if permitted to do so by law.
If you create an account as part of using our Services, you will be prompted to create a password. You are responsible for maintaining the confidentiality of your password, selecting a strong password and constructing a unique password. You are also responsible for any access to or use of your account by someone else that has obtained your password, whether or not such access or use has been authorized by you. Please notify us of any unauthorized use of your password or account.
7. DATA TRANSFERS
For the reasons and purposes described in this Privacy Policy, the information we collect may be transferred to, stored, and otherwise processed in the United States and other countries, such as Canada, the Dominican Republic, India and South Africa. Wherever possible we take steps to treat personal information using the same privacy principles that apply pursuant to the law of the country in which we first received your information. By accessing and/or using the Services or otherwise providing your personal information, you are agreeing to the transfer of your information to the United States, Canada, the Dominican Republic, India and South Africa.
8. CHILDREN'S PRIVACY
Our Services are intended for general audiences over the age of 18 years old. We do not knowingly collect information from children under the age of 18 years old. If you are not over 18 years old, then DO NOT DOWNLOAD OR USE THE SERVICES. We also do not knowingly sell the personal information of individuals under the age of 16.
9. THIRD-PARTY LINKS
For your convenience and information, we may provide links to websites and other third-party content that is not owned or operated by us. The websites and third-party content to which we link may have separate privacy notices or policies. Please note, we have no control over the privacy practices of websites or services that we do not own. We encourage you to review the privacy policies of any third-party website or application for details about what information is collected and how it is used and/or shared.
As part of the functionality of our Services, we may integrate with certain third-party services. If you choose to link your account with such applications, you can decide to share the health information we collect about you while you use the Services. You may opt-out of tracking at any time by configuring your privacy settings on such applications. Your interactions with third-party services or other health applications are governed by the privacy policy of the company providing the service.
10. INFORMATION FOR CALIFORNIA RESIDENTS
California law requires us to disclose the following information related to our privacy practices. If you are a California resident, this section applies to you in addition to the rest of this Privacy Policy.
1. Categories of Personal Information We Collect, Use, and Disclose
The table below identifies the categories of personal information we have collected in the past twelve (12) months and which we continue to collect. It also lists the categories of third parties to whom we disclose personal information for a business purpose. For more information, including the sources from which we obtain personal information, please see the “INFORMATION WE COLLECT” section of this Privacy Policy.
We use and disclose these categories of personal information for the purposes described in the “HOW WE USE INFORMATION” and “HOW WE SHARE INFORMATION” sections in this Privacy Policy.
2. Privacy Rights
As a California resident, you have certain rights, such as:
- Access to Information. You may request information regarding the categories of personal information we have collected about you; the categories of sources from which the information was collected; the purposes for which we collected, disclosed, or sold personal information; and the categories of third parties to whom we have sold or disclosed personal information for a business purpose and the categories of personal information disclosed or sold. You may also request access to the specific pieces of personal information we have collected in the 12 months preceding your request, including, where applicable, in an electronic and readily-usable format. Your access rights under California law are not absolute. Specifically, you have the right to make a request no more than twice in a twelve (12) month period and the information you can request is limited to personal information collected in the 12-month period preceding our receipt of the request.
- Deletion. You may request that we delete the personal information we have collected from you. If required by law we will grant a request to delete information, but you should note that in certain situations, and to the extent permitted by law, we may be required to keep your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes.
- Opt-Out of Sales. You have the right to opt-out of any sales of personal information that may be occurring. We share personal information, and over the preceding twelve months may have shared personal information, for other benefits which are a sale of information, as defined by California law. This includes sharing of identifiers, commercial information, and internet or other electronic network activity usage data with advertising partners and networks, and website analytics companies. Additional information is available on our Do Not Sell My Information page, including information about how to manage or block these cookies. We do not knowingly sell personal information about persons under the age of 16. If you wish to exercise this right, you may submit a request by email at help@kromawellness.com or by phone at (858) 240-2570.
- Non-discrimination. You have the right not to be discriminated against for exercising your rights under California law. We do not discriminate against California consumers who exercise their rights described in this section. However, we may charge a different price or rate, or offer a different level or quality of good or service, to the extent that doing so is reasonably related to the value of the applicable data. In addition, we may offer you financial incentives for the collection, sale and retention and use of your personal information as permitted by the CCPA that can, without limitation, result in reasonably different prices, rates, or quality levels. The material aspects of any financial incentive will be explained and described in its program terms. We may add or change incentive programs and/or their terms by posting notice on the program descriptions and terms linked to above so check them regularly. Please note that not all these rights are absolute, and they do not apply in all circumstances. While we will make reasonable efforts to accommodate your request, we also reserve the right to impose certain restrictions and requirements on such requests, if allowed or required by applicable laws. Any request you submit to us is subject to an identification and residency verification process.
3. Exercising Your Privacy Rights
For the most part, we enable exercise of the privacy rights described in the paragraphs above directly through our Services when logged in.
If you are a California resident and you would like to make a request for access, portability, or deletion of your information, you may submit a request through the CCPA Request Form, by email at privacy@kromawellness.com or by phone at (858) 240-2570.
In order to process your request, we must be able to verify your identity to make sure you are the person about whom we have collected personal information or an authorized representative. Depending on the type of request, we may conduct the verification process by email or phone using information that matches our records. The information you must provide as part of the verification process may include: name, email address, mailing address, phone number, user name, state and/or country of residency, and/or proof of residency. We may also ask for additional information as needed based on your relationship with us.
You may also designate an authorized agent to exercise these rights on your behalf by providing the authorized agent signed permission to submit the request on your behalf. If an authorized agent submits a request on your behalf, we may need to contact you to verify your identity and protect the security of your personal data. Please note, we cannot process your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you.
4. California’s “Shine the Light” Law. California's “Shine the Light” law requires us to respond to requests from California customers asking about our practices related to disclosing certain types of personal information to third parties for their direct marketing initiatives. You may make such a request by completing and submitting an STL Request Form.
11. INFORMATION FOR NEVADA RESIDENTS
Pursuant to Nevada law, you may direct a business that operates an internet website not to sell certain personal information a business has collected or will collect about you. We do not sell your personal information as defined under Nevada law. For more information about how we handle and share your personal information or your rights under Nevada law, please contact us at help@kromawellness.com.
12. CHANGES TO THIS PRIVACY POLICY
We may also provide additional “just-in-time” disclosures or additional information about the data collection, use and sharing practices of specific Services. Such notices may supplement or clarify our privacy practices or may provide you with additional choices about how we process your Personal Information.
13. CONTACT DETAILS
If you have any questions, complaints, or comments about this Privacy Policy or our privacy practices, you may email us at help@kromawellness.com or by mail at:
Kroma Wellness PBC
Attn: Chief Financial Officer
2683 Via de la Valle, Suite G-254
Del Mar, CA 92014
14. ACCESSIBILITY
Persons with disabilities may obtain this Privacy Policy in an alternative format, upon request, by contacting us at the appropriate address above. If you are visually impaired, you may access this notice through your browser’s audio reader.
15. GOVERNING LAW; OTHER APPLICABLE KROMA POLICIES
This Privacy Policy is governed by the laws of the United States of America and the State of California. For further information on Kroma’s other applicable policies, please refer to the Terms & Conditions, which are incorporated herein by reference.
16. ENGLISH LANGUAGE
Pursuant to Canadian law, the parties declare that they have required that this Privacy Policy and all documents related hereto, either present or future, be drawn up in the English language only.
Conformément à Droit canadien, lesparties déclarent par les présentes qu’ils exigent que cette entente et tous les documents y afférents, soit pour le présent ou l’avenir, soient rédigés en langue anglaise seulement.