PRIVACY POLICY

[Last Updated: June 03, 2024]

This Privacy Policy constitutes an integral part of our website’s Terms & Conditions (collectively the “Terms”), and provides you with details regarding our privacy practices and the way we collect, use and manage your Personal Data, and your related legal rights, under applicable privacy legislation, including without limitation the EU General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act of 2018 ( “CCPA”), as may be amended, supplemented or superseded from time to time (all collectively shall be defined as “Data Protection Laws”).

Additional Notice to California Residents: In the event you are a California resident – please review our CCPA Notice to learn more about our privacy practices with respect to the CCPA.

Regional Notice to Specific US States Residents: In the event you are a resident of certain US States, some jurisdiction specific privacy laws may apply to you, as further elaborate under Section 13 below. Please review this section to learn more about our privacy practices and your rights under the privacy and data protection legislation which applies in these specific states.

You are not required by law to provide us with any Personal Data. Sharing your Personal Data with us is entirely voluntary. However, without your data, we would not always be able to provide you with all or some of our Services.

 

1.       POLICY AMENDMENTS

We reserve the right to amend this Privacy Policy from time to time, at our sole discretion. The most recent version of this Privacy Policy will always be posted on the Website and the update date will be reflected in the “Last Updated” heading. We will provide notice to you if these changes are material, and, where required by applicable law, we will obtain your consent. Any amendments to the Privacy Policy will become effective immediately, unless we notify otherwise. We recommend you review this Privacy Policy periodically to ensure that you understand our most updated privacy practices.

 

2.       CONTACT INFORMATION AND DATA CONTROLLER INFORMATION

Natasha Denona Makeup LLC, incorporated under the laws of the state of New York in the United States, as part of the Natasha Denona Group, is the “Data Controller” or ”Business” (as such terms are defined Data Protection Laws) of the Personal Data detailed under this Privacy Policy.

For any question, inquiry or concern related to this Privacy Policy or the processing of your Personal Data, you may contact our privacy team follows:

By E-Mail: wecare@natashadenona.com.

By Mail:

Natasha Denona Makeup LLC;

39 East 30th Street, New York, NY 10016, United States.  

 

Data Protection Representative for Data Subjects in the EU and UK:

Attn: Natasha Denona Trading Ltd.

Trident Park, Notabile Gardens, No. 2 – Level 3

Mdina Road, Zone 2, Central Business District

Bkara, CBD 2010 Malta

VAT#MT 2383-5112

 

Email: wecare@natashadenona.com.

 

3.       THE TYPES OF DATA WE PROCESS, THE PURPOSES OF PROCESSING AND LAWFUL BASIS

We collect two types of information, depending on your interaction with us.

The first type of information is non-identifiable and anonymous information (“Non-Personal Data”). We are not aware of the identity of the individual or other identifiers of the individual from which the Non-Personal Data is collected. Non-Personal Data which is being gathered via access or interaction with the website, consist of aggregated usage information, as well as technical information transmitted by your device, such as the type of operating system, browser, internet service provider (ISP), or device settings (e.g. default language), etc. Non-Personal Data may be used by us without limitation and for any purpose. We may sometimes process and anonymize or aggregate Personal Data and identifiable information in a manner that shall create a new set of data that will be Non-Personal Data.

The second type of information is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual (“Personal Data” or “Personal Information”).

On our website, we do not knowingly collect or process any Personal Data constituting or revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning a person's health or data concerning a person’s sex life or sexual orientation (“Special Categories of Data” or “Sensitive Data”).

For the avoidance of doubt, any Non-Personal Data connected or linked to Personal Data shall be deemed as Personal Data as long as such connection or linkage exists.

The table below details the types of Personal Data we process, the purpose, lawful basis (under the GDPR), and our processing operations:

TYPE OF DATA

PURPOSES OF PROCESSING

LAWFUL BASIS UNDER THE GDPR

Information Collected when visiting or using our website (Visitors or Customers)

Online Identifiers and Usage Data

When you access our website or otherwise interact with its content and features (including if you are our Customer and you access and interact with your account) we collect certain online identifiers, such as internet protocol address (IP), Cookie ID and other unique identifiers (“Online Identifiers”).

Further, we will collect information related to your use and interaction with our website. This information may include, for example, the referring URL (that is, the webpage directing you to our website, and other websites you visited in the session), how you interact with our webpages and content, access time and date, duration of use, pages you have viewed on our website, clickstream, etc. (“Usage Data”).

We process Online Identifiers and Usage Data through our or third-party cookies and tracking technologies for analytic, marketing and advertising purposes.

For example, we process this data to understand how Visitors or Customers use our website and to measure effectiveness of our content and advertising campaigns in order to improve our marketing efforts as well as to serve cross-websites ads to Visitors. 

In addition, Usage Data related to our website help us to better understand our business, analyze our operations, maintain, improve, design, and develop our Services, conduct statistical analysis, etc.

Further, we process such data for our website operation and functionality, security and fraud prevention purposes, debugging purposes and to resolve technical problems.

Where we process Online Identifiers or Usage Data for operation and security purposes, we process your data based on our legitimate interest.

Where we process Online Identifies or Usage Data for analytic and advertising purposes, we process such data based on your consent which we will obtain through the cookies toolbar available at the footer of the website. You may always withdraw your consent at any time as further elaborated below.

Location

Based on the IP address or other information we may obtain such as zip code, we can approximately know your location.

We process such data for language preference and contextual advertisement ads based on your general location.

We process such data based on our legitimate interest.

When we use such data as part of our marketing activities, we do so only per you consent provided through the cookies toolbar. You may always withdraw your consent at any time as further elaborated below.

Contact Data

Where you contact us with any inquiries, whether by a designated “contact us” form or otherwise, you will be requested to provide your contact information such as your name, email address phone number, and any other information you choose to share with us through your correspondence or other communications with us (“Contact Data”).

We process your Contact Data for the purpose of responding to your inquiries and provide you with the support or information you have requested.

Our correspondence with you, and its content, may be further processed and stored by us in order to improve our customer services, and in the event, we reasonably determine it is needed in order to comply with any regulatory requirement, or for handling and defending against any future claims or dispute you might have with us.

We process your Contact Data subject to our legitimate interest.          

After addressing your inquiry, we may retain your data in our systems as part of our business records keeping under our legitimate interest.

 

Newsletter Subscription

If you subscribe to receive our newsletter, updates, and other marketing materials, you will be requested to provide us your email address.

We process such data in order to send you the content you have signed-up to receive.

We will further store this data in order to include you, and maintain, our marketing and mailing lists, as well as the "opt-out" list (solely the necessary information for such purpose), to ensure we respect your choice and comply with applicable laws in this regard.

We process such data based on your consent. You may withdraw your consent at any time by using the “unsubscribe” link within the emails you will receive from us.

In addition, we will further maintain a suppression file – meaning lists of applicable emails that have requested to opt-out, under our legitimate interest and to ensure we comply with such preference and choice.

Information collected from our Customers

Account Data

When placing an order, you may choose to create an account (“Account”). During the registration process you will be requested to provide us with certain information such as your full name, email address, username and password.

If you choose to sign in through your social accounts (e.g., Facebook, Google, or Amazon account), we will be provided with your email address related to such account as well as information you have made public (such as profile picture, etc.). 

 

We process Account Data to create and designate your Account, authentication and validate access, enable log-in, access and the use of your Account as well as to send you needed information related to our engagement.

In addition, we process such data for direct marketing purposes, meaning, as our Customer we may send you marketing related communications, materials and content regarding our Products or any other products we may offer in the future, to keep you up to date (“Direct Marketing”). 

We process your Account Data for the purpose of performing our contract with you.

In addition, we process your Account Data for direct marketing purposes subject to our legitimate interest.  You can opt-out at any time using the “unsubscribe” link within the emails you will receive from us.

Please note that if you choose to unsubscribe from our direct marketing, we will still send you service-related emails, such as invoices.

Order Placement

If you place an order, as part of the checkout process, you will be requested to provide us with certain information such as your full name, email address, phone number, and billing and shipping address.

Note, that you will further be required to provide your payment method details; however, such details are processed by our external clearance vendors, and are not visible to u, except for certain limited transaction record data (e.g., 4 last digits of a credit card).

We collect and use your Order Placement Data in order to process and deliver your order, including to provide you services related notice (such as sending you order confirmation, invoices, shipment status, etc.).

We will further store your Order Placement Data in order to maintain bookkeeping records and to comply with any regulatory requirements (e.g., tax related).

 

We process your Order Placement Data for the purpose of performing our contract with you.

Following the completion order delivery, we nay further retain and store the data, including your “Order History” as part of our internal record keeping, including for legal defense from any possible future claims or disputes subject to applicable law requirements, as well as subject to our legitimate interests.

 

 

Orders Usage Data:

When you go through the orders’ placement process, including where you add Products to your cart or wish list, information regarding such use and interactions is automatically gathered and collected, which may include the click stream, specific Product added to your cart, analytics data, crash data etc. (“Orders Process Usage Data”).

We Process Orders Usage Data to help us to understand how Customers interact with the orders submission flow, their preferences, and how to better provide and improve our Services. We may further use it to personalize your experience, for example, where you are a registered Customer or otherwise provided your email address through the order placement process, we may send you emails to remind you that you have not completed your order of Products you have added to your cart.

 

We process Orders Usage Data for engaging you as a Customer in accordance with the contract between us.

We may also use such Orders Usage Data for operation and security purposes, based on our legitimate interest.

Where we collect Orders Process Usage Data for analytic and marketing purposes, we process such data based on your consent which we will obtain through our cookies toolbar on the website. You may always withdraw your consent at any time as further elaborated below.

Customers Support:

When you contact our customer support team regarding your order or the placement of an order (i.e., returns and refunds, order tracking, etc.), we will use your Order and inquiry data, including your contact information and other Order Placement data.

Customer Support Communications will be used for the purpose of responding to and handling your inquiries.

In addition, our correspondence with you, and its content, may be processed and stored by us in order to improve our customer services and in order to comply with any regulatory request or for the defense of any future claim.

We process Customer Support data to address your request per the contract between us.

 

We may further retain and keep such data as part of our internal record keeping per our legitimate interests.

Pro Artist Program

When applying to the pro artist program HERE, you will be required at the submission form to provide us with certain information, such as your full name, email address and phone number (“Application Data”). 

We process your Application Data to receive and consider your application request, to check your submission and to finally provide you with final decision and confirmation (when applicable).

If you get accepted to our Pro Artist Program, we will further process such data is ordered to communicate with you and send you notifications with respect to the program and other supporting services (sending you "congratulations message", invitations to the program's events or sessions, etc.).

We process your Application Data initially subject to our legitimate interest in order to consider and answer your submission request.

If you get accepted to the program, we will further process such Application Data for the purpose of performing our contract with you.

In addition, we process your Application Data for direct marketing purposes subject to our legitimate interest and applicable law.  You can opt-out at any time using the “unsubscribe” link within the emails you will receive from us. However, please note that if you choose to unsubscribe from our direct marketing, we will still send you service-related emails, such as invoices.

 

 

Please note that the actual processing operation per purpose of use and lawful basis detailed in the table above may differ. Such processing operation usually includes a set of operations made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction. The transfer of Personal Data to third-party countries, as further detailed in the Cross Border Data Transfer section below, is based on the same lawful basis as stipulated in the table above.

In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of our Services and to enforce our terms of use and other policies, as well as to protect the security or integrity of our databases and the Websites, and to take precautions against legal liability. Such processing is based on our legitimate interests.

 

4.       HOW DO WE COLLECT YOUR PERSONAL DATA

Depending on the nature of your interaction with us, our website and Services, we may collect Personal Data as follows:

  • Automatically – we may use cookies (as elaborated in the section below) or similar tracking technologies (such as pixels, tags, agent, etc.) to gather some information automatically.
  • Provided by you or about you voluntarily – we will collect information if and when you choose to provide us with the information, such as contact us form, etc. all as detailed in this Privacy Policy.
  • Provided from third parties where permitted under applicable law and provided with your consent for cookie usage, we may enrich the Personal Data collected about you with data provided by third parties.

 

5.       COOKIES AND TRACKING TECHNOLOGIES

When you access or use the website, we use “cookies” or similar tracking technologies, which store certain information on your device (i.e., locally stored). The use of cookies is a standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your computer while you are viewing a website. Cookies are used by us for various purposes, including allowing you to navigate between pages efficiently, as well as for statistical purposes, analytic purposes and advertising. You can find more information about our use of cookies here: www.allaboutcookies.org.

There are several types of cookies, including without limitation:

  • Essential, Functionality, Operation & Security Cookies. These cookies are essential for enabling Visitor movement around the website, for the website to function properly, and for security purposes (i.e., used to authenticate Visitors, prevent fraudulent use, and protect Visitor data from unauthorized parties). This category of cookies either cannot be disabled, or if disabled, certain features of the website may not work.
  • Analytic, Measurement & Performance Cookies. These cookies are used to collect information about how Visitors use our website, in order to improve our website, content, and the way we offer them, as well as assess performance of the content and marketing campaigns. These cookies enable us, for example, to assess the number of Visitors who have viewed a certain page as well as their country of origin. It enables our website to remember information that changes the way it behaves or looks, such as your preferred language.
  • Preference, Targeting & Advertising Cookies. These cookies are used to advertise across the internet and to display relevant ads tailored to Visitors based on the parts of the website they have visited (e.g., the cookie will indicate you have visited a certain webpage and will show you ads relating to that webpage).

You may find more information about the cookies we use as well as opt-out of cookies or change your preferences at any time by using the cookies setting tool available on the footer of our website. 

Where we use third-party advertising cookies, such third-party may independently collect, through the use of such tracking technologies, some or all types of Personal Data detailed above, as well as additional data sets, including to combine such information with other information they have independently collected relating to your online activities across their network of websites, for the purpose of enhanced targeting functionality and delivering personalized ads, as well as providing aggregated analytics related to the performance of our advertising campaign you interacted with. These third parties collect and use this information under their own privacy policies, and we are not responsible for their privacy practices.

 

6.       SHARING PERSONAL DATA WITH THIRD PARTIES

We share your Personal Data with third parties, including our partners or service providers that help us provide operate and manage our websites, business operation, marketing operations and our Services. You can find in the table below information about the categories of such third-party recipients.

CATEGORY OF RECIPIENT

TYPE OF PERSONAL DATA SHARED

PURPOSE OF SHARING

The Natasha Denona Group

All types of Personal Data

We may share Personal Data with other affiliates or subsidiaries within the Natasha Denona Group, where applicable and where we believe, for example, when your inquiry is applicable to a specific subsidiary of Natasha Denona or where required to meet our legal and regulatory obligations. 

Service providers

 

 

All types of Personal Data

We employ other companies and individuals to perform functions on our behalf. This might include: sending communications, processing payments, analyzing data, providing marketing and sales assistance (including advertising and event management), identifying errors and crashes, conducting customer relationship management, delivery, shipments, etc. These third-party service providers have access to Personal Data needed to perform their functions, but they are prohibited from using your Personal Data for any purposes other than providing us with requested services.

Any acquirer of our business

All types of Personal Data

We may share Personal Data, in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Privacy Policy.

Enforcement of our rights and security detections. 

All types of Personal Data

We may disclose Personal Data to enforce our policies and agreements, as well as defend our rights, including the investigation of potential violations thereof, alleged illegal activity or any other activity that may expose us, you, or other users to legal liability, and solely to the extent required. In addition, we may disclose Personal Data to detect, prevent, or otherwise address fraud, security, or technical issues, solely to the extent required.

Legal and law enforcement 

Subject to law enforcement authority request.

We may disclose certain data to law enforcement, governmental agencies, or authorized third parties, in response to a verified request relating to terror acts, criminal investigations or alleged illegal activity or any other activity that may expose us, you, or any other user to legal liability, and solely to the extent necessary to comply with such purpose.

 

When we share information with service providers and partners, we ensure they only have access to such information that is strictly necessary for us to operate the website. These parties are required to secure the data they receive and to use the data for pre-agreed purposes only while ensuring compliance with all applicable data protection regulations (however, such service providers may use certain data for their own benefit subject to separate terms agreed upon with you or per your consent, as well as in the case of using merely non-personal data).

 

7.       YOUR RIGHTS RELATED TO YOUR PERSONAL DATA

Data protection and privacy laws may grant you certain rights with regards to your Personal Data, all according to your jurisdiction. The rights may include one or all of the following: (i) request to amend your Personal Data we store accessing; (ii) review and access your Personal Data that we hold; (iii) request to delete your Personal Data that we hold (as long as we do not have a legitimate reason for retaining the data); (iv) restrict or object to the process your Personal Data; (v) exercise your right of data portability (vi) contact to a supervisory authority in your jurisdiction and file a complaint; and (vii) withdraw your consent (to the extent applicable).

For detailed information on your rights and how to exercise your rights, please see the Data Subject Request Form (“DSR”) available HERE and send it to our privacy team at: wecare@natashadenona.com.

Certain rights can be easily executed independently by you:

  • If you are a Customer, you can correct or delete your Account Data at any time, through the account settings on our website;
  • You can you can opt-out from receiving our marketing emails by clicking “unsubscribe” link;
  • You can withdraw consent for processing Personal Data for analytics or marketing purposes, by using the cookie setting on the

For additional rights under US state laws, please refer to the specific regional disclosure available below.

Please note, in the event you are a Customer, termination of the engagement or closing your Account does not automatically resolved in deletion of data. If you wish to delete the data, please ensure to contact us with such a request.

You have the right to lodge a complaint with the EU Member State supervisory authority if you are not satisfied with the way in which we handled the complaint.

 

8.       DATA RETENTION

We retain Personal Data we collect for as long as it remains necessary for the purposes set forth above, all in accordance with applicable laws, or until an individual expresses a preference to opt-out, where applicable.

Other circumstances in which we will retain your Personal Data for longer periods of time include: (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data. Please note that except as required by applicable law, we will not be obligated to retain your data for any particular period, and we may delete it for any reason and at any time, without providing you with prior notice if our intention to do so.

 

9.       DATA SECURITY

Securing your Personal Data is of high priority. We design our systems with your security and privacy in mind. We have implemented physical, technical, and administrative security measures that comply with applicable laws and industry standards, such as encryption (i.e., using SSL), access restrictions and permissions to our employees, contractors, agents, etc. Note that we cannot be held responsible for unauthorized or unintended access beyond our control, and we make no warranty, express, implied, or otherwise, that we will always be able to prevent such access.

Please contact us at: wecare@natashadenona.com, if you feel that your privacy was not dealt with properly, in a way that was in breach of our Privacy Policy, or if you become aware of a third party's attempt to gain unauthorized access to any of your Personal Data. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) in the event that we discover a security incident related to your Personal Data.

 

10.   CROSS BORDER DATA TRANSFER

Due to our global business operation, we may store or process your Personal Data in several territories, including, for example in Israel, the UK, EU, US or in other countries (whether directly or through the use of our vendors). Thus, your Personal Data may be transferred to and processed in countries other than the country from which you accessed our websites or otherwise the country of your jurisdiction. We will take appropriate measures to ensure that your Personal Data receives an adequate level of data protection upon its transfer in accordance with applicable law.

Further, when Personal Data collected within the EU is transferred outside the EU (and not to a recipient in a country that the European Commission has decided provides adequate protection) it shall be transferred under the provisions of the standard contractual clauses approved by the European Union. If you would like to understand more about these arrangements and your rights in connection therewith, please contact us at our email.

 

11.   ‍THIRD PARTY WEBSITES

Our Privacy Policy only addresses the use and disclosure of Personal Data we collect from you. To the extent that you disclose your Personal Data to other parties via the website (e.g., by clicking on a link to any other website or location), different rules may apply to their use or disclosure of the Personal Data you disclose to them, and this Privacy Policy does not apply to any such third-party products and services. You agree that we shall have no liability whatsoever with respect to such third-party sites and your usage of them.

 

12.   PROTECTING CHILDREN

Our Services and Products, including the use of the website, are not intended for any individual under the age of 18, and we do not knowingly collect or maintain information about anyone under the age of 18. Please contact us at: wecare@natashadenona.com if you have reason to believe that a child has shared any information with us.

 

13.   Regional US Privacy Notice

General Applicability and Jurisdictions

This section 13 applies to residents of specific US States under applicable specific state laws, including residents of: Connecticut under the Connecticut Data Privacy Act, S.B. 6 (Connecticut 2022); Utah, under the Utah Consumer Privacy Act, Utah Code Ann. § 13-61-101 et seq; Virginia under the Virginia Consumer Data Protection Act, Va. Code Ann. § 59.1-575 et seq. (SB 1392); Colorado under the Colorado Privacy Act (SB 21-190), and starting of July 1, 2024, residents of Texas under the Texas Data Privacy and Security Act (2023), and Oregon under the Consumer Privacy Act (2023); All as amended or superseded from time to time and including any implementing regulations and amendments thereto (“US Privacy Laws”). Any term not defined herein under this section 13 shall the meaning ascribed to such term in the Privacy Policy above or applicable US Privacy Laws.

The specific disclosure hereunder supplements our general Privacy Policy as detailed above and provides additional details to the extent we deem as a “Business” or “Controller” under applicable US Privacy Laws, for example where we process Visitor’s information regarding their use of the Website.

California residents, please refer to our CCPA Notice, which discloses the required information per the CCPA, including the categories of processed and shared data, and your specific rights as a California resident.

Nevada Residents, please find below a brief disclosure relevant to you under the Nevada Revised Statutes Chapter 603A.

The Personal Information We Process

Section 3 of this Privacy Policy describes the categories of Personal Data that are collected and processed by us, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for a materially different, unrelated, or incompatible purpose without obtaining your consent. As further elaborated above, collected personal Data may include, depending on your interaction with us as a Visitor or a Customer:

  • Online Identifiers and Advertising and Targeting data – your IP address, location and time zone setting, operating system and platform, browser plug-in types, domain name and your choice of browser, approximate location (derives from IP address), etc. – processed as part of our technical website management and operation, analytics and online marketing activity.
  • Geolocation Data - Based on the IP address or other information we may obtain such as zip code, we can approximately know your location.
  • Contact Information – including your identifiers and contact information (name, email, phone, etc.), the content of your inquiry, and additional information as provided voluntarily by you, such as your workplace and position, country of residence, etc. – collected and processed to respond to your inquiry and keep record of our interaction with you.
  • Newsletter Registration Information – such as your email, phone number, and your interaction with the messages and content we will send you – collected and processed for sending you news, promotional material and updates regarding our services per your consent and subject to applicable law.
  • Account Data – if you choose to create an Account in our systems, during the registration process you will be required to provide contact information as well as username and password.
  • Order Placement Data – when placing an order for a Product, we will collect and process details about your order, including its content, shipping data and your payment details (processed through an external clearance provider). We may also retain record of your shopping history as details above.
  • Order Usage Data – when adding a Product to your shopping cart, showing interest in specific products or websites pages, etc., we may collect, through the use of your account as well as cookies and similar technologies, information regarding your activity as a potential and actual customer of our Products. This data may be used by us for operational purposes such as sending you a reminder regarding your shopping list, as well as, subject to applicable law, marketing and advertising activity online.
  • Customer Support – when approaching our customer support as a Customer, we will collect and processed details regarding your inquiry and handling it.
  • Our Affiliate Programs – when applying to or acting as a member of any of our affiliates programs, we will keep and process such applications and activity data, as part of our general record keeping to enable your activity as an affiliate.

Please note that under US Privacy Laws, Personal Data does not include publicly available information and information that cannot be reasonably linked to you, directly or indirectly, such as de-identified or aggregated data, and information governed by other state or federal laws, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA), Personal Data covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or and the Driver’s Privacy Protection Act of 1994, Children’s Online Policy Protection Act of 1998 (COPPA), Family Educational Rights and Privacy Act of 1974, national Security Exchange Act of 1934, higher education data and employment data, etc.

Sensitive Data” under US Privacy Laws is generally defined as data revealing racial or ethnic origin, religious beliefs, mental or physical health history, condition or diagnosis, sex life or sexual orientation, citizenship or immigration status, genetic or biometric data that can be processed/is processed to uniquely identify an individual, precise geolocation or personal data from a known child. We do not collect nor process or use any Sensitive Data from our website’s users and visitors.

 

Sharing of your Personal Data with Third Parties

Under section 6 of the above Privacy Policy, you will find details regarding the categories of third parties we share Personal Data with for our business purposes, including sharing of data with our affiliated companies in the Natasha Denona Group.

We do not sell your personal information for profit. However, we do engage in targeted advertising on the website. Some of those marketing activities, when conducted through the use of third parties, may be considered a “sale” or “Share” under certain US Privacy Laws. In this context, as is common practice among companies that operate online, we permit third party advertising networks, social media companies and other third-party businesses to collect information directly from your browser or device through cookies or similar tracking technology when you visit or interact with the Site, for example, for collection of Online Identifiers and Advertising and Targeting data as detailed under section 3 above. These third parties use this personal information to deliver targeted advertising (also known as “cross-context behavioral advertising”) and personalized content to you on our websites, on other sites and services you may use, and across other devices you may use, as well as to provide advertising-related services such as reporting, attribution, analytics, and market research. To learn more about that, please read section 5 regarding Cookies. Depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to limit or opt-out of the sale of personal information or the processing of personal information for purposes of targeted advertising, through the use of the Cookie Toolbar on the Site’s footer or as described above.

We do not knowingly sell or share personal information of individuals less than 16 years of age or use or share such information for targeted advertising purposes. Similarly, we do not sell or share any Sensitive Data.

 

Exercising Your Privacy Rights

Subject to certain legal limitations and exceptions, you may be able to exercise some or all of the rights details under section 11 above, “Your Rights”. Generally, and depending on your state of residency, those rights include the following:

 

Privacy Right

Explanation

How may you exercise your right

Right to Access/ Right to Know

You have the right to confirm whether and know the Personal Data we collected on you

You can exercise your right by reviewing this Privacy Policy and approaching us through the DSR form as explained below.

Right to Correction

You have the right to correct inaccuracies in your Personal Data, taking into account the nature and purposes of processing of such Personal Data.

You can exercise this right by approaching us through the DSR form as explained below.

Right to Deletion

You have the right to delete Personal Data, this right is not absolute and in certain circumstances we may deny such request. We may deny your deletion request, in full or in part, if retaining the information is necessary for us or our service provider(s) for any of the following reasons: (1) Complete the transaction for which we collected the Personal Data, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you; (2) Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities; (3)  Debug products to identify and repair errors that impair existing intended functionality; (4) Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law; (5)  Comply with the law or legal obligation; (6) Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent; (7) Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us; (8) Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

We will delete or de-identify personal information not subject to one of these exceptions from our records and will direct our processors to take similar action.

If you would like to delete your personal information, please approach us through the DSR form as explained below.

 

Right to Portability

You have the right to obtain the Personal Data in a portable, and to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.

If you would like to exercise your portability right, please contact us through filling a DSR form as explained below, and we will select a format to provide your Personal Data that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

Right to opt out from selling Personal Data

You have the right to opt out of the sale of your Personal Data for the purposes of targeted advertising, sale to a third party for monetary gain, or for profiling in furtherance of decisions that produce legal or similarly significant effects concerning you or any other consumer.

You may authorize another person acting on your behalf to opt out, including by broad technical tools, such as DAA, NAI, etc.

We currently do not sell your personal information, so we do not offer an opt out.

We may “share” personal information with third parties for personalized advertising purposes. You may opt-out of the sharing of your Personal Data with third parties for personalized advertising on third party sites as detailed below under “Opt Out Options”.

To opt out from the use of cookies on our website, please click the “do not sell or share my personal information” or otherwise use the settings of our cookies bar in the footer of the website which will enable you to customize the use of cookies on our website. 

Right to opt out from Targeted Advertising

Right to opt out from Profiling

We do not profile you, thus we do not need to provide an opt-out.

Duty not to violet the existing laws against discrimination or non-discrimination

Such discrimination may include denying a good or service, providing a different level or quality of service, or charging different prices.

We do not discriminate against our users.

 

If you wish to submit a request to exercise your rights, please fill out the Data Subject Request Form (“DSR”) and send it to our email at: wecare@natashadenona.com.

Authorized Agents - In certain circumstances, and subject to applicable US Privacy Laws, you may permit an authorized agent to submit requests on your behalf. The authorized agent must provide a letter signed by you confirming the agent has permission to submit a request on your behalf or must provide sufficient evidence to show that the authorized agent has been lawfully vested with power of attorney. For security purposes, we may need to verify your identity and confirm directly with you that you have provided the authorized agent with permission to submit the request, and it may take additional time to fulfill agent-submitted requests. We may deny a request in the event we are not able to verify the authorized agent’s authority to act on your behalf. Please note that for privacy and security reasons, we will direct future communications to the individual on whose behalf the request was made.

We will respond to a verifiable request within the timeframes set by applicable US Privacy Laws. We reserve the right to extend the response time by an additional period as permitted by applicable US Privacy Laws. If we determine that the request warrants a fee, we will tell you why we made such a decision and provide you with a cost estimate before completing your request.

Opt Out Options - Interest-Based Advertising ("IBA"): We do not sell your Personal Data. Our websites may include providing you with advertisements therefore we may “share” your Personal Data with third parties for personalized advertising purposes. If you wish to opt out from the sharing of your personal data with third parties for the purpose of cross-contextual interest-based advertising there are many ways to do so, as further detailed below. Please note that even if you opt-out you may still see personalized ads based on information other companies and ad networks have collected about you, if you have not opted out of sharing with them. Such activity is not under our responsibility nor control.

For IBA opt out options on desktop and mobile websites, please visit:

Additional information on opt-out rights and means is available through the designated cookie bar on our website. 

Appeal Rights

Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request, by contacting us as instructed in our response. Please send your appeal request with a summary of the request and decision you want to appeal to wecare@natashadenona.com.

Not more than 60 days after receipt of an appeal we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reason for the decisions.

If you are not happy with our response, depending on your jurisdiction, you may have the right to lodge a complaint against us with the relevant State’s Attorney General:

 

Additional Information for Nevada Residents:

Nevada law allows Nevada residents to opt out of the sale of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. We currently do not sell personal information as defined in the Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt out of sales and we will record your instructions and incorporate them in the future if our policy changes. You may send opt-out requests through completing our Data Subject Request Form (“DSR”) and send it to our email at: wecare@natashadenona.com.

 

Notice Amendments

This Notice is effective in accordance with the Effective Date at the heading of the Privacy Policy. We will update this Privacy Policy at least every 12 months subject to applicable US State Laws.