Effective as of 26/10/2022.
If you are located in the European Economic Area or the United Kingdom, please consult the EEA/UK GDPR supplemental notice below.
Personal data we collect
Information you provide to us. Personal data is data that can be used to contact or identify you, such as your name, email address, phone number, etc.
Personal data you may provide to us through our Services, or otherwise, includes:
- Contact data, such as your first and last name, title, date of birth, email address, billing and mailing addresses, and phone number.
- Communications data, such as data that we exchange with you, including when you contact us with questions or feedback, through our Services, social media, or otherwise.
- Payment and transactional data, such as data relating to, or needed to complete, your purchases on or through our Services (including payment card information and billing information) and details of products or services you have purchased from us.
- Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
If you choose to connect your account on a third-party platform or network, such as Facebook/Instagram/LinkedIn, to your account through our Services, we may collect data from that platform or network, the data we collect may include your profile name, etc.
Automatic data collection. We may automatically collect data about you, your computer or mobile device while you access, browse, view or otherwise interact with our Services, the data we collect may include:
- Technical information, internet protocol (IP) address, your login data, browser type and version, time zone setting and geographical location, browser plug-in types and versions, operating system and platform and other technology or other unique identifier (a set of numbers or characters that is assigned to your computer, mobile phone, or other device when you are on the Internet) for any computer, mobile phone, tablet or other device used to access the Website.
- Location information, includes information about your location using a variety of technologies, such as GPS, IP address, and connected or nearby Wi-Fi networks.
- Usage data, includes information about how you use our Website, products and services, including all of the areas within our Website that you visit or use and the time of day you visited the Website, among other information.
Data about others. Users of our Services may have the opportunity to invite a third party to create an account and/or purchase our merchandise or send a gift card to the third party, if you decide to do this we will collect the identity and contact information of yourself and the third party you share with us. Please do not invite a third party, or share their contact data with us, unless you have their permission to do so.
How we use your personal data
We may use your personal data for the following purposes or as otherwise described at the time of collection:
Service delivery. We may use your personal data to:
- provide you with our products, services and related customer services;
- provide and operate and improve our Services and our business;
- provide you with information products or services that you have requested or agreed to receive;
- provide improved administration of our Website and Services;
- process transactions you initiate, process payments, bill you for our products or services and provide accurate billing and shipping;
- present the Website and its content in a suitable and defective manner for you and your device;
- customize and tailor your experience on the Website, for example, by displaying content we think may be if interest;
- communicate with you about our Services, including by sending announcements, updates, security alerts, and support and administrative messages;
- understand your needs and interests, and personalize your experience with our Services and our communications;
- notify you about changes to our Services;
- carry out obligations and enforce our rights arising from any contracts entered into between you and us; and
- provide support for our Services, and contact you where requested or respond to your requests, questions and feedback.
Research and development. We may use your personal data for research and development purposes, including to analyze and improve our Services and our business. As part of these activities, we may create aggregated, de-identified or anonymous data from personal data we collect. We make personal data into anonymous data by removing data that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve our Services and promote our business.
Marketing and advertising. We may collect and use your personal data for marketing and advertising purposes:
- Direct marketing. We may send you direct marketing communications about our products, services or promotions that may be of interest to you. Our processing of your personal data for marketing purposes is based on our legitimate interest, or on your consent, or as otherwise permitted by applicable laws. You have the right to prevent direct marketing of any form at any time, this right can be exercised by following the opt-out link attached to each communication or by sending an email to email@example.com.
Compliance and protection. We may use your personal data to:
comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
audit our internal processes for compliance with legal and contractual requirements or our internal policies;
maintain appropriate business records;
enforce the terms and conditions that govern our Services; and
prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
With your consent. In some cases, we may specifically ask for your consent to collect, use or share your personal data, such as when required by law.
To create aggregated, de-identified and/or anonymized data. We may create aggregated, de-identified and/or anonymized data from your personal data and other individuals whose personal data we collect. We make personal data into de-identified and/or anonymized data by removing information that makes the data identifiable to you. We may use this aggregated, de-identified and/or anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve our Services, promote our business or marketing purposes.
How we share your personal data
We do not sell or rent your personal data to third parties for their marketing purposes without your explicit consent.
- Service providers. We share personal data with those third parties who provide services on our behalf or help us operate our Services or our business (such as hosting, information technology, customer support, email delivery, marketing, and website analytics).
- Payment processors and fraud detection service providers. We share personal data with payment processors and fraud detection service providers for the purposes of facilitating payments done via the Services and securing the Services and protecting it against fraud, unauthorized transactions (such as money laundering), claims or other liabilities.
- Advertising partners. We may share your personal data with third-party advertising companies for the interest-based advertising purposes described above.
- Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
- In the context of a corporate transaction. Personal data may be disclosed if we go through a business transition such as a merger, sale, transfer of all or a portion of HNST’s assets, acquisition, bankruptcy or similar event. In the event that we sell any business or assets, we will disclose your data to the prospective buyer. If all, or substantially all, of our assets are acquired by a third party, data held by us about our users will be one of the transferred assets.
You have the following choices with respect to your personal data. Users who are located in the European Economic Area (“EEA”), United Kingdom can find additional information about their rights below.
Access, update or delete your information. If you have registered for an account with us through our Services, you may review and update certain account information by logging into the account. You may request deletion of your personal data by contacting us at firstname.lastname@example.org.
Opt-out of marketing communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us through the contact details set out in the ‘How to contact us’ section below. Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails. You may elect to receive text messages from us. When you sign up to receive text messages, we will send you information about promotional offers and more. These messages may use information automatically collected based on your actions while on our sites and may prompt messaging such as cart abandon messages. To the extent you voluntarily opt to have Text notifications sent directly to your mobile phone, we receive and store the information you provide, including your telephone number or when you read a text message. You may opt out of receiving text messages at any time by texting “STOP” to our text messages.
Opt-out of sharing personal data with marketing partner. If you would like to opt-out of our sharing of your personal data with our marketing partners, please submit your request via email to email@example.com.
Advertising choices. You can limit use of your information for interest-based advertising by:
- Browser settings. Blocking third-party cookies in your browser settings.
- Privacy browsers/plug-ins. By using privacy browsers or ad-blocking browser plug-ins that let you block tracking technologies.
Platform settings. Google and Facebook offer opt-out features that let you opt-out of use of your information for interest-based advertising:
Ad industry tools. Opting out of interest-based ads from companies participating in the following industry opt-out programs:
Network Advertising Initiative
Digital Advertising Alliance
AppChoices mobile app, available here, which will allow you to opt-out of interest-based ads in mobile apps served by participating members of the Digital Advertising Alliance.
You will need to apply these opt-out settings on each device from which you wish to opt-out.
Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked to above.
Declining to provide information. You may choose not to provide us with any personal data. In such an event, you may still be able to access and use some of the Website; however you may not be able to access and use those portions of the Website that require your personal data and we may not be able to provide our services.
Third-party platforms. If you choose to connect to our Services through your social media account or other third-party platform, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third-party platform, that choice will not apply to information that we have already received from that third party.
Other sites and services
How long do we keep your personal data
We apply a general rule of keeping personal data only for so long as is required to fulfil the purpose for which it was collected. However, in some circumstances, we will retain your personal data for longer periods of time. We will retain personal data for the following purposes: (i) as long as it is necessary and relevant for our operations and to provide our Services, e.g. so that we have an accurate record of your dealings with us in the event of any complaints or challenge; and (ii) in relation to personal data from closed accounts to comply with applicable laws, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigation, enforce our Service terms and take other actions as permitted by law.
We implement a number of technical and organizational safeguards designed to maintain the security of our Services in preventing unauthorized access, loss, misuse, alteration, destruction or damage to it through industry standard technologies and internal procedures. However, security risk is inherent in all internet and information technologies and the transmission of personal data via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted through the Service. Users who have registered for our Services agree to keep their password in strict confidence and not to disclose such password to any third party.
International data transfer
Some of the personal data you provide to us will be stored or processed on our behalf by third parties and may be located in other jurisdictions, such as the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.
Users in the United Kingdom and the EEA should read the important information provided in the EEA/UK supplemental notice below about transfer of personal data outside of the EEA and UK, as applicable.
Our Services are offered and available to users who are at least  years of age or older. Minors under  are only permitted to use our Services through an account owned by a parent or legal guardian with their appropriate permission. Minors under  are not permitted to use the Website or our Services. HNST does not knowingly collect personal data from children under 16. Parents or guardians should at all times supervise their children’s activities. If we learn that we have collected or received personal data from a child under , we will delete that personal data. If you believe we might have information from or about a child under , please contact us at firstname.lastname@example.org.
How to contact us
To exercise any of your rights in connection with your personal data, please contact us at email@example.com.
EEA/UK GDPR supplemental notice
If you are located in the European Economic Area or the United Kingdom, and access our Services, this EEA/UK GDPR supplemental notice applies to you.
Who is the Controller?
Circular Textile BV, Motstraat 54, 2800 Mechelen is the controller of your personal data.
Our legal basis for using your personal data
Where relevant under applicable laws, all processing of your personal data will be justified by a "lawful ground" for processing as set out in the table below.
Under applicable EU and UK data protection laws, you have the following rights in respect of your personal data:
- to obtain information about how and on what basis your personal data is processed and to obtain a copy;
- to rectify inaccurate personal data;
- to erase your personal data in limited circumstances where (i) you believe that it is no longer necessary for us to hold your personal data; (ii) we are processing your personal data on the basis of legitimate interests and you object to such processing, and we cannot demonstrate an overriding legitimate ground for the processing; (ii) where you have provided your personal data to us with your consent and you wish to withdraw your consent and there is no other ground under which we can process your personal data; and (iv) where you believe the personal data we hold about you is being unlawfully processed by us;
- to restrict processing of your personal data where: (i) the accuracy of the personal data is contested; (ii) the processing is unlawful but you object to the erasure of the personal data; (iii) we no longer require the personal data for the purposes for which it was collected, but it is required for the establishment, exercise or defence of a legal claim; or (iv) you have objected to us processing your personal data based on our legitimate interests and we are considering your objection;
- to object to decisions which are based solely on automated processing or profiling;
- where you have provided your personal data to us with your consent, to ask us for a copy of this data in a structured, machine-readable format and to ask us to share (port) this data to another data controller; or
- to obtain a copy of or access to safeguards under which your personal data is transferred outside of the EEA.
Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, to the processing of your personal data by us and we may be required to no longer process your personal data. Moreover, if your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. In this case your personal data will no longer be processed for such purposes by us.
When you request us to provide the personal data we collect and process about you, we will ask you for additional data to confirm your identity and for security purposes, before disclosing data requested by you. We reserve the right to charge a fee where permitted by law. We will decline to process requests that jeopardize the privacy of others, are extremely impractical, or would cause us to take any action that is not permissible under applicable laws. Additionally, as permitted by applicable laws, we will retain where necessary certain personal data for a limited period of time for record-keeping, accounting and fraud prevention purposes.
You have the right to lodge a complaint with a supervisory authority in relation to the processing of your personal data, however, we invite you to contact us first. Should you wish to lodge a complaint you should contact (i) your respective supervisory authority if you are located in the EEA; or (ii) if you are located in the UK, the Information Commissioner’s Office. Please note that the right of access and the right to erasure do not constitute absolute rights and the interests of other individuals may restrict your right of access or erase in accordance with local laws.
Cross-border data transferIn the event your personal data is transferred and stored outside your place of residence, to countries which are subject to different standards of data protection. In particular, if you live in the EEA of UK, where such personal data is transferred or stored outside the EEA or UK, we will take appropriate steps to ensure that transfers of personal data are in accordance with applicable law and carefully managed to protect your privacy rights and interests and transfers are limited to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. To this end:
- where we transfer your personal data outside HNST or to third parties who help provide our Services, we will obtain contractual commitments from them to protect your personal data; and
- where we receive requests for information from law enforcement or regulators, we will carefully validate these requests before personal data is disclosed.
You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal data when this is transferred as mentioned above.