Privacy policy

Effective as of 26/10/2022. 

This Privacy Policy describes the privacy practices of Circular Textiles BV ("HNST” "we", “us” or "our") and how we handle your personal data when you visit our site www.letsbehonest.eu (the “Website”), any related sites, pages, applications, services and goods or any other website operated by HNST that links to this Privacy Policy (the “Services”). The purpose of this Privacy Policy is to provide you with a clear explanation of what personal data we collect, when, why and how we collect, use and share your personal data and it explains your statutory rights.

We strongly urge you to read this Privacy Policy and make sure you fully understand our practices in relation to personal data before you use our Services.

If you are located in the European Economic Area or the United Kingdom, please consult the EEA/UK GDPR supplemental notice below. 

Personal data we collect

Information you provide to us. Personal data is data that can be used to contact or identify you, such as your name, email address, phone number, etc.

Personal data you may provide to us through our Services, or otherwise, includes:

  • Contact data, such as your first and last name, title, date of birth, email address, billing and mailing addresses, and phone number.
  • Communications data, such as data that we exchange with you, including when you contact us with questions or feedback, through our Services, social media, or otherwise.
  • Payment and transactional data, such as data relating to, or needed to complete, your purchases on or through our Services (including payment card information and billing information) and details of products or services you have purchased from us.
  • Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
  • Other data, not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Third-party sources.

If you choose to connect your account on a third-party platform or network, such as Facebook/Instagram/LinkedIn, to your account through our Services, we may collect data from that platform or network, the data we collect may include your profile name, etc.

Automatic data collection.  We may automatically collect data about you, your computer or mobile device while you access, browse, view or otherwise interact with our Services, the data we collect may include:

  • Technical information, internet protocol (IP) address, your login data, browser type and version, time zone setting and geographical location, browser plug-in types and versions, operating system and platform and other technology or other unique identifier (a set of numbers or characters that is assigned to your computer, mobile phone, or other device when you are on the Internet) for any computer, mobile phone, tablet or other device used to access the Website.
  • Location information, includes information about your location using a variety of technologies, such as GPS, IP address, and connected or nearby Wi-Fi networks.
  • Usage data, includes information about how you use our Website, products and services, including all of the areas within our Website that you visit or use and the time of day you visited the Website, among other information.

 Cookies and similar technologies. We use cookies and similar technologies (such as web beacons, pixels, tags and scripts) to improve and personalize your experience, provide our Services, analyze website performance and for marketing purposes. To learn more about how we use cookies and your control over these cookies, please see our Cookie Policy.

Data about others. Users of our Services may have the opportunity to invite a third party to create an account and/or purchase our merchandise or send a gift card to the third party, if you decide to do this we will collect the identity and contact information of yourself and the third party you share with us. Please do not invite a third party, or share their contact data with us, unless you have their permission to do so.

 

How we use your personal data

We may use your personal data for the following purposes or as otherwise described at the time of collection:

Service delivery. We may use your personal data to:

  • provide you with our products, services and related customer services;
  • provide and operate and improve our Services and our business;
  • provide you with information products or services that you have requested or agreed to receive;
  • provide improved administration of our Website and Services;
  • process transactions you initiate, process payments, bill you for our products or services and provide accurate billing and shipping;
  • present the Website and its content in a suitable and defective manner for you and your device;
  • customize and tailor your experience on the Website, for example, by displaying content we think may be if interest;
  • communicate with you about our Services, including by sending announcements, updates, security alerts, and support and administrative messages;
  • understand your needs and interests, and personalize your experience with our Services and our communications;
  • notify you about changes to our Services;
  • carry out obligations and enforce our rights arising from any contracts entered into between you and us; and
  • provide support for our Services, and contact you where requested or respond to your requests, questions and feedback.

Research and development. We may use your personal data for research and development purposes, including to analyze and improve our Services and our business. As part of these activities, we may create aggregated, de-identified or anonymous data from personal data we collect. We make personal data into anonymous data by removing data that makes the data personally identifiable to you.  We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve our Services and promote our business.

Marketing and advertising. We may collect and use your personal data for marketing and advertising purposes:

  • Direct marketing. We may send you direct marketing communications about our products, services or promotions that may be of interest to you.  Our processing of your personal data for marketing purposes is based on our legitimate interest, or on your consent, or as otherwise permitted by applicable laws. You have the right to prevent direct marketing of any form at any time, this right can be exercised by following the opt-out link attached to each communication or by sending an email to info@letsbehonest.eu.
  • Interest-based advertising.  We may engage third-party advertising companies and social media companies to display ads on other online services. These companies may use cookies and similar technologies to collect information about your interaction (including the data described in the automatic data collection section above) over time across our Services, our communications and other online services, and use that information to serve online ads that they think will interest you.  This is called interest-based advertising. We may also share information about our users with these companies to facilitate interest-based advertising to those or similar users on other online platforms. You can learn more about your choices for limiting interest-based advertising in the Advertising choices section below.

 

Compliance and protection. We may use your personal data to:

  • comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;

  • protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);

  • audit our internal processes for compliance with legal and contractual requirements or our internal policies;

  • maintain appropriate business records;

  • enforce the terms and conditions that govern our Services; and

  • prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft. 

With your consent.  In some cases, we may specifically ask for your consent to collect, use or share your personal data, such as when required by law. 

To create aggregated, de-identified and/or anonymized data.  We may create aggregated, de-identified and/or anonymized data from your personal data and other individuals whose personal data we collect.  We make personal data into de-identified and/or anonymized data by removing information that makes the data identifiable to you.  We may use this aggregated, de-identified and/or anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve our Services, promote our business or marketing purposes.  

 

How we share your personal data

We do not sell or rent your personal data to third parties for their marketing purposes without your explicit consent.

We may share your personal data with third parties as detailed below and as otherwise described in this Privacy Policy. 

  • We may share your personal data with our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.
  • Service providers. We share personal data with those third parties who provide services on our behalf or help us operate our Services or our business (such as hosting, information technology, customer support, email delivery, marketing, and website analytics).
  • Payment processors and fraud detection service providers. We share personal data with payment processors and fraud detection service providers for the purposes of facilitating payments done via the Services and securing the Services and protecting it against fraud, unauthorized transactions (such as money laundering), claims or other liabilities.
  • Advertising partners. We may share your personal data with third-party advertising companies for the interest-based advertising purposes described above.
  • Third-party platforms and social media networks. Our Services may contain certain social media features, such as Facebook/Instagram/LinkedIn. If you have enabled features or functionality that connect our Services to a third-party platform or social media network (such as by linking your account to a third party’s services), we may disclose the personal data that you authorized us to share. We do not control the third party’s use of your personal data and such third party’s use will be in accordance with such party’s privacy policy.
  • Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
  • Government Agencies and regulators. We may share personal data with law enforcement agencies, public authorities or other parties: (i) in order to respond to a subpoena or court order, judicial process or to regulatory authorities, if we believe we are required to do so by law, or that doing so is reasonably necessary to comply with legal processes; (ii) when we believe it necessary or appropriate to disclose personal data to law enforcement authorities, such as to investigate actual or suspected fraud or violations of law, breaches of security, or breaches of this Privacy Policy; (iii) to respond to claims against us; (iv) to protect the rights, property, or personal safety of HNST, our customers or the public; and (v) to defend or assert our legal rights pursuant to any of the Website terms of use, any policies applicable to the Website or any other agreement you may have with us.
  • In the context of a corporate transaction. Personal data may be disclosed if we go through a business transition such as a merger, sale, transfer of all or a portion of HNST’s assets, acquisition, bankruptcy or similar event. In the event that we sell any business or assets, we will disclose your data to the prospective buyer. If all, or substantially all, of our assets are acquired by a third party, data held by us about our users will be one of the transferred assets.

 

Your choices

You have the following choices with respect to your personal data. Users who are located in the European Economic Area (“EEA”), United Kingdom can find additional information about their rights below.

Access, update or delete your information. If you have registered for an account with us through our Services, you may review and update certain account information by logging into the account. You may request deletion of your personal data by contacting us at info@letsbehonest.eu.

Opt-out of marketing communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us through the contact details set out in the ‘How to contact us’ section below.  Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails.  You may elect to receive text messages from us. When you sign up to receive text messages, we will send you information about promotional offers and more. These messages may use information automatically collected based on your actions while on our sites and may prompt messaging such as cart abandon messages. To the extent you voluntarily opt to have Text notifications sent directly to your mobile phone, we receive and store the information you provide, including your telephone number or when you read a text message. You may opt out of receiving text messages at any time by texting “STOP” to our text messages.

Opt-out of sharing personal data with marketing partner. If you would like to opt-out of our sharing of your personal data with our marketing partners, please submit your request via email to info@letsbehonest.eu.

Advertising choices. You can limit use of your information for interest-based advertising by:

  • Browser settings.  Blocking third-party cookies in your browser settings.
  • Privacy browsers/plug-ins. By using privacy browsers or ad-blocking browser plug-ins that let you block tracking technologies.
  • Platform settings. Google and Facebook offer opt-out features that let you opt-out of use of your information for interest-based advertising:
    Google
    Facebook
  • Ad industry tools.  Opting out of interest-based ads from companies participating in the following industry opt-out programs:
    Network Advertising Initiative
    Digital Advertising Alliance
    AppChoices mobile app, available here, which will allow you to opt-out of interest-based ads in mobile apps served by participating members of the Digital Advertising Alliance.

You will need to apply these opt-out settings on each device from which you wish to opt-out. 

Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked to above.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit, allowing users to opt out of tracking by websites and only services.  We currently do not respond to “Do Not Track” or similar signals.  To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com, or consult our Cookie Policy to understand how you can opt out of receiving cookies.

Declining to provide information. You may choose not to provide us with any personal data. In such an event, you may still be able to access and use some of the Website; however you may not be able to access and use those portions of the Website that require your personal data and we may not be able to provide our services.

Third-party platforms. If you choose to connect to our Services through your social media account or other third-party platform, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third-party platform, that choice will not apply to information that we have already received from that third party.

 

Other sites and services

Our Services may contain links to third party websites, mobile applications, and other online services operated by third parties. In addition, our content may be integrated into websites or other online services that are not associated with HNST.  These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party.  We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions nor are they subject to this Privacy Policy. We encourage you to read the privacy policies of each of the other third party websites, mobile applications and online services you visit.

 

How long do we keep your personal data

We apply a general rule of keeping personal data only for so long as is required to fulfil the purpose for which it was collected. However, in some circumstances, we will retain your personal data for longer periods of time. We will retain personal data for the following purposes: (i) as long as it is necessary and relevant for our operations and to provide our Services, e.g. so that we have an accurate record of your dealings with us in the event of any complaints or challenge; and (ii) in relation to personal data from closed accounts to comply with applicable laws, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigation, enforce our Service terms and take other actions as permitted by law.

 

Security

We implement a number of technical and organizational safeguards designed to maintain the security of our Services in preventing unauthorized access, loss, misuse, alteration, destruction or damage to it through industry standard technologies and internal procedures.  However, security risk is inherent in all internet and information technologies and the transmission of personal data via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted through the Service. Users who have registered for our Services agree to keep their password in strict confidence and not to disclose such password to any third party.

 

International data transfer

Some of the personal data you provide to us will be stored or processed on our behalf by third parties and may be located in other jurisdictions, such as the United States or other locations where privacy laws may not be as protective as those in your state, province, or country. 

Users in the United Kingdom and the EEA should read the important information provided in the EEA/UK supplemental notice below about transfer of personal data outside of the EEA and UK, as applicable.

 

Children 

Our Services are offered and available to users who are at least [16] years of age or older. Minors under [16] are only permitted to use our Services through an account owned by a parent or legal guardian with their appropriate permission. Minors under [16] are not permitted to use the Website or our Services. HNST does not knowingly collect personal data from children under 16. Parents or guardians should at all times supervise their children’s activities.  If we learn that we have collected or received personal data from a child under [16], we will delete that personal data. If you believe we might have information from or about a child under [16], please contact us at info@letsbehonest.eu.

 

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on our Website. If required by law we will also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via email.  Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). We recommend that you check this Privacy Policy periodically for any updates or changes. 

 

How to contact us

To exercise any of your rights in connection with your personal data, please contact us at info@letsbehonest.eu.

If you have any questions (or comments) concerning this Privacy Policy, please contact us at info@letsbehonest.eu.

 

EEA/UK GDPR supplemental notice

If you are located in the European Economic Area or the United Kingdom, and access our Services, this EEA/UK GDPR supplemental notice applies to you.

Who is the Controller?

Circular Textile BV, Motstraat 54, 2800 Mechelen is the controller of your personal data.

Our legal basis for using your personal data

Where relevant under applicable laws, all processing of your personal data will be justified by a "lawful ground" for processing as set out in the table below.

 

Purposes of processing  Legal basis
To manage our relationship with you, including: (i) registering you as a new customer and managing your account; (ii) process and deliver product and services, including managing payments; (iii) managing our relationship with you; (iv) responding to your request and/or inquiries; (v) providing you with access to content or information you requested; (vi) providing you with the Services; (vii) improving our Services; and (viii) allowing you to participate in Community Features. If we are legally obligated to respond to your request: our legal obligations;

In order to provide our Services to you: the performance of a contract or in order to take steps at your request to enter into a contract to provide the Services.

In all other cases: our legitimate interest to develop and communicate about our business
To ensure access to and maintenance of our Services, and to ensure their proper functioning. Our legitimate interest to provide administration and IT services, maintain network security, and prevent fraud.
To understand what may be of interest to you, deliver relevant website content to you, to measure or understand the effectiveness of the content we serve to you, and to use data analytics to improve our Services. Your consent
To promote and market our products and services or send you marketing material if you have signed up to our mailing list.

If you have signed up to our mailing list: your consent.

In all other cases: our legitimate interest to develop and communicate about our business.
To comply with legal obligations that apply to us, including but not limited to disclosing your personal data to courts, law enforcement or regulatory authorities.

Legal obligations
To disclose your personal data to third party business partners / services providers.

The lawful bases listed above apply to any disclosure necessary to further the corresponding purpose.
Disclose your personal data to a prospective or actual purchaser or seller in the context of a merger, acquisition or other reorganization or sale of our business or assets.

Our legitimate interests to ensure the sustainability of our business

 

Your rights

Under applicable EU and UK data protection laws, you have the following rights in respect of your personal data:

  • to obtain information about how and on what basis your personal data is processed and to obtain a copy;
  • to rectify inaccurate personal data;
  • to erase your personal data in limited circumstances where (i) you believe that it is no longer necessary for us to hold your personal data; (ii) we are processing your personal data on the basis of legitimate interests and you object to such processing, and we cannot demonstrate an overriding legitimate ground for the processing; (ii) where you have provided your personal data to us with your consent and you wish to withdraw your consent and there is no other ground under which we can process your personal data; and (iv) where you believe the personal data we hold about you is being unlawfully processed by us;
  • to restrict processing of your personal data where: (i) the accuracy of the personal data is contested; (ii) the processing is unlawful but you object to the erasure of the personal data; (iii) we no longer require the personal data for the purposes for which it was collected, but it is required for the establishment, exercise or defence of a legal claim; or (iv) you have objected to us processing your personal data based on our legitimate interests and we are considering your objection;
  • to object to decisions which are based solely on automated processing or profiling;
  • where you have provided your personal data to us with your consent, to ask us for a copy of this data in a structured, machine-readable format and to ask us to share (port) this data to another data controller; or
  • to obtain a copy of or access to safeguards under which your personal data is transferred outside of the EEA.

Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, to the processing of your personal data by us and we may be required to no longer process your personal data. Moreover, if your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. In this case your personal data will no longer be processed for such purposes by us.

When you request us to provide the personal data we collect and process about you, we will ask you for additional data to confirm your identity and for security purposes, before disclosing data requested by you. We reserve the right to charge a fee where permitted by law. We will decline to process requests that jeopardize the privacy of others, are extremely impractical, or would cause us to take any action that is not permissible under applicable laws. Additionally, as permitted by applicable laws, we will retain where necessary certain personal data for a limited period of time for record-keeping, accounting and fraud prevention purposes.

You have the right to lodge a complaint with a supervisory authority in relation to the processing of your personal data, however, we invite you to contact us first. Should you wish to lodge a complaint you should contact (i) your respective supervisory authority if you are located in the EEA; or (ii) if you are located in the UK, the Information Commissioner’s Office. Please note that the right of access and the right to erasure do not constitute absolute rights and the interests of other individuals may restrict your right of access or erase in accordance with local laws.


    Cross-border data transfer 

    In the event your personal data is transferred and stored outside your place of residence, to countries which are subject to different standards of data protection. In particular, if you live in the EEA of UK, where such personal data is transferred or stored outside the EEA or UK, we will take appropriate steps to ensure that transfers of personal data are in accordance with applicable law and carefully managed to protect your privacy rights and interests and transfers are limited to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights.  To this end:
    • where we transfer your personal data outside HNST or to third parties who help provide our Services, we will obtain contractual commitments from them to protect your personal data; and
    • where we receive requests for information from law enforcement or regulators, we will carefully validate these requests before personal data is disclosed.

    You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal data when this is transferred as mentioned above.