TULA PRIVACY POLICY
Effective Date: 08/25/2022
This Privacy Policy (the “Policy”) describes how TULA Life, Inc. and its subsidiaries and affiliates (“TULA,” “we,” “us,” or “our”) collects, uses, discloses, and otherwise processes personal data collected on our sites (www.Tula.com, www.TulaSkincare.ca, www.TulaSkincare.co.uk), social media accounts (Facebook, Instagram, Twitter, TikTok, Pinterest) or through offline activities that reference this policy (e.g., your interaction with our customer support channels, retail locations where our products are sold, and in-person promotional activities) (collectively, the “Services”). This Policy also describes the choices available to you regarding your personal data and how you can access and update this information.
- What Information Do We Collect?
- Cookies and Other Tracking Technologies
- Advertising and Analytics Services Provided by Third Parties
- How Do We Use Your Personal Data?
- Who Do We Share Your Information With?
- Third-Party Payment Processing
- Where is Your Information Located?
- How Long Do We Store Your Information?
- What are Your Rights and Choices?
- Links To Other Websites and Third-Party Content
- International Transfers
- How Do We Protect Your Information?
- How Long Do We Keep Your Information?
- Changes To Our Privacy Policy
- Contacting TULA
What Information Do We Collect?
When you use our Site or the Services, we may collect personal data from or about you.
Information We Collect Directly from You
When you open an account, place an order, opt-in to receive emails, complete a quiz, or interact with us on social media or through the Services, you may provide the following categories of personal data to us:
- Contact information, such as your name, email address, mailing address, and phone number.
- Account information, such as your username and password.
- Billing information, such as credit card details, billing address, and shipping address.
- Product or purchase details, such as order history, sample request, and subscription details.
- Preferences information, such as product wish lists, marketing preferences, reminder and notification preferences. Demographic and interest information you may choose to provide, such as your age group, date of birth, gender, social media posts (including handles and content), your location, product or cosmetics usage and concerns, personal characteristics, including skincare details, and other information such as answers to our “skin quiz” or other surveys, ratings or review responses, or contest participation details.
Referral Program (U.S. Only)
If you choose to use our refer-a-friend service to tell a friend about TULA, we may collect your friend's name and email address to send your friend an email and one follow-up reminder email inviting him or her to shop with us. We store information about the individuals you refer in order to send these emails and to administer and track the success of our referral program.
Information We Collect from Other Sources
If you interact with us on social media, we will collect information about those interactions. The information we collect may include your name, photograph, and email address. We may also collect information about you from third parties, including mailing list providers, online advertising networks, analytics vendors, companies that co-sponsor promotions, publicly available sources, or friends that refer you to TULA.
Information We Collect by Automated Means
As is true of most websites, we automatically gather information about you and your computer or mobile device when you access our Site. In compliance with applicable regulations, we may collect this information using cookies, web beacons, log files, and similar technologies. Please see the section on Cookies and Other Tracking Technologies for more information on how we use these digital technologies and how to manage your preferences. We may also collect information about your online activities over time and across third-party websites. The information we collect automatically may include:
- Online identifiers, such as IP address, advertising ID, unique device ID, and internal and third-party IDs that have been assigned to you.
- Device information, such as information about the devices that are used to access our Site (such as browser information, device type, and operating system information).
- Location information, such as information about your general location derived from your IP address.
- Internet activity information, such as information about your use of the Site (such as the date, time, length of stay, and specific pages accessed during your visits to our websites, and which emails you may have opened), the websites or links that referred you to our Site, the search terms used to find our Site, your interactions with the e-mails we send to you, your browsing history; and social media you use, including the “shares” and “likes” you make on a social media platform that is connected to the Site
- Usage information, such as information about the number and frequency of visitors to our Site.
We may associate this information with your TULA account if you have one, the device you use to connect to our Site, or email or social media accounts that you use to engage with TULA.
Cookies and Other Tracking Technologies
In compliance with applicable regulations, we may automatically gather information about you and your computer or mobile device when you access our Site using cookies, web beacons, log files, and similar technologies. A “cookie” is a text file that websites send to a visitor’s computer or other internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “log file” tracks your actions on websites and may collect information related to your device, browser, internet service provider, and the time of your activity. A “web beacon,” also known as a pixel tag or clear GIF, is used to transmit information back to a web server.
Cookies
We collect information using cookies. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide a more personal and interactive experience on our Site.
We use two broad categories of cookies: (1) first-party cookies, served directly by us to your computer or mobile device, which we use to recognize your computer or mobile device when you revisit our Site; and (2) third-party cookies, which are served by service providers on our Site, and can be used by such service providers to recognize your computer or mobile device when visiting other websites.
Our Site uses the following types of cookies for the purposes set out below:
- Strictly Necessary Cookies. These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work.
- Functional Cookies. These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies, then some or all of these services may not function properly.
- Performance Cookies. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.
- Targeting Cookies. These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal data but identify your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Disabling Cookies
If you do not accept our cookies, you may experience some inconvenience in your use of our Site. For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our Site. Your choices for managing use of cookie include:
- Managing your cookie preferences. Our site allows you to manage your cookie preferences (i.e., opting in or out of the placement of non-essential cookies by our site) by accessing the appropriate link in the footer of our site.
- Blocking cookies in your browser. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org. Google Analytics uses its own cookies and is only used to improve how our Site works. You can find out more information about Google Analytics, cookies, and about how Google protects your data on the Google website. You can prevent the use of Google Analytics relating to your use of our Site by downloading and installing a browser plugin.
- Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
- Advertising industry opt-out tools. You can also use these opt-out options to limit use of your information for interest-based advertising by participating companies:
- Digital Advertising Alliance: http://optout.aboutads.info
- Network Advertising Initiative: http://optout.networkadvertising.org/?c=1
Web Beacons
Our Site contains electronic images known as web beacons (sometimes called pixels or single-pixel gifs) which are used along with cookies to compile aggregated statistics to analyze how our Site is used and may be used in some of our emails to let us know which emails and links have been opened by recipients. This allows us to gauge the effectiveness of our customer communications and marketing campaigns and to understand and optimize how our Site is used.
Log Files
Our site gathers certain browser details and site interaction data (i.e., when and how you interact with our site) automatically and stores it in log files to analyze trends, administer our Site, and track visitor movement for analytics and performance improvement.
Advertising and Analytics Services Provided by Third Parties
We may allow third parties to provide analytics services and serve advertisements on our behalf across the internet and in mobile applications. These entities may use cookies, web beacons, and other technologies to collect information about your use of the Site, our Services and other applications, including your IP address, web browser, mobile network information, pages viewed, time spent on pages or in apps, links clicked, and conversion information.
This information may be used by TULA and others to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests, and better understand your online activity. For more information about interest-based ads, or to opt out of having your web browsing information used for interest-based advertising purposes, please visit the Google Ads Help page.
How Do We Use Your Personal Data?
We and the service providers working on our behalf use personal data collected about you to for a variety of legitimate business purposes including:
- To Communicate with You: To send you e-mail and postal mail, surveys, and other communications; to respond to your requests, inquiries, comments, and suggestions, including any customer service inquiries you may submit.
- To Fulfill your Order: To send you order confirmations, provide order updates, and process your order (including shipping and returns).
- Provide, Maintain, and Improve our Services: To help us with website user analytics, research, product development, marketing, and advertising campaign measurement; to conduct or administer surveys, quizzes, and other market research; to provide you with opportunities to participate in contests, sweepstakes, or other promotions; and to otherwise facilitate your engagement with the Services, including to enable you to post comments and reviews.
- Marketing the Services to You: Where you’ve opted in or consented, we may communicate with you about our Services, including to tell you about products and services that may be of interest to you.
- Career Opportunities: If you submit personal data in connection with job opportunities via our Site or through email, we will use and disclose the information to process your application (including to contact you or your references and former employers, if appropriate), to monitor recruitment statistics, and to comply with government reporting requirements.
- Enforce our Legal Rights or Comply with the Law: Respond to law enforcement requests and as required by applicable law, court order, or governmental regulations; prevent potentially prohibited or illegal activities; comply with applicable law; and enforce our terms of service on the applicable website.
- Security and Fraud Prevention: Prevent, identify, investigate, and respond to fraud or other illegal activity.
Legal Basis for Processing
If you reside in the United Kingdom, we are required to inform you of the legal bases of our processing of your personal data, which are described below:
- Performance of a Contract - Where we need to process your personal data to perform a contract we have entered into with you, or in in anticipation of entering into a contract with you;
- Legal Obligation - Where we need to process your personal data to comply with a legal obligation;
- Consent - Where we have obtained your informed consent; or
- Legitimate Interest - Where processing your personal data is necessary for our legitimate interests (i.e., processing your orders, communicating with you, security or safety purposes, analytics, etc.) and where your fundamental rights do not override those interests.
We only use your personal data for purposes disclosed to you at the time of collection. We obtain proper consent where required by applicable law. We will not collect additional categories of personal data or use the personal data collected for materially different, unrelated, or incompatible purposes without first providing notice. We have set out below a description of the ways we plan to use your personal data and which of the legal bases we rely on to do so.
Who Do We Share Your Information With?
We will share your personal data with third parties only in the ways that are described in this Policy. We may provide your personal data to third parties that provide services in connection with our business activities and are authorized to use your personal data only as necessary to provide these services directed by us and in a manner consistent with this Policy.
Specifically, we may share your personal data:
- With service providers that perform services on our behalf, such as those that provide shipment, payment, and fulfillment services, customer service, website hosting, data analytics, marketing support, and database management services;
- With select partners as a part of an event or co-sponsored promotions;
- To comply with a legal or regulatory obligation (e.g., to comply with a subpoena or similar legal process), protect and defend TULA’s rights or property, protect the safety of our customers and website users or the public, and protect against legal liability;
- In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by a third party;
- Between and among TULA’s current and future parents, subsidiaries, affiliates, and other companies under common control and ownership; and
- Other third parties with your consent and at your direction.
Public Content and Product Reviews
When you provide a product review or other user content, that content may be publicly posted. Other users may be able to see your name or other information about you that you post. If you prefer that we not share your information with such third parties, you may opt out by emailing us at privacy@tula.com.
Third-Party Payment Processing
Online payments made through our Site are handled by our third-party payment services provider. We do not process, record, or maintain your credit card or bank account information. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments and dealing with complaints and queries relating to such payments and refunds. If you have any questions about payments or would like to dispute a charge, you can contact us at help@tula.com.
Where is Your Information Located?
TULA is headquartered in the United States. We currently have operations, including offering our services and products, in the United States, Canada, and the United Kingdom. For information on how we handle the sharing or transfer of personal data, please refer to the International Transfers section below.
How Long Do We Store Your Information?
Our retention periods for personal data are based on business needs and legal requirements. We will retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying legal, accounting, or reporting requirements. In some circumstances we may anonymize your personal data (so that it can no longer be associated with you), in which case we may use this information indefinitely without further notice to you.
What are Your Rights and Choices?
Managing or deleting your TULA account
You may review, update, or modify your personal data, including profile and contact information, at any time by logging into your TULA account. You may request deletion of your personal data or TULA account by emailing privacy@tula.com or by completing our consumer rights webform.
Opting out of email marketing
You may unsubscribe from our promotional emails at any time by following the instructions included in those emails, emailing privacy@tula.com, or by completing our consumer rights webform. If you opt out of receiving such communications, please note that we may continue to send you non-promotional emails (such as order confirmation emails or emails about changes to our legal terms).
Canadian Privacy Rights
Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) provides Canadian residents with specific rights regarding their personal data. If you reside in Canada, you or your authorized agent may request that we take the following actions in relation to your personal data:
- Right to Access your Personal Data: Transfer a copy of specific pieces of personal data that we have about you and how we process it to you in a commonly used, machine-readable format.
- Right to Deletion: Delete the personal data that TULA maintains about you.
- Right to Rectification: Update or correct inaccuracies in the personal data that TULA maintains about you.
- Right to Portability: Transfer a copy of specific pieces of personal data that we have about you to be shared with a third party.
- Withdrawal of Consent: Modify or rescind your express consent for processing your personal data.
California Privacy Rights
The California Consumer Privacy Act (“CCPA”) provides California residents with specific rights regarding their personal data. If you reside in California, you or your authorized agent may request that we take the following actions in relation to your personal data:
- Right to Know: Inform you about our personal data practices including categories of personal data we have collected or disclosed about you within the last 12 months, the purpose for collecting your personal data, and the categories of third parties with which we share/disclose personal data, including for direct marketing purposes.
- Right to Access your Personal Data: Transfer a copy of specific pieces of personal data that we have to you in a commonly used, machine-readable format.
- Right to Deletion: Delete the personal data that TULA maintains about you.
- Right to Opt-Out of Sale: The CCPA defines “sale” broadly to include any sharing of personal data with third parties in exchange for value. While TULA does not sell your personal data in exchange for money, like many online businesses, we may share your information with third parties such as Google, Facebook and other advertising partners through the cookies or pixels they place on our Site. This sharing of information may be considered a “sale” under CCPA. California residents have the right to opt-out of this activity by clicking the “Do Not Sell My Information” link at the footer of this site.
Financial Incentives
We may offer you various financial incentives such as special offers and discounts when you provide us with personal information, such as your name and contact information. The terms of the financial incentive will be presented to you at the time you sign up. You may withdraw from any of the financial incentives by opting out of marketing email or SMS (depending on the program you signed up for) or contacting us at privacy@tula.com. Generally, we do not assign monetary or other value to personal information. However, California law requires that we assign such value in the context of financial incentives. We calculate this based on the cost of providing the financial incentive offered.
United Kingdom Privacy Rights
The United Kingdom’s Data Protection Act 2018 (“DPA”) and the UK General Data Protection Regulation (“UK GDPR”) provides UK residents with specific rights regarding their personal data. If you reside in the UK, you or your authorized agent may request that we take the following actions in relation to your personal data:
Exercising your Data Subject Rights
If you reside in the United States, Canada, or UK and you, or your authorized agent, would like to submit a request, you may do so by completing our webform, emailing us at privacy@tula.com, or writing to us at our postal address provided below
We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. We will not discriminate against you based upon your exercise of any of these rights.
If you would like to submit a complaint about our use of your personal data or response to your requests regarding your personal data, you may contact us at privacy@tula.com. You also have the right to file a complaint with the data protection regulatory authority in your country.
Children
Our Services are not designed for children, and we do not knowingly collect personal data from visitors under the age of 16. If a child under 16 submits personal data to us and we learn that the personal data is the information of a child under 16, we will attempt to delete the information as soon as possible. If you have reason to believe that a child has provided personal data to us, please contact us at privacy@tula.com, and we will delete that information from our databases.
Sensitive Personal Data
If you send or disclose any sensitive personal data (e.g., health-related data, which may for example, include information about your skin condition, financial data, ethnic and racial origin, , sexual orientation, etc.) to us when you use the Sites, you must consent to our processing and use of such sensitive personal data in accordance with this Privacy Policy. If you do not consent to our processing and use of such sensitive personal data, you must not submit such sensitive personal data to our Sites.
Links to Other Websites and Third-Party Content
We may provide links to third-party websites, services, and applications that are not operated or controlled by TULA. These third-party services may include, for example, an activity feed or social media buttons. The links to third-party websites or locations are for your convenience and do not signify our endorsement of such third parties or their products, content, or websites.
When you click on a link to these other websites or locations, you will leave our Site, and another entity may collect personal data from you. Please be aware that the terms of this Policy do not apply to these third-party websites or content, or to any collection of your personal data after you click on links to such third-party websites. Your interactions with these features are governed by the privacy policy of the third-party service that provides the feature. We have no control over, do not review, and are not responsible for these websites or their content.. We encourage you to review the privacy policies of any third-party service before providing any information to or through them.
International Transfers
TULA is headquartered in the United States and has affiliates and service providers in other countries. Your personal data may be transferred to the United States or other locations outside of your state, province, country, or other governmental jurisdiction where privacy laws may not be as protective as those in your country. When TULA makes such transfers of personal data, it will take reasonable and adequate measures, in accordance with applicable data protection laws, designed to protect the personal data.
How Do We Protect Your Information?
The security of your personal data is important to us. We follow generally accepted industry standards to protect the personal data submitted to us, both during transmission and once we receive it. TULA has implemented appropriate technical, physical, and organizational measures designed to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access, as well as all other forms of unlawful processing. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.
It is your responsibility to maintain the confidentiality of your password and for any unauthorized access to or use of our services using your password. If you suspect any unauthorized use of your password or account, or if you find any other security breach, please contact us immediately.
If you have any questions about security on our Site, you can contact us at privacy@tula.com.
How Long Do We Keep Your Information?
We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying legal, accounting, or reporting requirements, or as otherwise required by applicable law. In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.
Changes To Our Privacy Policy
We may change this Policy from time to time. If we do so, we will post the updated policy on our Site and will indicate when the Policy was last revised. If we make any material changes, we will provide you with additional notice. You should periodically review our current Policy to stay informed of our personal data practices.
Contacting TULA
If you have questions or concerns regarding this Policy or would like to update your preferences or information that we have about you, please contact us our Privacy Office by writing or emailing us at the addresses listed below and we will take reasonable steps to respond to your request.
TULA Life, Inc.
Attn: Courtney Browne
228 Park Avenue South
PMB 23606
New York, New York 10003-1502
privacy@tula.com
Copyright © TULA Life, Inc. All rights reserved.