LAST UPDATE: August 9, 2019
White Birch Hill provides handmade bath and beauty products (“Service” or “Company Service”) via the Company website(s) offered at the URL whitebirchhill.com (collectively, the “Site,” or “Sites”). The Company Service is owned and operated by White Birch Hill (“Company”, “we” or “us”).
This policy applies where we are acting as a data controller with respect to the personal data of our Site visitors and users (hereinafter both “Users”). in other words, where we determine the purposes and means of the processing of that personal data.
- Types and Uses of Collected Information. Company collects two types of information about you:
- We may process data about your use of our website and services (“usage data”). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data may be our analytics tracking software. This usage data may be processed for the purposes of analyzing the use of the website and services. The legal basis for this processing is based on your consent by using the Service.
- We may process your account data (“account data”). The account data may include your name and email address. The source of the account data will you. The account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is based on your consent by using the Service.
- We may process your information included in your personal profile on our Site (“profile data”). The profile data may include your name, address, telephone number, email address, profile pictures, gender, date of birth, relationship status, interests and hobbies, educational details and employment details. The profile data may be processed for the purposes of enabling and monitoring your use of our website and services. The legal basis for this processing is based on your consent by using the Service.
- We may process [information contained in any inquiry you submit to us regarding goods and/or services (“inquiry data”). The inquiry data may be processed for the purposes of offering, marketing and selling relevant goods and/or services to you. The legal basis for this processing is based on your consent by using the Service.
- We may process information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our Site (“transaction data”). The transaction data may include your contact details, your credit card details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is based on your consent by using the Service.
- Public Content. The information that you contribute through the Company Service is intended for public consumption, including your reviews, tips, photos, videos, check-ins, comments, likes, bookmarks, friends, lists, compliments, and account profile. We may display this information through the Company Service, share it with businesses, and further distribute it to a wider audience through third party sites and services.
- Release of Personally Identifiable Information. We will not sell or share your Personally Identifiable Information with other parties except as noted herein.
5.1 Financial transactions relating to the Services are handled by our payment services providers. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers’ privacy policies and practices at
- Release of Non-Personally Identifiable Information.
6.1 We may disclose or share Non-Personally Identifiable Information with Third Party Service Providers and the public. For example, we may share aggregated demographic information (which does not include any Personally Identifiable Information) or use Third Party Service Providers to track and analyze Non-Personally Identifiable usage and volume statistical information from our users to administer the Company Service. We may also publish this aggregated information for promotional purposes. Such data is collected on our behalf and is owned and used by us.
6.2 We may use Third Party Service Providers to serve ads when you participate in the Company Service. These companies may use Non-Personally Identifiable Information about your visits and use of the Company Service, and visits to other websites or locations to provide, through the use of network tags, advertisements about goods and services that may be of interest to you.
- Updating Information. If you are enrolled in the Company Service, you may change any of your Personally Identifiable Information by logging into your account and accessing the “Member Profile Page” section of the Company Service. We encourage you to promptly update your Personally Identifiable Information if it changes, as out-of-date Personally Identifiable Information may negatively affect the quality of your Company Service experience.
- Choices on Collection/Use of Information. You can always choose not to provide certain information, although a certain level of information is required to engage and participate in the Company Service. Other users may be able to identify you, or associate you with your account, if you include personal information in the content you post publicly. You can reduce the risk of being personally identified by using the Company Service pseudonymously, though doing so could detract from the credibility of your contributions to the Company Service.
Please also note that the messages you send or receive using the Company Service are only private to the extent that both you and the person you are communicating with keep them private. For example, if you send a message to another user, that user may choose to publicly post it. Also, Company may access and disclose such messages during investigations relating to use of the Company Service.
- Security of Information. You can access your Personally Identifiable Information via the Company Service with your password and username. This password is encrypted. We advise against sharing your password with anyone. If you access your account via a third-party site or service, you may have additional or different sign-in protections via that third-party site or service. You need to prevent unauthorized access to your account and Personal Information by selecting and protecting your password and/or other sign-in mechanism appropriately and limiting access to your computer, browser, or mobile device by signing off after you have finished accessing your account. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. If we believe that the security of your information may have been compromised, we may seek to notify you of that development. In addition, your Personally Identifiable Information resides on a secure server that only selected personnel and contractors have access to. We may encrypt certain sensitive information using Secure Socket Layer (SSL) technology to ensure that your Personally Identifiable Information is safe as it is transmitted to us. However, no data transmission can be guaranteed to be 100% secure. As a result, while we employ commercially reasonable security measures to protect data and seek to partner with companies that do the same, we cannot guarantee the security of any information transmitted to or from or via the Company Service, and we are not responsible for the actions of any third parties that may receive any such information.
- Your Rights.
10.1 Your principal rights under data protection law are:
- the right to access;
- the right to erasure;
- the right to restrict processing;
- the right to object to processing;
- the right to data portability;
- the right to complain to a supervisory authority; and
- the right to withdraw consent.
10.2 You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. You can access your personal data by visiting https://whitebirchhill.com/my-account/ when logged into our website.
10.3 You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
10.4 In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed.
10.5 You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
10.6 To the extent that the legal basis for our processing of your personal data is:
- consent; or
- that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract,
- and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
10.7 To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
- Privacy Settings. As a user, you may have limited access to privacy settings. These settings help hide information you wish to share with other users and/or the public. It is up to you to select the appropriate privacy settings. If you don’t agree with the available privacy settings, please stop using the Company Service.
- Public Areas. We may provide areas on the Company Service where you can publicly post information about yourself or can communicate with others such as on forums. This information may be accessible by other users and companies and may appear on other websites or web searches, and therefore this information could be read, collected, and used by others. We have no control over who reads your postings or what other users may do with the information you voluntarily post, so please use caution when posting any content or providing anything that could be deemed personal information.
- Notice of Privacy Rights to California Residents. California law requires that we provide you with a summary of your privacy rights under the California Online Privacy Protection Act (“COPPA”) and the California Business and Professions Code. As required by COPPA, we will provide you with the categories of Personally Identifiable Information that we collect through the Company Service and the categories of third party persons or entities with whom such Personally Identifiable Information may be shared for direct marketing purposes at your request. California law requires us to inform you, at your request, (1) the categories of Personally Identifiable Information we collect and what third parties we share that information with; (2) the names and addresses of those third parties; and (3) examples of the products marketed by those companies. COPPA further requires us to allow you to control who you do not want us to share that information with. To obtain this information, please send a request by email or physical mail to the address found below. When contacting us, please indicate your name, address, email address, and what Personally Identifiable Information you do not want us to share with our marketing partners. The request should be sent to the attention of our legal department and labeled “California Customer Choice Notice.” Please allow 30 days for a response. Also, please note that there is no charge for controlling the sharing of your Personally Identifiable Information or requesting this notice.
- Children. The Company Service are not directed to people under the age of eighteen (18). If you become aware that your child has provided us with personal information without your consent, please contact us at the email address listed below. If we become aware that a child under eighteen (18) has provided us with personal information, we take steps to remove such information and terminate the child’s account.
White Birch Hill
231 Skidgel Rd.
Woodland, ME 04736
Alaina Pethick, firstname.lastname@example.org, Data Protection Officer.