• You have certain rights regarding the Personal Data we collect from you, which you can learn about below.
• As noted in our Terms of Service, we do not knowingly collect or solicit Personal Data from anyone under the age of 18. If you are under the age of 18, please do not access or use the Services, or attempt to send us any Personal Data. If we learn that we have collected Personal Data from an individual under the age of 18, we will delete that information as quickly as possible.
• The Services are hosted and operated in the United States through Harry's, Inc. and certain of our service providers. By using the Services, you acknowledge that any Personal Data you provide to us will be hosted on United States servers. Harry's, Inc. and Harry's USA, Inc., both located at 75 Varick Street, New York, New York 10013, are registered under the EU-U.S. and Swiss-U.S. Privacy Shield Framework. Please see below for more details.
We collect your email address and the password you enter when you register for an account with us, and we use them to verify your identity, based on our legitimate business interests in keeping your account secure and preventing fraudulent transactions.
We also use your email address:
• to send you confirmations, notifications and other information regarding your account, your shave plans and your purchases, as may be necessary to complete our contractual obligations to you. Without your email address, we wouldn't be able to provide you this information in a timely and effective manner;
• to send you information and materials about us, our products and our services that we think may be of interest to you, based on our legitimate business interest in marketing to individuals who have indicated an interest in our products and services. You can choose not to receive such information when you register an account with us, and you can decide to stop receiving this information at any time by emailing us at firstname.lastname@example.org or calling us at 0808-164-8618; and
• to send you information and materials about third parties with whom we partner or do business and their products and services, but only where you have given us your consent to do so. You can opt in to receive such messages when you register an account with us and you can always decide to stop receiving these emails at any time by emailing us at email@example.com or calling us at 0808-164-8618.
You may be able to register for or access the Services using Third Party Services, such as Facebook. If you've registered for an account with us through Facebook or another Third Party Service, we will collect and receive your login credentials for such Third Party Service in connection with providing you with the Services if you expressly provide us with such information. We will only use such login information for the purposes described above. In any case, we urge you to review your privacy settings on any Third Party Service and their associated privacy policies to understand more about disclosures of information from your applicable Third Party Services.
When you subscribe to a shave plan or purchase products through the Services or over the phone with one of our customer service representatives, we collect your first and last name, your shipping address and your telephone number (collectively, "Shipping Information"), as well as certain payment information, including your billing address and your credit or debit card type, number, security code and expiration date (collectively, "Payment Information"), and we use this information in order to process, fulfill, confirm, or notify or inform you about your shave plans and purchase orders, as may be necessary to complete a contract with you. Without this information, we would be unable to complete your transaction with us and/or deliver your purchases to you.
We also use your Payment Information to verify your identity when you manage your account, your shave plan or your orders, or make a new purchase, based on our legitimate business interests in keeping your account secure and preventing fraudulent transactions. As stated above, we do not store your Payment Information – our Payment Processor does, and we must collect your Payment Information from our Payment Processor and/or from you in order to use it to verify your identity or to process and fulfill your shave plans.
We use and store your Shipping Information to make it easier for you to make a purchase, or to sign up for a shave plan if you do not have one, based on our legitimate business interest in making the Services more convenient for your continued use.
We may also use your name and shipping address to mail you information and materials about us and our products and services that we think may be of interest to you, based on our legitimate business interest in marketing to individuals who have indicated an interest in our products and services. You can always choose not to receive such communications when you register an account with us, and you can stop receiving these communications at any time by emailing us at firstname.lastname@example.org or calling us at 0808-164-8618.
If you indicate that you would like us to do so, we will share your name and shipping address, along with certain information regarding your transactions with us (including transaction date, value, amount, type, and order ID) with Epsilon Abacus, a provider of data cooperative and marketing services to a members-only group of retailers (such group the "Abacus Alliance" and such members the "Abacus Alliance Members"). Through Epsilon Abacus, this information will be shared with the Abacus Alliance Members, with any transactional information being aggregated so details of individual transactions are not shared. This is based on our and their legitimate interest in better marketing to existing and prospective customers. More specifically, we share this information with Epsilon Abacus so that it can analyze your buying patterns and determine what sort of products are likely to appeal to you, and Epsilon Abacus shares your name and shipping address with Abacus Alliance Members who may offer such products.
By agreeing to share such information with Epsilon Abacus and the Abacus Alliance, you agree to receive information and materials in the post regarding products offered by other Abacus Alliance Members. The list of retailers in the Abacus Alliance changes frequently, but it is limited to retailers in the clothing, collectables, food and wine, gardening, gadgets and entertainment, health and beauty, household goods and/or home interiors categories. You can opt in to share the above-described information with Epsilon Abacus and the Abacus Alliance and receive such materials in the mail when you register an account with us.
If you decide you would like to stop sharing this information and receiving materials in the post, you can email us at email@example.com or call us at 0808-164-8618. Additionally, if you would like to stop all unsolicited postal communications, we suggest that you register with the Mailing Preference Service (MPS), a free service funded by the direct mail industry that enables consumers to have their names and home addresses in the UK removed from lists used by the industry. For more information or if you wish to register with the MPS please visit their website www.mpsonline.org.uk.
When you communicate with us or our customer service representatives, including when you call us, email us or interact with us through the Services, we automatically record that communication, and use that record and the information you provide us in those communications, to address your questions and complaints about us, our products and our services, and to train our customer service representatives, based on our legitimate business interest in providing quality customer service. We also use the information you provide us to address your requests regarding your account, shave plans and purchase orders, as may be necessary to complete a contract with you. Without this information, we may not be able to address these requests.
When you respond to a survey we provide you, or leave a written comment or review on the Services about us, our products or the Services, we record that survey response, comment or review, and use the information you provide us in them, in order to assess and/or address your responses, comments or reviews regarding us, our products or our services, based on our legitimate business interest in providing quality products and customer service.
In addition to the information you directly provide us, we automatically receive and record certain information about you when you access or use the Services, or otherwise communicate or interact with us (including through other websites or mobile applications). Additionally, like many e-retailers, we collect certain information about you from third parties, including advertising and analytics companies.
When you access or use the Services, we collect information from your web browser, including your IP address and your device's settings and unique identifiers, and use that information to determine your general location, based on our legitimate business interests in reliably and accurately providing you with Services and information that apply to you, and in learning more about where the Services are being accessed or used.
• enable you to access and use our website and other features or content on the Services that you request or seek to use, based on our legitimate business interest in providing you with the Services. For example, certain Cookies enable you to log into your account or use the "shopping cart" functionality on the Services. Such Cookies are generally known as "essential cookies." You can disable these Cookies, but doing so will encumber the performance of the Services and may make certain of its features and services unavailable to you;
• determine whether you have previously visited or otherwise used the Services, and if so, whether you indicated any preferences during your previous visits or use, based on our legitimate business interest in personalizing the Services for repeat visitors. Such Cookies are generally known as "functionality cookies," and are persistent Cookies. You can disable these Cookies, but doing so will impair our ability to personalize the Services for you. Our functionality cookies include, for example:
• h_cart: notes the contents of your cart before checkout so that if you navigate away from your basket and return to us, we will remember what was in your cart;
• h_sess: identifies you to our servers after you log in to your account;
• flash: temporarily stores messages and alerts that we display on-screen to you;
• h_personalization: identifies your relationship with us (e.g., whether you have previously made a purchase from us or signed up for a shave plan);
• followed_incentive_code: this Cookie is delivered by us to verify that a referral link is genuine so that we can credit your account accordingly. Without this Cookie, we cannot authenticate the code and the credit cannot be applied;
• h_geoip: determines from which country you are accessing the site so that we can present a country-specific experience (e.g., currency, language, products, shipping options);
• h_public: stores your public user ID which helps us serve a personalized site experience;
• h_mobile: determines if you are on a mobile device to serve a mobile optimized site experience;
• h_signed_once: remembers if you have logged in before to default your login option to login instead of create account;
• h_user: identifies you as being logged-in;
• h_dc: remembers if you applied a discount code to apply that discount at checkout;
• referrer, utm_source, h_p_utm_source, utm_medium, h_p_utm_medium, utm_campaign, h_p_utm_campaign, h_p_utm_term, h_p_utm_content and h_p_eid: identify from which campaigns visitors to our website originated;
• h_gdpr_cookie_agree: remembers if you agree to being tracked via Cookies; and
• multi_step_builder_state: remembers your progress in completing the checkout experience for a subscription;
• h_membership_seen: remembers if you have seen the Core Membership program;
• learn about the pages on our website and on Third Party Services that you visit, and thus enhance our understanding of your interests and preferences, so that we can serve you with advertisements for our products or services that we believe may be of interest to you (on the Services and elsewhere), based on our legitimate interest in marketing to individuals we believe may be interested in our products and services. Such Cookies are generally known as "retargeting and advertising cookies," and are persistent Cookies. Through these Cookies, we collect information about your online activity after you leave our Services. We use a number of third parties to help deliver these Services, including, for example, Google. Please see the section below titled "Additional information about interest-based advertisements" for more information; and
• understand how visitors use the Services, such as by collecting information about the number of visitors to our website, what pages visitors view on our website and how long visitors are viewing pages on the website, based on our legitimate business interest in improving and maintaining the accessibility and functionality of our Services. Such Cookies are generally known as "performance/analytical cookies," and are persistent Cookies. Through these Cookies, we may collect information about your online activity after you leave our Services. We also use these Cookies to help us measure the performance of our advertising campaigns, based on our legitimate business interest in improving our advertising campaigns and the content on the Services to better market to individuals who we think may be interested in our products and services. We use a number of third parties, as described below, to help deliver these Services. Our performance/analytical cookies include, for example:
• h_eph_sess: a short-lived unique identifier that we use to see if you arrive to our website and whether this could be linked to any offline advertising like TV or radio advertisements;
• h_custype: lets us know if you have purchased from us in the past, so that we can show you relevant information on our website;
• ga: Google Analytics session information, a third party Cookie served by Google; and
• gid: Google Analytics user identifier, a third party Cookie served by Google.
Your browser may offer you a "Do Not Track" or "DNT" option, which allows you to signal to operators of Third Party Services that you do not wish such operators to track certain of your online activities over time and across different websites. However, because we collect browsing and persistent identifier data, our Services do not support DNT requests at this time, which means that we may collect information about your online activity both while you are using the Services and after you leave them. You should also know that certain Third Party Services may not support DNT requests either – you should check their respective privacy policies for more information.
You can decide whether or not to accept most Cookies. Most browsers allow you to delete Cookies and have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on the sophistication of your browser software) allowing you to decide whether to accept each new Cookie in a variety of ways. To explore what Cookie settings are available to you, look in the "preferences" or "options" section of your browser's menu. You can always choose to stop us from collecting your Cookie Information by turning off the Cookie feature on your browser or by ceasing to use the Services. However, if you do prevent us from collecting your Cookie Information, you should know that some of the Services may not work properly.
If you'd like to know more about Cookies, including information about how to manage, disable and delete them, you can visit http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm, https://ico.org.uk/for-the-public/online/cookies/, http://www.youronlinechoices.com/uk/ or http://www.allaboutcookies.org/.
We serve advertisements, and also allow third party ad networks, including third party ad servers, ad agencies, ad technology vendors and research firms, to serve advertisements through the Services. These advertisements are sometimes targeted to users who fit certain general profile categories or display certain preferences or behaviors (such advertisements, "Interest-Based Ads"). Information for Interest-Based Ads (including Personal Data) may be provided to us by you, as outlined above, as well as derived from the usage patterns of particular users on the Services and/or Third Party Services over time. Such information may be gathered by us or our third party service providers through Cookies, which may include a file known as a "web beacon" from an ad network to you through the Services. Web beacons allow ad networks to view, edit or set their own Cookies on your browser, just as if you had requested a web page from their website, allow them to serve Interest-Based Ads to you when you visit other websites, and also allow them to provide us and our advertisers with anonymized, aggregated auditing, research and reporting about advertisements.
Remember, you can always choose to stop us from collecting your Cookie Information by turning off the Cookie feature on your browser or by ceasing to use the Services. Also, you can opt out of Interest-Based Ads sourced by Google using Google's Ads Settings. For more information on how to make choices about Interest-Based Ads from participating third parties, and to learn how to opt out of receiving them from participating organizations, please visit the European Interactive Digital Advertising Alliance's user information website at http://www.youronlinechoices.eu/.
When you open an email or an SMS, MMS or other text message, or a push notification (each, a "Message") sent by us, or click on any links in that Message, we receive a confirmation that you did so (and when), as well as Cookie Information. We also receive confirmation and Cookie Information when you click on any links elsewhere throughout the Services, including on our website and our branded pages on social media. We use the information described in this paragraph to assess the effectiveness of our Messages and associated marketing campaigns, to learn more about the audience for our Messages, and to better understand your preferences, all based on our legitimate business interest in marketing to individuals who may be interested in our services and products. You can stop receiving Messages from us at any time by emailing us at firstname.lastname@example.org or calling us at 0808-164-8618.
We work with advertising and analytics companies that provide us with certain information about you, your interactions with us and the Services, and your usage of both the Services and Third Party Services, including your age or birthday, demographic or interest data, Cookie Information, hashed email addresses, unique identifiers assigned to you by our Advertising Partners, as well as pages or content you've viewed, links you've clicked or other actions you've taken on both the Services and on Third Party Services. We use this information in order to enhance our understanding of your interests and preferences, so that we can serve you with Interest-Based Ads and measure their effectiveness, based on our legitimate business interest in marketing to individuals who we think may be interested in our services and products. We sometimes attempt to direct Interest-Based Ads to individuals who fit a certain general category, and as a result of the information our advertising and analytics partners provide us, Interest-Based Ads or other advertisements or recommendations may appear on Third Party Services that you visit.
To collect the information described above, as well as to serve targeted advertisements to you, our advertising and analytics partners sometimes integrate their own Cookies, including web beacons, into the Services and/or into Third Party Services that you visit, as mentioned above. Remember, you can elect not to have these Cookies collect your information on the Services. Also, your browser or device may offer you a "Do Not Track" or "DNT" option, which allows you to signal to operators of Third Party Services (including, without limitation, behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites; however, we cannot and do not make any promises about how such Third Party Services will react when you set this signal on your browser.
You may also consider changing your settings to block third party Cookies generally, where possible. Again, if you'd like to know more about Cookies, including information about how to manage, disable and delete them, you can visit http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm, https://ico.org.uk/for-the-public/online/cookies/, http://www.youronlinechoices.com/uk/ or http://www.allaboutcookies.org/.
In addition to our advertising and analytics partners, we contract with various third party entities in order to operate our business and provide you with the Services and our products. These third parties provide us with various services described throughout this policy, including shipping and logistics, name and address verification, email distribution, market research, fraud prevention, promotions management and payment processing, and may share with us information about you that they have independently developed or acquired (in accordance with their own privacy policies and practices) for those purposes, as may be necessary for us to complete a contract with you or in furtherance of our legitimate business interests.
We sometimes request and receive information about your transaction history from our Payment Processor in order to process your purchase orders and shave plans, or to enroll you in discount, rebate and other programs in which you have elected to participate and use it to verify your identity by combining it with information you provide us, based on our legitimate business interest in protecting against fraudulent transactions.
We share your Personal Data within our corporate family, including with our United States subsidiary, Harry's USA, Inc. We also share your Personal Data with third party vendors, service providers and agents, for the purposes and on the legal bases discussed herein, including:
• with shipping and logistics companies, our Payment Processor and others that we rely on to provide you with the Services or process and fulfill your shave plans and purchase orders, in each case, as may be necessary to complete a contract with you under our Terms of Service or your purchase orders or shave plans; and
We also share your Personal Data with other third parties where you have given us your consent to do so, including for marketing purposes, based on your consent, which you may withdraw at any time, by emailing us at email@example.com or calling us at 0808-164-8618. As stated above, you can always choose to stop receiving these messages from us by emailing us at firstname.lastname@example.org or calling us at 0808-164-8618. Additionally, we share certain Cookie Information with Third Party Services where you have chosen to interact with them through the Services, such as by clicking on a link or advertisement on the Services.
If you post information or content publicly on or through the Services (including when you submit comments or reviews of our shave plans, products or Services), or post content publicly elsewhere, including on your social media accounts, that relates to us or the Services, we may receive and share that public information with third parties, based on our legitimate business interest in marketing our products and services.
We also reserve the right to access, read, preserve and disclose your Personal Data as we reasonably believe is necessary to:
• satisfy any applicable law, regulation, legal process or governmental request;
• protect our rights, property or safety, and those of our users, customers and the public.
We seek to protect your Personal Data using appropriate technical and organizational measures, taking into account the nature of the applicable Personal Data and processing activity. For example, all Payment Information regularly collected through the Services is encrypted and maintained using industry standard methods designed to ensure its security against loss or theft, including during transmission to our Payment Processor. However, we cannot and do not guarantee or warrant that such techniques will prevent unauthorized access to Personal Data or other information about you that we collect and store. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of such information at any time.
You can help us prevent unauthorized access to your account with us and your Personal Data by selecting and protecting your password appropriately and limiting access to your device and browser by signing off after you have finished accessing your account.
We sometimes transfer your Personal Data outside of the European Union, Iceland, Norway or Lichtenstein to our authorized third party agents, vendors and service providers. When we do so, it is our practice to use contracts with standard provisions approved by the European Commission that give Personal Data the same protection it has in Europe, or, where we use third party agents, vendors and service providers based in the United States, we may transfer data to them if they are part of the Privacy Shield (more on this below), which requires them to provide similar protection to Personal Data shared between Europe and the United States.
The Services are hosted and operated in the United States ("U.S.") through us and our service providers, and if you do not reside in the U.S., laws in the U.S. may differ from the laws where you reside. By using the Services, you acknowledge that any of your Personal Data, regardless of whether provided by you or obtained from a third party, is being provided to us in the U.S. and will be hosted on U.S. servers, and you authorize us to transfer, store and process your information to and in the U.S., and possibly other countries. You hereby consent to the transfer of your data to the U.S. pursuant to the EU-U.S. Privacy Shield Framework, the details of which are further set forth below.
Harry's, Inc. and our U.S. subsidiary, Harry's USA, Inc., have certified to the EU-U.S. Privacy Shield Framework set forth by the U.S. Department of Commerce regarding the collection and use of Personal Data transferred from the European Union. For more information about the Privacy Shield program, and to view our certification, please visit www.privacyshield.gov. We adhere to the Privacy Shield Principles of (1) notice, (2) consent, (3) accountability for onward transfer, (4) security, (5) data integrity and purpose limitation, (6) access and (7) recourse, enforcement and liability with respect to all Personal Data received from within the European Union in reliance on the Privacy Shield (the "Privacy Shield Principles"). The Privacy Shield Principles require that we remain potentially liable if any third party processing Personal Data on our behalf fails to comply with these Privacy Shield Principles (except to the extent we are not responsible for the event giving rise to any alleged damage). Our compliance with the Privacy Shield is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Please contact us at email@example.com with any questions or concerns relating to our Privacy Shield certification. If you do not receive timely acknowledgment of your Privacy Shield-related complaint from us, or if we have not resolved your complaint, you may also resolve a Privacy Shield-related complaint through JAMS, an alternative dispute resolution provider located in the United States with offices in London. You can visit https://www.jamsadr.com/file-an-eu-us-privacy-shield for more information or to file a complaint, at no cost to you. Under certain conditions, you may also be entitled to invoke binding arbitration for complaints not resolved by other means.
You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request with respect to these rights, you can email firstname.lastname@example.org. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous, inaccurate or extremely impractical, if it jeopardizes the rights of others or if it is not required by law, but in those circumstances we will still respond to notify you of such a decision. In some cases, we may need you to provide us with additional information, which may include Personal Data, as necessary to verify your identity and the nature of your request.
• Where permissible, you can request more information about the Personal Data we hold about you and you can request a copy of your Personal Data. If you have an active account with us, you can also access your Personal Data by visiting your account settings on our website.
• If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such Personal Data. You can also correct some of this Personal Data directly by visiting your account settings on our website.
• Where permissible, you can request that we erase some or all of your Personal Data from our systems. You can also delete your account with us at any time by emailing us at email@example.com or calling us at 0808-164-8618.
• If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent to this processing at any time, which you can do by emailing us at firstname.lastname@example.org or calling us at 0808-164-8618. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
• Where permissible, you can let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as marketing to you (to name one example), and you can also ask us to restrict further processing of your Personal Data.
• Where permissible, you can ask for a copy of your Personal Data in a machine-readable format, and you can also request that we transmit the data to another controller where technically feasible.
• You have the right to lodge a complaint about our practices with respect to your Personal Data with the supervisory authority of your country or EU Member State. Please visit http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm for more information.
We retain your Personal Data for as long as you have a working account with us, or as otherwise necessary to provide you with the Services. In some cases we retain Personal Data for longer, if doing so is necessary to pursue our legitimate business interests (but only if those interests are not overridden by your own interests, rights and freedoms), comply with our legal obligations, resolve disputes or collect fees owed, conduct audits, or if doing so is otherwise permitted or required by applicable law, rule or regulation. Afterwards, we dispose of your Personal Data securely, but may retain some information in a depersonalized or aggregated form but not in a way that would identify you personally.
As stated above, you can request us to erase some or all of your Personal Data from our systems, and you can delete your account with us at any time, by emailing us at email@example.com or calling us at 0808-164-8618.
If you have any questions or concerns regarding how we collect, use, protect or share your Personal Data, including, for example, about our legitimate business interests or the legitimate business interests of others that we describe above, please send a detailed message to firstname.lastname@example.org or to our Data Protection Officer directly at email@example.com. You can also reach out to Harry's Grooming Limited at its registered office located at 5th Floor 101 St Martins Lane, London, United Kingdom, WC2N 4AZ. We will make every effort to resolve your concerns.
26 February 2019