Privacy Policy
This privacy notice for Bloom Theory Co. ("Company," "we," "us," or "our"), describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services"), such as when you:
- Visit our website at www.bloomtheory.co, or any website of ours that links to this privacy notice
- Engage with us in other related ways, including any sales, marketing, or events
If you have any questions or concerns, this privacy notice will help clarify your privacy rights and options. If you disagree with our policies and practices, we kindly ask that you refrain from using our Services. For further assistance, please reach out to us at support@bloomtheory.co.
PERSONAL INFORMATION WE COLLECT
Information You Provide to Us
Summary: We gather personal details that you voluntarily share with us.
We collect personal information that you provide when you interact with our Site. This includes when you express interest in our products and services, engage in activities, or communicate with us directly. The type of personal information we collect depends on your interaction with us and may include:
- Identifiers: Your name, email address, mailing address, and phone number.
- Payment Information: Billing addresses, debit/credit card numbers, and other details necessary for processing payments.
Sensitive Information
We do not intentionally collect or process sensitive personal information, such as health data, unless specifically provided by you for a particular service.
Payment Data
If you make a purchase, we collect the necessary data to process your payment. This may include your payment instrument number (e.g., credit card number) and associated security codes. Payment information is securely handled by our payment processor, Shopify. You can review Shopify’s privacy policy here: https://www.shopify.com/legal/privacy.
You are responsible for ensuring that the personal information you provide is accurate, complete, and updated as necessary. Please inform us promptly of any changes.
Information We Collect Automatically
Summary: We automatically collect certain information about your device and how you interact with our Site.
When you use our Site, we automatically gather data related to your device and browsing activities. This data, which does not identify you personally, may include:
- Device Information: Internet Protocol (IP) address, browser type and version, time zone setting, operating system, device type, and language preferences.
- Usage Data: Information about how you interact with our Site, including the pages you view, referring/exit URLs, and date/time stamps.
This information is essential for securing and improving the functionality of our Site and for our internal analysis."
Technologies We Use:
Cookies: These are small data files placed on your device that may include an anonymous unique identifier. You can manage cookies through your browser settings. For more information, visit www.allaboutcookies.org.
Log Files: We use log files to monitor activity on our Site, capturing data like IP addresses, browser types, internet service providers, and other technical details.
Web Beacons, Tags, and Pixels: These electronic tools help us understand your behavior on our Site by tracking your interactions.
Order Information
When you make or attempt to make a purchase through our Site, we collect specific information such as your name, billing and shipping addresses, payment information (e.g., credit card numbers), email address, and phone number. This is referred to as "Order Information."
Combining Information
In this Privacy Policy, “Personal Information” refers to both Device Information and Order Information.
Data Retention
We retain your personal information only as long as necessary to fulfill the purposes outlined in this policy, or as required by law. You may request deletion of your data at any time, subject to any legal obligations we may have to retain certain records.
Your Rights
Depending on your jurisdiction, you may have rights regarding your personal information, such as accessing, correcting, or deleting the data we hold about you. You can contact us at support@bloomtheory.co to exercise these rights.
INFORMATION USE
Summary: We use your personal information to fulfill orders, improve your experience, enhance security, comply with legal obligations, and communicate with you. Additionally, we may use your information for marketing purposes based on your preferences.
Order Fulfillment and Customer Service
We primarily use the Order Information you provide to process and complete transactions. This includes managing payments, shipping products, sending order confirmations, and offering customer support. These activities are necessary for the performance of a contract between you and us.
Communication and Support
We use your personal information to communicate with you regarding your orders, inquiries, or any issues that may arise during your interactions with our Services. This may include providing updates on your order status, responding to your customer service requests, and addressing any concerns you may have. The legal basis for this processing is our legitimate interest in ensuring customer satisfaction and providing efficient support.
Risk Management and Fraud Prevention
We collect and use Device Information, such as IP addresses, to monitor and prevent fraudulent activities and potential risks. This helps us maintain a secure environment for all users. The legal ground for processing this information is our legitimate interest in protecting our business and users from fraud.
Site Improvement and Analytics
To enhance your experience on our Site, we analyze how users interact with our services. This may involve using tools like Google Analytics to collect data on browsing behavior, device usage, and the success of our marketing efforts. The insights gained from this analysis help us optimize our Site’s functionality and user experience. Our legal basis for this processing is our legitimate interest in improving our services.
Marketing and Promotional Activities
With your consent, we use your personal information to send you marketing communications, including information about our products, services, and promotional offers. You can opt out of these communications at any time by following the unsubscribe instructions provided in our emails or by adjusting your preferences in your account settings. The legal basis for this processing is your consent and our legitimate interest in promoting our business.
Compliance with Legal Obligations
We may process your personal information to comply with applicable laws and regulations. For example, we may retain records of transactions for tax and accounting purposes or to respond to legal requests. The legal ground for this processing is our obligation to comply with legal requirements.
Third-Party Services
We may share your personal information with third-party service providers to assist in the operation of our business, such as Shopify for e-commerce services and Google Analytics for website performance monitoring. These third parties may have access to your information only to perform specific tasks on our behalf and are obligated to protect your data. For detailed information on how these third parties use your data, please refer to their respective privacy policies:
Shopify: Shopify Privacy Policy
Google Analytics: Google Privacy Policy
Facebook and Pinterest: We use tracking pixels from Facebook and Pinterest for behavior and targeted marketing. You can withdraw your consent and change your preferences by following the opt-out instructions provided by these platforms.
Identifying Usage Trends
We process information about how you use our Services to identify usage trends. This allows us to understand which features are most popular and improve our services accordingly. Our legal basis for this processing is our legitimate interest in enhancing our offerings.
Protecting Vital Interests
In rare cases, we may process your information to protect your vital interests or those of others, such as in situations involving threats to your safety or well-being. This processing is based on our legal obligation to protect individuals in emergency situations.
Your Rights and Choices
You have the right to access, correct, or delete your personal information at any time. Additionally, you can manage your preferences for receiving marketing communications and withdraw consent where applicable. For more details, refer to the "Your Privacy Rights" section below.
LEGAL BASES FOR PROCESSING YOUR INFORMATION
Summary: We process your personal information based on several legal grounds, including consent, performance of a contract, legitimate interests, compliance with legal obligations, and vital interests.
If you are located in the EU or UK:
Under the General Data Protection Regulation (GDPR) and UK GDPR, we process your personal information based on the following legal grounds:
Consent: We may process your information if you have given us explicit consent for a specific purpose. You can withdraw your consent at any time.
Performance of a Contract: We process your personal information to fulfill our contractual obligations to you, such as providing our Services, processing your orders, and responding to your inquiries.
Legitimate Interests: We may process your information for purposes that align with our legitimate business interests, provided they do not override your rights and freedoms. These purposes include marketing, improving our services, and preventing fraud.
Legal Obligations: We may process your information to comply with our legal obligations, such as tax and accounting requirements or to respond to legal requests.
Vital Interests: We may process your information to protect your vital interests or those of another person, particularly in situations involving potential threats to safety.
If you are located in United States:
We process your personal information based on the following:
Consent: Where required by law, we will obtain your consent before collecting or using your personal information. You may withdraw your consent at any time.
Performance of a Contract: We process personal information as necessary to fulfill our contractual obligations to you, such as providing services or processing transactions.
Legitimate Interests: We process personal information to pursue our legitimate business interests, which include improving our services, preventing fraud, and conducting marketing activities, balanced against your right to privacy.
Legal Obligations: We may process personal information to comply with our legal obligations under U.S. law, including responding to law enforcement requests and fulfilling tax or regulatory requirements.
Public Interest: In certain cases, we may process personal information when it is necessary for the public interest, such as ensuring public safety or protecting public health.
If you are located in Canada:
We process your personal information under Canadian law based on the following:
Express Consent: We may process your information if you have given explicit permission for a specific purpose.
Implied Consent: In some cases, your consent may be inferred from your actions or the nature of our relationship.
Exceptional Circumstances: In certain situations, we may process your information without consent, such as for fraud prevention, public interest, or legal compliance.
DATA SECURITY
Summary: We prioritize the protection of your personal information through a combination of organizational and technical security measures.
We are committed to safeguarding your personal information and have implemented a range of security measures to protect it from unauthorized access, use, or disclosure. These measures include:
Technical Safeguards: We use advanced security technologies to ensure that your personal information is protected. This includes encryption, firewalls, and secure socket layer (SSL) technology to safeguard data during transmission and storage.
Organizational Measures: We have strict internal policies and procedures to control access to your personal information. Only authorized personnel who have a legitimate need to access your data are allowed to do so, and they are trained on the importance of privacy and data security.
Third-Party Security: When we work with third-party service providers, we ensure that they also have appropriate security measures in place to protect your information. We require our partners to comply with relevant privacy laws and standards.
Despite our best efforts to secure your information, no method of transmission over the Internet or electronic storage is entirely foolproof. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. We encourage you to take steps to protect your information as well, such as using strong passwords, keeping your devices secure, and only accessing our services from trusted networks.
If you believe that your personal information has been compromised, please contact us immediately so we can take appropriate action.
Your Responsibility: You are responsible for maintaining the security of your account credentials and should avoid sharing them with anyone. Any transmission of personal information through our services is done at your own risk, and we encourage you to use secure methods and environments when accessing our services.
In case of a data breach, we will notify you and the relevant authorities as required by law, and we will work diligently to mitigate any potential harm.
USER RIGHTS AND CHOICES
Summary: Depending on your location and applicable laws, you may have various rights regarding your personal information. These rights include the ability to access, update, correct, or delete your personal data, as well as to object to or restrict certain types of processing. You can also withdraw your consent if our processing is based on consent.
Your Rights
If you are located in the European Economic Area (EEA), the United Kingdom (UK), you have specific rights under data protection laws. These include:
Access: The right to request a copy of the personal information we hold about you.
Rectification: The right to request corrections or updates to inaccurate or incomplete personal information.
Erasure: The right to request the deletion of your personal information under certain conditions.
Restriction: The right to request the restriction of processing of your personal information in specific situations.
Objection: The right to object to the processing of your personal information based on legitimate interests or direct marketing.
Data Portability: The right to request that we transfer your personal information to you or another organization in a structured, commonly used format.
To exercise any of these rights, please contact us using the details provided in the “Contact Us " section below. We will respond to your request in accordance with applicable data protection laws.
Withdrawing Your Consent
If we process your personal information based on your consent, you have the right to withdraw that consent at any time. To do so, please contact us using the details provided below. Withdrawal of consent will not affect the legality of processing carried out before the withdrawal. It also does not affect processing based on other legal grounds.
Opting Out of Marketing Communications
You can opt out of receiving marketing and promotional communications from us by clicking the unsubscribe link in any email we send or by contacting us directly. Note that even if you opt out of marketing communications, we may still send you essential service-related messages.
Cookies and Similar Technologies
Most web browsers are set to accept cookies by default. You can adjust your browser settings to remove or reject cookies, but this may affect the functionality of our website. For information on opting out of interest-based advertising, visit aboutads.info.
Do Not Track
Many browsers and mobile devices offer Do-Not-Track ("DNT") settings that let you opt out of tracking. However, there is currently no standard for DNT signals, so we do not respond to them. If a universal standard is established in the future, we will update this privacy policy to reflect any changes.
Complaints
If you are located in the EEA or UK and believe that we are processing your personal information unlawfully, you have the right to file a complaint with your local data protection authority.
UPDATES TO THIS NOTICE
Summary: Yes, we may update this notice to comply with laws or reflect changes in our practices.
We may update this privacy notice periodically. The latest version will be indicated by the "Revised" date at the top of the notice and will be effective as soon as it is posted. If we make significant changes, we will notify you by prominently displaying a notice on our website or sending you a direct notification. We encourage you to review this notice regularly to stay informed about how we protect your information.
Contact us
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at support@bloomtheory.co.
This privacy policy was last updated on 2024-08-29.
