WHO WE ARE
We are Eastern Botanics Limited, located at Unit 2A, 17/F, Glenealy Tower, No.1 Glenealy, Central, Hong Kong S.A.R. Together with our affiliates (collectively, “Company Group”, or “we/our/us”), we own and operate various websites (the “Websites” or “Sites”) and mobile applications (the “Apps”).
This global Privacy Policy (“Privacy Policy”) applies to each Website and App where it is posted.
INTRODUCTION
This Privacy Policy explains how we collect, use, process, share, and store your data when you use our services (both terms as defined below). It also explains the rights you may have under specific data privacy and protection laws, and provides instructions on how to exercise any applicable rights (collectively, “Data Laws”).
The rights discussed in the CCPA Notice are for residents of California. The rights discussed in the GDPR Notice are for persons located in the EU, EEA, UK, or Switzerland. Depending on where you live or are located, these rights may not apply to you. Both the CCPA Notice and the GDPR Notice are provided as Addenda at the end of this Privacy Policy.
Our Websites, Apps, and services may include links to third-party websites, plug-ins, services, social networks, or mobile applications. Clicking on those links or enabling those connections may allow the third-party to collect or share data about you. We do not control these third parties, and you should read each of their privacy notices before you submit any information to them.
PayPal Notices: PayPal is an independent Controller for the purpose of Processing Customer Data. You can access PayPal’s Privacy Statement at: https://www.paypal.com/us/webapps/mpp/ua/privacy-full
You should carefully read this document to understand our policies and practices for processing and storing data. By interacting with our services, you accept the policies and practices described in this Privacy Policy. This Privacy Policy may change from time to time (see "Updates to This Privacy Policy"), and your continued use of our services after any change means you accept those changes. Please check the Privacy Policy frequently for any updates.
DEFINED TERMS
In addition to the terms already defined above, we provide these definitions:
-
“CCPA” means the California Consumer Privacy Act of 2018, as it may be amended from time to time.
-
“Data” is information about you that we collect, or that you provide to us, and may include PII.
-
“Device” means the computer, smartphone, or other electronic device that you use to access the Services.
-
“Device Information” means information about a Device, including the IP address used to access the Services, associated cookies or cookie identifiers, and other information related to the formatting or presentation of the Services for your Device and includes information about the Device often stored in picture files, including Device type and the location you were in when you took the picture.
-
“EEA” means countries in the EU plus Iceland, Lichtenstein, and Norway.
-
“EU” means the countries which are currently members of the European Union.
-
“GDPR” means the General Data Protection Regulation of the European Union, and the equivalent Data laws of the EEA, United Kingdom, and Switzerland.
-
“Identifiable Natural Person” is one who can be identified, directly or indirectly, by a single piece of data such as a name, an ID number, IP address, location data, an online identifier or by other data that, when combined, makes it possible to determine the identity of that natural person.
-
“Personal Data” means any information about an identified or Identifiable Natural Person who has rights under the GDPR (“Data Subject”).
-
“Personal Information” means information that identifies, relates to, describes, is capable of being associated with, or could be linked, directly or indirectly, with a particular consumer, household, or Device.
-
“PII” means personally identifiable information, which is information that can be used to identify a specific individual, including Data that may be classified as Personal Information subject to the CCPA Notice or Personal Data subject to the GDPR Notice.
-
“Services” means the Sites, Apps, and other services available from us.
HOW WE COLLECT DATA
We use different methods to collect data, including:
-
Direct Interactions: These include communications with us via e-mail, chat, social media, telephone, or otherwise. We may collect and maintain records of these communications, and inferences we may make from other personal information we collect. Data from direct interactions may also be collected through third parties with their own privacy policies.
-
Automated Technologies or Interactions: As you interact with our Services, we may automatically collect data about your Device and browsing actions using cookies, server logs, and other similar technologies.
-
Cross-Device Tracking: Some of our Services use data analytics companies, advertising networks, and social media companies to engage in “cross-device tracking,” which links your behavior with our Services across different devices.
-
Third Parties or Publicly Available Sources: We receive data from third parties such as business partners and sub-contractors who provide us with services like shipping, payment processing, advertising, analytics, etc.
-
User Contributions: You may also provide us with data to post on the Services or to transmit to third parties. User Contributions are submitted at your own risk.
TYPES OF DATA WE COLLECT
PII We Collect: We collect PII such as your name, billing address, delivery address, e-mail address, telephone number, IP address, credit/debit card numbers, photos and other content you upload, any profile image you provide, user IDs and/or passwords used to access the Services, your browsing history, and any phone number used to call our customer service number. Depending on the Services you use, you may also provide video and voice recordings, age, date of birth, gender, and other similar information.
Device Information: We collect information about the device(s) you use to access the Services, including the device model, operating system, browser type, IP address, and event information from use of the Services.
Mobile App: Depending on your permissions, if you download and use our Apps, we may collect or access certain information from your mobile device.
Community Postings: You can post information on our blogs, forums, or other public posting areas. Any information you disclose is available to anyone with internet access.
Other Data We Collect: In addition to PII, we collect other data from you when you use the Services, including statistics, aggregated information, technical information, and data about your interactions with our Services.
WHY WE USE AND PROCESS DATA
We may use and process PII for purposes including:
-
Providing the Services in the manner most effective for you and your Device.
-
Fulfilling your orders placed through the Services.
-
Making interest-based suggestions and recommendations about our products and Services.
-
Assessing the effectiveness of our advertising and tailoring our advertising.
-
Improving the Services and notifying you about changes.
-
Managing your customer relationship with us.
-
Enabling your participation in our interactive features.
-
Integrating social media into your experience with our Services.
-
Carrying out your support requests.
-
Notifying you about unfinished transactions, unused credits, or order status.
-
Sending you information about discounts, special offers, and new products.
-
Managing the Services, including troubleshooting, data analysis, testing, research, security, quality control, and fraud prevention.
-
Verifying your identity.
-
Reminding you of special occasions.
-
Performing billing, administration, seller payment, and collections functions.
-
Protecting the Services and our employees and operations.
-
Marketing to you directly through social media platforms and other websites.
-
Sharing information with law enforcement agencies when required.
-
Carrying out activities related to any of the above.
WHO WE SHARE DATA WITH AND WHY
We may share data within our Company Group and with third parties for purposes including:
-
Business partners, suppliers, service providers, subcontractors, and other third parties to provide services such as fulfillment, billing, IT, logistics, delivery, communication, cybersecurity, fraud protection, and legal/audit.
-
Social media platforms.
-
Advertisers and ad networks.
-
Public, governmental, or regulatory authorities.
-
Potential buyers, investment banks, or financial institutions in connection with corporate reorganizations.
-
Courts, law enforcement authorities, regulators, attorneys, or other third parties in connection with legal claims.
We may share other data without restriction.
YOUR CHOICES ABOUT OUR USE OF DATA
-
Transactional Emails: You may not opt out of transactional emails.
-
Promotional Offers: You can stop receiving promotional offers by following opt-out links in each message or contacting us at support@easternbotanics.com.
-
Push Notifications on Mobile App: You can opt out of push notifications at any time by adjusting your device settings.
-
Tracking Technologies and Advertising: You can set your browser to refuse cookies, but parts of our Services may be inaccessible or not function properly.
-
Updating PII: You can update your account information by logging into your account or contacting us.
HOW LONG WE USE AND STORE PII
We retain PII only for the period necessary to fulfill legal, regulatory, and business obligations.
HOW WE PROTECT DATA
We have physical, electronic, and administrative security measures in place designed to protect against the loss, misuse, and unauthorized access, use, alteration, or disclosure of Data under our control. These measures include:
-
Encryption: We use SSL encryption to protect sensitive information transmitted online. Additionally, we encrypt data at rest where appropriate.
-
Access Controls: Access to your personal data is restricted to authorized personnel only. We implement role-based access controls and regularly review access permissions.
-
Firewalls: Our network is protected by firewalls to prevent unauthorized access.
-
Monitoring and Auditing: We monitor our systems for potential vulnerabilities and attacks and conduct regular audits to ensure compliance with our security policies.
-
Training: Our employees receive regular training on data privacy and security practices to ensure they handle your data responsibly and securely.
While no transmission over the internet or electronic storage method can be guaranteed as 100% secure, we strive to use commercially acceptable means to protect your personal data. However, we cannot ensure or warrant the security of any data you transmit to us or receive from us. We urge you to take steps to keep your data safe, such as logging out of your account after use and closing your web browser.
OPT-OUT PREFERENCES
You may opt-out of receiving email marketing communications from us by using the “unsubscribe” link in our emails, or by emailing us at support@easternbotanics.com. To opt-out of physical mailings and telephone communications, or to add your name to our do-not-share list, you may email us at the same address or call us at [Phone Number]. We will ensure your name is removed from our list (and the list we may share with third parties) as soon as possible after we receive your request. Please be aware, however, that even after your request is processed, we may retain residual information about you in backup and/or archival copies of our database.
FOR PERSONS RESIDING IN CALIFORNIA
This section (the “CCPA Notice”) supplements the Privacy Policy and applies only to residents of California. This CCPA Notice is provided in compliance with the California Consumer Privacy Act (CCPA) and any terms defined in the CCPA have the same meaning when used in this section.
FOR PERSONS OUTSIDE THE UNITED STATES, EU, EEA, UK, AND SWITZERLAND
If you live in the European Union, EEA, UK, or Switzerland, or are located outside the United States, this section describes additional rights you might have. By using our services, personal data about you may be transferred to our servers or third-party servers located in the United States in connection with the purposes stated in this Privacy Policy. You acknowledge that the laws regarding the protection of data in the United States may not be as stringent as those in your home jurisdiction.
GDPR NOTICE
We adopt this GDPR Notice to comply with the General Data Protection Regulation (GDPR), and any terms defined in the GDPR have the same meaning when used in this GDPR Notice.
Who Is Responsible for Personal Data About You?
Eastern Botanics Limited is responsible for Personal Data about you. Specifically, Personal Data is controlled by:
Eastern Botanics Limited
Unit 2A, 17/F, Glenealy Tower, No.1 Glenealy, Central, Hong Kong S.A.R.
We have appointed ITG EU & GRCI Law to act as our EU and UK Representatives. If you wish to exercise your rights under EU GDPR or the UK GDPR or have any queries in relation to your rights or privacy matters generally, please email us at support@easternbotanics.com.
Legal Basis for Processing Personal Data:
Depending on the specific purpose, we rely on the following legal grounds for processing Personal Data:
-
Performance of your customer contract or other contractual obligations.
-
Compliance with a legal obligation.
-
Protection of your vital interests or the vital interests of another person.
-
Our legitimate interests or those of any third-party recipients that receive the Personal Data, provided such interests are not overridden by your interests or fundamental rights and freedoms.
-
Important reasons of public interest.
-
The establishment, exercise, or defense of legal claims.
We process Personal Data to let you know about updates to products and services you have purchased from us or expressed interest in before.
Notice re: EU-U.S. and Swiss-U.S. Privacy Shield, CJEU Schrems II Ruling and EU Standard Contract Clauses (SCC):
We have withdrawn from the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework. We strive to continue to store and process EU, EEA, UK, and Swiss Personal Data in Ireland on servers located in the EU, implementing at-rest data encryption, data minimization, and need-to-know access to Personal Data.
CONTACT US
If you have any concerns about the privacy practices of the Services, please contact us at:
Email: support@easternbotanics.com
Address: Unit 2A, 17/F, Glenealy Tower, No.1 Glenealy, Central, Hong Kong S.A.R. Eastern Botanics Limited
UPDATES TO THIS PRIVACY POLICY
We reserve the right to update this Privacy Policy at any time. Changes will be effective immediately upon posting on our website. We encourage you to periodically review this page for the latest information on our privacy practices. If we make material changes to how we treat your Personal Information, we will notify you through a notice on the website's homepage or by email to the address specified in your account.
By continuing to use our Services after such changes are posted, you agree to the revised Privacy Policy.
HOW WE COLLECT PERSONAL INFORMATION
We collect Personal Information as defined in applicable privacy laws from various sources, including:
-
Directly from you: When you create an account, complete forms, purchase products, or use our Services.
-
Indirectly from you: Through your interactions with our website and Services.
-
From our business partners and service providers: Such as payment processors, delivery services, and data analytics providers.
HOW WE SHARE PERSONAL INFORMATION
Categories of Personal Information Collected
-
Identifiers: Name, address, phone number, email address, IP address.
-
Personal information under California law: Name, address, payment information.
-
Protected classifications: Age, gender.
-
Commercial information: Purchase history.
-
Internet activity: Browsing history, interaction with our website.
-
Geolocation data: Location data from your device.
-
Audio/visual data: Recordings from customer service interactions.
Purpose of Collection
-
To provide and improve our Services.
-
To fulfill orders and manage transactions.
-
To enhance customer experience and engagement.
-
To comply with legal obligations.
Categories of Third Parties We Share Personal Information With
-
Service Providers: For order fulfillment, payment processing, and data analytics.
-
Business Partners: For joint marketing efforts.
-
Law Enforcement: As required by law.
YOUR CCPA RIGHTS AND CHOICES
Access to Specific Information
California residents have the right to request information about our collection and use of their Personal Information over the past 12 months.
Deletion Request Rights
You have the right to request the deletion of Personal Information, subject to certain exceptions.
Right to Opt Out
You have the right to opt out of the sale of your Personal Information.
Exercising CCPA Rights
To exercise these rights, submit a verifiable request to us by email at support@easternbotanics.com. Only you or an authorized agent may make a verifiable request related to your Personal Information.
CONTACT US
For any questions or concerns about this Privacy Policy, please contact us at:
Email: support@easternbotanics.com
Address: Eastern Botanics Limited, Unit 2A, 17/F, Glenealy Tower, No.1 Glenealy, Central, Hong Kong S.A.R.