California residents can learn about their additional privacy rights in the “Additional information for consumers located in California” section below.
Personal information we collect
Information you provide to us:
- Personal contact information, such as your first and last name, email and mailing addresses, and phone number.
- Transaction information, such as your billing and shipping address, purchase details, and payment information.
- Registration information, such as information that may be related to a service, an account or an event you register for.
- Feedback or correspondence, such as information you provide when you contact us with questions, feedback, product reviews, or otherwise correspond with us online.
- Usage information, such as information about how you use the services and interact with us, including information associated with any content you upload to the websites or otherwise submit to us, and information you provide when you use any interactive features of the services.
- Marketing information, such as your preferences for receiving communications about our activities, events, and publications, and details about how you engage with our communications.
- Device data, such as your computer or mobile device operating system type and version number, manufacturer and model, device identifier, browser type, screen resolution, IP address, and general location information such as city, state or geographic area.
- Online activity data, such as the website you visited before browsing to our website, and information about your use of and actions on our websites, including pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access; and
- Communications response data, such as whether you open emails we send you, and the links and other actions you take in response to the emails.
How we use your personal information
To operate our services:
- Provide, operate, maintain, secure and improve our services
- Fulfill a payment or return transaction initiated by you
- Administer our loyalty or rewards program
- Provide information about our services
- Communicate with you about our services, including by sending you announcements, updates, security alerts, and support and administrative messages
- Understand your needs and interests, and personalize your experience with our services and our communications
- Respond to your requests, questions and feedback
For research and development. To analyze and improve the services and to develop new products and services, including by studying use of our services.
For marketing purposes. To send marketing emails to the email address you provide to us (provided, however, that any such marketing emails will tell you how to opt out of receiving further marketing emails).
To comply with law. As we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
For compliance, fraud prevention, and safety. To: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern our website and services; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
To create anonymous data. To create anonymous data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you.
How we share your personal information
Service providers. We may share your personal information with third party companies and individuals that provide services on our behalf or help us operate our services (such as customer support, hosting, analytics, email delivery, marketing, and database management services).
My Healthy Beat website visitors. You may choose to leave a product review, which we may post publicly for visitors of our website to view. This review may include your name, country of residence, and other personal information.
Vybe website visitors. You may choose to leave a product review, which we may post publicly for visitors of our website to view. This review may include your name, country of residence, and other personal information.
Thrasio brands. We may also share information among Thrasio brands for those brands’ marketing purpose.
Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described above.
In this section, we describe the rights and choices available to all users. Users who are located in California or the European Economic Area, Switzerland or the United Kingdom (collectively, “Europe”) can find additional information about their rights below.
Access or update your information. If you have registered for an account with us, you may review and update certain personal information in your account profile by logging into the account.
Opt out of marketing communications. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us at [email protected]. You may continue to receive service-related and other non-marketing emails.
Targeted online advertising. Some of the business partners that collect information about users’ activities on or through our services may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior or mobile application usage for purposes of targeted advertising.
Users may opt out of receiving targeted advertising on websites through members of the Network Advertising Initiative by clicking here or the Digital Advertising Alliance by clicking here. European users may opt out of receiving targeted advertising on websites through members of the European Interactive Digital Advertising Alliance by clicking here, selecting the user’s country, and then clicking “Choices” (or similarly titled link). Users of our mobile applications may opt out of receiving targeted advertising in mobile apps through participating members of the Digital Advertising Alliance by installing the AppChoices mobile app, available here, and selecting the user’s choices. Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked above.
In addition, your mobile device settings may provide functionality to limit our, or our partners’, ability to engage in ad tracking or targeted advertising using the Google Advertising ID or Apple ID for Advertising associated with your mobile device.
If you choose to opt out of targeted advertisements, you will still see advertisements online but they may not be relevant to you. Even if you do choose to opt out, not all companies that serve online behavioral advertising are included in this list, so you may still receive some cookies and tailored advertisements from companies that are not listed.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit https://www.allaboutdnt.com.
Our store is hosted on Shopify. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Other sites, mobile applications and services
Our website may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.
We use reasonable organizational, technical and administrative measures designed to protect against unauthorized access, misuse, loss, disclosure, alteration and destruction of personal information we maintain. Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure. Therefore, while we strive to protect your personal information, we cannot guarantee the security of personal information. In the event that we are required to notify you about a situation involving your data, we may do so by email or telephone to the extent permitted by law.
International data transfers
We are headquartered in the United States and have service providers in other countries, and your personal information may be transferred to the United States or other locations outside of your state, province, or country where privacy laws may not be as protective as those in your state, province, or country.
European users should read the important information provided below about transfer of personal information outside of Europe.
Our website and services are not intended for children, and we do not collect personal information from them. We define “children” as follows:
- Residents outside of Europe: anyone under 13 years old; and
- Residents of Europe: anyone under 16 years old, or the age needed to consent to the processing of personal information in your country of residence.
If we learn we have collected or received personal information from a child without verification of parental consent, we will delete the information. If you believe we might have any information from or about a child, please contact us at [email protected].
How to contact us
Please direct any questions or comments about this Policy or privacy practices to [email protected]. You may also write to us via postal mail at:
Mailing Thrasio, 85 West Street, Floor 3, Walpole, MA 02081
Additional information for consumers located in California
This section applies only to California residents. For purposes of this section, “Personal Information” has the meaning given in the California Consumer Privacy Act of 2018 (“CCPA”) but does not include information exempted from the scope of the CCPA.
Your California privacy rights. The CCPA grants individuals whose information is governed by the CCPA the following rights:
- Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.
- Deletion. You can ask us to delete the Personal Information that we have collected from you.
You are entitled to exercise the rights described above free from discrimination.
Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. If we deny your request, we will communicate our decision to you.
How to exercise your rights
You may exercise your California privacy rights described above as follows:
- Right to information, access and deletion. You can request to exercise your information, access and deletion rights by:
- Mailing us at Thrasio, 85 West Street, Floor 3, Walpole, MA 02081
- emailing [email protected]
- Identity verification. We will need to confirm your identity and California residency to process your requests to exercise your information, access or deletion rights. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.
- Authorized agents. California residents can empower an “authorized agent” to submit requests on their behalf. We will require the authorized agent to have a written authorization confirming that authority.
Online tracking opt-out guide
Like many companies online, we may use services provided by Google and other companies that use tracking technology. These services rely on tracking technologies – such as cookies and web beacons – to collect directly from your device information about your browsing activities, your interactions with websites, and the device you are using to connect to the Internet. There are a number of ways to opt out of having your online activity and device data collected through these services, which we have summarized below:
- Blocking cookies in your browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.
- Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
- Using privacy plug-ins or browsers. You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, DuckDuckGo, Ghostery or
uBlock Origin, and configuring them to block third party cookies/trackers.
- Platform opt-outs. The following advertising partners offer opt-out features that let you opt-out of use of your information for interest-based advertising:
- Advertising industry opt-out tools. You can also use these opt-out options to limit use of your information for interest-based advertising by participating companies:
Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt-out on every browser and device that you use.
Notice to European users
The information provided in this “Notice to European users” section applies only to individuals in Europe.
Processing purpose (click link for details)
Details regarding each processing purpose listed below are provided in the section above titled “How we use your personal information”.
- Legal Basis
To operate our services
- Processing is necessary to perform the contract governing our provision of our services or to take steps that you request prior to signing up for the services. If we have not entered into a contract with you, we process your personal information based on our legitimate interest in providing the services you access and request.
For research and development
For marketing purposes
For compliance, fraud prevention and safety
To create anonymous data
- These activities constitute our legitimate interests. We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
To comply with law
- Processing is necessary to comply with our legal obligations.
With your consent
- Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the services.
Sensitive personal information. We ask that you not provide us with any sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the services, or otherwise to us.
Retention. We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
When we no longer require the personal information we have collected about you, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. If we anonymize your personal information (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.
Your rights. European data protection laws give you certain rights regarding your personal information. If you are located in Europe, you may ask us to take the following actions in relation to your personal information that we hold:
- Access. Provide you with information about our processing of your personal information and give you access to your personal information.
- Correct. Update or correct inaccuracies in your personal information.
- Delete. Delete your personal information.
- Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
- Restrict. Restrict the processing of your personal information.
- Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
You may submit these requests by email to [email protected] or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.
Cross-border data transfer. If we transfer your personal information out of Europe to a country not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be performed:
- Pursuant to the recipient’s compliance with standard contractual clauses, EU-US Privacy Shield (or Swiss-US Privacy Shield, as applicable), or Binding Corporate Rules.
- Pursuant to the consent of the individual to whom the personal information pertains.
- As otherwise permitted by applicable European requirements.
You may contact us if you want further information on the specific mechanism used by us when transferring your personal information out of Europe.