Privacy Policy - It

Privacy policy

Effective: May 25, 2018

  1. Introduction

We know that you are concerned about how we use and disclose personal data, and we are committed to complying with data protection and privacy laws that apply to us. This Privacy Policy tells you about the ways in which we protect your privacy and personal data we process about you.

Bellabeat, Inc. and its affiliates (''Bellabeat'', ''we'', ''us'', ''our'') is committed to protecting and respecting your privacy. This Privacy Policy (together with our Terms of Use and any other documents referred to in it) applies to www.bellabeat.com (the ''Site''), the Bellabeat™ and Airi™ mobile apps and products, and other services, products and apps provided by Bellabeat (collectively the ''Service'') is intended to help you better understand how we collect any personal data from you or how you provide it to us, what rights do you have, how the data will be used, stored and disclosed by us, whether you are end user of our Service (''Registered User'') or whether you are just visiting our website.

In this Privacy Policy the term ''personal data'' means information that relates to an identified or identifiable natural person. ''Sensitive personal data'' means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data and the processing of data concerning health, sex life or sexual orientation.

We wish to remind you that Privacy Policy applies to personal data that we process when you use the Service. It does not apply to any links to third parties' websites and/or services, such as third-party applications, that you may encounter when you use the Service. We encourage you to carefully familiarize yourself with privacy policies applicable to any websites and/or services operated by third parties. Please be aware that we are not responsible for privacy polices of any third parties.

By using the Service, you consent to the terms of this Privacy Policy and the collection, use and transfer of your personal data for processing in and outside the United States, in accordance with privacy practices described in therein. Where and as required, for sensitive personal information we will ask your explicit consent as described in this Privacy Policy.

  1. Information We Collect From You

  1. Data You Provide to the Service

We collect information that is necessary for the use and for adequate performance of the Service. The following information are collected from our users, in connection with registration or their use of the Service (each such user a ''Registered User''). That information may, in certain circumstances, constitute personal data.

E-mail address

First/Last Name

Date of Birth

Weight

Company

Address

Phone number

Shipping method

Items ordered

Discount information

Method of payment

Billing address

Payment information

Password

Your communications within our applications

Information related to pregnancy and general health, such as the first day of the last period, menstrual cycle, date of conception, audio recordings, estimated due date, activity goals and other health goals.

Moreover, if you contact us or participate in a survey, contest or promotion, we collect the information you submit such as your name, contact information and message of the correspondence.

If you use Facebook Connect to login, we collect the information you have made available in your public profile as well as your email address and a list of your friends.

Information relating to health, such as information about pregnancy, may constitute sensitive personal data. We process sensitive personal data to provide the Service to you and to the extent necessary or appropriate for compliance with relevant legal or contractual obligations. If the information we collect is health data or another special category of personal data subject to the European Union's General Data Protection Regulation, we ask for your explicit consent to process that kind of data. We acquire this consent separately when you take actions resulting in our receiving the data, for instance when you use the menstrual calendar feature. You are not obliged to give your explicit consent and if you choose not to provide it certain features of the Service may not work properly or be fully unavailable. You can withdraw your consent at any time by using your account settings.

By using the Service and voluntarily providing us with personal data, including sensitive personal data, you are consenting to the processing of provided personal data in accordance with this Privacy Policy. If you provide personal data to the Service you acknowledge and agree that such personal data may be transferred to the servers of the authorized third parties we collaborate with and are referred to herein, located in and outside the United States.

You may choose to provide other information to help improve your experience or enable certain features of the Service. Also, while interacting with the Service, for example syncing your device with our application or software, we receive and store certain personally non-identifiable information and data recorded on your device such as your logs for exercise, sleep, steps taken, etc., which cannot presently be used to specifically identify you. Data recorded on your device is transferred from your device to cloud storage space we use. Bellabeat may store such information itself or such information may be included in databases maintained by Bellabeat affiliates and service providers, such as Google Cloud Platform.

If you purchase our products on our website, you provide your payment information, including your name, credit or debit card number, card expiration date, CVV code and billing address. We do not store this payment information. We store your delivery address to fulfil your order. Note that third-party payment processors may retain this information in accordance with their own privacy policies and terms.

  1. Data Collected Automatically

The Service may automatically collect the following information from you that in certain circumstances may constitute personal data:

Service use event data such as which links or buttons you have clicked and the pages you have viewed;

Purchase transaction data;

The type of device you are using;

Unique mobile device ID such as Apple IDFA;

The IP address from which you access the Service;

Depending on your device settings, location data;

The name and version of the device operating system; and

Applications installed in a mobile device.

The logging technology used on the Site automatically collects the URL of the site from which you came and the site to which you are going when you leave the Site.

We may place a ''cookie'' on the hard drive of the device that you use to access the Service. Cookies are text files that are saved on the hard drive of your device by means of your browser, enabling us to recognize your browser for purposes such as saving your preferences and directing relevant content to you. Most of the currently available browsers give you the option of managing cookies from your hard drive. We would like to remind you that if you completely disable cookies on your browser you might not be able to use some features of the Service. In all cases in which we use cookies we will not collect personal data except with your permission.

Google Analytics, a web analytics service provided by Google, Inc., is an element of the Site. By using cookies, Google Analytics collects and stores data such as time of visit, pages visited, time spent on each page of the website, the IP address, and the type of operating system used in the devices used to access the Service. By using the Google Analytics Opt-Out browser add-on provided by Google, you can opt out of Google Analytics. For more information on how Google uses collected information please visit www.google.com/policies/privacy/partners/.

Moreover, we use a service entitled Facebook Audience Insights, analytics tool provided by Facebook, Inc.. Facebook Insight analyzes, tracks, and distributes data collected in and through the Facebook pages of the Service for analytics and marketing purposes. For more information on how Facebook Audience Insights works please go to https://www.facebook.com/business/learn/facebook-audience-insights.



  1. The Purposes for Which We Use The Data

We use the data you provide for the following purposes:

To set up and maintain your registration with the Service;

To communicate with you;

To prevent and investigate fraud and other misuses;

To protect our rights and/or our property;

To operate and improve our products and services;

To manage the Service;

To provide features available in the Service;

To develop, improve, and protect the Service;

For market research;

To audit and analyze the Service; and

To ensure the technical functionality and security of the Service.

We use the data collected automatically for the following purposes:

To improve customer service;

To personalize user experience;

To run a promotion, contest, survey or other feature of the Service;

To manage the Service;

To provide features available in the Service;

To personalize the Service;

To develop, improve and protect the Service;

For market research;

To audit and analyze the Service; and

To ensure the technical functionality and security of the Service.

  1. How We Disclose Data

We do not sell, lease, rent or otherwise disclose the personal data relating to our users to third parties unless otherwise stated below/described at the time of consent.

The personal data collected in the Service may be disclosed in the following manner:

  1. Personal data you provide to the Service:

We may disclose personal data you provide to the Service with the following categories of third parties:

- To service providers, such as payment processors and data storage service providers, which enable us to provide the Service to you;

- To public authorities, such as law enforcement or governmental authorities or authorized third parties, if and to the extent we are legally required or permitted to do so by law or if we need to protect our rights or the rights of third parties and if such disclosure is reasonably necessary;

- To our subsidiaries and affiliate or a subsequent owner, co-owner or operator of the Service and their advisor in connection with a corporate merger, consolidation, restructuring, the sale of substantially all our stock and/or assets, bankruptcy or other insolvency proceeding, or other corporate reorganization, in accordance with this Privacy Policy.

  1. Data collected automatically:

The data collected automatically in the Service may be disclosed to the following categories of third parties:

- To service providers, such as data and marketing analysis companies;

- To public authorities, such as law enforcement or governmental authorities or authorized third parties, if and to the extent we are legally required or permitted to do so by law or if we need to protect our rights or the rights of third parties; and

- To our subsidiaries and affiliates or a subsequent owner, co-owner or operator of the Service and their advisors in connection with a corporate merger, consolidation, restructuring, or the sale of substantially all our stock and/or assets or other corporate reorganization, in accordance with this Privacy Policy.

Moreover, we may disclose information to third parties in an aggregate format that does not constitute personal data and does not allow the direct identification of individual users.

  1. How You Choose To Share Your Data

You may elect to share personal data about you from the Service with friends, family, or health professionals. You may also direct us to share personal data about you with other parties. For example, you might authorize us to link your Bellabeat account with a third-party app, send status updates to your social media account, or direct us to share personal data about you with other third parties at your request. Please note that once you direct us to share personal data about you with such third parties, the use of personal data about you by the third party is no longer governed by our Privacy Policy.

You can use the Service, for example visit websites, without providing any personal data. If you choose not to provide any personal information your usage of the Service may be limited or impossible.

  1. Do Not Track Notice

Your browser may provide you with the option to send ''Do Not Track'' signal to websites you visit. This signal is used to request that websites not send the requesting device cookies, but websites have no obligation to respond to such signal or to modify their operation. At the current time, the Site is not programmed to recognize ''Do Not Track'' signals so the Site will not treat you differently if we receive such signals from your browser, and we may not comply with ''Do Not Track'' settings on your browser.

  1. Your Rights

You have the following rights with respect to the personal data we hold about you:

- The right to know what personal data we hold about you: if you would like to know what personal data we hold about you please contact us at hi@bellabeat.com. We seek to promptly respond to your inquiry, respecting the legal deadlines when applicable. Moreover, if you are our Registered User, you can easily review the data that you have provided to the Service by logging in to the Service and reviewing your profile.

- The right to have incomplete, incorrect, outdated or unnecessary personal data corrected, deleted or updated: The easiest way to correct, delete or update the personal data you have provided to the Service is to log in to the Service and enter the necessary changes in the profile settings of the Service. If you have additional questions regarding the correction, deletion or updating of the personal data we hold about you, please contact us at hi@bellabeat.com.

- The right to opt out of receiving electronic direct marketing communications from us: All electronic direct marketing communications that you may receive from us, such as e-mail messages and SMS-messages, give you an option of not receiving such communications from us in the future. If you have any additional questions about electronic direct marketing received from us, please contact us at hi@bellabeat.com.

If you live in the European Economic Area you have legal rights as set out in the General Data Protection Regulation (''GDPR'') such as you can object to our processing of your information based on your legitimate interests or you can request restriction on our processing of your data in certain circumstances. You also have the right to lodge a complaint with your local data protection authority. If you have any additional questions and need assistance regarding your rights under the GDPR please contact us at hi@bellabeat.com. Your request will be taken into account in accordance with applicable law.

  1. Data Retention and Data Security

We keep your account information as long as your account exists because we need it to manage your account and provide the Service. We will keep your personal data if necessary to comply with our legal obligations.  Other information, such as data received by syncing your device with the application, we keep until you use your account settings or tools to delete the data or your account because we need this information to secure you your individual statistics.  

We take reasonable measures to protect personal data about you from unauthorized access or against loss, misuse and unauthorized access, disclosure, alteration or destruction by third parties by using a combination of technical, administrative and physical means. Despite these efforts to store personal data collected in and through the Service in a secure operating environment that is not available to the public we cannot guarantee the security of personal data during its transmission or its storage on our systems as no method of transmitting or storing data is completely secure. Further, while we attempt to ensure the integrity and security of personal data, we cannot guarantee that our security measures will prevent third-parties such as so-called hackers from illegally obtaining access to personal data. We do not warrant or represent that personal data about you will be protected against loss, misuse or alteration by third parties.

  1. International Transfer of Personal Data

Some elements of the Service may be hosted on servers located in countries outside your home country, such as in the European Union (''EU'') or in the United States (''U.S.''). The laws applicable to the protection of personal data in such countries may be different from those applicable in your home country. By registering with the Service, you consent to personal data about you being transferred outside your home country.

Bellabeat participates in and has certified its compliance with the EU – U.S. Privacy Shield Framework (the ''Framework''). We are committed to subjecting all personal data received from the EU Member States to the Framework's applicable Principles (Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability). If there is any conflict between the policies in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page please visit https://www.privacyshield.gov.

A violation of our commitment to Privacy Shield may be investigated by the Federal Trade Commission and/or the United States Department of Commerce. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including for purposes of meeting national security or law enforcement requirements.

In compliance with the Privacy Shield Principles, Bellabeat commits to resolve complaints about your privacy and our collection or use of personal data about you.

Persons located in the EEA have certain rights under European law with respect to your personal data, as listed in the General Data Protection Regulation. If you wish to exercise your rights, please contact us via email at hi@bellabeat.com.

Bellabeat commits to resolve complaints about our collection or use of personal data about you. You can direct any questions about the use or disclosure of personal data about you to us at hi@bellabeat.com. We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of personal data about you within 30 days of receiving your complaint.

Bellabeat's independent recourse mechanism for Privacy Shield complaints for use by EU individuals is JAMS. If you are unsatisfied with the resolution of your complaint, you may contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield for further information and assistance.

Bellabeat has further committed to cooperate with the panel established by the EU data protection authorities (''DPAs'') regarding unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs for more information or to file a complaint. The services of EU DPAs are provided at no cost to you. Under certain conditions, more fully described on the Privacy Shield website you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. These recourse mechanisms are available at no cost to you. Damages may be awarded in accordance with applicable law.

  1. Children's Privacy

You must be at least sixteen (16) years of age to register to and use the Service. This Service is not directed to children under the age of thirteen (13). We do not intend to collect personal data from children under the age of thirteen (13). Parents and legal guardians who believe that their child has provided us with personal data through the Service and wishes that submitted data is deleted please contact us at hi@bellabeat.com.     

  1. Changes to the Privacy Policy

From time to time we may change this Privacy Policy to harmonize it with changes in our privacy practices or for legal, regulatory or operational reasons. You can tell when changes have been made to the Privacy Policy by referring to the Last Updated legend on top of this page. If we materially change the ways in which we use and disclose personal data, we will post a notice in the Service and send an e-mail to our Registered Users. Your continued use of the Service following any changes to this Privacy Policy constitutes your acceptance of any such change made.

  1. Questions or Concerns?

Should you have any questions regarding this Privacy Policy, your privacy as it relates to the use of the Service, or the protection of the personal data we hold about you, please contact us via e-mail at hi@bellabeat.com or by mail at Bella Software, Savska Cesta 32, 10 00 Zagreb, Croatia (for EU residents) or 16 Merced Ave, San Francisco, CA 94127. We seek to promptly resolve any concerns you may have.

    Hello You!

    Join our mailing list