Last updated: August 11, 2020
What Personal Data Do We Collect & Use?
When you visit the Site, we automatically collect certain information about your device, which may include:
- Urls that refer visitors to our Site;
- Search terms used to reach our Site;
- Details about the emails we send, such as opens, clicks, and unsubscribes;
- Details about the devices used to access our Website, such as web browser information, IP address, time zone, and some of the cookies installed on your device;
- Details about your interaction with our Website, such as the date, time, length of stay, specific pages accessed during your visits to our Site, referral activity, which emails you may have opened; and
- Usage information, such as the number and frequency of visitors to our Site.
We automatically collect Personal Data & device information using the following technologies:
- “Cookies”:data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, including how to disable cookies, please visit www.allaboutcookies.org.
- “Log files”:they track actions occurring on the Site, and collect data including your ip address, browser type, internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons”, “tags”, and “pixels”:electronic files used to record information about how you browse the Site & transmit the information back to a web server.
Additionally, we collect the information you provide directly to us, such as when you open an account, place an order, ask to receive emails, contact customer service, or interact with us on social media. The types of Personal Data we may collect directly from you include:
- Contact information, such as your name, email address, mailing address, and phone number;
- Account information, such as your username and password;
- Billing information, such as credit card details and billing address;
- Optional information you may choose to provide, such as your social media handles, product preferences, demographic information;
- Any other information you choose to provide, such as product reviews, responses to surveys or quizzes, or to receive customer support.
What Do We Do With Your Information?
We may use the Information we collect to deliver the products and services you request, to maintain and customize your account and our interactions with you, and to provide, maintain, and improve our Site. We also use the Information we collect to:
- Create and manage your online accounts and profiles;
- Communicate with you about our Store, including to tell you about products and services that may be of interest to you;
- Complete the transactions you request, perform our contractual obligations, and use as otherwise anticipated within the context of our ongoing business relationship;
- Respond to your requests, inquiries, comments, and suggestions;
- Facilitate your engagement with the Site, including to enable you to post comments and reviews, to engage with other customers, and to post on social media;
- Offer contests, sweepstakes, loyalty programs, or other promotions;
- Personalize your online experience and the advertisements you see when you use the Site or third-party platforms based on your preferences, interests, purchasing history, and browsing behavior;
- Monitor, audit, and analyze trends, usage, and activities in connection with our services;
- Carry out short-term activities and other internal uses related to the products or services you purchase from us or your ongoing relationship with us;
- Conduct internal research and development;
- Detect, investigate, and respond to security incidents and protect against illegal or objectionable activities, including the unauthorized use of the services, and protect the rights and property of glowoasis and others;
- Debug, identify, and repair errors that impair existing intended functionality of our Website;
- Comply with our legal obligations, including those required for you to benefit from rights recognized by law, or any regulatory requirements or provisions;
- Conduct or administer surveys and other market research.
Who Can Have Access to My Information?
We may disclose certain of your Personal Information to glowoasis affiliates and personnel who need to know the Information for the purposes described above, including personnel in the Customer Service and Information Technology departments.
Third-Party Service Providers
We may share your Personal Data with Third-Party Service Providers (“Third-Parties”, “Third-Party Providers”) in order to allow them to perform services on our behalf, including analytics, advertisements, and payments.
In general, the Third-Party Providers used by us will only collect, use, and disclose your Information to the extent necessary to allow them to perform the services they provide to us.
However, certain Third-Parties, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. We recommend that you read their privacy policies so you can understand the manner in which your Personal Information will be handled by these Third-Parties.
Some Third-Parties may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a Third-Party Provider, then your Information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your Personal Information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
Our Store is powered by Shopify Inc., who provides us with the online e-commerce platform that allows us to sell our products and services to you. If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express, and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our Store and its service providers.
Our Store uses Google Analytics to help us learn about who visits our Site and what pages are being looked at, as well as to analyze and track data, determine the popularity of content, deliver advertising and content targeted to your interests on our Site and other Sites, and better understand your online activity. Read more about how Google Analytics uses your Information here or opt-out of Google Analytics here.
California law permits residents of California to request notice of how their Information is shared with third parties for direct marketing purposes or to opt out of such sharing. If you are a California resident and would like a copy of this notice or to opt out, please email us at email@example.com.
We collect Information from you when you interact with us online (such as through our Site, as defined above). If you are a California resident, the California Consumer Privacy Act (“CCPA”) requires us to disclose the following information with respect to our collection, use, and disclosure of Personal Data:
- Categories of Personal Data Collected: When you visit our Site, glowoasis may collect the following categories of Personal Data: identifiers; commercial information; demographic information (note that some demographic information may be considered characteristics of protected classifications under state or federal law); internet or electronic network activity; geolocation data; audio, electronic, visual, thermal, olfactory, or similar information; inferences; and other categories of Personal Data that relates to or is reasonably capable of being associated with you. For examples of the precise data points we collect, Please see “What Personal Data Do We Collect & Use?” above.
- Business or Commercial Purpose for Collecting and Using Data: We collect each category of Personal Data listed above for the business or commercial purposes described in the “What Do We Do With Your Information?” section above.
- Categories of Sources of Personal Data: We collect each category of Personal Data listed above from you and the third-party sources described in the “Who Can Have Access to My Information?” section above.
- Categories of Personal Data Disclosed: When you visit our Site, glowoasis may collect the following categories of Personal Data for business or commercial purposes: identifiers; commercial information; demographic information (note that some demographic information may be considered characteristics of protected classifications under state or federal law); internet and electronic network activity; geolocation data; audio, electronic, visual, thermal, olfactory or similar information; inferences; and other categories of Personal Data that relates to or is reasonably capable of being associated with you.
- Categories of Third Parties With Whom We Share Personal Data: We may share each category of Personal Data listed above with the third parties as described in the “Who Can Have Access to My Information?” section above.
Your Consumer Rights
California consumers have the right to request access to their Personal Data, additional details about our Information practices, and deletion of their Personal Data (subject to certain exceptions). California consumers also have the right to opt out of sales of Personal Data, if applicable. We describe how California consumers can exercise their rights under the CCPA below. Please note that you may designate an authorized agent to exercise these rights on your behalf by providing a notarized Power of Attorney evidencing that you have empowered the authorized agent to exercise your CCPA rights on your behalf. We will not discriminate against you if you choose to exercise your rights under the CCPA.
Right to Know
You may request access to the specific pieces of Personal Information we have collected about you in the last 12 months. You may also request additional details about our Information practices, including the categories of Personal Information we have collected, the sources of collection, the purpose for collecting Information, the categories of Information we share, and the categories of third parties with whom we share Information. You may make an access request by emailing firstname.lastname@example.org. We will verify your request by contacting you after receiving your request to verify your identity.
You may request that we delete the Personal Data we have collected about you (subject to certain exceptions). Please note that we may retain certain Information as required or permitted by applicable law. You may make these requests by emailing email@example.com. We will verify your request by contacting you after receiving your request to verify your identity. If you request to delete your Personal Data, certain products and services of ours may no longer be available to you.
No Sale of Personal Data
glowoasis does not and will not sell Personal Data as the term “sell” is defined by the ccpa.
Legal Basis for Processing
If you are a European resident, we process your Personal Data when:
- We need to use your Personal Data to perform our responsibilities under our contract with you (e.g., processing payments for and providing the glowoasis products you have ordered).
- We have a legitimate interest in processing your Personal Data. For example, we may process your Personal Data for performance marketing activities, to conduct data analytics and to provide, secure, and improve our services.
- We need to do so to comply with a legal obligation to which we are subject.
- We need to do so to protect your vital interests or those of others.
- We have your consent to do so, which you may withdraw at any time.
- Data subject requests.
If you are a European resident, you have the right to access Personal Data we hold about you and to ask that your Personal Data be corrected, updated, or erased. You may also have the right to object to, or request that we restrict, certain processing. If you would like to exercise any of these rights, you may contact us as indicated below. If you have a glowoasis account, you may also review, update, and delete certain Personal Data by logging into your account.
Questions or Complaints
If you are a European resident and have a concern about how we process Personal Data that we are not able to resolve, you have the right to lodge a complaint with the data privacy authority where you live. For contact details of your relevant local Data Protection Authority, click here.
How Do You Get My Consent?
When you provide us with Personal Information to complete a transaction, verify your credit card, place an order, arrange for a delivery, or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your Personal Information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How Do I Withdraw My Consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your Information, at anytime, by contacting us at firstname.lastname@example.org or mailing us at:
5001 Hadley Rd.
South Plainfield, NJ 07080
We may disclose your Personal Information if we are required by law to do so or if you violate our Terms of Service.
To protect your Personal Information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered, or destroyed.
If you provide us with your credit card information, the Information is encrypted using Secure Socket Layer technology (SSL) and stored with AES-256 encryption. Although no method of transmission over the internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Links to Other Websites and Third-Party Content
Our Site may offer social sharing features and other integrated tools (such as the Facebook "like" or "share" button or the Twitter “tweet” button) which let you share actions you take on our Site with other media. Your use of such features enables the sharing of Information with your friends or the public, depending on the settings you establish with the entity that provides the social sharing feature. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of the entities that provide these features.
Our retention periods for Personal Data are based on business needs and legal requirements. We retain Personal Data for as long as is necessary for the processing purpose(s) for which the data was collected, and any other permissible, related purpose. For example, we may retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired. When we no longer need to use your Personal Data, it is removed from our systems and records or anonymized so that you can no longer be identified from it.
Here is a list of cookies that we use. We’ve listed them here so that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, persistent for 30 minutes from the last visit, used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, counts the number of visits to a store by a single customer.
Cart, unique token, persistent for 2 weeks, stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite if the Store has a password, this is used to determine if the current visitor has access.
PREF, persistent for a very short period, set by Google and tracks who visits the Store and from where.
Age of Consent
By using this Site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this Site.
If our Store is acquired or merged with another company, your Information may be transferred to the new owners so that we may continue to sell products to you.
Questions & Contact Information
If you would like to: access, correct, amend, or delete any Personal Information we have about you, register a complaint, or simply want more Information, contact us at email@example.com or by mail at
Re: Privacy Compliance
5001 Hadley Rd.
South Plainfield, NJ 07080