In connection with your use of the Services, you may provide personal information to us in various ways. The types of personal information we obtain include:
- Contact information (such as name, email address, shipping address and instructions, postal code, telephone number, and personal ID);
- Login credentials to create an account on the Services (such as email address and password);
- Information contained on your social media public profile, to the extent you decide to create an account on the Services using your social media account;
- Information you choose to submit on your personalized public profile “My Page”, including web address name, user name, photograph, links to your social media accounts and any other information you choose to submit on the “Page Description” section of your “My Page”;
- User generated content related to product reviews, comments, questions and answers;
- Payment information, such as name, billing address, account number, and payment card details (including card number, expiration date and security code) for payments processed by us. To the extent any payments are processed by any other third parties such as UPI or BHIM then the privacy policies of those parties shall govern such information;
- Bank account and tax information related to any company programs that may offer customer payouts (such as Rewards program);
- Order history, including information about products purchased or viewed on the Services;
- Details you provide through contests, sweepstakes and surveys;
- Social media information, such as social media handles, content and other data shared with us through third-party features that you use on our Services (such as apps, tools, payment services, widgets and plugins offered by social media services like Facebook, Google , Instagram, LinkedIn, Twitter and YouTube) or posted on social media pages (such as our social media pages or other pages accessible to us);
- Other personal information contained in content you submit on the Services, such as through our “Contact Us” feature or other customer support tools; and
- Country/region and language preference based on mobile device settings and/or IP;
- IP address, device, operating system, and browser information that we detect
How We Use The Information We Obtain
We will use the information we obtain through the Services as needed to fulfill our contractual obligation to provide you with the products and services you request and to deliver products ordered (including, but not limited to, transportation and customs clearance through related third party service providers). We also will use the information we obtain through the Services if we have a legitimate interest to do so, including to support the following functions and activities:
- Establishing and managing your account;
- Communicating with you about your account or transactions and sending you information about features and enhancements;
- Processing claims in connection with our products and services, and keeping you informed about the status of your order;
- Managing our Rewards and loyalty programs;
- Posting your product reviews and managing our Reviews program;
- Improving and customizing your experience with the Services, including providing recommendations based on your preferences;
- Identifying and authenticating you so you may use the Services;
- Marketing our products to you and providing you with promotions, including special deals, coupons, discounts and chances to win contests;
- Communicating with you about, and administering your participation in, contests, sweepstakes or surveys;
- Responding to your requests and inquiries and providing customer support, such as through our chatbot or other customer support tools;
- Operating, evaluating and improving our business (including developing new services; enhancing and improving our Services; managing our communications; analyzing our user base and Services; performing data analytics and market research; and performing accounting, auditing and other internal functions);
- Protecting against, identifying and preventing fraud and other criminal activity, claims and other liabilities;
- Communicating with you about changes to our policies.
In addition, we will use your contact information to send Health Newsletters, emails, SMS, push notifications and in-app notifications about our products, services, sales and special offers if you sign up to receive them and have not opted out. We also may use your email address to display ads for our products, services, sales and special offers through Facebook’s and Google’s sites or networks. For example, if you are on Facebook, you may see our ads on the social media platform, or if you sign in to your Google account, you may see our ads as you use the Google search engine, Instagram, Facebook, Facebook Audience Network, YouTube, Gmail, and the Google Display Network because these third parties will match your email address with you. To the extent provided by applicable law, you can object at any time to the use of your e-mail address for advertising purposes. We may combine information we obtain about you through our websites with the information obtained through our apps for the purposes described above. We also may use the information we obtain in other ways for which we provide specific notice at the time of collection or otherwise with your consent.
Automated Collection Of Data
A “cookie” is a text file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. Cookies may be set either directly by the website a user is visiting (“first-party cookies”), or by a domain other than the website the user is visiting (“third-party cookies”). A “Flash cookie,” also known as a local shared object, functions like a web cookie to personalize a user’s experience on sites that use Adobe Flash Player. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, links web pages to web servers and their cookies and may be used to transmit information collected through cookies back to a web server. We and our third-party service providers may use beacons in emails to help us track response rates, identify when our emails are accessed or forwarded, and for other purposes listed above.
The following types of cookies and similar technologies are used on the Services:
We use necessary cookies to help enable the Services to function, including to (1) identify you once you have logged in to your account, (2) keep track of preferences you specify while you use the Services, and (3) manage the security of the Services.
Through our Services, we may obtain personal information about your online activities over time and across third-party apps, websites, devices and other online services. On our Services, we use third-party online analytics services, such as those of Google Analytics. The service providers that administer these analytics services use automated technologies to collect data (such as email address, IP addresses, cookies and other device identifiers) to evaluate, for example, use of our Services and to diagnose technical issues. To learn more about Google Analytics, please visit http://www.google.com/analytics/learn/privacy, and to opt out of being tracked by Google Analytics across all websites, please visit: http://tools.google.com/dlpage/gaoptout. In addition, our Services use full story analytics cookies and similar technologies (local storage) to collect technical information from your device (such as IP address, device and operating system type, browser and approximate geographic location based on your device IP address), as well as information about your interactions with our Services (such as clickstream, browsing and keystroke data, and the referring URL and session duration). This information allows us to recreate your sessions so we can get a better understanding of how you use our Services, troubleshoot issues, and administer and improve our Services.
Personalized Advertising Cookies
How to Change Your Cookie Settings
To the extent required by applicable law, we will obtain your consent before placing non-essential cookies or similar technologies on your device, and keep your choice for a period of six (6) months. If you are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”), Russia or Kazakhstan, you can change your cookie preferences at any time by clicking on the “Cookie Preferences” icon at the bottom of each page of our Services.
You also can stop certain types of cookies from being downloaded on your device by selecting the appropriate settings on your web browser. Most web browsers will tell you how to stop accepting new browser cookies, how to be notified when you receive a new browser cookie and how to disable existing cookies. The following external links will explain how to manage cookies for the most common browsers:
To find out how to manage cookies for other browsers, please click “help” on your browser’s menu or visit www.allaboutcookies.org. [Flash cookies typically cannot be controlled, deleted or disabled through your browser settings and instead must be managed through your Adobe Flash Player settings. To manage Flash cookies, which we may use on our website from time to time, you can go to the Adobe Flash Player Support page available here. In addition, your mobile device settings may allow you to prohibit mobile app platforms (such as Apple and Google) from sharing certain information obtained by automated means with app developers and operators such as us. Our Services are not designed to respond to “do not track” signals received from browsers. Please note that without cookies or other automated tools we use to collect this type of data, you may not be able to use all the features of our Services.
Our Services also use a chatbot to provide automated customer assistance. A chatbot is a computer program that communicates with you, using text on a digital message interface and artificial intelligence. Put simply, if you ask a question through our chatbot, the chatbot will reply to you in human-ish behavior. Our chatbot is supported by Ada Support, a third-party chatbot service provider located in Canada, who performs services on our behalf (“Ada”). Ada uses an automated decision making process, when deciding on the correct answer to serve based on your question, and will receive message logs and usernames when you interact with the chatbot. Message logs contain information such as details of your account with us, including your username, e-mail address, phone number and address, as well as any other content you choose to submit when you make a customer support inquiry through the chatbot. Ada will retain the content of those messages, together with responses to those messages and any outcome from those messages. This information will be retained for twelve (12) months and will be used only to provide customer support and improve the quality of the chatbot services. If you are located in the EEA, UK or Switzerland, the above information will be transferred to Ada in Canada – a country which has been recognized by the European Commission, UK and Swiss Administration as providing an adequate level of data protection.
We also may disclose information about you: (1) if we are required to do so by law or legal process (such as a court order or subpoena); (2) in response to requests by government agencies, such as law enforcement authorities; (3) to establish, exercise or defend our legal rights; (4) when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss; (5) in connection with an investigation of suspected or actual illegal activity; (6) in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation); or (7) otherwise with your consent.
Your Rights And Choices
We offer you certain choices in connection with the personal information we obtain about you. For example, if you have created an account with us, you can change your communication preferences by logging into your account and clicking on “Communication Preferences”. To the extent provided by applicable law, you also can object to the use of your personal information for advertising or direct marketing purposes and unsubscribe from our marketing mailing lists by following the “Unsubscribe” link in our emails, texting STOP to the short code number from which our SMS are being sent or contacting us as specified in the How to Contact Us section below. We will apply your preferences going forward.
To the extent provided by applicable law, you may: (1) request access to the personal information we maintain about you; (2) request that we update, correct, amend, or erase your information; or (3) request the restriction of our use of your personal information, by contacting us as specified in the How to Contact Us section below.
If you are located in the EEA and the UK, to the extent provided by applicable law, you also may object to the use of your personal information in certain situations in which we use that information based on our legitimate interests, as described above. In addition, to the extent provided by applicable law, you may receive, in a structured, commonly used and machine-readable format, your personal information you have provided to us based on your consent or a contract to which you are party. You have the right to have this information transmitted to another company, where it is technically feasible. To exercise these rights, please contact us as specified in the How to Contact Us section below.
If you are located in Brazil you also may have the right to: (1) obtain confirmation that we process your personal information; (2) access your information; (3) correct incomplete, inaccurate or outdated information; (4) have certain information anonymized, blocked or erased; (5) obtain your personal information in a portable format; (6) erase personal information processed with your consent; (7) obtain information about third parties with whom your personal information has been shared; (8) obtain information about the possibility of refusing to provide consent and the corresponding consequences; and (9) withdraw your consent to the extent we have relied on such consent to process your personal information.
Depending on your location, you may have the right to file a complaint with a privacy regulator if you are not satisfied with our response.
Other Online Services And Third-Party Features
Our Services may provide links to other online services and websites for your convenience and information, and may include third-party features such as apps, tools, widgets and plug-ins (e.g., Facebook, Google , Instagram, LinkedIn, Pinterest, Twitter, YouTube, and Shopify). These services, websites, and third-party features may operate independently from us. The privacy practices of these third parties, including details on the information they may collect about you, are subject to the privacy statements of these parties, which we strongly suggest you review. To the extent any linked online services or third-party features are not owned or controlled by us, iHerb is not responsible for these third parties’ information practices.
Retention Of Personal Information
To the extent required by applicable law, we keep the personal information you provide for the duration of our relationship, plus a reasonable period to comply with the applicable statute of limitations or if otherwise required under applicable law.
How We Protect Personal Information
We maintain administrative, technical and physical safeguards designed to protect personal information we obtain through the Services against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.
Children’s Personal Information
How To Contact Us
California Consumer Privacy Statement
Notice of Collection and Use of Personal Information
Identifiers: identifiers such as a real name, alias, postal address, unique personal identifier (such as a device identifier; cookies, beacons, pixel tags, mobile ad identifiers and similar technology; customer number, unique pseudonym, or user alias; telephone number and other forms of persistent or probabilistic identifiers), online identifier, internet protocol address, email address, account name, Social Security number, driver’s license number, passport number, and other similar identifiers
Additional Data Subject to Cal. Civ. Code § 1798.80: signature, state identification card number, education, bank account number, credit card number, debit card number, and other financial information, and medical information
Protected Classifications: characteristics of protected classifications under California or federal law, such as race, national origin, age, sex, gender, gender identity, marital status, medical condition, disability, citizenship status, and military and veteran status
Commercial Information: commercial information, including records of personal property, products or services purchased, obtained, or considered, and other purchasing or consuming histories or tendencies
Online Activity: Internet and other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with websites, applications or advertisements
Sensory Information: audio, electronic, visual and similar information
Employment Information: professional or employment-related information
Inferences: inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
- Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing advertising or marketing services, providing analytics services, or providing similar services
- Auditing related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance
- Short-term, transient use, including, but not limited to, the contextual customization of ads shown as part of the same interaction
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity
- Debugging to identify and repair errors that impair existing intended functionality
- Undertaking internal research for technological development and demonstration
- Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.
Sources of Personal Information
- Directly from you, such as when you make a purchase
- From your devices, such as in connection with your use of the Services
- Your family or friends in connection with their use of the Services, such as by sending information about our products directly to you
- Our affiliates and subsidiaries
- Vendors who provide services on our behalf
- Social networks
- Online advertising companies
- Government entities
Sale of Personal Information
We do not sell your personal information in exchange for monetary compensation. We may allow certain third parties (such as certain advertising partners) to collect your personal information via automated technologies on our Services in exchange for non-monetary consideration (such as an enhanced ability to serve you content and advertisements that may be of interest to you). You have the right to opt out of this disclosure of your information, as detailed below. During the 12-month period prior to the effective date of this Statement, we may have sold the following categories of personal information to online advertising services and advertising networks:
California Consumer Privacy Rights
Access: You have the right to request, twice in a 12-month period, that we disclose to you the personal information we have collected, used, disclosed and sold about you during the past 12 months. Deletion: You have the right to request that we delete certain personal information we have collected from you. Opt-Out of Sale: You have the right to opt-out of the sale of your personal information. Shine the Light Request: You also may have the right to request that we provide you with (a) a list of certain categories of personal information we have disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year and (b) the identity of those third parties. How to Submit a Request: To submit an access or deletion request, click here or Email Us. To submit a Shine the Light request, Email Us. To opt-out of the sale of your personal information, click here or Email Us.
To submit a request as an authorized agent on behalf of a consumer, please Email Us.
Verifying Requests: To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your personal information or complying with your request. If you have an account with us, we verify your identity by requiring you to sign in to your account. If you do not have an account with us and you request access to or deletion of your personal information, there is no reasonable method by which we can verify your identity to the level of certainty required by the CCPA. The reason for this is that LyonsBarry historically has not linked IP addresses, device identifiers or other information collected by automated means to named actual persons. Accordingly, if you do not have an account with us, and you request access to or deletion of your personal information, we will not be able to process your request at this time.
Additional Information: If you choose to exercise any of your rights under the CCPA, you have the right to not receive discriminatory treatment by us. To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.