Effective date: 1st September 2023
1.2 Scope and Application
This policy applies to all users of the Plantanium website and outlines the data collection and usage by Plantanium LLC. By using the website, you consent to the data practices described in this policy.
Personal Information Collection
2.1 Types of Information Collected
We may collect various types of personal information including but not limited to:
- Name and contact details
- Shipping and billing address
- Payment information
- Health-related information (for product recommendations)
- Browsing history and preferences
2.2 Methods of Information Collection
Information may be collected through various methods including:
- Directly from the user (e.g., when making a purchase or signing up for newsletters)
- Automatically through cookies and other tracking technologies
- From third parties (e.g., payment processors)
Use of Personal Information
3.1 Purpose of Using Information
We use the collected information for various purposes including:
- Processing and fulfilling orders
- Providing customer support
- Enhancing user experience
- Marketing and promotional activities
- Compliance with legal obligations
3.2 Sharing of Personal Information
We may share your personal information with third parties in the following circumstances:
- With service providers and business partners
- For legal compliance and law enforcement requests
- In connection with a business transfer or sale
Children’s Online Privacy (COPPA)
4.1 Age Restriction
In compliance with the Children’s Online Privacy Protection Act (COPPA), we do not knowingly collect or solicit personal information from anyone under the age of 13. If you are under 13, please do not attempt to register for the Services or send any personal information about yourself to us.
4.2 Parental Control and Consent
Parents or guardians have the right to review, edit, or delete the personal information of their children under 13 years of age. Furthermore, we require parental or guardian consent for the collection of information from children under 13.
Health Information Privacy (HIPAA)
5.1 Handling of Health-Related Information
We adhere to the standards set by the Health Insurance Portability and Accountability Act (HIPAA) in handling personal health data. Information shared with healthcare providers and entities covered by HIPAA will be handled with strict confidentiality and security.
5.2 User Rights Regarding Health Information
Users have the right to access and correct their health information. We will not use or share health information without the individual’s written consent, except in accordance with HIPAA regulations and as described in this policy.
Financial Information Privacy (GLBA)
6.1 Protection of Financial Information
In compliance with the Gramm-Leach-Bliley Act (GLBA), we are committed to safeguarding the security and confidentiality of your financial information. We implement stringent security measures to protect against unauthorized access, alteration, disclosure, or destruction of your personal financial information.
6.2 User Rights Regarding Financial Information
Users have the right to receive notices about our policies and practices related to the collection and use of personal financial information, as well as the right to access and correct any inaccuracies in their financial information stored by us.
California Consumer Privacy Act (CCPA)
7.1 Rights of California Consumers
In accordance with the California Consumer Privacy Act (CCPA), California residents have the following rights:
- The right to know what personal information is being collected about them.
- The right to request the deletion of personal information.
- The right to know whether their personal information is sold or disclosed and to whom.
- The right to object to the sale of personal information.
- The right to non-discrimination in terms of price or service when they exercise a privacy right under CCPA.
7.2 Procedures for Exercising CCPA Rights
Users who are California residents can exercise their CCPA rights by contacting us through the contact details provided in this policy. We will respond to verifiable requests within 45 days of receipt, as required by law.
8.1 Security Measures
We employ a variety of security measures to safeguard your personal information, including the use of secure servers, firewalls, encrypted communication, and regular security audits. We strive to protect the confidentiality, integrity, and availability of personal information against unauthorized access and disclosure.
8.2 Data Breach Notification
In the event of a data breach that compromises the security of your personal information, we will promptly notify affected users and relevant authorities as required by applicable law, outlining the nature of the breach and the steps taken to mitigate its effects.
User Rights and Choices
9.1 Access to Personal Information
Users have the right to access the personal information we hold about them. You can request access to your personal information by contacting us through the provided contact details. We will process such requests within a reasonable time frame, in accordance with applicable laws.
9.2 Correction and Deletion of Personal Information
Users have the right to request corrections to any inaccurate personal information and to request the deletion of their personal information held by us, subject to certain exceptions prescribed by law. We are committed to honoring such requests promptly and in accordance with legal requirements.
Third-Party Links and Services
10.1 Links to Other Websites
Our website may contain links to third-party websites or services that are not owned or controlled by Plantanium. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. We encourage users to read the privacy policies of any third-party websites they visit.
10.2 Third-Party Services
We may employ third-party companies and individuals to facilitate our service (“Service Providers”), to provide the service on our behalf, or to assist us in analyzing how our service is used. These third parties have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
International Data Transfers
11.1 EU-U.S. Privacy Shield Framework
We comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. We adhere to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement, and liability.
11.2 Data Transfer Mechanisms
Cookies and Tracking Technologies
12.2 User Choices Regarding Cookies
Users have the choice to manage cookies through their browser settings, including the removal of cookies that have already been set and the blocking of new cookies. Please refer to your browser’s help documentation for more information on managing cookies.
Red Flags Rule
13.1 Identity Theft Prevention Program
In compliance with the Red Flags Rule, we have implemented an Identity Theft Prevention Program designed to detect, prevent, and mitigate identity theft in connection with the opening of certain accounts or the maintenance of existing accounts.
13.2 Reporting of Identity Theft Incidents
We encourage users to report any suspected incidents of identity theft to us. We will cooperate with law enforcement agencies in the investigation and prosecution of identity theft cases.
14.2 Notification of Changes
15.1 Contact Details
15.2 Feedback and Inquiries