Effective Date: January 1, 2020
Click on one of the links below to jump to the listed section:
Data protection and privacy rules applied worldwide differ. For this reason, in certain cases we have to change our privacy practices due to specific legal requirements applied in countries where we do our business.
For this reason, this document may include some information specific for certain categories of users, for example, residents of California. In addition, we can also elaborate separate Privacy Policies, where our data protection and privacy practices differ from the ones described in this document due to local legal requirements.
In connection with your use of the Services, you may provide personal information to us in various ways. The types of personal information we obtain include:
You are not required to provide this information but, if you choose not to do so, we may not be able to offer you certain Services and related features.
We will use the information we obtain through the Services as needed to fulfill our contractual obligation to provide you with the products and services you request, to deliver products ordered (including, but not limited to, transportation and customs clearance through related third party service providers); and to manage career opportunities with iHerb.
We also will use the information we obtain through the Services if we have a legitimate interest to do so, including to support the following functions and activities:
In addition, we will use your contact information to send you Health Newsletters, emails, push notifications and in-app notifications about our products, services, sales and special offers if you sign up to receive them and have not opted out.
We may combine information we obtain about you through our websites with the information obtained through our apps for the purposes described above. We also may use the information we obtain in other ways for which we provide specific notice at the time of collection or otherwise with your consent.
When you use our Services or open our emails, we may obtain certain information by automated means, such as browser cookies, Flash cookies, web beacons, device identifiers, server logs and other technologies. The information we obtain in this manner may include your device IP address, domain name, identifiers associated with your devices, device and operating system type and characteristics, web browser characteristics, language preferences, clickstream data, your interactions with our Services (such as the web pages you visit, links you click and features you use), the pages that led or referred you to our Services, dates and times of access to our Services, and other information about your use of our Services. We also may receive your device’s geolocation and other information related to your location through GPS, Bluetooth, WiFi signals and other technologies for certain purposes listed above, such as to provide you with our Services. Your device may provide you with a notification when the Services attempt to collect your precise geolocation.
A “cookie” is a text file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “Flash cookie,” also known as a local shared object, functions like a web cookie to personalize a user’s experience on sites that use Adobe Flash Player. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, links web pages to web servers and their cookies and may be used to transmit information collected through cookies back to a web server. We and our third-party service providers may use beacons in emails to help us track response rates, identify when our emails are accessed or forwarded, and for other purposes listed above.
To the extent required by applicable law, we will obtain your consent before placing cookies or similar technologies on your computer. You can stop certain types of cookies from being downloaded on your computer by selecting the appropriate settings on your web browser. Most web browsers will tell you how to stop accepting new browser cookies, how to be notified when you receive a new browser cookie and how to disable existing cookies. You can find out how to do this for your particular browser by clicking “help” on your browser’s menu or by visiting www.allaboutcookies.org. [Flash cookies typically cannot be controlled, deleted or disabled through your browser settings and instead must be managed through your Adobe Flash Player settings. To manage Flash cookies, which we may use on our website from time to time, you can go to the Adobe Flash Player Support page available here. In addition, your mobile device settings may allow you to prohibit mobile app platforms (such as Apple and Google) from sharing certain information obtained by automated means with app developers and operators such as us. Our Services are not designed to respond to “do not track” signals received from browsers. Please note that without cookies or other automated tools we use to collect this type of data, you may not be able to use all the features of our Services.
The following types of cookies and similar technologies may be used on the Services:
We use first-party cookies to help enable the Services to function, including to (1) keep track of preferences you specify while you use the Services, (2) access your information when you log into the Services to provide you with customized content and (3) manage the security of the Services.
Through our Services, we may obtain personal information about your online activities over time and across third-party apps, websites, devices and other online services. On our Services, we use third-party online analytics services, such as those of Google Analytics. The service providers that administer these analytics services use automated technologies to collect data (such as email address, IP addresses, cookies and other device identifiers) to evaluate, for example, use of our Services and to diagnose technical issues. To learn more about Google Analytics, please visit www.google.com/analytics/learn/privacy.html. In addition, our apps use Appsee’s analytics SDK (Software Development Kit), a third-party app analytics tool integrated into the code of our apps. We use this tool in a way that only analytics data is captured. The information collected includes technical information about your mobile device and aggregated app usage data, such as your device IP address, operating system version, device type and model, app usage length, touch gestures performed in the app, gesture responsiveness and gesture start and end times. This information is hosted by Appsee and shared with us for analytics purposes. We use this information solely for those purposes in order to understand how you use our apps and improve our app functionality.
Through our Services, both we and certain third parties may collect information about your online activities to provide you with advertising about products and services tailored to your individual interests. You may see our ads on other websites or mobile apps because we participate in advertising networks. Ad networks allow us to target our messaging to users considering demographic data, users’ inferred interests and browsing context. These networks track users’ online activities over time by collecting information through automated means, including through the use of browser cookies, web beacons, device identifiers, server logs, web beacons and other similar technologies. The networks use this information to show ads that may be tailored to individuals’ interests, to track users’ browsers or devices across multiple websites and apps, and to build a profile of users’ online browsing and app usage activities. The information our ad networks may collect includes data about users’ visits to websites and apps that participate in the relevant ad networks, such as the pages or ads viewed and the actions taken on the websites or apps. This data collection takes place both on our Services and on third-party websites and apps that participate in the ad networks. This process also helps us track the effectiveness of our marketing efforts.
To learn how to opt out of ad network interest-based advertising in the U.S., please visit www.aboutads.info/choices and http://www.networkadvertising.org/choices/. In the European Union, please visit www.youronlinechoices.eu.
Our Services also support certain third-party services, including social sharing buttons (such as Facebook, Google , Instagram,Pinterest, and Twitter), Tweet lists from Twitter and videos posted on the Services from YouTube. These features use third-party cookies that are placed directly on your device by these services. The privacy practices of these third parties, including details on the information they may collect about you, are subject to the privacy notices of these parties, which we strongly suggest you review. iHerb is not responsible for these third parties’ information practices.
We also may disclose information about you: (1) if we are required to do so by law or legal process (such as a court order or subpoena); (2) in response to requests by government agencies, such as law enforcement authorities; (3) to establish, exercise or defend our legal rights; (4) when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss; (5) in connection with an investigation of suspected or actual illegal activity; (6) in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation); or (7) otherwise with your consent.
We offer you certain choices in connection with the personal information we obtain about you. For example, if you have created an account with us, you can change your communication preferences by logging into your account and clicking on “Communication Preferences”. To the extent provided by applicable law, you also can object to the use of your personal information for direct marketing purposes and unsubscribe from our marketing mailing lists by following the “Unsubscribe” link in our emails or contacting us as specified in the How to Contact Us section below. We will apply your preferences going forward.
To the extent provided by applicable law, you may: (1) request access to the personal information we maintain about you; (2) request that we update, correct, amend, or erase your information; or (3) request the restriction of our use of your personal information, by contacting us as specified in the How to Contact Us section below.
If you are located in the EEA, to the extent provided by applicable law, you also may object to the use of your personal information in certain situations in which we use that information based on our legitimate interests, as described above. In addition, to the extent provided by applicable law, you may receive, in a structured, commonly used and machine-readable format, your personal information you have provided to us based on your consent or a contract to which you are party. You have the right to have this information transmitted to another company, where it is technically feasible. To exercise these rights, please contact us as specified in the How to Contact Us section below.
Depending on your location, you may have the right to file a complaint with a privacy regulator if you are not satisfied with our response.
Our Services may provide links to other online services and websites for your convenience and information, and may include third-party features such as apps, tools, widgets and plug-ins (e.g., Facebook, Google , Instagram, LinkedIn, Pinterest, Twitter, and YouTube). These services, websites, and third-party features may operate independently from us. The privacy practices of these third parties, including details on the information they may collect about you, are subject to the privacy statements of these parties, which we strongly suggest you review. To the extent any linked online services or third-party features are not owned or controlled by us, iHerb is not responsible for these third parties’ information practices.
To the extent required by applicable law, we will retain your personal information for the duration of our relationship, plus a reasonable period to comply with the applicable statute of limitations or if otherwise required under applicable law.
We maintain administrative, technical and physical safeguards designed to protect personal information we obtain through the Services against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.
iHerb, LLC. Attn: Legal Department 301 North Lake Avenue, Suite 600 Pasadena, CA 91101, United States Email: [email protected]
Subject to applicable law, data requests submitted by email or sent via postal mail may require that you provide additional documentation necessary to confirm your identity.
If you prefer not to provide additional documentation along with your request, we recommend you utilize the above Form as it will automatically validate your identity.
The entity responsible for the processing of your personal information in the EEA is iHerb, LLC.
This California Consumer Privacy Statement uses certain terms that have the meaning given to them in the California Consumer Privacy Act of 2018 and its implementing regulations (the “CCPA”).
We may collect the following categories of personal information about you:
|Purposes||Categories of Personal Information|
|Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing advertising or marketing services, providing analytics services, or providing similar services||
|Auditing related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance||
|Short-term, transient use, including, but not limited to, the contextual customization of ads shown as part of the same interaction||
|Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity||
|Debugging to identify and repair errors that impair existing intended functionality||
|Undertaking internal research for technological development and demonstration||
|Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us||
Our Prior Collection, Use and Disclosure of Personal Information
We may have collected and used your personal information, as described in section 1 above, during the 12-month period prior to the effective date of this California Consumer Privacy Statement. For the personal information collected during that timeframe, we describe below: (a) the categories of sources from which we may have obtained the personal information, (b) the categories of third parties with whom we may have shared the information, (c) the categories of personal information we may have sold, and (d) the categories of personal information we may have disclosed for a business purpose.
We may have obtained personal information about you from various sources, as described below.
|Categories of Sources of Data Collection||Categories of Personal Information|
|Directly from you, such as when you make a purchase||
|From your devices, such as in connection with your use of the Services||
|Your family or friends in connection with their use of the Services, such as by sending information about our products directly to you||
|Our affiliates and subsidiaries||
|Vendors who provide services on our behalf||
|Online advertising companies||
b. Sharing of Personal Information
We may have shared your personal information with certain categories of third parties, as described below.
|Categories of Third Parties||Categories of Personal Information|
|Vendors who provide services on our behalf||
|Professional services organizations, such as auditors and law firms||
|Internet service providers||
|Data analytics providers||
|Operating systems and platforms||
c. Sale of Personal Information
We do not sell your personal information in exchange for monetary compensation. We may allow certain third parties (such as certain advertising partners) to collect your personal information via automated technologies on our Services in exchange for non-monetary consideration (such as an enhanced ability to serve you content and advertisements that may be of interest to you). You have the right to opt out of this disclosure of your information, as detailed below.
During the 12-month period prior to the effective date of this California Consumer Privacy Statement, we may have sold the following categories of personal information:
We do not sell the personal information of minors under 16 years of age without affirmative authorization if we have actual knowledge of the individual’s age.
We may have disclosed to third parties for a business purpose the categories of personal information listed in Section 1 of this Statement.
You have certain choices regarding our use and disclosure of your personal information, as described below.
How to Submit a Request: To submit an access or deletion request, click here. To submit a Shine the Light request, email us at [email protected] To opt-out of the sale of your personal information, click here.
Verifying Requests: To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your personal information or complying with your request. If you have an account with us, we verify your identity by requiring you to sign in to your account. If you do not have an account with us and you request access to or deletion of your personal information, there is no reasonable method by which we can verify your identity to the level of certainty required by the CCPA. The reason for this is that iHerb historically has not linked IP addresses, device identifiers or other information collected by automated means to named actual persons. Accordingly, if you do not have an account with us, and you request access to or deletion of your personal information, we will not be able to process your request at this time. Additional Information: If you choose to exercise any of your rights under the CCPA, you have the right to not receive discriminatory treatment by us. To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request. This Statement is available in alternative formats upon request. Please contact [email protected] to request this Statement in an alternative format.