PRIVACY POLICY

Effective Date: January, 2021

At HEAR THE EARTH BLOG AND HEAR THE EARTH SHOP we value you, and we strive for transparency in our interactions with you. We seek to make your in-store and online experiences with us fun, efficient and as personalized as you would like. You should be able to find the fashion looks you desire as quickly as possible. If you want to hear from us, you can set that up with us. If you decide you’ve heard enough from us for a while, you can do that too! The information that we obtain from or about you, whether directly or indirectly, helps us understand you better and improve your shopping and other experiences with us.

Above it all, though, our main goals are to gain and maintain your trust, including by addressing any questions or concerns you might have about the privacy and safety of your personal information when it is in our hands.

If you like, you can print and read the entire Privacy Policy.

SCOPE

This Privacy Policy (“Privacy Policy”) describes how HEAR THE EARTH BLOG AND HEAR THE EARTH SHOP, (“HEAR THE EARTH BLOG AND HEAR THE EARTH SHOP,” “we,” “us”) collects, uses, processes and shares your personal information (sometimes referred to as “PI”) and other information when you use our website (the “Site”) or mobile app (the “App”) (sometimes collectively referred to as the “Sites”), visit or make a purchase in our online stores (the “Stores”), visit or talk to us on our social media pages (“Social Media”), participate in a sweepstakes or contest open to costa rican residents (“Prize Promotions”), contact our customer service agents (“Customer Service”), open our ads, receive or open our e-mails or text messages, or otherwise interact or communicate with us related to any of these services (sometimes collectively referred to as the “Services”).

Throughout this Privacy Policy, we refer to the PI we collect from you, about you, or which may be associated with you, interchangeably without any geographic or legal distinctions. (Please note the subsections below addressing specific jurisdictions and any additional rights that you may have, or any additional requirements that we may have, under the laws of those jurisdictions (see California Privacy Rights, Supplement for European and UK Users, and Nevada Consumers). By using the Services from wherever in the world you are located, you consent to our data practices set forth herein (and, if applicable in any particular cases, to any other privacy notice provided at the point of collection, which collection notice will prevail if different from this general Privacy Policy). Unless otherwise noted, your use of our Sites is also subject to our Terms of Use.

Simply put, your PI is important to us. We take commercially reasonable steps to secure it, and aim to use it responsibly and transparently. If you have any privacy questions or concerns, you can always contact us at shop@heartheearthblog.com.

INFORMATION WE COLLECT

In this section we disclose details about the information we collect from and about you in connection with the Services. Please note that if you are accessing our Services from the European Economic Area (Member States of the European Union together with Iceland, Norway , and Liechtenstein), including from the UK after Brexit (an “EEA User”), the level of disclosure set forth below meets the standards of the European Data Protection Regulation (Regulation (EU) 2016/679 (“GDPR”).

Information Collected Directly from You.

We collect personal information and other data from you when you submit it to us or a third party acting on our behalf. The information collected directly from you depends upon how you use the Services. For example:

When you create an account, we collect your e-mail address, username and password. If you provide it to us, we may also collect additional information from you, including your name, birthday (day and month), physical address, zip code/post code, phone number (home or mobile), gender and/or user image.

If you make a purchase on our Sites, we will collect your order-related information, including your billing and shipping address (“Transaction Info”). We will also ask that you provide your payment information (credit card, debit card, or other payment method) at the point of purchase, but HEAR THE EARTH BLOG AND HEAR THE EARTH SHOP does not itself collect that information. Instead, that information is passed on to our payment processors, or if you use any third party payment services, directly to them.

When you visit or make a purchase in our Stores, we generally do not collect your PI except as set forth below. If you provide us your e-mail address or phone number so that we can send you promotional offers, fashion news or other marketing materials, we will collect your e-mail address and/or phone number to send you such marketing communications. After you make a purchase in our Stores, we may also give you the opportunity to answer a few survey questions about your experience and get a discount coupon next time you shop with us. We work with a third party vendor to provide the platform for the survey. The information you provide on that survey platform is subject to this Privacy Policy.

If you join our marketing e-mail list, we will collect your e-mail address, and when we send marketing e-mails to you, we (or our vendors working on our behalf) will collect information such as your reaction to our marketing, whether you open or share our e-mails, how long you engage with them, and whether you click the links in the e-mails.

Our occasional referral programs may enable you to send communications to friends and family, in which case we will collect PI from you about you and about your friend or family member. If you choose to participate in these programs, we rely on you to only send these communications to people who have given you permission to do so. The recipients’ PI that you provide will be used to facilitate the communication, and your contact information and message may also be included in the communication.

When you contact our Customer Service agents by e-mail, chat, phone, Social Media or via contact forms we provide for that purpose, we will collect (and you expressly consent to our doing so) any personal details and other content that you provide to us, which may include, without limitation, your name, e-mail address, postal address, IP address, geolocation data, and if you contact us via Social Media, your social media handle, your profile photo and any other publicly available information.

If you participate in a Prize Promotion, we may collect and process your name, social media handle, address, e-mail address, phone number, image, photograph, voice, statements, and/or other information, such as the prize you have won.

If you are on our App and search by UPC code or voice search, we will access your device camera and microphone, with your permission. If you wish to update your permissions, you may do so in the “Settings” options on your device.

Information Collected from Other Sources.

We may also obtain information about you when you log in through a third-party social network or authentication service, such as Facebook or Google. These services will authenticate your identity (so that you do not have to register for an account on our Site or App separately). When you log-in via their services, you will be re-directed to their websites for log-in and they will then share with us your user ID, profile URL, profile picture, name and e-mail address so that (i) we can identify you and so that (ii) your account on their platforms will be connected to our Services. Such platforms may furthermore provide you the option to share certain PI with us, in which case we may receive further information (such as your address book). Your username and profile picture may be visible to all other HEAR THE EARTH BLOG AND HEAR THE EARTH SHOP users, regardless of whether they are your “friends.”

When you interact with us through a social media site or third-party service, such as when you like, follow, or share HEAR THE EARTH BLOG AND HEAR THE EARTH SHOP content on Facebook, Twitter, Instagram or other sites, we may receive information from the social network, including your profile information, picture, user ID associated with your social media account, and any other information you permit the social network to share with third parties. The data we receive from these third-party sites is dependent upon that third party’s policies and your privacy settings on that third-party site. You should always review and, if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our Services. If you make a comment or post other content on our Social Media pages, please be aware that you are providing information directly to the social media network subject to their Privacy Policy and terms of use. As with other third party sites, we have no control over and are not responsible for their own data and privacy practices.

We may combine information we receive from other sources with information we have collected directly from you.

Information Automatically Collected when You Use our Services.

In addition to information that you or other parties provide us, “cookies” and other tracking technologies (sometimes generically referred to as “Cookies”) enable us and third parties to collect certain information from you passively when you use our Services. What information is collected depends on how you use our Services, and includes:

domain name visited

your browser type and version

your operating system

the web pages and other content you view

the links you click on

your IP address

the length of time you spend interacting with the Services

the referring URL

the device type from where you access our Sites

the advertising ID and other unique identifiers associated with your device

the screen resolution of your device

the manufacturer of the device you use to access our Services

the exit page

your language preferences

what devices you use to access the Services

your mobile device ID

your device name and model

your mobile operating system, type, name, and version

the App version

geolocation data, such as inferred and precise location; provided, however, that we will collect precise location information from your mobile device only if you enable that feature; nevertheless, even if you elect not to enable that feature we may be able to determine location by other means such as when you use wi-fi in our Stores. Turning off device location tracking does not affect the processing of the data that has been collected before the feature has been disabled.

HOW WE USE YOUR INFORMATION

Our use of your PI, including location information when applicable, is limited to the following purposes, subject to applicable law, unless otherwise disclosed at the point of collection or otherwise consented by you:

To provide Services to you (including to fulfill your orders)

To communicate with you through e-mail, text messaging, push notifications, cloud-enabled voice services or other means and devices regarding your account, your purchases (including, without limitation, delivery or shipping-related information), your returns, or your other uses of our Services, including, for example, to send you product updates and availability of previously out-of-stock items

To respond to your inquiries, resolve your problems and concerns, and for other Customer Service purposes, including, without limitation, for business purposes such as record keeping, quality assurance, training purposes and to improve our Customer Service operations

To distinguish you from other users of our Sites

To measure traffic and the effectiveness/success of our ad campaigns and other Services (including those offered through third parties, including our online targeted advertising and offline promotional campaigns)

To offer you location customization; for example, our store finder feature may access and use information about your device location (such as based on IP address or GPS, as applicable), or your account information, to suggest appropriate store locations; moreover our content may be personalized based on various information pieces we may have about you to try to provide you with more location-relevant content

To offer you personalized search capability, recommendations, instructions, or help on our Sites and on third party sites

To assist us in advertising our Services on third party websites, mobile apps, and other online services, and provide you with a better, more personalized experience when you visit our Sites or when we send you marketing communications, or when we otherwise display our content to you on our Sites or on third party sites, or when you otherwise interact with any of our Services

To customize your experience when you engage with us and to tailor ads and other content to you while you use our Services or when you navigate across the Internet or interact with us across devices

To better understand how you and others access and use our Services, both on an aggregated and individualized basis, and to conduct further analysis such as identify usage trends and identify target groups, with the goal of continuously improving our Services and enhancing your experience when engaging with us across our Services

If you have asked us to send you marketing e-mails about our current or upcoming promotional offers or new products or other information we think may be of interest to you, to send you such marketing communications

To send you promotional mailers by regular (post) mail

For research, product development, Services enhancement, and analytics purposes

To build (and/or have others build on our behalf) custom audiences or look-alike audiences that will help us better tailor our ad campaigns and other outreach communications to you, subject to territorial, platform and other limitations where applicable

To administer our customer loyalty programs

To administer our customer referral programs

To execute and promote our Prize Promotions

To manage Cookies and allow you to manage your Cookie preferences

To administer surveys and questionnaires for market research or member satisfaction purposes

To comply with legal obligations, as part of our general business operations, and for other business administration purposes

To manage the security of the data in our possession and where we believe necessary, to investigate, prevent or take action regarding illegal activities, suspected fraud, cyber security threats, situations involving potential threats to your safety or the safety of any other person or violations of our Terms of Use or this Privacy Policy, or to bring or defend legal claims

To debug or repair errors in our systems

To facilitate arrangements we have with business partners

To permit certain partners we think you may want to hear from, such as the issuer of our Forever 21-branded credit cards, to reach out to you, and

For other purposes as permitted by applicable law and not inconsistent with this Privacy Policy or any other express statement we make at the point of collection of the PI

DISCLOSURE OF YOUR INFORMATION

Subject to applicable law, this Privacy Policy, and any other applicable notices at the point of collection, we may share, or you may yourself share via our Services, your PI, and other information, in connection with our operation of our business, and more specifically as follows:

Companies providing services on our behalf. We may share your PI with third-party vendors that perform services on our behalf, as needed to carry out their work for us, which may include delivering your orders, providing Customer Service, providing marketing and advertising services to us, conducting security audits, providing accounting or legal services, administering our Prize Promotions, providing web hosting, payment processing services or fraud prevention services, assessing or measuring the performance and functioning of our Sites, providing analytics or providing any other services that we need to operate our business.

Third party ad networks. We use third party ad networks and other advertising services providers and intermediaries to develop information to enable personalized advertising content for you, to display our ads to you on third party websites and apps you visit, and to measure the effectiveness of those ads. These third parties may place Cookies on your device if you use our Services. Our shared use of your information with these parties helps us tailor ads to your interests. Other parties’ use of Cookies are governed by each applicable company’s specific Privacy Policy. If you would like to learn more about how we and our third party partners use Cookies and how to manage your settings and choices, click here.

Payment service providers. We may use third-party payment service providers to process payments made through the Services. If you wish to make a payment in connection with your use of the Services, your PI will be collected by such a third-party payment service provider and not by us, and thus will be subject to the third party’s Privacy Policy rather than this Privacy Policy.

Corporate transactions. If we are, or under consideration to be, acquired by, merged with, or invested in by another company, or if our assets are, or may be under consideration to be, transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise (each, a “Corporate Transaction”), we may transfer your PI in connection therewith. As part of Corporate Transactions, we may also share certain of your PI with lenders, auditors, and third party legal and financial advisors.

In the context of legal processes. We may disclose your PI to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena or if we reasonably believe that such action is necessary to comply with the law and the reasonable requests of law enforcement.

To protect us and others. We may disclose your PI when we believe it is appropriate to do so to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the rights, property or personal safety of any person, violations of our Terms of Use or this Privacy Policy, or as evidence in litigation, arbitration or government agency investigation in which we are involved.

General public and other Site or App users. Your user name and any information, including, without limitation, reviews, comments, and text will be available to, and searchable by, all users of our Sites if you post such content there.

Non-PI. We may share aggregate, anonymized, or de-identified information, and other non-PI, about you with affiliated and non-affiliated entities for marketing, advertising, research and other purposes. This Privacy Policy is not intended to limit our disclosure of non-PI, which we reserve the right to disclose and otherwise share as permitted by applicable law.

If you make a purchase on the Site, your international order will be fulfilled by our third party vendor named Printful, and accordingly your information will be provided by you directly to Printful and will be handled by Printful in accordance with their Privacy Policy. The checkout page is hosted by Printful, and not by us, so Printful (and not HEAR THE EARTH BLOG AND HEAR THE EARTH SHOP) is doing the collection. Please note, however, that Printful will share your information with us so that we can service your order in terms of Customer Service.

PRIVACY RIGHTS AND CHOICES; MANAGING PREFERENCES

Account-related choices. You may update your profile information, such as your user name and password, by accessing the profile section of your account. You may also be able to adjust certain communications preferences in your account settings. If you would like us to close your account associated with a particular e-mail address, please send us an e-mail from that e-mail address to shop@heartheearthblog.com with the words CLOSE MY ACCOUNT in the subject line. We will only honor “close my account” requests associated with a particular e-mail address if we locate an account in our systems associated with that e-mail address.

Access to your Device Information. You may control the App’s access to certain of your device information through the “Settings” on your device.

Marketing communications preferences. You can stop receiving promotional e-mail communications from us by using the “unsubscribe” mechanism provided in the e-mail message, or by sending an e-mail to shop@heartheearthblog.com with the words UNSUBSCRIBE FROM E-MAIL in the subject line. If you unsubscribe from receiving promotional e-mails or text messages, we may still send you transactional e-mails or text messages about your account or any services you have requested or receive from us (e.g., account verification, transactional communications, changes/updates to features of the Services, technical and security notices, responses to your communications, purchase-related communications if you made a purchase, etc.).

Managing Cookies. To manage your choices and preferences regarding the Cookies we use on our Services, go to the Cookies and Other Tracking Technologies section of this Privacy Policy to learn more about the categories of Cookies we use or to the Cookie Preference Center to manage your preferences regarding the Cookies we use. You may also set your e-mail options to prevent the automatic downloading of images that may contain Cookies that would allow us to know whether you have accessed our e-mails and performed certain functions with it. To learn more about Cookies and how to manage them generally, you can visit http://www.aboutcookies.org or http://www.allaboutcookies.org/, but we do not guaranty the accuracy of that third party information. If you prefer not to accept traditional Cookies, most browsers will allow you to: (i) change your browser settings to notify you when you receive a Cookie, which lets you choose whether or not to accept it; (ii) disable existing Cookies; or (iii) set your browser to automatically reject Cookies. Please check your browser and browser settings to determine where traditional Cookies are stored and whether and how they may be deleted. The “help” portion of the toolbar on most browsers will tell you more. To find out how to manage traditional Cookies on popular browsers, go to Google Chrome; Microsoft Edge; Mozilla Firefox; Microsoft Internet Explorer; Opera and Apple Safari. To find information relating to other browsers, visit the browser developer’s website. Deleting Cookies in the manner described above does not delete Local Storage Objects (LSOs) such as Flash objects and HTML5. You can learn more about Adobe Flash objects—including how to manage privacy and storage settings for Flash cookies—here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html#124401

Depending on your mobile device and operating system, you may not be able to delete or block all Cookies.

Managing Your Interest-Based Advertising Preferences and Choices. To specifically manage your choices and preferences regarding the Advertising and Targeting Cookies we use, go to the Cookie Preference Center. In addition, you can opt-out of receiving behavioral advertisements from certain vendors that are members of specific self-regulatory associations, as described below.

If you opt out of interest-based advertising, your opt-out will be specific to the web browser, app, or device from which you accessed the opt-out. If you use multiple devices or web browsers, you will need to opt out on each browser or device that you use.

We are not responsible for the effectiveness of, or compliance with, third-party opt-out options or programs, or the accuracy of their statements.

Managing Google.

To prevent your personal information or other data from being used by Google Analytics, you can install Google’s opt-out browser add-on. You can also access your Google Ads settings to control what data Google uses to show ads to you. Google offers other choices in the settings and privacy control portions of its service. We are not responsible to the accuracy of Google’s statements of the effectiveness of its choice controls.

SITES NOT DESIGNED FOR MINORS

Our Sites are not designed for children under 18 and we do not knowingly collect information from children under the age of 18. In fact, our Sites require you to have reached the age of majority in the jurisdiction in which you live in order to make purchases there. If you are under the age of 18, please do not use our Services or otherwise provide us with any PI either directly or by other means. HEAR THE EARTH BLOG AND HEAR THE EARTH SHOP does not knowingly collect or solicit any information from anyone under the age of 18 on our Services. In the event that we learn that we have inadvertently collected PI from a child under age 18, we will delete that information as required by applicable law. If you believe that we might have any information from a child under 18, please contact us using the contact details set out at the end of this Privacy Policy. Visitors older than the age of 18, but younger than their country’s legal age of majority are permitted to use and/or submit their PI only with parental supervision. We encourage parents and guardians to spend time online with their minor children and to participate and monitor their interactive activities since we are not responsible for that in any case.

RETENTION OF YOUR PI

We will retain your PI only for as long as necessary for the purposes outlined in this Privacy Policy, and for a commercially reasonable time thereafter for backup, archival, fraud prevention or detection, or audit purposes, or as otherwise required by law. Where your PI is no longer required we will delete it. If you do not have an account on our Site or App, but you have signed up to receive HEAR THE EARTH BLOG AND HEAR THE EARTH SHOP marketing communications (e-mails or text messages), we will only retain your PI for as long as we have your consent to send you marketing communications. When you shop online on the Site or on the App without having opened an account (i.e., you shop as a guest), we will only retain your PI for a commercially reasonable period of time after you have completed your order in order to fulfill any contractual or legal obligations we have such as processing any refunds, exchanges, refunds (unless you have also signed up to receive marketing communications from us, in which case we will add this order information to your customer record). If you already have an account with us, but you choose to make a purchase as a guest, we will add the guest checkout purchase to your customer record internally automatically. To avoid this, please use a different e-mail address to make a purchase as a guest.

SECURITY

Data Security. We care about the security of your PI and employ physical, administrative, and technological safeguards designed to preserve the integrity and security of all information collected through our Services. In addition to implementing various security measures, we do not store your PI for an unlimited period of time. However, no security system is impenetrable, and we cannot guarantee the 100% security of our systems. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with applicable law.

Please take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing robust and unique passwords that nobody else knows or can easily guess, and keeping your log-in ID and password private. Also, please be aware that, if you publicly post your PI, it is not protected. Please refrain from sending us sensitive data by e-mail. We are not responsible for any lost, stolen, or compromised passwords, for any activity on your account via unauthorized password activity, or for any PI that you publicly and intentionally disclose via our Services.

INTERNATIONAL USE AND TRANSFER

We are based in Costa Rica and the information we and our service providers and other third parties collect is governed by Costa Rican law, except as otherwise stated in this Privacy Policy or required by applicable law. If you are accessing the Services from outside of Costa Rica, please be aware that information collected through the Services may be transferred to, processed, stored, and used in the US and other parts of the world, where the data protection laws may be different from and less protective than those of your country of residence. Except as otherwise provided with respect to transfers of the PI of EEA Users as set forth in the Supplement for European and UK Users), your use of the Services and the provision of any information therefore constitutes your consent to the transfer to, and the processing, usage, sharing, and storage of your information, including your PI, in, the US and other countries, as set forth in this Privacy Policy.

CONTACT US

If you have any questions about this Privacy Policy or the way we process your PI or if you want to make a complaint or exercise your rights, please contact us at:

shop@heartheearthblog.com

CHANGES TO PRIVACY POLICY

We may change this Privacy Policy to reflect new practices, better inform you, or to comply with changes in applicable laws. Please check back periodically to ensure you are familiar with all of our current practices. When we change the Privacy Policy in a material manner, we will let you know by updating the “Effective Date” at the top of this page. If you object to any changes, you may stop using our Services.