Privacy policy

Last updated: January 30, 2025

This Privacy Policy describes how OiloHerb (the "Website", "we", "us", or "our") collects, uses, and discloses your personal information when you visit, use our services, or make a purchase from oiloherb.com (the "Website") or otherwise communicate with us regarding the Website (collectively, the "Services"). For the purposes of this Privacy Policy, the terms "you" and "your" refer to you as a user of the Services, whether you are a customer, visitor to the website, or another individual whose information we have collected according to this Privacy Policy.

Please read this Privacy Policy carefully.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on the Website, update the "Last updated" date, and take any other measures required by applicable law.

How We Collect and Use Your Personal Information

To provide the Services, we collect and have collected personal information about you over the past 12 months from various sources, as described below. The information we collect and use varies depending on how you interact with us.

In addition to the specific uses described below, we may use the information we collect about you to communicate with you, provide or improve the Services, comply with any applicable legal obligations, enforce any applicable terms of service, and protect or defend the Services, our rights, and the rights of our users or others.

What Personal Information We Collect

The types of personal information we receive about you depend on how you interact with our Website and use our Services. When we use the term "personal information," we refer to information that identifies, relates to, describes, or can be associated with you. The following sections describe the categories and specific types of personal information we collect.

Information We Collect Directly from You

The information you submit directly through our Services may include:

• Contact information including your name, address, phone number, and email address.

• Order information including your name, billing address, shipping address, payment confirmation, email address, and phone number.

• Account information including your username, password, security questions, and other information used for account security.

• Customer support information including the information you choose to include in communications with us, for example, when sending a message through the Services.

For certain features of the Services, you may need to provide certain information directly about yourself. You can choose not to provide this information, but doing so may prevent you from using or accessing those features.

Information We Collect About Your Use

We may also automatically collect certain information about your interaction with the Services ("Usage Data"). To do this, we may use cookies, pixels, and similar technologies ("Cookies"). Usage Data may include information about how you access and use our website and your account, including device information, browser information, network connection information, your IP address, and other information about your interaction with the Services.

Information We Receive from Third Parties

Finally, we may receive information about you from third parties, including vendors and service providers who may collect information on our behalf, such as:

• Companies that support our Website and Services, such as Shopify.

• Payment processors we use, who collect payment details (e.g., bank account, credit or debit card information, billing address) to process your payment, fulfill your orders, and provide the products or services you requested as part of the contract we have with you.

• When you visit our Website, open or click on emails we send you, or interact with our Services or advertisements, we or third parties we work with may automatically collect certain information using electronic tracking technologies such as pixels, web beacons, software development kits, third-party libraries, and cookies.

Any information we receive from third parties will be treated in accordance with this Privacy Policy. See also the section below, Third-Party Websites and Links.

How We Use Your Personal Information

Provision of Products and Services: We use your personal information to provide the Services in order to perform our contract with you, including processing your payments, fulfilling your orders, sending notifications about your account, purchases, returns, exchanges, or other transactions, creating, maintaining, and managing your account, arranging shipping, facilitating any returns and exchanges, and other features and functionalities related to your account. We may also enhance your shopping experience by allowing Shopify to link your account with other Shopify services you may choose to use. In this case, Shopify will process your information as outlined in the Privacy Policy and Consumer Privacy Policy.

Marketing and Advertising: We may use your personal information for marketing and promotional purposes, such as sending marketing, advertising, and promotional communications via email, text messages, or mail, and showing you advertisements for products or services. This may include using your personal information to better tailor the Services and advertising on our Website and other websites. If you are an EEA resident, the legal basis for these data processing activities is our legitimate interest in selling our products, under Article 6(1)(f) of the GDPR.

Security and Fraud Prevention: We use your personal information to detect, investigate, or take action regarding potential fraudulent, illegal, or malicious activity. If you choose to use the Services and register an account, you are responsible for the security of your account credentials. We strongly recommend not sharing your username, password, or other access details with anyone. If you believe your account has been compromised, please contact us immediately. If you are an EEA resident, the legal basis for these data processing activities is our legitimate interest in keeping our website secure for you and other customers, under Article 6(1)(f) of the GDPR.

Communication with You and Improving Services: We use your personal information to provide you with customer support and to improve our Services. This is in our legitimate interest to respond to you, provide effective services, and maintain our business relationship with you under Article 6(1)(f) of the GDPR.

Cookies

Like many websites, we use cookies on our Website. For specific information about the cookies we use in the context of supporting our store with Shopify, see https://www.shopify.com/legal/cookies. We use cookies to support and improve our Website and Services (including remembering your actions and preferences), to perform analytics, and to better understand how users interact with the Services (for our legitimate interest in managing, improving, and optimizing the Services). We may also allow third parties and service providers to use cookies on our Website to better tailor services, products, and advertising on our Website and other websites.

Most browsers automatically accept cookies by default, but you can choose to set your browser to remove or reject cookies through your browser controls. Please note that removing or blocking cookies may negatively impact your user experience and may cause some Services, including certain features and general functionality, to work incorrectly or become unavailable. Additionally, blocking cookies may not completely prevent how we share information with third parties, such as our advertising partners.

Our Website also recognizes the Global Privacy Control (GPC) signal, which allows you to opt out of certain uses or disclosures of your information. If you notify us of your preference via GPC, we will treat this signal as a valid opt-out request for sharing/targeted advertising for the associated browser or device, and, where we can associate the device sending the signal with a Shopify account, we will apply the opt-out request to the account. To learn more about Global Privacy Control, you can visit https://globalprivacycontrol.org/. Apart from Global Privacy Control, we do not recognize other Do Not Track signals that may be sent from your web browser or device.

How We Disclose Personal Information

In certain circumstances, we may disclose your personal information to third parties for purposes of fulfilling the contract, legal purposes, and other reasons subject to this Privacy Policy. Such circumstances may include disclosure to:

• Vendors or other third parties that provide services on our behalf (e.g., IT management, payment processing, data analytics, customer support, cloud storage, order processing, and shipping).

• Business partners and marketing partners to provide you with services and advertising. Business partners and marketing partners will use your information according to their own privacy statements.

• When you instruct, request, or otherwise consent to the disclosure of certain information to third parties, such as for the shipment of your products or through your use of social media widgets or login integrations, with your consent.

• Our affiliates or otherwise within our corporate group, for our legitimate interests in operating a successful business.

• In connection with a business transaction, such as a merger or bankruptcy, to comply with any applicable legal obligations (including responding to court subpoenas, search warrants, and similar requests), to enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.

Over the past 12 months, we have disclosed the following categories of personal information and sensitive personal information about users for the purposes listed above in the sections "How We Collect and Use Your Personal Information" and "How We Disclose Personal Information":

We do not use or disclose sensitive personal information without your consent or for the purpose of inferring characteristics about you.

With your consent, we share personal information for the purpose of participating in advertising and marketing activities, as follows:

We have "sold" and "shared" (as these terms are defined under applicable law) personal information during the past 12 months for the purpose of participating in advertising and marketing activities, as follows:

User-Generated Content

The Services may allow you to post product reviews and other user-generated content. If you choose to submit user-generated content to any public area of the Services, this content will be public and accessible by anyone.

We do not control who will have access to the information you choose to make available to others, and we cannot ensure that parties who have access to such information will respect your privacy or keep it secure. We are not responsible for the privacy or security of any information you make publicly available, or for the accuracy, use, or misuse of any information you disclose to third parties or receive from third parties.

Third-Party Websites and Links

Our Website may provide links to websites or other online platforms operated by third parties. If you follow links to websites that are not affiliated with or controlled by us, you should review their privacy and security policies, as well as other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such websites, including the accuracy, completeness, or reliability of the information contained on these websites. Information you provide in public or semi-public areas, including information you share on third-party social media platforms, may also be visible to other users of the Services and/or users of those third-party platforms without limitation as to use by us or by a third party. The inclusion of such links by us does not imply any endorsement of the content on these platforms or of their owners or operators, except as disclosed in the Services.

Children's Data

The Services are not intended for use by children, and we do not knowingly collect personal information from children. If you are a parent or guardian of a child who has provided us with their personal information, you can contact us at the contact information listed below to request its deletion.

As of the Effective Date of this Privacy Policy, we do not have actual knowledge that we "share" or "sell" (as those terms are defined under applicable law) personal information of individuals under the age of 16.

Security and Retention of Your Information

Please note that no security measure is perfect or impenetrable, and we cannot guarantee "perfect security." Additionally, any information you send to us may not be secure during transmission. We recommend that you do not use unsecured channels to communicate sensitive or confidential information to us.

The length of time we retain your personal information depends on various factors, such as whether we need the information to maintain your account, provide the Services, comply with legal obligations, resolve disputes, or enforce other applicable contracts and policies.

Your Rights

Depending on your place of residence, you may have some or all of the rights listed below in relation to your personal information. However, these rights are not absolute, may apply only in certain circumstances, and in some cases, we may decline your request as permitted by law.

• Right to Access/Know: You may have the right to request access to personal information we hold about you, including details on how we use and share your information.

• Right to Deletion: You may have the right to request that we delete personal information we hold about you.

• Right to Correction: You may have the right to request that we correct inaccurate personal information we hold about you.

• Right to Portability: You may have the right to receive a copy of the personal information we hold about you and to request that we transfer it to a third party, in certain circumstances and subject to certain exceptions.

• Right to Opt-Out of Sale or Sharing or Targeted Advertising: You may have the right to ask us not to "sell" or "share" your personal information or to opt-out of the processing of your personal information for purposes considered "targeted advertising," as defined by applicable privacy laws. Please note that if you visit our website with the Global Privacy Control opt-out preference signal enabled, depending on where you are located, we will automatically treat this as a request to opt-out of the "sale" or "sharing" of information for the device and browser you use to visit the Website.

• Restrict Processing: You may have the right to ask us to stop or restrict the processing of your personal information.

• Withdraw Consent: Where we rely on consent to process your personal information, you may have the right to withdraw that consent.

• Appeal: You may have the right to appeal our decision if we decline to process your request. You can do this by responding directly to our denial.

• Manage Communication Preferences: We may send you promotional emails, and you can opt-out of receiving them at any time by using the unsubscribe option found in the emails we send you. If you opt-out, we may continue to send you non-promotional emails, such as emails about your account or orders you have placed.

You can exercise any of these rights where indicated on our Website or by contacting us at the contact information provided below.

We will not discriminate against you for exercising any of these rights. We may need to collect information from you to verify your identity, such as your email address or account information, before substantively responding to the request. As permitted by applicable law, you can designate an authorized representative to make requests on your behalf regarding the exercise of your rights. Before we accept such a request from a representative, we will require the representative to provide proof that you have authorized them to act on your behalf, and we may need you to verify your identity directly with us. We will respond to your request in a timely manner as required by applicable law.

Complaints

If you have complaints about how we process your personal information, please contact us at the contact information provided below. If you are not satisfied with our response to your complaint, depending on where you live, you may have the right to appeal our decision by contacting us at the contact information listed below or to submit your complaint to your local data protection authority. For the EEA, you can find a list of the relevant supervisory data protection authorities here.

International Users

Please note that we may transfer, store, and process your personal information outside the country in which you live. Your personal information is also processed by staff and third-party service providers and partners in these countries.

If we transfer your personal information outside of Europe, we will rely on recognized transfer mechanisms such as the European Commission's standard contractual clauses, or any equivalent contracts issued by the relevant UK authority, as applicable, unless the data transfer is to a country that has been deemed to provide an adequate level of protection.

Contact

If you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please call or email us at info@oiloherb.com or contact us at ulitsa "Stara Planina" no 80, Stolichna, Sofia, 1527, BG.

For the purposes of applicable data protection law and unless expressly stated otherwise, we are the data controller of your personal information.