Last Updated: August 17, 2023
Effective Date: August 17, 2023

Privacy Policy

Thank you for visiting one of our websites (“Cluster” or “ByHeart,” individually the “Site” or collectively the “Sites”) at cluster.byheart.com or ByHeart.com. BYHEART, INC. (“ByHeart,” “we,” or “us”) is committed to treating the personal information of our Site users (“Users”) with respect and sensitivity. To that end, we have issued this Privacy Policy (“Privacy Policy” or “Policy”), which describes how ByHeart uses personal information about visitors to and Users of our Site, individuals who contact us, make purchases, attend events, or request information, and other Users of our services. The Site and our other services are the “Services.” By continuing to use our Site, you accept the terms of this Privacy Policy, along with our Terms of Use and Terms of Service.

Children. The Services of ByHeart are not directed to children, and we do not knowingly collect personal information from children under the age of thirteen (13). If you become aware that a child has provided us with personal information without parental consent or in violation of applicable law, please contact us at the location identified in the Contact Us section.

Changes to this Policy

As our services and the functionalities of the Site evolve and we perceive the need or desirability of using the personal information that we have collected in other ways, we may update or amend this Privacy Policy. The last updated date, which represents the date that the Policy was last updated or amended, appears at the top of this Privacy Policy along with the effective date that the Policy was enacted. We encourage you to check our Site frequently to review the Policy currently in effect and make note of any changes that may have been made to it.

CONTACT US

This Site is owned and operated by ByHeart, Inc. If you have any questions or suggestions with respect to this Privacy Policy or our privacy practices, please email us at hello@byheart.com, or you can contact us via mail at:

ByHeart, Inc.
131 Varick Street, 11th Floor
New York, NY 10013

We collect personal information and data that you enter on our Site or otherwise volunteer to us when you contact us to, among other things, set up an Account, interact with experts, interact with or review our products or services on our Site or third party sites, request information, make purchases, or access or use the Site. You can choose not to provide certain personal information, but then you might not be able to take advantage of many of our features.

ByHeart collects only the personal information that is relevant for the purposes for which the personal information is requested. We do not use your personal information in any way that is incompatible with the purposes for which it was collected or for which you have consented.

INFORMATION THAT YOU GIVE US

When you access, use, or contact us through our Site, correspond with us by phone, e-mail, or otherwise, or interact with us online, we may collect personal information from you that may include:

Identifiers: When you contact us, including if you sign up to learn more about our Services or otherwise contact us, we collect your first and last name, email address, phone number(s), the birthdate of your baby, if and whether you have twins, the nature of your inquiry, and any other information you choose to provide.

Account Information: When you register for an account with us, we collect your name, email address, password, and any other information used in connection with accessing your account.

Payment Data: If you make purchases through our Services, we collect credit card number and payment details, billing address, and payment type.

User-Generated Content: When you email, call, or otherwise communicate with us and members of our team, we collect and maintain a record of your contact details, your communications with us, our responses, and any other comments and content you provide about your use of our services and products (such as posts on our social media pages and reviews left on the Site or through third-party review platforms such as Yotpo).

Marketing and Promotions: If you agree to receive marketing communications from us, we collect your email, name, phone number, birthdate of your baby, if and whether you have twins, preferences, and if relevant, information about your account and the Services and features you use. If you participate in promotions we offer, we collect your name and other information related to the activities available through our Services.

Preferences: We may also collect information about your preferences, including communications preferences, preferences related to your use of the Services, and any other preferences or requests you provide when interacting with us.

Inferences: We may also collect information about your goals and aspirations for our services and products or inferences derived from that information.

INFORMATION THAT WE COLLECT AUTOMATICALLY

We, and our providers, automatically collect personal information related to your use of our Services, including through the use of cookies, pixel tags, and other similar technologies. When you visit our Site, our web server automatically collects and stores the following information:

Device, Browsing, and Usage Information: the IP address used to connect your computer to the Internet, referring website address, browser type and version, time zone setting, browser plug-in types and versions, operating system, platform, the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), pages on our Site that you viewed, page response times, download errors, duration of page visits, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service or other phone number(s).

Location Information: location information collected or derived through IP address. If you choose to enable location-based sharing with us through your device settings, we may collect precise location information, such as GPS coordinates, to provide content that is more relevant to your location and to otherwise improve your interactions with our Services. You may turn off location data sharing through your device settings.

For more information about our use of cookies and other similar technologies, please see the “Cookies and Other Tracking Mechanisms” section below.


PERSONAL INFORMATION THAT WE RECEIVE FROM OTHER SOURCES

We receive personal information from third parties who operate other websites or services that we use in order to provide our products and services to you, or for proper functioning and maintenance of our Site itself. We work closely with third parties, including (for example) business partners, promotors, affiliates, and sub-contractors in technical, payment, and delivery services, advertising networks, marketing analytics providers, and search information providers.

To the extent permitted by applicable law, we may combine the personal information we collect from publicly available or third-party sources.

We will use this personal information for the following purposes:

Services and Support. To allow you to maintain your account with us, to provide and operate our Services, provide troubleshooting and technical support, to respond to your inquiries, and otherwise run our day-to-day operations.

Communicate with You. To respond to your inquiries, send you requested materials and newsletters, as well as information and materials regarding our Services and offerings, and to communicate with you regarding your shipment and our Services. We also use this information to carry out our obligations arising from the Terms of Use and to notify you about changes to our Services.

Marketing and Promotions. To contact you in the future to provide you with information about other products and services that we offer, or that are offered by our affiliates or third party vendors to perform direct marketing of products and services offered by ByHeart and our affiliates; to determine additional ByHeart materials, services, or events to recommend and market to you;
And to provide advertising of ByHeart and its products and services on other websites and platforms.

Research and Surveys. To administer surveys and questionnaires, such as for market research or user satisfaction purposes.

Planning and Managing Events. For event and webinar planning, and other management related purposes, such as registration, attendance, connecting you with other event attendees, and contacting you about relevant events and Services.

Security and Protection of Rights. To protect the Services and our business operations, and to protect our rights or those of our stakeholders; to prevent and detect fraud, unauthorized activities and access, and other misuse; where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of our Terms of Use.

Compliance and Legal Process. To comply with applicable laws and regulations, including obligations as part of a judicial proceeding; to respond to a subpoena, warrant, court order, or other legal process; or as part of an investigation or request, whether formal or informal, from law enforcement or a governmental authority.

Auditing, Reporting, and Other Internal Operations. To conduct financial, tax and accounting audits; audits and assessments of our operations, privacy, security and financial controls, risk, and compliance with legal obligations; our general business, accounting, record keeping and legal functions, and to maintain appropriate business records and enforce company policies and procedures.

General Business and Operational Support. To consider and implement mergers, acquisitions, reorganizations, bankruptcies, and other business transactions such as financings, and to administer our business, accounting, auditing, compliance, recordkeeping, and legal functions.

Quality Control and Training. For training purposes, quality assurance, and to record details about the products and services that you use or order from us.

Analytics and Improvement. To perform data analyses (including anonymization and aggregation of personal information), to better understand how users access and use the Services and our product and service offerings, and for other research and analytical purposes, such as to evaluate and improve our Services and business operations, and to develop our Services and its features.

We may disclose the personal information we collect for the purposes described above as follows:

Affiliates and Subsidiaries. We may disclose the personal information we collect to our corporate affiliates and subsidiaries.

Business Partners. ByHeart also partners with other businesses to offer our products and Services, and we may disclose personal information to those business partners.

Vendors and Service Providers. We may disclose the personal information we collect to vendors and service providers who perform functions on our behalf, such as IT and website hosting, and customer support, etc.

Customers and Clients. In some circumstances, we may disclose the personal information we collect to our customers and clients to facilitate shipments and administer our Services.

Marketing and Analytics Providers. We may also disclose your personal information, such as device and browsing, and activities and usage information, to marketing and advertising networks, data analytics providers, and other companies who provide marketing or analytics services on our behalf. For more information see the “Cookies and Other Tracking Mechanisms” section below.


We may also disclose your personal information to third parties in the following circumstances:

In Support of Business Transfers. In the event that we sell or buy any business(es) or asset(s), in which case we will disclose your personal information to the prospective seller or buyer of such business(es) or asset(s) as part of the purchase, transfer, or sale of services or assets. If we sell all or substantially all of our assets to a third party, personal information about our customers will be one of the transferred assets.

Compliance and Legal Obligations. If we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or any lawful request by public authorities (including to meet national security or law enforcement requirements), or in order to enforce or apply our Privacy Policy and Terms of Use and other agreements; or to protect the rights, property, or safety of us, our customers, or others.

Security and Protection of Rights. Where we believe doing so is necessary to protect the Services, our rights and property, or the rights, property, and safety of others. For example, we may disclose personal information to (i) prevent, detect, investigate, and respond to fraud, unauthorized activities and access, illegal activities, and misuse of the Services, (ii) situations involving potential threats to the health, safety, or legal rights of any person or third party, or (iii) enforce, detect, investigate, and take action in response to violations of our Terms of Use. We may also disclose personal information related to litigation and other legal claims or proceedings in which we are involved, as well as for our internal accounting, auditing, compliance, recordkeeping, and legal functions.

Aggregate and Deidentified Information. Notwithstanding anything else in this Policy, we may use, disclose, and otherwise process aggregate and deidentified information related to our business and the Services with third parties for quality control, analytics, research, development, and any other purpose.

OUR RETENTION OF YOUR PERSONAL INFORMATION

We will keep your personal information for as long as we need it, or as otherwise prescribed by law, for the purposes set out above. This period will vary depending on your interactions with us. We may also keep a record of correspondence with you (for example, if you have made a complaint) for as long as is necessary to protect us from any and all actual or threatened legal claims against us.

SECURITY

No data transmission over the Internet, wireless transmission or electronic storage of information can be guaranteed to be 100% secure. We cannot ensure or warrant the security of any personal information we collect. You use the site and provide us with data at your own risk.

ACCESS TO OTHER WEBSITES

Our Site may include links to and from other websites, including our partner networks and affiliates and other third parties. If you follow a link to any of these websites, please note that these websites are not covered by this Privacy Policy. We are not responsible for the privacy practices of any third parties or the content of linked sites, although we do encourage you to read the applicable privacy policies and terms and conditions of use of such parties or websites. This Privacy Policy only applies to how ByHeart deals with your personal information; it does not apply to any other company or any other company’s website, even if you access these websites via our Site. Please check those websites’ policies before you use them or submit any personal information to them.

What are cookies and pixel tags?
A cookie is a small data file that we transfer to your device’s hard drive through your web browser. Like many websites, we use cookies and we obtain certain types of information when you access our Site, our advertisements, or other content provided by us or by others on our behalf from other websites. Information we gather through cookies may include the date and time of your visits to our Site, the pages viewed, and the time spent at our Site.

Pixel tags (sometime called web beacons or clear GIFs) are tiny graphics with a unique identifier, similar in function to cookies. While cookies are stored locally on your device, pixel tags are embedded invisibly within web pages and online content. We may use these, in connection with our Services to, among other things, track the activities of users, and help us manage content and compile usage statistics. We may also use these in our emails to let us know when they have been opened or forwarded, so we can track response rates and gauge the effectiveness of our communications.

How do we and third parties use them?
We use cookies and pixel tags to personalize your experience with our Site; collect aggregate information about Site usage by all of our Users; control the display of advertisements; offer other products, services, and functionalities personalized to you; and improve the performance of our Site to provide you with a better User experience.

Third Party Analytics
We, and third parties, use third party tools, such as Google Analytics, which are operated by third party companies, to evaluate usage of our Site and Services. These third-party analytics companies use cookies, pixels, and other tracking technologies to collect usage data about our Services to provide us with reports and metrics that help us evaluate usage of our Services, improve our Site, and enhance performance and user experiences. To learn more about Google’s privacy practices, please review the Google Privacy Policy at https://www.google.com/policies/privacy/partners/. You can also download the Google Analytics Opt-out Browser Add-on to prevent your data from being used by Google Analytics at https://tools.google.com/dlpage/gaoptout.

Cross-Device Tracking
We, and third parties, may use the personal information we collect about you within our Services and on other third-party websites and services to help us and these third parties identify other devices that you use (e.g., a mobile phone, tablet, other computer, etc.) to interact or engage with us or the Services.

Third-Party Advertising.
We work with third-party ad networks, analytics, marketing partners, and others (“third-party ad companies”) to personalize content and display advertising within our Services, as well as to manage our advertising on third-party sites. We and these third-party ad companies may use cookies, pixels tags, and other tools to collect browsing and activity information within our Services (as well as on third-party sites and services), as well as IP address, unique ID, cookie and advertising IDs, and other online identifiers. We and these third-party ad companies use this information to provide you more relevant ads and content within our Services and on third-party sites, and to evaluate the success of such ads and content.

Blocking Our Use of Cookies
You may be able to block the use of cookies through settings in your browser. Because these settings are different in different browsers, we recommend that you visit “All About Cookies” at www.allaboutcookies.org, where you can find comprehensive information on cookie management and blocking for a wide variety of browsers. In order to use certain services offered through our Site, your web browser must accept cookies. If you choose to block the use of cookies on the Site, some aspects may not work properly.

We make available several ways for you to manage choices about your personal information, including preferences regarding cookies, advertising, whether you want to receive marketing and promotional emails from us, and choices regarding your account and profile information.

Marketing Communications. You may unsubscribe from any of our email and marketing updates by following the unsubscribe instructions in the body of any email message we have sent to you. We will take commercially reasonable steps to implement your unsubscribe requests promptly, but you may still receive promotional information from us by mail for up to sixty (60) days, and up to fifteen (15) days for email. You may also continue to receive information from those third parties to whom we have previously disclosed your personal information. Please note that when you unsubscribe from our marketing communications, we will keep a record of your email address to ensure that we do not send you marketing emails in future.

Account Information. You may access and change personal information that you have submitted by logging into your Account and updating your profile information or contacting us at hello@byheart.com. We may communicate with you via email if you purchase products or services from the Site. You may opt out of receiving some or all categories of promotional communications from us by following the instructions in those communications or by updating your email preferences in your Account.

Cookie Settings. To prevent cookies from tracking your activity on our Site or visits across multiple websites, you can set your browser to block certain cookies or notify you when a cookie is set; you can also delete cookies. The “Help” portion of the toolbar on most browsers will tell you how to prevent your device from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to delete cookies. Visitors to our Site who disable cookies will be able to browse the Site, but some features may not function.

Industry Ad Choice Programs. You can also control how participating third-party ad companies use the information that they collect about your visits to our Site, and those of third parties, in order to display more relevant targeted advertising to you. If you are in the U.S., you can obtain more information and opt out of receiving targeted ads from participating third-party ad networks at aboutads.info/choices (Digital Advertising Alliance). Opting out of participating third party ad networks does not opt you out of being served advertising. You may continue to receive generic or “contextual” ads on our Site. You may also continue to receive targeted ads on other websites, from companies that do not participate in the above programs.

We may offer public interactive forums and other posting areas through our Site and on other platforms, like office hours, discussion boards, product reviews, chat rooms, community forums, social media pages, etc. When you participate in these offerings, other visitors to and Users of our Site and other platforms may be able to see your username, postings, and other personal information you choose to provide or communicate. You should take this into consideration before posting to the Site and exercise caution when disclosing such information. Information you post could remain viewable even after you remove it or delete your Account.

If you interact with us on social media or use features, such as plugins, widgets, or other tools made available by social media platforms or networks in connection with the Site or your use of our products or services, we collect information that you share with us, or that the social media platforms share with us. For any user-generated content you submit to us or when you interact with us on our public interactive forums or other publicly available posting areas, that information will be publicly available, and may be used and reshared for our own activities such as advertisements, creative assets, email marketing, and organic social media. [We will seek your consent prior to sharing user-generated content that identifies you by name.] For more information about the privacy practices of those social media platforms, please review the privacy policies and settings of the social media platforms and networks that you use.

Our Site does not respond to Do Not Track requests at this time, as there is currently no industry standard approach to sending, processing, and addressing Do Not Track requests from browsers. Please see https://allaboutdnt.com/ for more information on “Do Not Track” requests.

The CCPA affords California consumers the rights with respect to their Personal Information set forth in this section.


1. RIGHT TO KNOW ABOUT PERSONAL INFORMATION COLLECTED, USED, DISCLOSED, OR SOLD

California consumers have the right to request that ByHeart disclose what personal information it has collected, used, disclosed, and sold over the twelve (12) month period preceding ByHeart’s receipt of such a request. To exercise this right, a California consumer must submit to the Company a verifiable request to obtain such information. This request can be submitted by following the procedures set forth in the “Contact Us” section above.


2. RIGHT TO REQUEST DELETION OF PERSONAL INFORMATION

California consumers have the right to request the deletion of their personal information collected or maintained by ByHeart. To exercise this right, a California consumer must submit to ByHeart a verifiable request to delete such information. This request can be submitted by following the procedures set forth in the “Contact Us” section above.


3. RIGHT TO NON-DISCRIMINATION FOR THE EXERCISE OF A CONSUMER’S PRIVACY RIGHTS

California consumers have the right not to be discriminated against because the consumer exercised any of the consumer’s rights under the CCPA. That means that ByHeart may not deny goods or services to a consumer, charge different rates for goods or services, or provide a different level or quality of goods or services if a consumer chooses to exercise his, her, or their rights under the CCPA (unless the different rate or different level or quality is reasonably related to the value to the business of the consumer’s data).


4. SUBMITTING A CCPA DATA REQUEST

To submit a request to know about the Personal Information we collect about you or a request for deletion of your Personal Information, please contact us by emailing us at hello@byheart.com and including “CCPA Request” in the subject line of the email. ByHeart is required to verify the identity of the individual requesting access to a consumer’s data or requesting deletion of a consumer’s data. To verify your identity, you must provide:

username and password for ByHeart’s Site; or

if ByHeart has previously received an email from your email address, ByHeart may verify that you have access to that email address by sending a verification code; or

if ByHeart has previously received a call from your phone number, ByHeart may text you a verification code.


5. AUTHORIZED AGENT

California consumers may designate an authorized agent to exercise a CCPA right on the consumer’s behalf. If a consumer utilizes an authorized agent to exercise a CCPA right, the following proof that the agent has been authorized to act on the consumer’s behalf will need to be provided:

proof of written permission by the consumer for the authorized agent to act on his, her, or their behalf and separate verification of the consumer; or

proof that the authorized agent holds a power of attorney to act on the consumer’s behalf pursuant to Cal. Probate Code §§ 4000-4465.


As of January 1, 2023, the CPRA will expand consumer data privacy laws and permit California consumers to:

Prevent businesses from sharing personal information;

Correct inaccurate personal information; and

Limit businesses’ use of “sensitive personal information,” including social security number, financial account or credit card number in combination with any required access code or credentials, precise geolocation, race, ethnicity, religion, genetic data, private communications, sexual orientation, and specified health information.

SB 220 affords Nevada consumers the rights with respect to their Personal Information set forth in this section.


1. RIGHT TO REQUEST THAT PERSONAL INFORMATION NOT BE SOLD

Nevada consumers have the right to request that ByHeart promptly stop selling any of their covered information. “Covered Information” means any one or more of the following items of Personally Identifiable Information collected through a website or online service and maintained in an accessible form:

a first and last name;

a home or other physical address which includes the name of a street and the name of a city or town;

an email address;

a telephone number;

a social security number;

an identifier that allows a specific person to be contacted either physically or online;

any other information concerning a person collected from the person through a website or online service and maintained in combination with an identifier in a form that makes the information personally identifiable.

Under SB 220, “Sale” means the exchange of covered information for monetary consideration by the website owner to a recipient for that recipient to license or sell the covered information to third parties.

To exercise this right, a Nevada resident must submit to ByHeart an opt-out request. This request can be submitted by following the procedures set forth in the “Contact Us” section above. ByHeart must respond to any such request within sixty (60) days of receipt.


2. SUBMITTING A SB 220 DATA REQUEST

To submit a request to ByHeart that your covered information not be sold, please contact us by emailing us at hello@byheart.com and including “SB 220 Request” in the subject line of the email. ByHeart is required to verify the identity of the individual making this request.

Effective January 1, 2023, Virginia consumers will have the rights with respect to their Personal Information set forth in this section.


1. RIGHT TO CONFIRM AND ACCESS PERSONAL DATA

Virginia consumers have the right to confirm whether or not a controller is processing the consumer’s personal data and to access such personal data. “Controller” means the natural or legal person that determines the purpose and means of processing personal data. “Personal data” means any information that is linked or reasonably linkable to an identified or identifiable natural person; it does not include de-identified data or publicly available information.


2. RIGHT TO CORRECT INACCURACIES IN PERSONAL DATA

Virginia consumers have the right to correct inaccuracies in the consumer’s personal data, taking into account the nature of the personal data and the purposes of the processing of the consumer’s personal data.


3. RIGHT TO DELETE PERSONAL DATA

Virginia consumers have the right to delete personal data provided by or obtained about the consumer.


4. RIGHT TO OBTAIN A COPY OF PERSONAL DATA

Virginia consumers have the right to obtain a copy of the consumer’s personal data that the consumer previously provided to the controller in a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the data to another controller without hindrance, where the processing is carried out by automated means.


5. RIGHT TO OPT OUT

Virginia consumers have the right to opt out of the processing of the personal data for purposes of (i) targeted advertising, (ii) the sale of personal data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.


6. SUBMITTING A CDPA DATA REQUEST

To submit a request to ByHeart to invoke the consumer rights authorized above, please contact us by emailing us at hello@byheart.com and including “CDPA Request” in the subject line of the email. ByHeart is required to verify the identity of the individual making this request.

Effective July 1, 2023, Colorado consumers will have the rights with respect to their Personal Information set forth in this section.


1. RIGHT TO OPT OUT

Colorado consumers have the right to opt out of the processing of personal data concerning the consumer for purposes of

Targeted advertising;

The sale of personal data; or

Profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer.
“Personal data” means information that is linked or reasonably linkable to an identified or identifiable individual and does not include de-identified data or publicly available information.


2. RIGHT TO ACCESS PERSONAL DATA AND DATA PORTABILITY

Colorado consumers have the right to confirm whether a controller is processing personal data concerning the consumer and to access the consumer’s personal data. “Controller” means a person that, alone or jointly with others, determines the purposes for and means of processing personal data. Consumers have the right to obtain the personal data in a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the data to another entity without hindrance. Consumers may exercise this right no more than two times per calendar year.


3. RIGHT TO CORRECT PERSONAL DATA

Colorado consumers have the right to correct inaccuracies in the consumer’s personal data, taking into account the nature of the personal data and the purposes of the processing of the consumer’s personal data.


4. RIGHT TO DELETE PERSONAL DATA

Colorado consumers have the right to delete personal data concerning the consumer.


5. SUBMITTING A SB 190 DATA REQUEST

To submit a request to ByHeart to invoke the consumer rights authorized above, please contact us by emailing us at hello@byheart.com and including “SB 190 Request” in the subject line of the email. ByHeart is required to verify the identity of the individual making this request.


BYHEART’S ADDITIONAL POLICIES IN COMPLIANCE WITH THE EEA PRIVACY LAWS (GDPR)

In addition to the other policies described in this Privacy Policy, residents of the EU or the EEA are afforded the following additional rights and protections as required by the General Data Privacy Regulation (“GDPR”). The additional rights and protections set forth in this section of this Policy apply only to residents of the European Union or the EEA.

1. GDPR DEFINITIONS

THE FOLLOWING ADDITIONAL DEFINITIONS APPLY TO THIS SECTION OF THE PRIVACY POLICY:

“Controller” means the organization that determines the purposes for which and the manner in which any Personal Information is Processed and used in its business.

“Processor” means any person processing Personal Information.

“Person” means a natural person, corporation, association, organization, partnership, or other legal entity.

“Processing” is any activity that involves use of the Personal Information. It includes, without limitation, obtaining, recording, or holding the Personal Information, or carrying out any operation or set of operations on the Personal Information, including organizing, amending, retrieving, using, disclosing, erasing, or destroying it. Processing also includes transferring Personal Information to third parties.


2. THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION

In order to comply with the GDPR, we are required to set out the legal basis for the processing of your Personal Information. In accordance with the purposes for which we collect and use your Personal Information, as set out above, the legal basis for processing your Personal Information will typically be one of the following:

Our own legitimate business interests, or the legitimate business interests of our third party partners, promoters, affiliates, distributors, suppliers, vendors, and subcontractors, such as, for example, providing direct marketing to our customers of our products and services that we think would be of interest, handling inquiries from our promoters, affiliates, distributors, vendors, and customers, or other instances in which we have carried out a legitimate interests assessment and have established an existing legitimate interest;

The performance of a contract that we have in place with you;

Your consent, where appropriate; or

Compliance with our legal obligations, including to meet national security or law enforcement requirements.


3. WHERE WE STORE YOUR PERSONAL INFORMATION

The data that we collect from you is stored on servers provided by cloud service providers, such as Amazon Web Services. If you are a resident of the EEA or EU, your Personal Information may be transferred within or outside the EEA or EU to areas where privacy laws may be less strict. By submitting your Personal Information, you agree to this transfer, storing, and processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

Unfortunately, the transmission of information via the Internet is never completely secure. Although we will do our best to protect your Personal Information, we cannot guarantee the security of your data transmitted to our Site. Thus, any transmission of Personal Information using the Site is at your own risk. Once we have received your information, we will use strict procedures and security features to try as best as we are able to prevent unauthorized access.


4. ADDENDUM TO HOW LONG WE STORE YOUR PERSONAL INFORMATION

In some cases, there is a legal requirement to keep Personal Information for a minimum period of time. Except in those circumstances, we do not keep your Personal Information for any longer than is necessary for the purposes for which the Personal Information was collected or for which it is to be further processed.


5. YOUR RIGHTS WITH RESPECT TO YOUR PERSONAL INFORMATION

Subject to certain exceptions, you have the following rights with respect to your Personal Information:

To receive or access a copy of the Personal Information that we hold about you;

To request that any inaccurate or incomplete Personal Information be corrected or supplemented;

To have your Personal Information erased, unless we have a legitimate reason to retain the Personal Information (such as if we are required to do so for legal reasons); and

To ask us not to process your Personal Information for a particular purpose, including for marketing.
All of these rights are subject to certain conditions and exemptions. For example, ByHeart will not be obligated to erase your Personal Information if we need to retain it to protect ourselves in the event of a legal claim.

To exercise any of these rights, please submit a written request to us at hello@byheart.com. We reserve the right to charge a fee in dealing with such a request as permitted by applicable law and regulations. You may also opt out of receiving additional marketing information by using the “Unsubscribe” feature in any marketing email that we send to you.