Last Updated: August 17, 2023
Effective Date: August 17, 2023
Children. The Services of ByHeart are not directed to children, and we do not knowingly collect personal information from children under the age of thirteen (13). If you become aware that a child has provided us with personal information without parental consent or in violation of applicable law, please contact us at the location identified in the Contact Us section.
Changes to this Policy
131 Varick Street, 11th Floor
New York, NY 10013
What Personal Information Does ByHeart Collect?
We collect personal information and data that you enter on our Site or otherwise volunteer to us when you contact us to, among other things, set up an Account, interact with experts, interact with or review our products or services on our Site or third party sites, request information, make purchases, or access or use the Site. You can choose not to provide certain personal information, but then you might not be able to take advantage of many of our features.
ByHeart collects only the personal information that is relevant for the purposes for which the personal information is requested. We do not use your personal information in any way that is incompatible with the purposes for which it was collected or for which you have consented.
INFORMATION THAT YOU GIVE US
When you access, use, or contact us through our Site, correspond with us by phone, e-mail, or otherwise, or interact with us online, we may collect personal information from you that may include:
Identifiers: When you contact us, including if you sign up to learn more about our Services or otherwise contact us, we collect your first and last name, email address, phone number(s), the birthdate of your baby, if and whether you have twins, the nature of your inquiry, and any other information you choose to provide.
Account Information: When you register for an account with us, we collect your name, email address, password, and any other information used in connection with accessing your account.
Payment Data: If you make purchases through our Services, we collect credit card number and payment details, billing address, and payment type.
User-Generated Content: When you email, call, or otherwise communicate with us and members of our team, we collect and maintain a record of your contact details, your communications with us, our responses, and any other comments and content you provide about your use of our services and products (such as posts on our social media pages and reviews left on the Site or through third-party review platforms such as Yotpo).
Marketing and Promotions: If you agree to receive marketing communications from us, we collect your email, name, phone number, birthdate of your baby, if and whether you have twins, preferences, and if relevant, information about your account and the Services and features you use. If you participate in promotions we offer, we collect your name and other information related to the activities available through our Services.
Preferences: We may also collect information about your preferences, including communications preferences, preferences related to your use of the Services, and any other preferences or requests you provide when interacting with us.
Inferences: We may also collect information about your goals and aspirations for our services and products or inferences derived from that information.
INFORMATION THAT WE COLLECT AUTOMATICALLY
Device, Browsing, and Usage Information: the IP address used to connect your computer to the Internet, referring website address, browser type and version, time zone setting, browser plug-in types and versions, operating system, platform, the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), pages on our Site that you viewed, page response times, download errors, duration of page visits, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service or other phone number(s).
Location Information: location information collected or derived through IP address. If you choose to enable location-based sharing with us through your device settings, we may collect precise location information, such as GPS coordinates, to provide content that is more relevant to your location and to otherwise improve your interactions with our Services. You may turn off location data sharing through your device settings.
PERSONAL INFORMATION THAT WE RECEIVE FROM OTHER SOURCES
We receive personal information from third parties who operate other websites or services that we use in order to provide our products and services to you, or for proper functioning and maintenance of our Site itself. We work closely with third parties, including (for example) business partners, promotors, affiliates, and sub-contractors in technical, payment, and delivery services, advertising networks, marketing analytics providers, and search information providers.
To the extent permitted by applicable law, we may combine the personal information we collect from publicly available or third-party sources.
How Does ByHeart Use Personal Information?
We will use this personal information for the following purposes:
Services and Support. To allow you to maintain your account with us, to provide and operate our Services, provide troubleshooting and technical support, to respond to your inquiries, and otherwise run our day-to-day operations.
Marketing and Promotions. To contact you in the future to provide you with information about other products and services that we offer, or that are offered by our affiliates or third party vendors to perform direct marketing of products and services offered by ByHeart and our affiliates; to determine additional ByHeart materials, services, or events to recommend and market to you;
And to provide advertising of ByHeart and its products and services on other websites and platforms.
Research and Surveys. To administer surveys and questionnaires, such as for market research or user satisfaction purposes.
Planning and Managing Events. For event and webinar planning, and other management related purposes, such as registration, attendance, connecting you with other event attendees, and contacting you about relevant events and Services.
Compliance and Legal Process. To comply with applicable laws and regulations, including obligations as part of a judicial proceeding; to respond to a subpoena, warrant, court order, or other legal process; or as part of an investigation or request, whether formal or informal, from law enforcement or a governmental authority.
Auditing, Reporting, and Other Internal Operations. To conduct financial, tax and accounting audits; audits and assessments of our operations, privacy, security and financial controls, risk, and compliance with legal obligations; our general business, accounting, record keeping and legal functions, and to maintain appropriate business records and enforce company policies and procedures.
General Business and Operational Support. To consider and implement mergers, acquisitions, reorganizations, bankruptcies, and other business transactions such as financings, and to administer our business, accounting, auditing, compliance, recordkeeping, and legal functions.
Quality Control and Training. For training purposes, quality assurance, and to record details about the products and services that you use or order from us.
Analytics and Improvement. To perform data analyses (including anonymization and aggregation of personal information), to better understand how users access and use the Services and our product and service offerings, and for other research and analytical purposes, such as to evaluate and improve our Services and business operations, and to develop our Services and its features.
How does ByHeart Disclose Your Personal Information?
We may disclose the personal information we collect for the purposes described above as follows:
Affiliates and Subsidiaries. We may disclose the personal information we collect to our corporate affiliates and subsidiaries.
Business Partners. ByHeart also partners with other businesses to offer our products and Services, and we may disclose personal information to those business partners.
Vendors and Service Providers. We may disclose the personal information we collect to vendors and service providers who perform functions on our behalf, such as IT and website hosting, and customer support, etc.
Customers and Clients. In some circumstances, we may disclose the personal information we collect to our customers and clients to facilitate shipments and administer our Services.
Marketing and Analytics Providers. We may also disclose your personal information, such as device and browsing, and activities and usage information, to marketing and advertising networks, data analytics providers, and other companies who provide marketing or analytics services on our behalf. For more information see the “Cookies and Other Tracking Mechanisms” section below.
We may also disclose your personal information to third parties in the following circumstances:
In Support of Business Transfers. In the event that we sell or buy any business(es) or asset(s), in which case we will disclose your personal information to the prospective seller or buyer of such business(es) or asset(s) as part of the purchase, transfer, or sale of services or assets. If we sell all or substantially all of our assets to a third party, personal information about our customers will be one of the transferred assets.
Aggregate and Deidentified Information. Notwithstanding anything else in this Policy, we may use, disclose, and otherwise process aggregate and deidentified information related to our business and the Services with third parties for quality control, analytics, research, development, and any other purpose.
OUR RETENTION OF YOUR PERSONAL INFORMATION
We will keep your personal information for as long as we need it, or as otherwise prescribed by law, for the purposes set out above. This period will vary depending on your interactions with us. We may also keep a record of correspondence with you (for example, if you have made a complaint) for as long as is necessary to protect us from any and all actual or threatened legal claims against us.
No data transmission over the Internet, wireless transmission or electronic storage of information can be guaranteed to be 100% secure. We cannot ensure or warrant the security of any personal information we collect. You use the site and provide us with data at your own risk.
ACCESS TO OTHER WEBSITES
Cookies and Other Tracking Mechanisms
What are cookies and pixel tags?
Pixel tags (sometime called web beacons or clear GIFs) are tiny graphics with a unique identifier, similar in function to cookies. While cookies are stored locally on your device, pixel tags are embedded invisibly within web pages and online content. We may use these, in connection with our Services to, among other things, track the activities of users, and help us manage content and compile usage statistics. We may also use these in our emails to let us know when they have been opened or forwarded, so we can track response rates and gauge the effectiveness of our communications.
How do we and third parties use them?
Third Party Analytics
We, and third parties, may use the personal information we collect about you within our Services and on other third-party websites and services to help us and these third parties identify other devices that you use (e.g., a mobile phone, tablet, other computer, etc.) to interact or engage with us or the Services.
Choices About Your Personal Information
We make available several ways for you to manage choices about your personal information, including preferences regarding cookies, advertising, whether you want to receive marketing and promotional emails from us, and choices regarding your account and profile information.
Marketing Communications. You may unsubscribe from any of our email and marketing updates by following the unsubscribe instructions in the body of any email message we have sent to you. We will take commercially reasonable steps to implement your unsubscribe requests promptly, but you may still receive promotional information from us by mail for up to sixty (60) days, and up to fifteen (15) days for email. You may also continue to receive information from those third parties to whom we have previously disclosed your personal information. Please note that when you unsubscribe from our marketing communications, we will keep a record of your email address to ensure that we do not send you marketing emails in future.
Account Information. You may access and change personal information that you have submitted by logging into your Account and updating your profile information or contacting us at firstname.lastname@example.org. We may communicate with you via email if you purchase products or services from the Site. You may opt out of receiving some or all categories of promotional communications from us by following the instructions in those communications or by updating your email preferences in your Account.
Cookie Settings. To prevent cookies from tracking your activity on our Site or visits across multiple websites, you can set your browser to block certain cookies or notify you when a cookie is set; you can also delete cookies. The “Help” portion of the toolbar on most browsers will tell you how to prevent your device from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to delete cookies. Visitors to our Site who disable cookies will be able to browse the Site, but some features may not function.
Industry Ad Choice Programs. You can also control how participating third-party ad companies use the information that they collect about your visits to our Site, and those of third parties, in order to display more relevant targeted advertising to you. If you are in the U.S., you can obtain more information and opt out of receiving targeted ads from participating third-party ad networks at aboutads.info/choices (Digital Advertising Alliance). Opting out of participating third party ad networks does not opt you out of being served advertising. You may continue to receive generic or “contextual” ads on our Site. You may also continue to receive targeted ads on other websites, from companies that do not participate in the above programs.
Public Interactive Forums and Other Posting Areas
We may offer public interactive forums and other posting areas through our Site and on other platforms, like office hours, discussion boards, product reviews, chat rooms, community forums, social media pages, etc. When you participate in these offerings, other visitors to and Users of our Site and other platforms may be able to see your username, postings, and other personal information you choose to provide or communicate. You should take this into consideration before posting to the Site and exercise caution when disclosing such information. Information you post could remain viewable even after you remove it or delete your Account.
If you interact with us on social media or use features, such as plugins, widgets, or other tools made available by social media platforms or networks in connection with the Site or your use of our products or services, we collect information that you share with us, or that the social media platforms share with us. For any user-generated content you submit to us or when you interact with us on our public interactive forums or other publicly available posting areas, that information will be publicly available, and may be used and reshared for our own activities such as advertisements, creative assets, email marketing, and organic social media. [We will seek your consent prior to sharing user-generated content that identifies you by name.] For more information about the privacy practices of those social media platforms, please review the privacy policies and settings of the social media platforms and networks that you use.
Do Not Track Requests
Our Site does not respond to Do Not Track requests at this time, as there is currently no industry standard approach to sending, processing, and addressing Do Not Track requests from browsers. Please see https://allaboutdnt.com/ for more information on “Do Not Track” requests.
ByHeart's Additional Policies in Compliance with CCPA
The CCPA affords California consumers the rights with respect to their Personal Information set forth in this section.
1. RIGHT TO KNOW ABOUT PERSONAL INFORMATION COLLECTED, USED, DISCLOSED, OR SOLD
California consumers have the right to request that ByHeart disclose what personal information it has collected, used, disclosed, and sold over the twelve (12) month period preceding ByHeart’s receipt of such a request. To exercise this right, a California consumer must submit to the Company a verifiable request to obtain such information. This request can be submitted by following the procedures set forth in the “Contact Us” section above.
2. RIGHT TO REQUEST DELETION OF PERSONAL INFORMATION
California consumers have the right to request the deletion of their personal information collected or maintained by ByHeart. To exercise this right, a California consumer must submit to ByHeart a verifiable request to delete such information. This request can be submitted by following the procedures set forth in the “Contact Us” section above.
3. RIGHT TO NON-DISCRIMINATION FOR THE EXERCISE OF A CONSUMER’S PRIVACY RIGHTS
California consumers have the right not to be discriminated against because the consumer exercised any of the consumer’s rights under the CCPA. That means that ByHeart may not deny goods or services to a consumer, charge different rates for goods or services, or provide a different level or quality of goods or services if a consumer chooses to exercise his, her, or their rights under the CCPA (unless the different rate or different level or quality is reasonably related to the value to the business of the consumer’s data).
4. SUBMITTING A CCPA DATA REQUEST
To submit a request to know about the Personal Information we collect about you or a request for deletion of your Personal Information, please contact us by emailing us at email@example.com and including “CCPA Request” in the subject line of the email. ByHeart is required to verify the identity of the individual requesting access to a consumer’s data or requesting deletion of a consumer’s data. To verify your identity, you must provide:
username and password for ByHeart’s Site; or
if ByHeart has previously received an email from your email address, ByHeart may verify that you have access to that email address by sending a verification code; or
if ByHeart has previously received a call from your phone number, ByHeart may text you a verification code.
5. AUTHORIZED AGENT
California consumers may designate an authorized agent to exercise a CCPA right on the consumer’s behalf. If a consumer utilizes an authorized agent to exercise a CCPA right, the following proof that the agent has been authorized to act on the consumer’s behalf will need to be provided:
proof of written permission by the consumer for the authorized agent to act on his, her, or their behalf and separate verification of the consumer; or
proof that the authorized agent holds a power of attorney to act on the consumer’s behalf pursuant to Cal. Probate Code §§ 4000-4465.
As of January 1, 2023, the CPRA will expand consumer data privacy laws and permit California consumers to:
Prevent businesses from sharing personal information;
Correct inaccurate personal information; and
Limit businesses’ use of “sensitive personal information,” including social security number, financial account or credit card number in combination with any required access code or credentials, precise geolocation, race, ethnicity, religion, genetic data, private communications, sexual orientation, and specified health information.
ByHeart’s Additional Policies in Compliance with Nevada SB 220
SB 220 affords Nevada consumers the rights with respect to their Personal Information set forth in this section.
1. RIGHT TO REQUEST THAT PERSONAL INFORMATION NOT BE SOLD
Nevada consumers have the right to request that ByHeart promptly stop selling any of their covered information. “Covered Information” means any one or more of the following items of Personally Identifiable Information collected through a website or online service and maintained in an accessible form:
a first and last name;
a home or other physical address which includes the name of a street and the name of a city or town;
an email address;
a telephone number;
a social security number;
an identifier that allows a specific person to be contacted either physically or online;
any other information concerning a person collected from the person through a website or online service and maintained in combination with an identifier in a form that makes the information personally identifiable.
Under SB 220, “Sale” means the exchange of covered information for monetary consideration by the website owner to a recipient for that recipient to license or sell the covered information to third parties.
To exercise this right, a Nevada resident must submit to ByHeart an opt-out request. This request can be submitted by following the procedures set forth in the “Contact Us” section above. ByHeart must respond to any such request within sixty (60) days of receipt.
2. SUBMITTING A SB 220 DATA REQUEST
To submit a request to ByHeart that your covered information not be sold, please contact us by emailing us at firstname.lastname@example.org and including “SB 220 Request” in the subject line of the email. ByHeart is required to verify the identity of the individual making this request.
ByHeart’s Additional Policies in Compliance with Consumer Data Protection Act (“CDPA”)
Effective January 1, 2023, Virginia consumers will have the rights with respect to their Personal Information set forth in this section.
1. RIGHT TO CONFIRM AND ACCESS PERSONAL DATA
Virginia consumers have the right to confirm whether or not a controller is processing the consumer’s personal data and to access such personal data. “Controller” means the natural or legal person that determines the purpose and means of processing personal data. “Personal data” means any information that is linked or reasonably linkable to an identified or identifiable natural person; it does not include de-identified data or publicly available information.
2. RIGHT TO CORRECT INACCURACIES IN PERSONAL DATA
Virginia consumers have the right to correct inaccuracies in the consumer’s personal data, taking into account the nature of the personal data and the purposes of the processing of the consumer’s personal data.
3. RIGHT TO DELETE PERSONAL DATA
Virginia consumers have the right to delete personal data provided by or obtained about the consumer.
4. RIGHT TO OBTAIN A COPY OF PERSONAL DATA
Virginia consumers have the right to obtain a copy of the consumer’s personal data that the consumer previously provided to the controller in a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the data to another controller without hindrance, where the processing is carried out by automated means.
5. RIGHT TO OPT OUT
Virginia consumers have the right to opt out of the processing of the personal data for purposes of (i) targeted advertising, (ii) the sale of personal data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.
6. SUBMITTING A CDPA DATA REQUEST
To submit a request to ByHeart to invoke the consumer rights authorized above, please contact us by emailing us at email@example.com and including “CDPA Request” in the subject line of the email. ByHeart is required to verify the identity of the individual making this request.
ByHeart’s Additional Policies in Compliance with Colorado SB 190
Effective July 1, 2023, Colorado consumers will have the rights with respect to their Personal Information set forth in this section.
1. RIGHT TO OPT OUT
Colorado consumers have the right to opt out of the processing of personal data concerning the consumer for purposes of
The sale of personal data; or
Profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer.
“Personal data” means information that is linked or reasonably linkable to an identified or identifiable individual and does not include de-identified data or publicly available information.
2. RIGHT TO ACCESS PERSONAL DATA AND DATA PORTABILITY
Colorado consumers have the right to confirm whether a controller is processing personal data concerning the consumer and to access the consumer’s personal data. “Controller” means a person that, alone or jointly with others, determines the purposes for and means of processing personal data. Consumers have the right to obtain the personal data in a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the data to another entity without hindrance. Consumers may exercise this right no more than two times per calendar year.
3. RIGHT TO CORRECT PERSONAL DATA
Colorado consumers have the right to correct inaccuracies in the consumer’s personal data, taking into account the nature of the personal data and the purposes of the processing of the consumer’s personal data.
4. RIGHT TO DELETE PERSONAL DATA
Colorado consumers have the right to delete personal data concerning the consumer.
5. SUBMITTING A SB 190 DATA REQUEST
To submit a request to ByHeart to invoke the consumer rights authorized above, please contact us by emailing us at firstname.lastname@example.org and including “SB 190 Request” in the subject line of the email. ByHeart is required to verify the identity of the individual making this request.
BYHEART’S ADDITIONAL POLICIES IN COMPLIANCE WITH THE EEA PRIVACY LAWS (GDPR)
1. GDPR DEFINITIONS
“Controller” means the organization that determines the purposes for which and the manner in which any Personal Information is Processed and used in its business.
“Processor” means any person processing Personal Information.
“Person” means a natural person, corporation, association, organization, partnership, or other legal entity.
“Processing” is any activity that involves use of the Personal Information. It includes, without limitation, obtaining, recording, or holding the Personal Information, or carrying out any operation or set of operations on the Personal Information, including organizing, amending, retrieving, using, disclosing, erasing, or destroying it. Processing also includes transferring Personal Information to third parties.
2. THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION
In order to comply with the GDPR, we are required to set out the legal basis for the processing of your Personal Information. In accordance with the purposes for which we collect and use your Personal Information, as set out above, the legal basis for processing your Personal Information will typically be one of the following:
Our own legitimate business interests, or the legitimate business interests of our third party partners, promoters, affiliates, distributors, suppliers, vendors, and subcontractors, such as, for example, providing direct marketing to our customers of our products and services that we think would be of interest, handling inquiries from our promoters, affiliates, distributors, vendors, and customers, or other instances in which we have carried out a legitimate interests assessment and have established an existing legitimate interest;
The performance of a contract that we have in place with you;
Your consent, where appropriate; or
Compliance with our legal obligations, including to meet national security or law enforcement requirements.
3. WHERE WE STORE YOUR PERSONAL INFORMATION
Unfortunately, the transmission of information via the Internet is never completely secure. Although we will do our best to protect your Personal Information, we cannot guarantee the security of your data transmitted to our Site. Thus, any transmission of Personal Information using the Site is at your own risk. Once we have received your information, we will use strict procedures and security features to try as best as we are able to prevent unauthorized access.
4. ADDENDUM TO HOW LONG WE STORE YOUR PERSONAL INFORMATION
In some cases, there is a legal requirement to keep Personal Information for a minimum period of time. Except in those circumstances, we do not keep your Personal Information for any longer than is necessary for the purposes for which the Personal Information was collected or for which it is to be further processed.
5. YOUR RIGHTS WITH RESPECT TO YOUR PERSONAL INFORMATION
Subject to certain exceptions, you have the following rights with respect to your Personal Information:
To receive or access a copy of the Personal Information that we hold about you;
To request that any inaccurate or incomplete Personal Information be corrected or supplemented;
To have your Personal Information erased, unless we have a legitimate reason to retain the Personal Information (such as if we are required to do so for legal reasons); and
To ask us not to process your Personal Information for a particular purpose, including for marketing.
All of these rights are subject to certain conditions and exemptions. For example, ByHeart will not be obligated to erase your Personal Information if we need to retain it to protect ourselves in the event of a legal claim.
To exercise any of these rights, please submit a written request to us at email@example.com. We reserve the right to charge a fee in dealing with such a request as permitted by applicable law and regulations. You may also opt out of receiving additional marketing information by using the “Unsubscribe” feature in any marketing email that we send to you.