Last Updated: April 20, 2023
We may change the terms of the Policy from time to time. When we make changes, we will post the amended policy on the Sites. If the changes are material, we will post a notice on the Sites alerting you to the change. Any changes to the Policy will become effective immediately upon our posting of the Policy, so please be sure to review the current Policy before providing us with PII.
II. How Does Ka’Chava Collect Your PII and What Types of PII Does It Collect?
Ka’Chava collects PII about you when you actively provide it to us, such as when you create a Ka’Chava account, purchase a Ka’Chava product, sign up to receive communications from us, respond to a survey we are conducting, or post a review of our products on the Sites. We also may collect PII about you from other sources, such as our business partners; the Internet, including social media websites; the press or other print media; and other organizations or individuals as permitted under applicable law.
Listed below are the types of PII that we may have collected about you within the past 12 months. Some of these types of information may not be PII, depending on other information about you to which we have access. Each type of information listed below is PII only if the information identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household.
• “Customer Records” information (some of which may be identifiers or professional/employment-related information as well), such as your name, shipping address, email address, telephone number, date of birth, and records of your transactions through the Sites.
• Commercial information, such as records of products you have purchased or considered purchasing, and records of your consuming histories or tendencies.
• Internet or other similar network activity, such as browsing history, online search history, information on your interaction with our Sites or an advertisement. This may include hardware and browser information of your computer or other online device.
• Geolocation data, such as the physical location of the device you use to connect with us online.
• Sensory data, such as audio, electronic, visual, or similar information, including a video you might post on our Sites as part of a product review.
• Professional or employment-related information, such as your current or past job history, if you are applying for a job with us.
• Personal characteristics that are related to classifications that may legally protect you against discrimination, such as marital status, age and gender.
• Inferences drawn from other PII, such as a summary we might make based on your demonstrated personal preferences, apparent characteristics or predispositions, behavior, attitudes, and aptitudes.
III. Our Business Purposes for Collecting PII; How We Use the Information
We may use the PII we collect from you for a variety of purposes permitted by law, including:
• To respond to your questions and requests;
• To establish your account(s);
• To provide you with information about our products and services, including order-tracking information and promotional information;
• To maintain subscription programs and giveaway, loyalty, and rewards programs;
• To prevent fraud, including by confirming your identity;
• To maintain and upgrade the security of any data or information collected;
• For compliance and risk management purposes;
• For other legally permissible, everyday business purposes, including data analysis, product development, compliance with law enforcement requests or orders, and other legal processes.
IV. How We May Share Personally Identifiable Information
We may share the PII we collect as follows:
• If you post a review on our Sites, we automatically synch that to our Facebook page,
• In the event of a proposed or actual reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our company or its assets, to the proposed or actual acquiring party or assignee;
• As we believe to be appropriate (i) when required by applicable law, including laws outside your country of residence; (ii) to comply with legal process (iii) to respond to requests from public and government authorities; (iv) to enforce the terms and conditions for use of the Sites, including this Policy; (v) to protect and defend our rights and property; (vi) to protect the interests of Ka’Chava or others; and (vii) to permit us to pursue available remedies or limit the damages that we may sustain.
Certain of our third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers. You can find our payment processing service providers’ privacy policies at:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en (Google Pay);
https://www.apple.com/legal/privacy/ (Apple Pay).
V. Information We Collect Automatically Online
When you visit our Sites, we will collect the following information automatically:
• information about your visit, your clickstream to, through and from the Sites (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
Among these third parties is Shopify, and we use Shopify’s “audiences” tool, https://www.shopify.com/audiences, as a way to provide you with a better suited, more targeted ad experience. Shopify Audiences is a data-exchange network, which uses aggregated conversion data (i.e., data about which people bought a Ka’Chava product) across all merchants on Shopify that have decided to use the audiences tool to generate a custom audience for a given merchant’s product.
This audience is essentially a set of people Shopify believes are likely to be interested in a particular product given the data around all transactions that have taken place across all participating merchants on Shopify.
You can opt of our including your purchasing history as part of our participation in Shopify audiences by contacting us at email@example.com and we'll manually opt you out.
Also among these third parties is Rakuten Marketing LLC dba Rakuten Advertising (“Rakuten Advertising”), which is an online business-to business digital advertising company that provides services to brands. Those services include affiliate marketing, performance marketing, personalized advertising and optimization, measurement and reporting, facilitation of advertising-related transactions between network participants, and other online advertising tools and technologies. For more information about the use of Rakuten Advertising please use the below links:
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies, you may not be able to access all or parts of our Sites. To learn more about cookies, please visit http://www.allaboutcookies.org.
By using the Sites, you are deemed to unambiguously agree to its use of any cookies that you do not disable.
Our Sites currently do not respond to a “Do Not Track” request in a Site visitor’s browser.
VI. Data Retention; Security
We retain your PII, including your purchase transaction data, for as long as is necessary to fulfill the purposes for which we collect it. We use reasonable organizational, technical, and administrative measures to protect the PII we maintain.
All direct payment gateways adhere to the Payment Card Industry Data Security Standard (PCI-DSS). The PCI-DSS was created and is enforced by the Payment Card Industry Security Standards Council, which is a joint effort of payment card brands like Visa, MasterCard, American Express and Discover.
VII. Updates to Your PII
If you would like to update PII that you have provided to us, you may contact us through one of the means listed in the “How to Contact Us” section below.
VIII. Site Use Limitations and International Data Transfers
Our Sites are not directed to children under age 13. If we were to discover that we had collected PII from a child under age 13, we would delete it.
Our Sites are designed for users from, and are controlled and operated by us from, the United States. By using the Sites, you consent to the transfer of your information to the United States, which may have different data protection rules than those of your country. In particular, certain of our service providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act. We do not invite the use of our Sites by persons outside the United States.
IX. Links to Other Websites
Our Sites may provide links to third-party websites. When you click on one of these links, you will be accessing content that is not subject to this Policy. We are not responsible for the information-collection practices of the other websites that you visit and advise you to review their privacy policies before you provide them with any PII.
X. California Residents’ Privacy Rights
If you are a resident of California, you have certain privacy rights under the California Consumer Privacy Act (“CCPA”). We honor those rights, as described below, and we are prohibited by law from discriminating against you for exercising any of those rights.
A. Right to Know
If you are a California resident, you have the right to know what PII we have collected about you, why we collected it, and the categories of third parties (excluding service providers) with whom we have shared the PII during the past 12 months. (See below on “How to Submit a Request.”) You may request that we provide a description of the categories of PII we have collected (a “Categories Request”) or a request for access to the specific pieces of PII we have collected (a “Specific Pieces Request.”)
If you make a Categories Request, and you do not have any type of account with us, we will need you to provide us with at least two data elements specific to you, such as your cell phone number or driver’s license number (depending on the data elements we already maintain about you), so that we can verify your identity. After we confirm that your request is a verifiable consumer request, we will disclose to you:
• The categories of sources for the PII we collected about you (e.g., social media websites, government records available to the public, etc.).
• Our business or commercial purpose for collecting that PII.
• The categories of third parties other than service providers (if any) with whom we shared the PII.
If you make a Specific Pieces Request, we need to be sure we have verified your identity with great certainty to safeguard your privacy. In order for to verify your identity, if you do not have any type of account with us, you will need to provide to us at least three data elements specific to you, together with a signed declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request. After we confirm that your request is a verifiable consumer request, we will, consistent with the CCPA, disclose to you the specific pieces of PII we collected about you that you requested.
B. Right to Request Deletion
You have the right to request that we delete any of your PII that we collected from you and retained, other than Personal Customer Information (as defined above). We are not obligated to comply with your request if we have a legal basis to retain the PII. If you make a request for us to delete PII, and you do not have any type of account with us, we may need you to provide us with at least two data elements specific to you so that we can verify your identity. Once we receive and confirm that your request is a verifiable consumer request (see below on “How to Submit a Request”), we will inform you whether we have deleted (and have directed our service providers to delete) your PII from our records, or whether we are declining to grant your request to delete due to an exception to the CCPA deletion requirements.
If you are working for or seeking to work for Ka’Chava, or if you are an employee or other representative of a business or other organization that is exploring or engaging in a business-to-business transaction with Ka’Chava, the CCPA currently does not provide you with a “right to know” or “right to request deletion” (at least until January 1, 2023).
D. How to Submit a Request
To request access to or deletion of your PII as described above, please submit a verifiable consumer request to us by either:
• Calling us at our Privacy Rights toll-free number: 855-668-7574
• Sending us an email, to: firstname.lastname@example.org
You may make a request on your own behalf, but if you wish to designate an authorized agent to make a request on your behalf, please provide us with a signed declaration stating that your intent is to permit that individual to act on your behalf and include such individual’s full name, address, email address, and phone number. That way we will be sure you have fully authorized us to act in accordance with the requests of that individual.
As indicated above, in order to protect your PII from unauthorized disclosure or deletion at the request of someone other than you or your legal representative, Ka’Chava requires identification verification before granting any request to provide copies of, know more about, or delete your PII. We take special precautions to help ensure this. We cannot respond to your request or provide you with PII if we cannot verify your identity or authority to make the request and confirm that the PII relates to you. We will only use PII collected in connection with a verifiable consumer request to verify the requestor's identity or authority to make the request.
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 45 additional days), we will inform you of the reason and extension period in writing.
XI. How to Contact Us
If you have any questions regarding this Policy, please email us at email@example.com.