Last updated: March 20, 2022.
SECTION 1 - YOUR PERSONAL INFORMATION
We collect personal information from you when you browse our online store, when you send us an e-mail, when you register or subscribe for AG Care’s newsletters or promotions, when you contact AG Care’s Customer Care and when you purchase our products through AG Services.
Types of data we collect:
- Contact information including name, address, city, state, province/territory, Postal/ZIP code, email address and telephone number;
- Product preferences;
- Purchase history from our website;
- “Demographic Information” including age range, date of birth, marital status and Postal/ZIP code
- “Usage Information” such as IP address, device identifier, browser type, operating system, information about your use of AG Services, and data regarding network connected hardware; and
- Photographs and videos submitted by users.
How the data is used:
We collect, maintain and use your personal information so that we can:
- establish and verify the identity and eligibility of users;
- upload and display your postings and similar submitted content;
- open, maintain, administer and service your profile, account or membership;
- process, service or enforce transactions and send related communications;
- provide you and other users with products, services and support;
- conduct sweepstakes, surveys and contests;
- operate and improve AG Services;
- provide users with product or service updates;
- send promotional notices, offers or other targeted marketing and other information;
- respond to your questions, inquiries, comments and instructions;
- maintain the security and integrity of our systems;
- understand consumer preferences across multiple brands;
- maintain customer relationships;
- evaluate product performance and safety;
- To develop a confidential profile for you which will be used to provide services to you and facilitate your transactions with AG Care;
- To create non-personal information that is aggregated or anonymized;
- comply with policies, procedures and legal requirements; and
- improve our products, our Website and services and our other business purposes.
We do not sell, trade or license personal information about our users for marketing purposes. We do not share your personal information unless it is necessary to fulfill our responsibilities.
SECTION 2 – COMMUNICATIONS, MAILING LIST AND CONTESTS
When you purchase items from our website, AG Care will send you communications related to your transactions, security or the administration of our Service. From time to time, we may also wish to send you other messages or updates about AG Care, including promotions and other activities. If you do not wish to receive non-transaction/security related communications from us, please send an email with your request at email@example.com
If you choose to join our mailing list, we will send you emails about our store, AG Care’s newsletter, exclusive Stylist deals, new products and other updates. We will use your email address for this purpose only and will not share it with third parties. You can unsubscribe at any time by clicking on the “Unsubscribe” link in the footer of any AG Care email and following the instructions.
If you enter a contest, sweepstakes or promotion via AG Services, your entered personal information may be disclosed to third parties in connection with the promotion, including without limitation for purposes of posting your entry with attribution or otherwise as permitted in the official rules for the promotion, fulfilling your prize or including your name on a winners list. Also, by entering a promotion, we may require you to consent to the use of your personal information or other information, such as name, voice or likeness, in advertising, promotional and marketing materials.
SECTION 3 – CONSENT
When you provide us with your personal information to purchase a product, arrange for a delivery, or return a purchase, it is implied that you have consented to AG Care collecting this information and using it for that specific reason only.
We will not use your personal information for marketing unless you have consented expressly. This means that we will either ask you directly for your consent or you will be provided with an opportunity to say no.
AG Care has a strict zero-tolerance policy against spamming. All representatives and employees must refrain from using our operating and messaging systems, including but not limited to email, instant messaging, or texting (collectively, “Electronic Address”) to distribute any unsolicited commercial electronic messages for which consent has not been received. This includes all one-to-one email communications with customers and mass emailing. Our professionals are prohibited from sending unsolicited electronic messages of any kind, including mass emails, in connection with the marketing of our programs, products and services or to encourage the participation in any commercial activities.
AG Care considers spamming to be any activity whereby AG Care, directly or indirectly, transmits an electronic message to any Electronic Address for which prior consent of such electronic message has not been granted.
Canada's new anti-spam legislation (CASL) became effective July 1, 2014 and among other things will regulate the sending of commercial electronic messages (CEMs) by organizations such as AG Care.
AG Care established an internal CASL Compliance Team to ensure AG Care is compliant with CASL. AG Care’s approach to the issue of consent is to rely on express and implied consent for its existing and new customers. Express consent is not time limited. Implied consent is based on our existing business relationship with our customers.
You may withdraw your consent for AG Care to contact you for the continued collection, use or disclosure of your information, at any time, by contacting AG Care at firstname.lastname@example.org or mailing us at:
Re: Privacy Inquiries
14 King Edward St
V3K 0E7 Canada
SECTION 4 – CHILDREN
By using AG Services, you represent that you are at least 16 years old, or that you are at least 16 years old and you have given us your consent to allow any of your minor dependents to use AG Services.
AG Services are intended for a general audience and are not directed to children less than 16 years of age. We do not knowingly collect any personal information from anyone who we know to be under the age of 16. If we obtain knowledge that we have collected children’s personal information in a manner not permitted by the U.S. Children’s Online Privacy Protection Act (“COPPA”) or other applicable law, we will remove such data to the extent required by COPPA or the other applicable laws.
If you are under the age of 16, you should use AG Services only with the involvement of a parent or guardian and should not submit any personal information to us.
Any California residents under the age of eighteen who have registered to use AG Services and who posted content on AG Services, can request removal by contacting AG Care at email@example.com. AG Care will make reasonable good faith efforts to remove the post from prospective public view or anonymize it so the minor cannot be individually identified to the extent required by applicable law. This removal process cannot ensure complete or comprehensive removal. For example, third parties may have republished or archived content by search engines and others that AG Care does not control.
SECTION 5 – DISCLOSURE
For example, we may disclose information to law enforcement authorities or other businesses and organizations in connection with the detection, prevention and prosecution of activities that we reasonably believe to be unlawful or fraudulent (including activities at our retail stores or websites), and the disclosed information may include personal information of the individuals suspected of involvement in unlawful or fraudulent activities.
SECTION 6 – PAYMENT
For example, if you purchase an item using AG Services with your credit card, Shopify stores your credit card data. This data is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as it is necessary to complete your purchase. After the purchase is completed, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort on brands like Mastercard, Visa, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
SECTION 7 – THIRD PARTIES
In general, the third party providers used by AG Care will collect, use and disclose your information only to the extent necessary for them to perform the services they provide to us.
However, certain third party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies for the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by them. Some providers may be located in or have facilities located in a different jurisdiction than you or AG Care . So if you choose to proceed with a transaction that involves the services of a third party service provider, then your information may become subject to the laws of the jurisdiction or jurisdictions in which that service provider or its facilities are located. For example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
Certain functionalities of AG Services allow you to interact between AG Services and third party social networks (“Social Features”). Examples of Social Features include: enabling you to send content such as photos between the Service and a third party service; “liking” or “sharing” AG Care ’s content; logging in to the Service using your third party service account (e.g. using Facebook to sign-in to the Service); and to otherwise connect the Service to a third party service. If you use Social Features and potentially other third party services, information you post or provide access to may be publicly displayed on AG Services or by the third party service that you use. If you post information on a third party service that references AG Services (e.g., by using a hashtag associated with AG Care in a status update), you agree that your post may be used on or in connection with AG Services.
SECTION 8 – SECURITY
We take reasonable precautions and follow industry best practices to make sure your personal information is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, this information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. We also follow all PCI-DSS requirements and implement additional generally accepted industry standards.
We employ reasonable safeguards – including administrative, technical and physical measures – appropriate to the sensitivity of the personal information in its possession or under its control in order to protect that information from unauthorized access, collection, use, disclosure, disposal or similar risks.
While we are committed to protecting your information, data transmission over the Internet cannot be guaranteed to be 100% secure and we therefore cannot ensure or warrant the security of any information you may transmit.
Pursuant to the Fair Information Practices Principles, we will take the following steps should a data breach occur:
- we will notify the users via email within 7 business days; and
- we will notify the users via in-site notification within 7 business days.
Further, the Individual Redress Principle requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires that individuals have enforceable rights against data users and that individuals also have recourse to courts or government agencies to investigate or prosecute non-compliance by data processors.
SECTION 9 – TRACKING TECHNOLOGIES
Cookies are small amounts of data that are stored in separate files within your computer’s Internet browser. Cookies are accessed and recorded by the web-sites you visit and by the companies that show advertisements on these web sites so that they can recognize the same browser.
Web beacons (sometimes called transparent GIFs, clear GIFs, or web bugs) are small strings of code that provide a way for us to deliver a small graphic image (usually invisible) on a web page or in an email. Web beacons can recognize certain types of information on your computer such as cookies, the time and date a page is viewed and a description of the page where the web beacon is placed.
Do Not Track
Some Internet browsers include the ability to transmit “Do Not Track” signals. Since uniform standards for “Do Not Track” signals have not been adopted, AG Care does not process or respond to “Do Not Track” signals. To learn more about “Do Not Track” please visit “All About Do Not Track”.
How We Use Tracking Technologies
- To help us recognize your browser as a previous visitor and to remember any preferences that may have been set while your browser was visiting AG Services;
- To help us customize the content and advertisements you are shown while visiting our website and potentially other websites online;
- To help measure and research the effectiveness of our online content, features, advertisements and other communications;
- AG Care may also allow third parties to place their own cookies within your browser in order to serve you with relevant advertising online, to help us measure traffic, to provide you with access to social media networks, functionality and services and to allow us to conduct any surveys and research in which you agree to participate. For example, Facebook, Google and Twitter place their cookies on our website to support social networking integration and functionality and for use according to their respective privacy policies;
- Web beacons are used to improve your experience on our website, including helping provide you with content customized to your interests. They also help us to understand whether users read email messages and click on the links contained within those messages so that we can deliver relevant content and offers. Our web beacons may collect some contact information (e.g. the email address associated with an email message that contains a web beacon); and
How Third Parties Use Tracking Technologies
For example, we use Google advertising services which may collect information about you including device identifiers and location data in accordance with law to serve relevant advertising. Please see "How Google uses data when you use our partners' sites or apps" for how you can control the information sent to Google.
Other third parties that may collect information about your online activities when using AG Services include, but are not limited to: Klaviyo, Facebook, Instagram, Google Analytics, Reamaze and Product Reviews.
Managing Targeted Advertising
Whether cookies are placed on your computer or mobile device is something you can control.
The Digital Advertising Alliance ("DAA") is an industry self-regulatory program to provide consumers with greater control over ads that are customized based on their online behavior across different websites. To learn more and make choices about interest-based ads from participating third parties, please visit the DAA consumer opt out page, Canadian DAA online choice page, European DAA online choice page and Australian DAA online choice page.
For more information about how targeted advertising works, you can review the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising via the links below:
- Facebook: https://www.facebook.com/settings/?tab=ads
- Google: https://www.google.com/settings/ads/anonymous
- Bing: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
You can also opt out of some targeted advertising by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
If you opt out of having your information used to deliver advertisements tailored to your interests, you will continue to see advertisements on AG Services but they may not be as relevant to you.Adjusting Your Browser Settings
You have the option to set your browser to accept all cookies, reject all cookies, notify you when a cookie is set and delete cookies periodically (including behaviorally targeted advertising cookies). Please visit All About Cookies for more information about how to manage cookies on your specific browser, or select the "Help" menu in your browser.
Web beacons are generally used in conjunction with cookies, so if your browser is set to reject cookies, or if you delete cookies, web beacons will not be able to track your activity as you navigate between web-sites.
Please note that if you block cookies, you may not be able to view or access some or all of AG Services or other websites.
SECTION 10 – VISITORS FROM AUSTRALIA
We maintain records of personal information we have collected. Except in some limited circumstances such as where the information is commercially sensitive, personal information held by AG Care about you is available by contacting us at firstname.lastname@example.org
We will process a request for access or for changes to inaccurate information as quickly as possible. We reserve the right to impose a reasonable charge for processing and gathering personal information, as permitted under the Australian Privacy Act.
In Australia, the Australian Digital Advertising Alliance (“ADAA”) has developed the Australian Guideline for Third Party Online Behavioural Advertising. More information and an opt out page to manage online behavioural advertising preferences with ADAA member companies are available at www.youronlinechoices.com.au.
If you need further assistance, please contact us.
SECTION 11 – VISITORS FROM CALIFORNIA
AG Care provides California residents with the option to opt-in or opt-out to sharing of “personal information” as defined by California’s “Shine the Light” law with third parties, other than AG Care ’s affiliates, for such third parties’ own direct marketing purposes.
Civil Code Section 1798.83
Under certain circumstances, California Civil Code Section 1798.83 states that, upon receipt of a request by a California consumer, a business may be required to provide information regarding how that business has shared that customer’s Personal Information with third parties for direct marketing purposes. However, the foregoing does not apply to businesses like AG Care that do not disclose Personal Information to third parties for direct marketing purposes without prior approval or give customers a free mechanism to opt out of having their Personal Information disclosed to third parties for their direct marketing purposes.
Rights under the CCPA
The CCPA (California Consumer Privacy Act) applies to certain businesses and provides California consumers with additional rights regarding Personal Information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. The categories of Personal Information AG Care collects are generally described above but differ for individual consumers depending on the services used eby such consumers.
Under the CCPA, qualifying California consumers may have the following rights:
Right to Know and Right to Delete.
A California consumer has the right to request that we disclose what Personal Information we collect, use, disclose and sell. A California consumer also has the right to submit requests to delete Personal Information.
When we receive a request to know or delete from a California consumer, we will confirm receipt of the request within 10 days and provide information about how we will process the request, including our verification process. We will respond to such requests within 45 days.
Right for Disclosure of Personal Information.
A California consumer may also submit requests that we disclose specific types or categories of Personal Information that we collect.
Under certain circumstances, we will not provide such information, including where the disclosure creates a substantial, articulable and unreasonable risk to the security of that Personal Information, customers’ accounts with us, or the security of our systems or networks. We also will not disclose California consumers’ social security numbers, driver’s license numbers or other government-issued identification numbers, financial account numbers, any health insurance or medical identification numbers, or account passwords and security questions and answers.
Right to Opt-Out of Sale of Personal Information We Collect
You have the right to opt-out of the sale of your personal information to third parties. Under the CCPA, “sell” includes the transfer or communication of personal information to another business in such a way that conveys value to the recipient business, even if that value is not monetary. This means that sharing for a number of common business activities may be considered a “sale” under the CCPA, even if there is no exchange of money. If you would like to opt-out of the sale of your personal information to third parties, please submit a request via email to email@example.com
We do not knowingly sell the personal information of consumers under the age of 16 without affirmative authorization.
Right to Non-Discrimination
You have the right to not be discriminated against for exercising any of your rights under the CCPA.
The foregoing rights are explained further in the information below:
What is your Personal Information?
For purposes of this California Privacy Notice, “personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
Information We Collect
California residents have the right to know the categories of personal information we collect, the purpose for collecting such personal information, and the categories of third parties to whom the personal information was shared for a business purpose or sold.
Category of Personal Information
- Identifiers (such as name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, cookie information or other similar identifiers)
- Personal information categories listed in the California Customer Records statute Cal. Civ. Code § 1798.80(e)(such as name, physical characteristics or description, address, or telephone number)
- Protected classification characteristics under California or federal law(such as age, national origin, medical condition, sex, marital status or disability)
- Commercial information(such as products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies)
- Internet or other similar network activity (such as browsing history, search history, information on a consumer’s interaction with a website, application or advertisement,
- Geolocation data (such as your physical location)
- Inferences drawn from other personal information (such as a profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, and attitudes)
How We Share It
- Within AG Care
- With service providers who process personal information on our behalf in order to help us provide our services and sale of AG Care products
- With advertisers and advertising networks that require the data to select and serve relevant advertising to you
- With public agencies and regulatory authorities in the United States, Canada and foreign countries and their subcontractors, for any legally required purpose
- With law enforcement agencies, public or regulatory authorities or where such disclosure may be reasonably necessary to comply with any legal obligation, to enforce our rights and to prevent fraud or technical issues with use of AG Services
Selling: To selected partners to enable them to better tailor offers, promotions and other direct marketing to you through AG Services or any partner websites
Sources of Information
- Directly from you or persons authorized by you to act on your behalf
- Collected automatically and indirectly from you;
- Within AG Care ;
- From service providers that provide services to you on our behalf; and
- From third party sources, such as social media platforms when you interact with our social media channels or analytics providers.
Used for Legitimate Business Purposes which Include:
- To provide and improve the manner in which we provide our products and services;
- To process and assist you with any transactions related to your purchasing of our products and services, including orders for our products;
- To maintain your AG Care account;
- To notify you about changes to our services or other updates;
- To administer and improve AG Services;
- To respond to your inquiries;
- For security and fraud prevention;
- For marketing and advertising; and
- For statistical analysis
California Do Not Track Disclosures
Although some browsers currently offer a “do not track (‘DNT’) option,” no common industry standard for DNT exists. We therefore do not currently commit to responding to browsers’ DNT signals.
California residents may exercise their right to opt-out, and/or to request information about AG Care ’s compliance with the Shine the Light law, the CCPA, and to obtain disclosure of third parties AG Care has shared information with in accordance with the law for their direct marketing purposes absent your choice and the categories of information shared, by contacting AG Care at firstname.lastname@example.org or by sending a letter to AG Care at:
Re: Privacy Inquiries
14 King Edward St
Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that AG Care is only required to respond to one request per customer each year, and AG Care is not required to respond to requests made by means other than through the provided e-mail address or mail address.
If we receive any request we will use a two-step process for online requests where the California consumer must first, clearly submit the request and then second, separately confirm the request. We will use other appropriate measures to verify requests received by mail or telephone.
In submitting a request, a California consumer must provide sufficient information to identify the consumer, such as name, email address, home or work address, or other such information that is on record with us so that we can match such information to the Personal Information that we maintain. Do not provide social security numbers, driver’s license numbers, account numbers, credit or debit card numbers, medical information or health information with requests. If requests are unclear or submitted through means other than as outlined above, we will provide the California consumer with specific directions on how to submit the request or remedy any deficiencies. If we cannot verify the identity of the requestor, we may deny the request.
SECTION 12 – VISITORS FROM CANADA
If you have any questions, or complaints, regarding the collection or use of your personal information or the content of this policy, or if you wish to withdraw your consent to us using your data, please contact us. Back-up data of personal information will only be retained as long as it is necessary for data security purposes and will not be retained indefinitely.
If you are not satisfied with our response to your query or complaint, you may also contact the Office of the Information and Privacy Commissioner of Canada.
SECTION 13 – VISITORS FROM THE EUROPEAN UNION
Legal Basis for Data Processing
EU Data Subject Rights
The EU General Data Protection Regulation (GDPR) provides certain rights for EU data subjects. You may decline to share certain personal information with us, in which case we may not be able to provide some of the features and functionality of AG Services. These rights include, in accordance with applicable law, the right to object to or request the restriction of processing of your personal data and to request access to, rectification, erasure and portability of your own personal data.
We will make commercially reasonable efforts to provide you reasonable access to your personal information within 30 days of your access request to the contact address below. We provide this access so that you may review, make corrections or request deletion of your personal information. If we cannot honour your request within 30 days, we will inform you when we will be able to provide such access. If for some reason access is denied, we will provide an explanation as to why access is denied. When technically feasible, at your request, we will provide your personal data to you or transmit it directly to another controller.
Further, if you are a European resident we note that we are processing your information to pursue our business interests listed in this policy. Please note that your information will be transferred outside of Europe, including to Canada and the United States.
If you have any unresolved privacy concern that we have not addressed satisfactorily after contacting us, you have the right to contact the appropriate EU Data Protection Authority and lodge a complaint.
Third Party Online Advertising
We allow certain third party advertising exchanges to place advertisements on our sites. With your consent, those advertising exchanges collect your IP address and/or a unique advertising ID that is used by the advertising exchange to identify you across the Internet.
The European Digital Advertising Alliance (EDAA) has developed a guide to online behavioural advertising and has developed an opt out page to manage online behavioural advertising preferences with EDAA member companies available at www.YourOnlineChoices.com.
Automated Decision Making
We use automated decision-making technologies, including profiling, to support our data processing activities. These include services designed to develop and provide advertising tailored to your interests.
For all EU Data Subject Rights requests, please contact us at email@example.com
Re: Privacy Inquiries
14 King Edward St
If our store is acquired or merges with another company, your information may be transferred to the new owners so that we may continue selling products to you.
Re: Privacy Inquiries
14 King Edward St
SECTION 15 – CONTACT US
If you would like to access, correct, amend or delete any personal information you have provided us with, contact our Chief Privacy Officer at firstname.lastname@example.org or by mail at:
Re: Privacy Inquiries
14 King Edward St
Coquitlam, BC V3K 0E7
Subject to applicable exceptions and limitations prescribed by law, you will be given reasonable access to your personal information, and will be entitled to challenge the accuracy and completeness of the information and to have it amended as appropriate.