We know that you are concerned about how we use and disclose personal data, and we are committed to complying with data protection and privacy laws that apply to us. This Privacy Policy tells you about the ways in which we protect your privacy and personal data we process about you.
Bellabeat, Inc. and its affiliates (”Bellabeat”, ”we”, ”us”, ”our”) is committed to protecting and respecting your privacy. This Privacy Policy (together with our Terms of Use and any other documents referred to in it) applies to bellabeat.com (the ”Site”), the Bellabeat™ and Airi™ mobile apps and products, and other services, products and apps provided by Bellabeat (collectively the ”Service”) is intended to help you better understand how we collect any personal data from you or how you provide it to us, what rights do you have, how the data will be used, stored and disclosed by us, whether you are end user of our Service (”Registered User”) or whether you are just visiting our website.
In this Privacy Policy the term ”personal data” means information that relates to an identified or identifiable natural person. ”Sensitive personal data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data and the processing of data concerning health, sex life or sexual orientation.
We wish to remind you that Privacy Policy applies to personal data that we process when you use the Service. It does not apply to any links to third parties’ websites and/or services, such as third-party applications, that you may encounter when you use the Service. We encourage you to carefully familiarize yourself with privacy policies applicable to any websites and/or services operated by third parties. Please be aware that we are not responsible for privacy polices of any third parties.
By using the Service, you consent to the terms of this Privacy Policy and the collection, use and transfer of your personal data for processing in and outside the United States, in accordance with privacy practices described in therein. Where and as required, for sensitive personal information we will ask your explicit consent as described in this Privacy Policy.
We collect information that is necessary for the use and for adequate performance of the Service. The following information are collected from our users, in connection with registration or their use of the Service (each such user a ”Registered User”). That information may, in certain circumstances, constitute personal data.
E-mail address
First/Last Name
Date of Birth
Weight
Company
Address
Phone number
Shipping method
Items ordered
Discount information
Method of payment
Billing address
Payment information
Password
Your communications within our applications
Information related to pregnancy and general health, such as the first day of the last period, menstrual cycle, date of conception, audio recordings, estimated due date, activity goals and other health goals.
Moreover, if you contact us or participate in a survey, contest or promotion, we collect the information you submit such as your name, contact information and message of the correspondence.
If you use Facebook Connect to login, we collect the information you have made available in your public profile as well as your email address and a list of your friends.
Information relating to health, such as information about pregnancy, may constitute sensitive personal data. We process sensitive personal data to provide the Service to you and to the extent necessary or appropriate for compliance with relevant legal or contractual obligations. If the information we collect is health data or another special category of personal data subject to the European Union’s General Data Protection Regulation, we ask for your explicit consent to process that kind of data. We acquire this consent separately when you take actions resulting in our receiving the data, for instance when you use the menstrual calendar feature. You are not obliged to give your explicit consent and if you choose not to provide it certain features of the Service may not work properly or be fully unavailable. You can withdraw your consent at any time by using your account settings.
By using the Service and voluntarily providing us with personal data, including sensitive personal data, you are consenting to the processing of provided personal data in accordance with this Privacy Policy. If you provide personal data to the Service you acknowledge and agree that such personal data may be transferred to the servers of the authorized third parties we collaborate with and are referred to herein, located in and outside the United States.
You may choose to provide other information to help improve your experience or enable certain features of the Service. Also, while interacting with the Service, for example syncing your device with our application or software, we receive and store certain personally non-identifiable information and data recorded on your device such as your logs for exercise, sleep, steps taken, etc., which cannot presently be used to specifically identify you. Data recorded on your device is transferred from your device to cloud storage space we use. Bellabeat may store such information itself or such information may be included in databases maintained by Bellabeat affiliates and service providers, such as Google Cloud Platform.
If you purchase our products on our website, you provide your payment information, including your name, credit or debit card number, card expiration date, CVV code and billing address. We do not store this payment information. We store your delivery address to fulfil your order. Note that third-party payment processors may retain this information in accordance with their own privacy policies and terms.
The Service may automatically collect the following information from you that in certain circumstances may constitute personal data:
Service use event data such as which links or buttons you have clicked and the pages you have viewed;
Purchase transaction data;
The type of device you are using;
Unique mobile device ID such as Apple IDFA;
The IP address from which you access the Service;
Depending on your device settings, location data;
The name and version of the device operating system; and
Applications installed in a mobile device.
The logging technology used on the Site automatically collects the URL of the site from which you came and the site to which you are going when you leave the Site.
We may place a ”cookie” on the hard drive of the device that you use to access the Service. Cookies are text files that are saved on the hard drive of your device by means of your browser, enabling us to recognize your browser for purposes such as saving your preferences and directing relevant content to you. Most of the currently available browsers give you the option of managing cookies from your hard drive. We would like to remind you that if you completely disable cookies on your browser you might not be able to use some features of the Service. In all cases in which we use cookies we will not collect personal data except with your permission.
Google Analytics, a web analytics service provided by Google, Inc., is an element of the Site. By using cookies, Google Analytics collects and stores data such as time of visit, pages visited, time spent on each page of the website, the IP address, and the type of operating system used in the devices used to access the Service. By using the Google Analytics Opt-Out browser add-on provided by Google, you can opt out of Google Analytics. For more information on how Google uses collected information please visit https://policies.google.com/technologies/partner-sites.
Moreover, we use a service entitled Facebook Audience Insights, analytics tool provided by Facebook, Inc.. Facebook Insight analyzes, tracks, and distributes data collected in and through the Facebook pages of the Service for analytics and marketing purposes. For more information on how Facebook Audience Insights works please go to https://www.facebook.com/business/learn/facebook-audience-insights.
We use the data you provide for the following purposes:
To set up and maintain your registration with the Service;
To communicate with you;
To prevent and investigate fraud and other misuses;
To protect our rights and/or our property;
To operate and improve our products and services;
To manage the Service;
To provide features available in the Service;
To develop, improve, and protect the Service;
For market research;
To audit and analyze the Service; and
To ensure the technical functionality and security of the Service.
We use the data collected automatically for the following purposes:
To improve customer service;
To personalize user experience;
To run a promotion, contest, survey or other feature of the Service;
To manage the Service;
To provide features available in the Service;
To personalize the Service;
To develop, improve and protect the Service;
For market research;
To audit and analyze the Service; and
To ensure the technical functionality and security of the Service.
We do not sell, lease, rent or otherwise disclose the personal data relating to our users to third parties unless otherwise stated below/described at the time of consent.
The personal data collected in the Service may be disclosed in the following manner:
a) Personal data you provide to the Service:
We may disclose personal data you provide to the Service with the following categories of third parties:
– To service providers, such as payment processors and data storage service providers, which enable us to provide the Service to you;
– To public authorities, such as law enforcement or governmental authorities or authorized third parties, if and to the extent we are legally required or permitted to do so by law or if we need to protect our rights or the rights of third parties and if such disclosure is reasonably necessary;
– To our subsidiaries and affiliate or a subsequent owner, co-owner or operator of the Service and their advisor in connection with a corporate merger, consolidation, restructuring, the sale of substantially all our stock and/or assets, bankruptcy or other insolvency proceeding, or other corporate reorganization, in accordance with this Privacy Policy.
b) Data collected automatically:
The data collected automatically in the Service may be disclosed to the following categories of third parties:
– To service providers, such as data and marketing analysis companies;
– To public authorities, such as law enforcement or governmental authorities or authorized third parties, if and to the extent we are legally required or permitted to do so by law or if we need to protect our rights or the rights of third parties; and
– To our subsidiaries and affiliates or a subsequent owner, co-owner or operator of the Service and their advisors in connection with a corporate merger, consolidation, restructuring, or the sale of substantially all our stock and/or assets or other corporate reorganization, in accordance with this Privacy Policy.
Moreover, we may disclose information to third parties in an aggregate format that does not constitute personal data and does not allow the direct identification of individual users.
You may elect to share personal data about you from the Service with friends, family, or health professionals. You may also direct us to share personal data about you with other parties. For example, you might authorize us to link your Bellabeat account with a third-party app, send status updates to your social media account, or direct us to share personal data about you with other third parties at your request. Please note that once you direct us to share personal data about you with such third parties, the use of personal data about you by the third party is no longer governed by our Privacy Policy.
You can use the Service, for example visit websites, without providing any personal data. If you choose not to provide any personal information your usage of the Service may be limited or impossible.
Your browser may provide you with the option to send ”Do Not Track” signal to websites you visit. This signal is used to request that websites not send the requesting device cookies, but websites have no obligation to respond to such signal or to modify their operation. At the current time, the Site is not programmed to recognize ”Do Not Track” signals so the Site will not treat you differently if we receive such signals from your browser, and we may not comply with ”Do Not Track” settings on your browser.
You have the following rights with respect to the personal data we hold about you:
– The right to know what personal data we hold about you: if you would like to know what personal data we hold about you please contact us at hi@bellabeat.com. We seek to promptly respond to your inquiry, respecting the legal deadlines when applicable. Moreover, if you are our Registered User, you can easily review the data that you have provided to the Service by logging in to the Service and reviewing your profile.
– The right to have incomplete, incorrect, outdated or unnecessary personal data corrected, deleted or updated: The easiest way to correct, delete or update the personal data you have provided to the Service is to log in to the Service and enter the necessary changes in the profile settings of the Service. If you have additional questions regarding the correction, deletion or updating of the personal data we hold about you, please contact us at hi@bellabeat.com.
– The right to opt out of receiving electronic direct marketing communications from us: All electronic direct marketing communications that you may receive from us, such as e-mail messages and SMS-messages, give you an option of not receiving such communications from us in the future. If you have any additional questions about electronic direct marketing received from us, please contact us at hi@bellabeat.com.
If you live in the European Economic Area you have legal rights as set out in the General Data Protection Regulation (”GDPR”) such as you can object to our processing of your information based on your legitimate interests or you can request restriction on our processing of your data in certain circumstances. You also have the right to lodge a complaint with your local data protection authority. If you have any additional questions and need assistance regarding your rights under the GDPR please contact us at hi@bellabeat.com. Your request will be taken into account in accordance with applicable law.
We keep your account information as long as your account exists because we need it to manage your account and provide the Service. We will keep your personal data if necessary to comply with our legal obligations. Other information, such as data received by syncing your device with the application, we keep until you use your account settings or tools to delete the data or your account because we need this information to secure you your individual statistics.
We take reasonable measures to protect personal data about you from unauthorized access or against loss, misuse and unauthorized access, disclosure, alteration or destruction by third parties by using a combination of technical, administrative and physical means. Despite these efforts to store personal data collected in and through the Service in a secure operating environment that is not available to the public we cannot guarantee the security of personal data during its transmission or its storage on our systems as no method of transmitting or storing data is completely secure. Further, while we attempt to ensure the integrity and security of personal data, we cannot guarantee that our security measures will prevent third-parties such as so-called hackers from illegally obtaining access to personal data. We do not warrant or represent that personal data about you will be protected against loss, misuse or alteration by third parties.
Some elements of the Service may be hosted on servers located in countries outside your home country, such as in the European Union (”EU”) or in the United States (”U.S.”). The laws applicable to the protection of personal data in such countries may be different from those applicable in your home country. By registering with the Service, you consent to personal data about you being transferred outside your home country.
Bellabeat participates in and has certified its compliance with the EU – U.S. Privacy Shield Framework (the ”Framework”). We are committed to subjecting all personal data received from the EU Member States to the Framework’s applicable Principles (Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability). If there is any conflict between the policies in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page please visit https://www.privacyshield.gov.
A violation of our commitment to Privacy Shield may be investigated by the Federal Trade Commission and/or the United States Department of Commerce. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including for purposes of meeting national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, Bellabeat commits to resolve complaints about your privacy and our collection or use of personal data about you.
Persons located in the EEA have certain rights under European law with respect to your personal data, as listed in the General Data Protection Regulation. If you wish to exercise your rights, please contact us via email at hi@bellabeat.com.
Bellabeat commits to resolve complaints about our collection or use of personal data about you. You can direct any questions about the use or disclosure of personal data about you to us at hi@bellabeat.com. We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of personal data about you within 30 days of receiving your complaint.
Bellabeat’s independent recourse mechanism for Privacy Shield complaints for use by EU individuals is JAMS. If you are unsatisfied with the resolution of your complaint, you may contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield for further information and assistance.
Bellabeat has further committed to cooperate with the panel established by the EU data protection authorities (”DPAs”) regarding unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs for more information or to file a complaint. The services of EU DPAs are provided at no cost to you. Under certain conditions, more fully described on the Privacy Shield website you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. These recourse mechanisms are available at no cost to you. Damages may be awarded in accordance with applicable law.
You must be at least sixteen (16) years of age to register to and use the Service. This Service is not directed to children under the age of thirteen (13). We do not intend to collect personal data from children under the age of thirteen (13). Parents and legal guardians who believe that their child has provided us with personal data through the Service and wishes that submitted data is deleted please contact us at hi@bellabeat.com.
From time to time we may change this Privacy Policy to harmonize it with changes in our privacy practices or for legal, regulatory or operational reasons. You can tell when changes have been made to the Privacy Policy by referring to the Last Updated legend on top of this page. If we materially change the ways in which we use and disclose personal data, we will post a notice in the Service and send an e-mail to our Registered Users. Your continued use of the Service following any changes to this Privacy Policy constitutes your acceptance of any such change made.
Should you have any questions regarding this Privacy Policy, your privacy as it relates to the use of the Service, or the protection of the personal data we hold about you, please contact us via e-mail at hi@bellabeat.com or by mail at Bella Software, Savska Cesta 32, 10 00 Zagreb, Croatia (for EU residents) or Bellabeat, Inc. 1390 Market Street, Suite 200 San Francisco, California 94102 USA. We seek to promptly resolve any concerns you may have.
By entering into this Agreement, You acknowledge and agree that during your Usage of the Application, Bellabeat inc. may, in its sole and absolute discretion, collect and store certain of your non- identifying data in connection with Your usage of the Application and information derived thereof (collectively with subsections (a) to (k) below, the “Collected Data “).
The Collected Data shall include the following, unless Bellabeat inc. updates this Agreement otherwise:
(a) The number of times you activated and/or actively used the Application each day.
(b) The frequency of recording any heart rate sounds while using the Application, by enabling your iPhone device’s microphone (the ” Records “), in different periods of time.
(c) How long were such Records (the number of seconds or minutes during which the iPhone’s microphone was enabled).
(d) The frequency of playing the Records in different periods of time and for how long (in seconds, minutes etc.).
(e) An internal numeric score derived from the data collected pursuant to (a) through (d).
(j) Customer support emails and ratings sent by You to the Bellabeat inc. support center.
* (f) Recordings shared by You when exporting the recording from the App are stored on Bellabeat inc. servers at no charge to You solely for Your benefit.
* (g) Did you enter any of the mother’s or baby’s name or the mother’s due date or week of pregnancy to the Record made or to its title; FOR THE REMOVAL OF ANY DOUBT, IT IS HEREBY CLARIFIED THAT Bellabeat inc. SHALL NOT SAVE NOR HOLD ANY RECORD OF ANY NAMES, DATES OR WEEK OF PREGNANCY COLLECTED UNDER THIS SUBSECTION (E) AND SHALL ONLY CHECK WHETHER SUCH DATA WAS ENTERED BY YOU OR NOT.
(i) Statistics of how many e-mails containing Records you sent in different periods of time. FOR THE REMOVAL OF ANY DOUBT, IT IS HEREBY CLARIFIED THAT Bellabeat inc. SHALL NOT SAVE NOR HOLD ANY RECORD OF ANY DATA COLLECTED UNDER THIS SUBSECTION (F), INCLUDING E-MAIL ADDRESSES OR E-MAIL CONTENT, EXCEPT FOR STATISTICAL DATA.
(j) The frequency of sharing Records on social networks in different periods of time. FOR THE REMOVAL OF ANY DOUBT, IT IS HEREBY CLARIFIED THAT Bellabeat inc. SHALL NOT SAVE NOR HOLD ANY RECORD OF ANY DATA COLLECTED UNDER THIS SUBSECTION (I), INCLUDING YOUR SOCIAL NETWORK’S ACCOUNT DETAILS, PHOTOS UPLOADED THERETO OR RECORDS’ DETAILS, EXCEPT AS SET FORTH IN THIS SECTION 6.
(k) Any other non-identifying technical information and statistics in connection with the Usage. For the avoidance of any doubt but notwithstanding anything to the contrary herein, Bellabeat inc. shall be entitled to use without limitation any non-identifying and/or aggregated information and Collected Data received, used or stored in connection with the Application. Bellabeat inc. represents and warrants that it shall not sell or otherwise transfer or assign the Collected Data or Content, or aggregated information to any third party, except when such third party provides Bellabeat inc. with storage, security or internal analytic services. Bellabeat inc. shall not collect or store the global unique identifier of Your device.
