CosmEthics Privacy Policy

Last updated: 16th May 2018

1. Introduction

CosmEthics Ltd. ("we", "us") is committed to protecting and respecting your privacy. This Privacy Policy (together with our terms of use and any other documents referred to in it) applies to the CosmEthics mobile application (the "Application") and the related website located at www.cosmethics.com (the "Site") (the Site and the Application and other online and mobile products and services provided by us jointly the "Service") and sets out the basis on which any personal data we collect from you, or that you provide to us, will be handled by us.

In this Privacy Policy, the term "personal data" means information that relates to an identified or identifiable natural person. "Sensitive personal data" means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life.

We process sensitive personal data to the extent necessary or appropriate for providing the Service to you. If you for example provide us data about product ingredients you are allergic to, this data constitutes sensitive personal data. By accepting this Privacy Policy you give your consent to the processing of sensitive personal data in accordance with this Privacy Policy.

We know that you are concerned about how we use and disclose personal data. This Privacy Policy tells you about the ways in which we protect your privacy and personal data we process about you.

We wish to remind you that this Privacy Policy applies to personal data that we, CosmEthics Ltd, process when you use the Service. It does not apply to any links to third parties' websites and/or services, such as third-party applications or websites of any advertisers, payment providers, social media providers, any third- party websites providing information on product ingredients or websites of any third-party vendors / online stores or any other third parties which you may encounter when you use the Service. The collection, use and disclosure of any personal data by any third parties will be subject to such third parties' applicable privacy policies. We encourage you to carefully familiarize yourself with privacy policies applicable to any websites and/or services operated by third parties. Please be aware that we are not responsible for the privacy practices of any third parties.

BY USING THE SERVICE, YOU ACCEPT THE PRIVACY PRACTICES DESCRIBED IN THIS PRIVACY POLICY AND GIVE YOUR CONSENT TO THE PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH THE PRIVACY PRACTICES DESCRIBED HEREIN.

2. Special Notice regarding the Visibility of Your Data to Other Users

Please be aware that other users of the Service will be able to see certain personal data you have submitted to the Service, including for instance your name and photo if you have provided them to the Service (either by connecting the Service with your Facebook or other social media account or otherwise). Moreover, the contents of your Washbag and Wishlist in the Service, as well as any Alerts you create in the Service and any product comments and other content you may post in the interactive features of the Service, are visible to other users and can be associated with your user account. Therefore, please be careful when sharing information, and in particular personal data about you, in the Service. We urge you to be very careful when deciding to disclose your personal data, or any other information, on the Service.

We may also allow you to access third party services, such as Facebook, to share your selected content (such as the content of your Washbag, Wishlist or Alerts) with those services. Please be reminded that such social media features are governed by the respective privacy policy of the company providing the feature.

3. Information We May Collect

In this Section 3 we describe the personal data we collect.

(i) Data You Provide to the Service

When you use the Service, we collect information that you provide to us directly. For example, we collect information in the following circumstances: when you use our Application or visit our Site; when you register with the Service, either by providing us with your email address and other registration information or by registering with your Facebook account or other third-party account; when you participate in any interactive features of the Service; and when you otherwise communicate with us or via the Service.

The information you provide to us directly may include, without limitation, the following information that may, in certain circumstances, constitute personal data:

- Account information: Data that you provide to us in connection with your User Account / profile, such as name, e-mail address, user name, user ID, password, location, gender, birthday, relationship status, profile image, face skin type, body skin type, hair skin type, scalp skin type ;

- Subscribing to our Mailing List: if you subscribe to our mailing list, we collect your name and email address. In this context, we may also collect data concerning your device (as further described below) to serve you with more personalized emails;

- Promotions: Data that you may provide in connection with any promotions that may be an element of the Service. In particular, please note that the names of the persons to whom we have allocated prizes and names of any promotion winners may be made public in the Service, in our newsletter and in social media, such as on Facebook. Moreover, if you are entitled to a prize, we may request your address information in order to mail the prize to you;

- Data that you share via the Service: we collect data that you may share in the Service, such as data regarding the products that you have placed in your Washbag and Wishlist in the Service, Alerts you may create in the Service, data on your product and ingredient preferences, allergens, and postings in product comment fields and other interactive features of the Service; and

- Any other information you may want to share with us.

If you use a third party service, such as Facebook Connect, for signing into the Service, we may collect personal data, such as your user ID, name, photograph and e-mail address, which are available in accordance with the terms of service and the privacy settings of the third party service you use for signing into the Service. You may be able to control the types of personal data available in the profile of such third party services by adjusting the privacy settings available therein. We may also show your name and profile picture within the Service.

Moreover, if you contact us, a record of this correspondence may be kept.

Payment information related to transactions carried out in the Service is processed by a third party payment processor, such as Stripe, Apple Store or Google Play. Any information you provide to the payment processor is governed by the payment processor's privacy policy. We may change our payment processors in the future. Moreover, we wish to remind you that the Service includes links to websites of third parties, such as third-party online stores. If you enter into any transactions on such third-party sites, the collection, use and disclosure of any personal data (including any payment data) will be subject to such third parties' applicable privacy policies.

(ii) Data Collected Automatically

The Service may automatically collect the following information from the users that may, in certain circumstances, alone or in connection with other data, constitute personal data:

- Use data: When you use the Service, we may automatically collect and store certain information. For example, we log the products you scan and view, the frequency and type of products you choose to view, and other actions you perform while using the Service. We also collect details of your visits to the Service including, but not limited to, traffic data, weblogs and other communication data. We may also collect details of transactions you carry out through the Service.

- Device data: We collect information on the device you use to access the Service. This device data includes, without limitation, device manufacturer and type, information about the operating system of your device, the name of your carrier / internet service provider, connection type, device language, unique device identifiers and the Internet Protocol (IP) address from which you access the Service. Moreover, the logging technology used in the Service may automatically collect the URL of the site from which you came and the site to which you are going when you leave the Service.

- Cookies and other technologies: Technologies such as cookies, beacons, tags and scripts are used by us. These technologies are used to analyze trends, administer the Service, enable features on the Service, track users' movements around the Service and to gather demographic information about our users. We use technology created by third parties to enable such technological features, including for example affiliate links and other tracking technologies. We may place a "cookie" on the hard drive of the device that you use to access the Service. Cookies are text files that are saved on the hard drive of your device by means of your browser, enabling us to recognize your browser for purposes such as saving your preferences and directing relevant content to you. Most of the currently available browsers give you the option of managing cookies by, for example, disabling them entirely, accepting them individually, and deleting saved cookies from your hard drive. We would like to remind you that if you completely disable cookies on your browser, you might not be able to use some features of the Service.

- Google Analytics and Other Analytics Service Providers: We use Google Analytics for usage tracking. Google Analytics collects and stores data on your use of the Service, including without limitation time of visit, Site pages / Application screens visited or opened and for how long are they used, which buttons the user taps in the Application, the Internet Protocol (IP) address and information on the device used to access the Service . We may also use other third party data analytics service providers and affiliate tracking services, which help us understand usage patterns of the Service. We may permit these service providers to use cookies and other technologies to perform their services for us. Usage information and personal data are stored by such service providers and are subject to their privacy policies. On the date of this Privacy Policy we use the following data analytics service providers: Google Analytics, Mixpanel and Flurry. he current list of data analytics service providers we use in connection with the Service can be requested from us at any time by contacting us at privacy@cosmethics.com.

- Location data: We may collect, use and share location data, including the real-time geographic location of your device, in connection with your use of the Service, for example using satellite, cell phone tower or WiFi signals, or magnetic field based location technology. We use the location data to provide location-based services and content to you. By using the Service, you give your consent to the collection of location data.

4. The Purposes for Which We Use the Data

a) We use the personal data you provide to us directly for the following purposes:

- To set up and maintain your registration with the Service;
- To communicate with you;
- To prevent and investigate fraud and other misuses;
- To protect our rights and/or our property;
- To operate, develop, improve, manage and protect our Service;
- To provide features available in the Service, including without limitation your Washbag, Wishlist and Alerts. Moreover, if you select to purchase the "Curate My Washbag" feature in the Service, we use the data you have provided to recommend products to you;
- To personalize the Service;
- To audit and analyze the Service, including analyzing trends related to the use of the Service;
- To process any transactions you may enter into in the Service;
- For market research and direct electronic marketing in accordance with applicable law. For example, if you provide us with your email address you consent to receiving from us by email our newsletters and details of other special offers which we think may be of interest to you. You can opt-out at any time by following the instructions in Section 6 below; and
- To ensure the technical functionality and security of the Service.

b) We may use the data collected automatically for the following purposes:

- To manage the Service;
- To provide features available in the Service;
- To personalize the Service;
- To develop, improve, and protect the Service;
- For market research;
- To audit and analyze the Service, including analyzing trends related to the use of the Service;

and

- To ensure the technical functionality and security of the Service.

In particular, please note that we may use the information related to the products users add to the Washbag and Wishlist in the Service, the Alerts created, other data users provide in the Service, data on usage patterns, screening preferences, and other usage data for the purposes of providing and developing our products and services, for analyzing trends related to the Service, for market research and for other commercial purposes. For example, we may use such information to compile lists of most popular products or ingredients that are most commonly included in the Alerts users of the Service create.

5. How We Disclose Data

We do not disclose the personal data relating to our users to third parties unless otherwise stated below. The personal data collected in the Service may be disclosed in the following manner:

a) Personal data that you provide to us directly:

We may disclose personal data you provide to us directly with the following categories of third parties:

- To other users of the Service. In particular, please note that the contents of your Washbag and Wishlist in the Service as well as any Alerts you create in the Service and any product comments and other content you may post in the interactive features of the Service are visible to other users of the Service.

- To our advertising partners, in compliance with applicable laws;

- To service providers, such as payment processors and data storage service providers, which enable us to provide the Service to you;

- To public authorities, such as law enforcement, if we are legally required to so or if we need to protect our rights or the rights of third parties; and

- To our subsidiaries and affiliates; or a subsequent owner, co-owner or operator of the Service and their advisors in connection with a corporate merger, consolidation, restructuring, the sale of substantially all of our stock and/or assets, or in connection with bankruptcy proceedings, or other corporate reorganization, in accordance with this Privacy Policy.

b) Data collected automatically:

The data collected automatically in the Service may be disclosed to the following categories of third parties:

- To service providers, such as data analysis companies;

- To our advertising partners, in compliance with applicable laws;

- To public authorities, such as law enforcement, if we are legally required to do so or if we need to protect our rights or the rights of third parties; and

- Our subsidiaries and affiliates; or a subsequent owner, co-owner or operator of the Service and their advisors in connection with a corporate merger, consolidation, restructuring, the sale of substantially all of our stock and/or assets, or in connection with bankruptcy proceedings, or other corporate reorganization, in accordance with this Privacy Policy.

Moreover, we may disclose information to third parties in an aggregate and/or anonymized format that does not constitute personal data and does not allow the identification of individual users. For example, we may compile lists of most popular products or ingredients that are most commonly included in the Alerts users of the Service create, and we may use such information for commercial purposes.

6. Your Rights

You have the following rights with respect to the personal data we hold about you:

- The right to know what data we hold about you: If you would like to know what personal data we hold about you, please contact us by using the contact information provided below in Section 11. We seek to swiftly respond to your inquiry. We may charge a small processing fee if less than twelve (12) months has passed since your last inquiry relating to personal data we hold about you.

- The right to have incomplete, incorrect, outdated, or unnecessary personal data corrected, deleted, or updated. If you wish to make use of your rights stated above, or if you have additional questions regarding the correction, deletion, or updating of the personal data we hold about you, please contact us by using the contact information provided below in Section 11.

- The right to opt out of receiving electronic direct marketing communications from us: All electronic direct marketing communications that you may receive from us, such as e-mail messages and SMS-messages, give you an option of not receiving such communications from us in the future. If you have any additional questions about electronic direct marketing received from us, please contact us by using the contact information provided below in Section 11.

7. Data Security

The security of personal data is important to us. We take reasonable measures to protect personal data about you from unauthorized access or against loss, misuse or alteration by third parties. Despite these efforts to store personal data collected in and through the Service in a secure operating environment that is not available to the public, we cannot guarantee the security of personal data during its transmission or its storage on our systems. Further, while we attempt to ensure the integrity and security of personal data, we cannot guarantee that our security measures will prevent third-parties such as so-called hackers from illegally obtaining access to personal data. We do not warrant or represent that personal data about you will be protected against, loss, misuse, or alteration by third parties.

8. International Transfers of Personal Data

The Service or some elements of it may be hosted on servers located in countries outside your own country and in particular outside of the European Union and the European Economic Area. We may also use third party service providers and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to provide the service. These may be located at destinations outside your own country, in particular outside the European Union and the European Economic Area. The laws applicable to the protection of personal data in such countries may be different from those applicable in your home country. By using the Service, you consent to personal data about you being transferred outside your own country. In particular, if you are located within the European Union, you consent to your personal data being transferred outside of the European Union / the European Economic Area.

9. Children's Privacy

You must be at least eighteen (18) years of age to use the Service. In particular, the Service is not directed to children younger than thirteen (13) years of age. We do not intend to collect personal data from children under 13. If you are under 13, please do not use the Service and do not send any information about yourself to us.

10. Changes to the Privacy Policy

From time to time we may change this Privacy Policy. You can tell when changes have been made to the Privacy Policy by referring to the "Last Updated" legend on top of this page. Please review this Privacy Policy regularly to ensure that you are aware of any changes. If we materially change the ways in which we use and disclose personal data, we will post a notice in the Service. Your continued use of the Service following any changes to this Privacy Policy constitutes your acceptance of any such changes made.

11. Questions or Concerns?

Should you have any questions regarding this Privacy Policy, your privacy as it relates to the use of the Service, or the protection of the personal data we hold about you, please contact us via e-mail at privacy@cosmethics.com, or by mail at CosmEthics Ltd, Jääkärinkatu 5B B2 00150 Helsinki, Finland. We seek to swiftly resolve any concerns you may have.