We are Goop Inc. Limited, a company registered in England with registered number 07733571 whose registered office is at Sargeant House, 15 Alcester Road, Studley, Warwickshire, England, B80 7AN (and we refer to ourselves as “we”, “us” or “our” in this document). We own and operate this “Website” (meaning the www.goop.com website) and any “App” (meaning applications that we provide for mobile devices, including, without limitation, Apple iOS and Android) on our own behalf.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
We will only keep your information for as long as we are either required to by law or as is relevant for the purposes for which it was collected.
Data We Collect
1. your title, name, date of birth, address, email address, telephone numbers, username, password and such other contact details as we require. This includes:
a. information provided at the time that you subscribe to our weekly journal or any other marketing or promotional communications that we make available from time to time;
b. information that you provide at the time of registering for an account to purchase Products via or through the Website. We may also store information relating to any Products that you purchase; and
c. any information (including your location, your handset type, your UDID (unique handset code), your e-mail address and your mobile phone number) you or your mobile device provides to us at the time that you download or install an App and each time you use an App to add value to your use of the App; and
2. payment information provided by you, for example, on placing an order for a Product available on the Website. This may include the last four digits of the credit or debit card with which you make your payment. However, the payment provider that we use will obtain all of your payment information in relation to an order that you place on the Website.
Why We Collect Your Personal Data
We use the information collected for the purpose of sending you our weekly journal and other information about us, the Website, Products and sales promotions, fulfilling any order for a Product that you make through or via the Website, to allow you to access any information or services that we may provide through an App, in case we have any queries and for our record keeping. We may also use that data to prove payment for a Product that you order through or via the Website and deliver that Product to you. We also use that data to inform you when a Product is about to be delivered.
We may pass your name and address on to a third party in order to make delivery of a Product that you order through or via the Website to you (for example, to our courier or supplier).
We may also use your data in order to manage the Website and an App, collect payment from you, detect fraud or Website or App abuses and send you information relevant to an App, the Website or the Products.
We also need your email address and other contact details, in particular, for sending you information relating to the Website and an App and the services we offer. This includes (without limitation) the following:
To allow you to go ahead and register for an account on the Website, which allows you to purchase Products. This may include sending an email to you to confirm your details, to give you initial information about the service we offer, and to enable you to commence ordering Products.
To respond to you over any queries you raise with us.
To give you a link to enable you to have a password resent to you if you tell us or the Website that you have forgotten it.
To record and track details of transactions you carry out through or via the Website and of the fulfilment of your orders.
To collect details of your visits to the Website and use of an App including, but not limited to, traffic data, location data, web blogs and other communication data, whether this is required for our own purposes or otherwise and the resources that you access.
To provide you with information, products or services that you request from us or which we feel may interest you.
To allow us and our suppliers to use your data, to provide you with information about goods and services which may be of interest to you.
Your Obligations as to Your Data
You must only submit to us, the Website or an App, information which is accurate and not misleading and you must keep it up-to-date and inform us of changes. You may do that through the “My Account” part of the Website or by email to email@example.com. By submitting data in respect of you and anyone else, you must ensure that you have full authority and consent to supply us with that data on their behalf and you warrant to us that you have that authority.
Third Parties & Links
We will disclose your personal data (including details of your credit or debit card or bank account) to our suppliers should you wish to make an order for a product or service made available by that supplier.
We may exchange information with third parties for the purposes of fraud protection and credit risk reduction.
We may transfer your data to other companies in our group.
We may transfer our databases containing your personal information if we sell, or discuss the sale of, our business or part of it to an actual or potential purchaser.
IP addresses and cookies
List of Cookies We Collect
The table below lists the cookies we collect and what information they store.
The association with your shopping cart.
Stores the category info on the page, that allows to display pages more quickly.
The items that you have in the Compare Products list.
Your preferred currency
An encrypted version of your customer id with the store.
An indicator if you are currently logged into the store.
An encrypted version of the customer group you belong to.
Stores the Customer Segment ID
A flag, which indicates whether caching is disabled or not.
You sesssion ID on the server.
Allows guests to edit their orders.
The last category you visited.
The most recent product you have viewed.
Indicates whether a new message has been received.
Indicates whether it is allowed to use cache.
A link to information about your cart and viewing history if you have asked the site.
The ID of any polls you have recently voted in.
Information on what polls you have voted on.
The items that you have recently compared.
Information on products you have emailed to friends.
The store view or language you have selected.
The products that you have recently viewed.
An encrypted list of products added to your Wishlist.
The number of items in your Wishlist.
Checks if session is still active.
Disable the signup modal window if it has already been displayed
Cookies Set By Google Analytics
Google Analytics sets the following cookies as described in the table below. A default configuration and use of Google Analytics sets only the first 4 cookies in the table.
This cookie is typically written to the browser upon the first visit to your site from that web browser. If the cookie has been deleted by the browser operator, and the browser subsequently visits your site, a new __utma cookie is written with a different unique ID. This cookie is used to determine unique visitors to your site and it is updated with each page view. Additionally, this cookie is provided with a unique ID that Google Analytics uses to ensure both the validity and accessibility of the cookie as an extra security measure.
2 years from set/update.
This cookie is used to establish and continue a user session with your site. When a user views a page on your site, the Google Analytics code attempts to update this cookie. If it does not find the cookie, a new one is written and a new session is established. Each time a user visits a different page on your site, this cookie is updated to expire in 30 minutes, thus continuing a single session for as long as user activity continues within 30-minute intervals. This cookie expires when a user pauses on a page on your site for longer than 30 minutes. You can modify the default length of a user session with the _setSessionCookieTimeout() method.
30 minutes from set/upd
Historically, this cookie operated in conjunction with the __utmb cookie to determine whether or not to establish a new session for the user. For backwards compatibility purposes with sites still using the urchin.js tracking code, this cookie will continue to be written and will expire when the user exits the browser. However, if you are debugging your site tracking and you use the ga.js tracking code, you should not interpret the existence of this cookie in relation to a new or expired session.
This cookie stores the type of referral used by the visitor to reach your site, whether via a direct method, a referring link, a website search, or a campaign such as an ad or an email link. It is used to calculate search engine traffic, ad campaigns and page navigation within your own site. The cookie is updated with each page view to your site.
6 months from set/update.
This cookie is not normally present in a default configuration of the tracking code. The __utmv cookie passes the information provided via the _setVar() method, which you use to create a custom user segment. This string is then passed to the Analytics servers in the GIF request URL via the utmcc parameter. This cookie is only written if you have added the _setVar() method for the tracking code on your website page.
2 years from set/update.
This cookie is used by Website Optimizer and only set when the Website Optimizer tracking code is installed and correctly configured for your pages. When the optimizer script executes, this cookie stores the variation this visitor is assigned to for each experiment, so the visitor has a consistent experience on your site. See the Website Optimizer Help Center for more information.
2 years from set/update.
If you agree to use Facebook Connect to register on our site, then we will try to access the following fields from your Facebook profile: Facebook User ID, First Name, Email, Date of Birth, Gender, Hometown and Current city. In case your privacy settings do not allow us to access this information, you will be able to provide it on a separate form. You do not need to modify your Facebook privacy settings to use this feature. These fields will be saved in our system and will not be shared with any third party.
Once retrieved, we will neither access this information from Facebook again nor attempt to keep it in sync with or accept any information sent by Facebook. You will have to make any change to your private information separately on Facebook and goop (via the "My Account" page). You are responsible for ensuring the data you provide to us via Facebook is accurate.
On completion of registration on goop using Facebook Connect a generic goop registration message will be posted to your profile. Your friends will be able to see this message.
Where we store your personal data
We have in place appropriate technical and security measures to prevent unauthorised or unlawful access to or accidental loss of or destruction or damage to your information.
We store your personal details on a secure server. We use industry standard security and firewalls on our servers. When we collect payment card details electronically, we use encryption by using a third party payment provider which will use encryption software. Whilst we are unable to guarantee 100% security, this makes it hard for a hacker to decrypt your details.
We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of your information. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you.
You are responsible for protecting against unauthorised access to your password and to your computer.
Any payment transactions will be encrypted in the payment information you provide to us to pass on to a third party to make an order for a product or service; the encryption will be completed by the third party payment provider who we use from time to time which will use encryption software. Where we have given you (or where you have chosen) a password which enables you to access an App or certain parts of the Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we will take reasonable steps to protect your personal data, we cannot guarantee the security of your data transmitted over the Internet; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
You have the right to ask us not to process your personal data to provide our weekly journal or marketing information about the Products, the Website or Apps. You can email us on firstname.lastname@example.org to make these changes, or follow the “unsubscribe” link in any marketing communication that we send to you by email. You can also make changes to your privacy settings at the “My Account” part of the Website. We will change what you receive within a reasonable time. However, changing your privacy settings may inhibit your ability to use the Website or receive any journal that we offer or use an App, so we do not recommend that you do this.
The Website and an App may, from time to time, contain links to and from the websites or mobile applications of suppliers, partner networks, advertisers and affiliates. If you follow a link to any of those websites or mobile applications, please note that those websites and mobile applications have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check those privacy policies before you submit any personal data to those websites or mobile applications.
You also consent to us (or third party advertisers working through the Website or an App) placing cookies on your hard drive or mobile device. You can turn these off if you want, through the settings on your browser. See the “IP addresses and cookies” section above. Please note that we will not place cookies on your hard drive by which you can be personally identified; if we do, we will ask for more, further, specific consent from you.