We are Goop Inc., a company registered in Delaware, USA with registered number 5406040 whose registered office is at 200 Park Avenue South, 8th Floor, New York, NY 10003. (and we refer to ourselves as “we”, “us” or “our” in this document). We own and operate this “Website” (meaning the www.goop.com website) and any “App” (meaning applications that we provide for mobile devices, including, without limitation, Apple iOS and Android) on our own behalf.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
We will only use your personal data in a way that is fair to you. We will only collect information where it is necessary for us to do so and we will only collect information if it is relevant to our dealings with you. We will only keep your information for as long as we are either required to by law or as is relevant for the purposes for which it was collected.
Data that we collect
1. your title, name, date of birth, address, email address, telephone numbers, username, password and such other contact details as we require. This includes:
a. information provided at the time that you subscribe to any newsletter or email or any other marketing or promotional communications that we make available from time to time;
b. information that you provide at the time of registering for an account to purchase Products via or through the Website. We may also store information relating to any Products that you purchase; and
c. any information (including your location, your handset type, your UDID (unique handset code), your e-mail address and your mobile phone number) you or your mobile device provides to us at the time that you download or install an App and each time you use an App to add value to your use of the App; and
2. payment information provided by you, for example, on placing an order for a Product available on the Website. This may include the last four digits of the credit or debit card with which you make your payment. However, the payment provider that we use will obtain all of your payment information in relation to an order that you place on the Website.
Why we collect your personal data
We use the information collected for the purpose of sending you emails to which you may subscribe and emails with or about other information about us as well as to properly make available to you the Website, Products and sales promotions, fulfilling any order for a Product that you make through or via the Website, to allow you to access any information or services that we may provide through an App, in case we have any queries and for our record keeping. We may also use that data to prove payment for a Product that you order through or via the Website and deliver that Product to you. We also use that data to inform you when a Product is about to be delivered.
We may pass your name and address on to a third party in order to make delivery of a Product that you order through or via the Website to you (for example, to our courier or supplier).
We may also use your data in order to manage the Website and an App, collect payment from you, detect fraud or Website or App abuses and send you information relevant to an App, the Website or the Products. We also need your email address and other contact details, in particular, for sending you information relating to the Website and an App and the services we offer. This includes (without limitation) the following:
1. To allow you to go ahead and register for an account on the Website, which allows you to purchase Products. This may include sending an email to you to confirm your details, to give you initial information about the service we offer, and to enable you to commence ordering Products.
2. To respond to you over any queries you raise with us.
3. To give you a link to enable you to have a password resent to you if you tell us or the Website that you have forgotten it.
4. To record and track details of transactions you carry out through or via the Website and of the fulfilment of your orders.
5. To collect details of your visits to the Website and use of an App including, but not limited to, traffic data, location data, web blogs and other communication data, whether this is required for our own purposes or otherwise and the resources that you access.
6. To provide you with information, products or services that you request from us or which we feel may interest you.
7. To allow us and our suppliers to use your data, to provide you with information about goods and services which may be of interest to you.
Your obligations as to your data
You must only submit to us, the Website or an App, information which is accurate and not misleading and you must keep it up-to-date and inform us of changes. You may do that through the “My Account” part of the Website or by email to firstname.lastname@example.org. By submitting data in respect of you and anyone else, you must ensure that you have full authority and consent to supply us with that data on their behalf and you warrant to us that you have that authority.
Third Parties and Links
We will disclose your personal data (including details of your credit or debit card or bank account) to our suppliers should you wish to make an order for a product or service made available by that supplier.
We may exchange information with third parties for the purposes of fraud protection and credit risk reduction.
We may transfer your data to other companies in our group.
We may transfer our databases containing your personal information if we sell, or discuss the sale of, our business or part of it to an actual or potential purchaser.
IP addresses and cookies
List of Cookies We Collect
The table below lists the cookies we collect and what information they store.
Cookies Set By Google Analytics Google Analytics sets the following cookies as described in the table below
Name Description __utma This cookie is typically written to the browser upon the first visit to your site from that web browser. If the cookie has been deleted by the browser operator, and the browser subsequently visits your site, a new __utma cookie is written with a different unique ID. This cookie is used to determine unique visitors to your site and it is updated with each page view. Additionally, this cookie is provided with a unique ID that Google Analytics uses to ensure both the validity and accessibility of the cookie as an extra security measure. __utmb This cookie is used to establish and continue a user session with your site. When a user views a page on your site, the Google Analytics code attempts to update this cookie. If it does not find the cookie, a new one is written and a new session is established. Each time a user visits a different page on your site, this cookie is updated to expire in 30 minutes, thus continuing a single session for as long as user activity continues within 30-minute intervals. This cookie expires when a user pauses on a page on your site for longer than 30 minutes. You can modify the default length of a user session with the _setSessionCookieTimeout() method. __utmc Historically, this cookie operated in conjunction with the __utmb cookie to determine whether or not to establish a new session for the user. For backwards compatibility purposes with sites still using the urchin.js tracking code, this cookie will continue to be written and will expire when the user exits the browser. However, if you are debugging your site tracking and you use the ga.js tracking code, you should not interpret the existence of this cookie in relation to a new or expired session. __utmz This cookie stores the type of referral used by the visitor to reach your site, whether via a direct method, a referring link, a website search, or a campaign such as an ad or an email link. It is used to calculate search engine traffic, ad campaigns and page navigation within your own site. The cookie is updated with each page view to your site. __utmv This cookie is not normally present in a default configuration of the tracking code. The __utmv cookie passes the information provided via the _setVar() method, which you use to create a custom user segment. This string is then passed to the Analytics servers in the GIF request URL via the utmcc parameter. This cookie is only written if you have added the _setVar() method for the tracking code on your website page.
Where we store your personal data
We have in place appropriate technical and security measures to prevent unauthorised or unlawful access to or accidental loss of or destruction or damage to your information.
We store your personal details on a secure server. We use industry standard security and firewalls on our servers. When we collect payment card details electronically, we use encryption by using a third party payment provider which will use encryption software. Whilst we are unable to guarantee 100% security, this makes it hard for a hacker to decrypt your details.
We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of your information. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you.
You are responsible for protecting against unauthorised access to your password and to your computer.
Any payment transactions will be encrypted in the payment information you provide to us to pass on to a third party to make an order for a product or service; the encryption will be completed by the third party payment provider who we use from time to time which will use encryption software. Where we have given you (or where you have chosen) a password which enables you to access an App or certain parts of the Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we will take reasonable steps to protect your personal data, we cannot guarantee the security of your data transmitted over the Internet; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
You have the right to ask us not to process your personal data, to provide information to you (whether by email or otherwise) or marketing information about the Products, the Website or Apps. You can email us email@example.com to make these changes, or follow the “unsubscribe” link in any marketing communication that we send to you by email. You can also make changes to your privacy settings at the “My Account” part of the Website. We will change what you receive within a reasonable time. However, changing your privacy settings may inhibit your ability to use the Website or receive any information or email that we offer or use an App, so we do not recommend that you do this.
You also consent to us (or third party advertisers working through the Website or an App) placing cookies on your hard drive or mobile device. You can turn these off if you want, through the settings on your browser. See the “IP addresses and cookies” section above. Please note that we will not place cookies on your hard drive by which you can be personally identified; if we do, we will ask for more, further, specific consent from you.