1. WHO WE ARE
“We”, “us” or “our” means The Vita Coco Company Inc., a Delaware corporation with its principal place of business located at 250 Park Avenue South, Floor 7, New York, NY 10003, and all brands hereunder: Vita Coco, Ever & Ever, Runa, etc. For the purposes of certain data protection laws, including the EU General Data Protection Regulation and the UK General Data Protection Regulation (collectively, the “GDPR”), we act as controller for the personal data we gather through your use of our website.
If you have any questions, concerns or complaints regarding this Policy or our processing of your personal data or you wish to submit a request to exercise your rights as set out in Section 5, you can do so by contacting us via e-mail: firstname.lastname@example.org.
3. HOW WE COLLECT, USE AND DISCLOSE YOUR PERSONAL DATA
Personal data is defined as any information relating to an identified or identifiable natural person. Identifiable refers to identifiers (such as name, identification number, location data, etc.), that can be used to directly or indirectly identify a natural person. Personal data also includes the definitions of personal information, personally identifiable information, and comparable terms under any applicable data protection laws or regulations.
(a) The Categories of Personal Information We Collect
We may Process the following categories of personal data:
- Personal Information including Contact data: in the event you make use of the contact form, you will be asked to provide the following information: name, address, e-mail address, phone number, and any personal data that you choose to provide in the designated blank field (please do not provide us with any special/sensitive information, such as health information, information pertaining to criminal convictions, or credit card/account numbers). This is information that is provided directly by you.
- Personal Information including Profile data: If you create an account on our website, we collect the following data: name, telephone number, e-mail address, address, country, company name, job title, industry. This is information that is provided directly by you.
- Identifiers such as name: We collect personal data relating to your access requests to The Vita Coco Company Inc. resources, including sales inquiries, partner inquiries, and subscriptions to our newsletter. This category includes personal data such as name, telephone number, e-mail address, shipping and billing address, country. This is personal data provided directly by you.
- Commercial Information: Information regarding your transactions through our Service, including your “contact data,” as well as Customer Records Information such as credit/debit card number used to pay for goods and information regarding your purchase history. We collect this personal data when you provide it through your interactions with our Service.
- Characteristics of Protected Classifications such as age to determine permitted use of our services, including for permitting payments on our website. This is personal data that is provided directly by you.
- Geolocation data used to determine the applicability of regional legislation permitting the purchase of certain products based on your device’s location and for analytics and marketing purposes. This is personal data that is collected through your use of the website.
- Professional or employment-related information such as employer or workplace to determine any logistical requirements for shipping or delivery. This is personal data that is provided directly by you.
- Inferences such as product flavor or fragrance preference. This is personal data that is collected automatically through your use of our Service.
- Sensitive Personal Information, which may include government issued identification number; account login credentials; financial account, credit, or debit card information in combination with any required security or access code; and precise geolocation information. We process this data only as required to provide our services or process your employment applications. This personal data is provided directly by you.
Note that some of the above categories of personal data will be required in order to provide you with our services. By not providing such categories of personal data, we may not be able to fulfill your order.
(b) The Purposes for which We Collect Personal Data
We collect personal data for the purposes and subject to the lawful bases listed hereunder:
- In the event you use the contact form on our website, we will use your personal data—including any information contained in the communications you send to us—in order to reply to your query, via e-mail or telephone. If the GDPR applies, and (i) your query is related to a service we are providing to you, we process your personal data in order to perform our contract with you or (ii) where your query is general, on our legitimate interests to run a successful business and maintain a relationship with you.
- In the event you create a profile on our website or you provide us with transaction data, we collect your personal information in order to fulfill your requests, to provide you with our services and permit us to contact you. If the GDPR applies, we process your personal data to perform our contract with you and for receiving information and contacting you in this context. Otherwise, we rely on our legitimate interests to run a successful business and maintain a relationship with you.
- In the event you register for our newsletter, your e-mail address will be used in order to send you our newsletters, which may include invites to events, seminars, etc. organized by us. Additionally, we may collect certain analytics information about your interactions with our newsletter through the use of trackers contained within the newsletter. For more information regarding our use of online trackers, please see Section 8, below. Where required under local laws in the EEA/UK, we rely on your consent to do so.
- We Process your personal data for the purpose of supporting the website, mobile applications, advertising experience, and enhancing your user experience, which includes ensuring the security, availability, performance, capacity and health of these systems. If the GDPR applies, we rely on our legitimate interests in running a successful business and, where required by law, on your consent.
- We Process your personal data to enforce or exercise any rights that are available to us based on the applicable law, such as use for the establishment, exercise or defense of legal claims, to enforce any applicable terms and conditions and to protect or defend our rights, the rights of our users and others.
(c) How We May Disclose Personal Data
We will disclose your personal data to third party service providers for our legitimate business purposes or to perform our contract with you, as noted below:
- Identifiers such as name, shipping address, or billing address. For example, if we use a 3rd party carrier to deliver your order.
- Customer Records Information such as credit/debit card number used to pay for goods. For example, if we use a 3rdparty payment processor.
- Commercial Information. For example, your order detail will be required for a 3rdparty logistics provider to fulfill your order.
- Internet or other Electronic Network activity information such as your use of our website in terms of browsing and search history. 3rdparty monitoring services may be used to ensure operational effectiveness of our services and website as well as for analytics and marketing purposes. For example, we may disclose your information to service providers, including but not limited to:
- Candyspace as a website builder
- Lunar Solar Group as website builder
- Interesting Development as website builder;
- Amazon Web Services (AWS) as website host;
- Shopify as website host and eCommerce transactor;
- Wordpress as website host; and
- Google as a marketing and analytics provider.
- Professional or employment-related information. For example, if you place a subscription order for your work, office, etc., your employment-related information, such as work address, will be required by a 3rdparty delivery and logistics provider, including, but not limited to Resurge LLC, Ingram Micro, United States Postal Service, United Parcel Service, and Federal Express.
- We may disclose your personal data to professional advisors functioning as service providers that assist us in operating our business, such as auditors, law firms, or accounting firms.
- We may disclose your personal data to regulators, law enforcement agencies, public authorities, or any other relevant organizations: (i) in response to a legal obligation; (ii) if we have determined that it is necessary to disclose your personal data to comply with applicable law or any obligations thereunder, including cooperation with law enforcement, judicial orders, and regulatory inquiries; (iii) to protect the interests of, and ensure the safety and security, of us, our users, a third party or the public; (iv) to exercise or defend legal claims; and (v) to enforce our terms and conditions, other applicable terms of service, or other agreements.
- We may disclose your personal data to companies within our corporate family.
- We may disclose your personal data to a prospective buyer, seller, new owner, or other relevant third party as necessary while negotiating or in relation to a change of corporate control such as a restructuring, merger, assets or shares sale or purchase, other business transaction or re-organization or in connection with bankruptcy.
4. RETENTION OF YOUR DATA AND DELETION
Your personal information will not be kept for longer than is necessary for fulfilling the processing purposes listed in this Policy. Generally, we retain your information for as long as we have a relationship with you and, after our relationship with you has ended, if there is an ongoing business need to retain it. This includes retention to comply with our legal, regulatory, tax, accounting and/or billing and collection obligations, to resolve disputes, enforce our policies and establish, exercise and defend our rights and any claims. We broadly retain information for approximately 3 years after our relationship with you has ended, but this term may differ, based on our data retention policies and applicable laws.
If you stop using our services or if you delete your account with us, we will store your information in an aggregated and anonymized format; we may use this information indefinitely without further notice to you.
If you are a resident of California, you have certain rights with respect to the collection, use, transfer, and processing of your personal data provided by the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act. We reserve the right to limit these rights where permitted under applicable law, including where your identity cannot be reasonably verified or to the extent your rights adversely affect the rights and freedoms of others. To exercise any of the rights below, please contact us via the contact information below. Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information.
In the past 12 months, we have collected personal information from the categories identified in Section 3(a), which are described using the terms identified under the CCPA. We process these categories of personal information for the purposes identified in Section 3(b). Finally, we may disclose your personal information as described under section 3(c).
The terms ‘sell’ and ‘share’ have expanded definitions under the CCPA. For example, although we do not sell your information to third parties for monetary consideration, our use of tracking and analytics cookies may qualify as the sale or sharing of personal information for purposes of California law. In light of these expanded definitions, our use of tracking and analytics services may constitute the sale of the following categories of personal data as defined by California law and this Policy: identifiers; personal information, commercial information; and internet or similar networking activity. The categories of third parties to whom this information is sold or shared under the CCPA includes data analytics providers and advertising and marketing providers.
In the preceding 12 months, we have not collected or processed sensitive personal information, as defined under California law, for purposes not specifically authorized under California law.
In the preceding 12 months, we have not knowingly collected or processed personal information pertaining to children under the age of 18.
Individual Rights under California Law
If you are a California resident, you may be able to exercise certain rights in relation to your personal information:
- Right to Know About Personal Information Collected, Disclosed, Shared, or Sold
- Right to Know (Abbreviated Request): If you make a Right to Know (Abbreviated Request), you will receive the following information about you:
- Categories of personal information collected, sold, or shared;
- Categories of sources from which personal information is collected;
- Categories of third parties to whom the information is sold, shared or disclosed;
- Business or commercial purpose for collecting, sharing, or selling personal information;
- Categories of personal information disclosed for a business purpose and categories of persons to whom it was disclosed for a business purpose.
- Right to Know (Specific Pieces of Information Request): If you make a Right to Know (Specific Pieces of Information Request), you will receive the following information about you:
- Specific pieces of personal information collected about you.
There are certain exceptions to a consumer’s Right to Know. We will state in our response if an exception applies.
- Right of Deletion
- Right to Opt-Out of the Sale or Sharing of Personal Information
We recognize the Global Privacy Control. Your browser must be able to support the Global Privacy Control for us to recognize your opt-out preference signal.
Please note that opt-out choices may be stored via cookies. If you clear cookies, if your browser blocks cookies, or if you view the page from a different browser or device, your opt-out choice may no longer be logged or recognized.
For more information, please visit our Do Not Sell or Share My Information page.
- Right of Correction
If we maintain inaccurate personal information about you, you have the right to request that we correct the inaccurate personal information upon receipt of a verifiable request. This right is subject to certain exemptions. We will state in our response to your request if an exemption applies.
- Right to Limit Use and Disclosure of Sensitive Personal Information
- Right to Non-Discrimination
- Exercising Your California Privacy Rights.
- Email us at email@example.com. Please include your full name, email address and phone number associated with your use of the Service.
- Send us a letter to The Vita Coco Company, Inc., Attn: Privacy, 250 Park Ave. S., 7thFloor, New York, NY 10003 with your full name, email address and phone number associated with your use of the Service.
- Verifying Requests
Making a verifiable consumer request does not require you to create an account with us. However, we may require that you access a previously existing account where necessary to submit the request.
We will only use personal information provided in your request to verify your identity and will delete any information you provide after processing the request. We reserve the right to take additional steps as necessary to verify the identity of California consumers where we have reason to believe a request is fraudulent.
- Authorized Agents
6. UK AND EEA USER RIGHTS
If you are located in the EEA or the UK, you have certain rights in relation to your personal data:
- Access: You have the right to access personal data we hold about you, how we use it, and who we share it with.
- Portability: You have the right to receive a copy of the personal data we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.
- Correction: You have the right to correct any of your personal data we hold that is inaccurate.
- Erasure: In certain circumstance, you have the right to delete the personal data we hold about you.
- Restriction of processing to storage only: You have the right to require us to stop processing the personal data we hold about you, other than for storage purposes, in certain circumstances.
- Objection: You have the right to object to our processing of your personal data.
- Objection to marketing: You can object to marketing at any time by opting-out using the unsubscribe/ opt-out function displayed in our communications to you.
- Withdrawal of consent: Where we rely on consent to process your personal data, you have the right to withdraw this consent at any time by emailing us at firstname.lastname@example.org.
Please note that a number of these rights only apply in certain circumstances, and all of these rights may be limited by law. For example, where fulfilling your request would adversely affect other individuals or our trade secrets or intellectual property, where there are overriding public interests or where we are required by law to retain your personal data.
To exercise any of these rights, please contact us at email@example.com with specific attention to the Data Protection Officer. We will respond to requests to exercise these rights without undue delay and at least within one month (though this may be extended by a further two months in certain circumstances).
If you consider that our processing of your personal data infringes data protection laws, you have the right to lodge a complaint with a supervisory authority. You may do so in the EEA member state of your habitual residence, your place of work or the place of the alleged infringement or, in the UK, you can submit a complaint to Information Commissioner’s Office (ICO).
7. INTERNATIONAL TRANSFERS
As we are a company located in the United States (“US”), please note that your personal data will be transferred and stored in the US in order to provide our services to you, or if applicable, we will obtain your consent.
To the extent the GDPR applies, for transfers of data to third parties located outside the EEA or the UK, we rely on the European Commission’s standard contractual clauses for the transfer of personal data to third countries (the “Model Clauses”), supplemented by any equivalent contracts issued by the UK’s data protection authority (“ICO”), as relevant, unless the data transfer is to a country that has been determined by the European Commission or the ICO as applicable, to provide an adequate level of protection for individuals’ rights and freedoms for their personal data. Please contact our Data Protection Officer at firstname.lastname@example.org should you wish to examine a copy of the Model Clauses.
8. SOCIAL MEDIA PLUGINS AND COOKIES / DO NOT TRACK
(a) Cookie types:
- Session Cookies: Session cookies keep track of you or your information as you move from page to page within the website and are typically deleted once you close your browser.
- Persistent Cookies: Persistent cookies reside on your system and allow us to customize your experience if you leave and later return to the website. For example, persistent cookies may allow us to remember your preferences.
- Strictly necessary cookies: These cookies are essential to provide you with our website and its features. Without these cookies, our website would not function properly.
- Functional cookies: Functional cookies record information about choices you've made and allow us to tailor our website to you. When you continue to use or come back to our website, we can provide you with our services as you have asked for them to be provided. These cookies allow us to save your location preference if you have set your location, remember settings you have applied, such as layout, text size, preferences, and colors and store accessibility options.
- Analytics cookies: We use analytics cookies to analyze how our website is accessed, used or is performing in order to provide you with a better user experience and to maintain, operate and continually improve our website.
- Advertising and targeting cookies: We allow third parties, including advertising companies, to place advertising cookies on our website. These cookies enable such third parties to track your activity across various sites where they display ads and record your activities so they can show ads that they consider relevant to you as you browse the Internet. These cookies also allow us and third parties to know whether you have seen an ad or a type of ad, and how long it has been since you've last seen it. This information is used for frequency capping purposes, to help tailor the ads you see, and to measure the effectiveness of ads.
Social media cookies: We make use of social media plugins to direct you to our social media channels and to allow you to interact with our content. These social media channels are Facebook, Instagram, LinkedIn, Twitter, Google, Vimeo, TikTok, Snap, and Pinterest. In the event you click on the plugins, the social media service provider may collect personal data about you and may link this information to your existing profile on such social media. We are not responsible for the use of your personal data by such social media service providers. For your information only, please find below links to the services providers’ privacy policies (note these links may be changed from time to time by the relevant service provider):
- Facebook: http://facebook.com/about/privacy;
- Instagram: https://help.instagram.com/155833707900388;
- LinkedIn: http://linkedin.com/legal/privacy-policy;
- Twitter: http://twitter.com/privacy;
- Google+: https://www.google.com/intl/en/policies/privacy/;
- Vimeo: https://vimeo.com/privacy;
- Pinterest: http://policy.pinterest.com/en/privacy-policy.
(c) Controlling or deleting cookies:
In addition to the above, you may be able to configure your browser settings to use the website without some cookie functionalities. You can delete cookies manually or set your browser to automatically delete cookies on a pre-determined schedule. For example, in the Internet Explorer menu bar, select: Tools Internet OptionsBrowsing HistoryDelete to view manual and automatic options.
(d) Do Not Track Signals:
Some web browsers may transmit Do Not Track signals to websites with which the browser communicates, telling the site not to follow its online movements. Because of differences in how web browsers interpret this feature, it is not always clear whether website users intend for these signals to be transmitted, or whether they are even aware of them. Therefore, we currently do not respond to such Do Not Track signals. However, we do recognize GPC requests made by California Consumers, as discussed in the California Rights section, above.