CULT GAIA PRIVACY POLICY

Last Modified: March 11, 2024

Thank you for visiting the Cult Gaia website. We are committed to providing you a safe and personalized shopping experience. This commitment includes using your personal information to fulfill those goals and respecting
and protecting the privacy of your personal information.

This Privacy Policy explains how Cult Gaia (collectively, "Cult Gaia," "we," "us," or "our") collects, shares and processes your personal information. It applies to personal information we collect on this website located at www.cultgaia.com (the “Site”), any other website, mobile device application, social media Internet property or related services owned or operated by Cult Gaia that includes a link to this policy, and any other written, electronic, and oral communications with us (collectively, the “Services”). This Privacy Policy also explains how we may use your personal information, your choices and rights you may have depending on the applicable law in your jurisdiction.

This Privacy Policy does not apply to the personal information we collect from employees, contractors, job applicants, owners, directors or officers of the Company.

By accessing, visiting or using our Services, you acknowledge this Privacy Policy. If you are not comfortable with any part of this Policy, please immediately discontinue access or use of our Services.

For further information on how we process your personal information, please use the links below to jump to the listed section: 

1. PERSONAL INFORMATION WE COLLECT

2. HOW WE COLLECT PERSONAL INFORMATION

3. WHY WE COLLECT PERSONAL INFORMATION

4. INFORMATION WE SHARE

5. SECURITY

6. RETENTION

7. MANAGING COMMUNICATION PREFERENCES

8. YOUR CHOICES

9. LOCATION TRACKING

10. CHILDREN

11. THIRD PARTY WEBSITES

12. TRANSMISSION OF INFORMATION TO OTHER COUNTRIES

13. CHANGES TO THIS PRIVACY POLICY

14. ADDITIONAL NOTICE FOR CALIFORNIA RESIDENTS

15. ADDITIONAL NOTICE TO INDIVIDUALS IN CANADA

16. ADDITIONAL NOTICE TO INDIVIDUALS IN THE EEA, UK AND SWITZERLAND

17. HOW TO CONTACT US

1. PERSONAL INFORMATION WE COLLECT

Cult Gaia may collect personal information when you use our Services, create an account with us or submit personal information when requested with the Site. Personal information generally is any information that relates to you, identifies you personally or could be used to identify you, such as your name, email address, phone number, address and payment account number. The definition of personal information varies by jurisdiction. Only the definition that applies to you based on your location applies to you under this Privacy Policy. Personal information does not include data that has been irreversibly anonymized or aggregated so that it can no longer enable us, whether in combination with other information or otherwise, to identify you.

Cult Gaia may collect the following categories of personal information:

 - Identifiers, such as your name, postal address, shipping and billing address, unique personal identifiers, and email address.

 - Commercial Information, such as records of products and services purchased.

 - Internet or Other Network Activity, such as browsing or search history and information regarding your interactions with our websites, mobile applications, emails, or advertisements.

 - Device Information and Other Unique Identifiers, such as device identifier, internet protocol (IP) address, cookies, beacons, pixel tags, mobile ad identifier, or similar unique identifiers.

 - Financial Information, such as credit card number or debit card number to pay for parking services.

 - Geolocation Information, such as credit card number or debit card number to pay for parking services.

 - Other Information you voluntarily provide, such as web form responses and posts on the Services.

 - Inferences, such as profiles drawn from the above informational categories to create a profile about you reflecting your interests, preferences, characteristics, attitudes, or other personal characteristics.

We may also keep a record of your product interests and purchases online.  We collect the personal information described in this section only if you choose to share such information with Us. If you choose not to provide the personal information that we request, then we may not be able to respond to your or provide you with our Services, as permitted by law. 

We may also combine the information we collect from providing our Services and across your devices and use different technologies to process your information for the purposes described above. For example, we may use automated systems that analyze your account status and payment information to detect the unsafe and unsecured payment. We also may use automated systems to assess security of your account and provide you suggestions on how to improve the security of your account.

2. HOW WE COLLECT PERSONAL INFORMATION

We collect personal information about you in two main ways: (1) when you directly and voluntarily provide the information to us; and (2) when it is automatically collected through cookies and other technologies.

Directly From You

We collect the personal information you give us when you use our Services. This includes when you visit our Site, contact us regarding service inquiries, or place an order. You may also provide credit card information when you place an order.  You also share information when you post information on public areas of the Site, for example a customer review. This information may be collected and used by Cult Gaia, users of the Site, and the public generally. You may be able to communicate with us via a chat format on our Site. We strongly recommend that you do not post any information through the chat forum that you are not comfortable sharing. You may be able to sign up to receive communications about our Services through your mobile device by submitting your mobile telephone number online or by texting us. If you sign up for mobile communications, we may send you
autodialed marketing text messages about our products, services and promotions.

Location Data From Your Device

If you access the Site through a mobile device, we may also be able to identify the location of your mobile device. You may choose not to share your location details with us by adjusting your mobile device’s location services settings. For instructions on changing the relevant settings, please contact your service provider or device manufacturer.

By Automated Means

We may automatically collect personal information about you when you use the Site. For example, if you access the Site through a computer, we will automatically collect information such as your browser type and version, computer and connection information, Internet Protocol (“IP”) address and other identifiers associated with your device, domain name, location, language preferences, country settings, web browser characteristics, and device characteristics. We may also record the referring website or search engine that brought you to the Sites; the pages you visit on the Sites; the website you visit after the Sites; the ads you view or click on; your product interests and purchases; any search terms you have entered on the Sites or a referral site; and other web usage activity.

Personal information we collect through cookies and other technologies (such as web beacons (including pixels and tags), web server logs) helps us correct or supplement our records, improve the quality of our services to you, and prevent and detect fraud. A "cookie" is a text file that websites send to a visitor's computer or other Internet-connected device to uniquely identify the visitor's browser or to store information or settings in the browser. A "web beacon," also known as an Internet tag, pixel tag or clear GIF, links web pages to web servers and their cookies and may be used to transmit information collected through cookies back to a web server. The more information on the cookies we use on our Site, please see our Cookie Policy.

Third-party Automated Collection

We and our service providers use anonymous identifiers such as cookies and other technologies to collect and store certain types of information (e.g., click stream information, browser type, time and date, subject of advertisements clicked or scrolled over, hardware/software information, cookie and session ID) whenever
you interact with us or third-parties that use our services.

We also allow third-party companies (e.g., Google) to place tags on our digital properties once approved through our tagging process. The tags may collect information from your interactions on our Site. Our Privacy Policy does not cover these third party companies. Please contact these third-party companies (e.g., Google) directly for more information about their privacy policy and your choices regarding the tags and the information collected by the tags.

Social Media Widgets

Our sites and mobile application(s) include social media features.  These features may collect information about you such as your IP address and which page you are visiting on our site. They may set a cookie or employ other tracking technologies to accomplish this. Social media features and widgets may be hosted by a third-party. Your interactions with those features are governed by the privacy policies of the companies that provide them.

3. WHY WE COLLECT PERSONAL INFORMATION

Information we collect is used for a variety of purposes, including activities such as: processing transactions, helping our customer care representatives resolve issues, identifying fraud and improving our services. In addition, information we collect improves your experience by delivering more personalized interactions and advertising. Also
we use information we collect for reporting and analysis purposes. We examine metrics such as how you are shopping on our Site, the performance of our marketing efforts and your response to those marketing efforts.

We will only use your personal information as described in this Privacy Policy or as disclosed to you prior to such processing taking place.

a. To Provide Our Services. We will use your personal information to provide information or perform Services that you request, including to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase. If the applicable information is to be provided or Service is to be performed by a third party, then we will disclose the applicable information to the third party providing the information or performing applicable Services. All third parties that we work with are contractually obligated to protect your information as disclosed in this Privacy Policy.

Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us
to sell our products and services to you. Your credit card information is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall. If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.  All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.  For more information about Shopify’s processing of your personal information please see Shopify’s Terms of Service (https://www.shopify.com/legal/terms) and Privacy Statement
(https://www.shopify.com/legal/privacy). 

b. To Provide Service-Related Communications.We will send you administrative or account-related information to keep you updated about your account and the Services. Such communications may include information about Privacy Policy updates, confirmations of your account actions or transactions, security updates or tips or other relevant transaction-related information. We process your contact information to send you such communications. Service-related communications are not promotional in nature. You are unable to unsubscribe from such communications, otherwise you may miss important developments relating to your account or the Services.

c. To Provide Customer Support or Respond to You. We collect any information that you provide to us when you contact us. Without your personal information, we cannot respond to you or ensure your continued use and enjoyment of the Services.

d. To Provide Marketing Communications. If you have voluntarily provided your email address, phone number or other electronic addresses to us when subscribing to our marketing and early access communications, we may email you about products, services, and promotions that we believe may be of interest to you. When you no longer wish to receive these marketing messages from us, you can opt out at any time by following the instructions contained in each email you receive from us or contacting us via the methods specified in the “How to Contact Us” section below.

e. For Research and To Develop Our Services. We may process your personal information and derive analytical and statistical data to better understand the way you use and interact with our Services. For instance, analyzing where, on which types of devices and how our Site is used, how many visitors we receive, and where they click on the Site may help us improve our existing Services and to build new Services. Please see our Cookies and Other
Similar Tracking Technologies section for more information.

f. To Personalize Your Experience. We may process your information to personalize your experience. By personalization, we enable you to interact with our Services more easily across platforms and devices.

g. To Ensure the Security of the Services. We care about keeping you secure and safe while using our Services. Keeping you safe requires
us to process your personal information, such as your device information, activity information and other relevant information. We use such information to combat spam, malware, malicious activities or security risks; improve and enforce our security measures; and to monitor and verify your identity so that unauthorized users do not gain access to your information. We cannot ensure the security of our Services if we do not process your personal information for security
purposes.

h. To Enforce Compliance with Our Terms, Agreements or Policies. When you access or use our Services, you are bound to our Terms and Conditions. To ensure you comply with them, we process your personal information by actively monitoring, investigating, preventing and mitigating any alleged or actual prohibited, illicit or illegal activities on our Services. Subject to the applicable law, we may also process your personal information to: investigate, prevent or mitigate violations of our internal terms, agreements or policies and enforce our agreements with third parties and business partners.

i. To Facilitate Corporate Acquisitions, Mergers and Transactions. We may process any information regarding your account and your use of our Services as is necessary in the context of corporate acquisitions, mergers or other corporate transactions.

j. To Maintain Legal and Regulatory Compliance. Our Services are subject to certain laws and regulations which may require us to
process your personal information. For example, we process your personal information to pay our taxes, to fulfill our business obligations, ensure compliance with employment and recruitment laws or as necessary to manage risk
as required under applicable law. Without processing your personal information for such purposes, we cannot perform the Services in accordance with our legal
and regulatory requirements.

k. For Internal Use. We use your personal information for the purposes of furthering our business, including improving our Site’s content and functionality by analyzing where, on which types of devices and how our Site is used, how many visitors we receive, and where they click through to the Site
from. We also use it to remember you in case you re-visit our Site, so we will know if you have already been served with surveys, or (where Site content is undergoing testing) which version of the content you were served.

l. With Your Consent. For any other purpose disclosed to you prior to you providing us your personal information or which is reasonably necessary to provide the Services or other related services requested, with your permission or upon your direction.

4. INFORMATION WE SHARE

Other than sharing your personal information so that you can use our Services, or as required or permitted by law, we do not share personal information about you with non-affiliated third parties. We may share information to third parties as disclosed in this Privacy Policy, but we do not, and will not sell your personal information to third parties for money. We disclose your personal information as described below.

a. Our Corporate Organization. We may share some or all of your personal information with our subsidiaries and corporate affiliates, joint ventures, or other companies under common control with us. If you would like us to stop providing your information to our affiliates for their own marketing purposes, you may opt-out by emailing us at privacy@cultgaia.com. Please note, the above excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.

b. Third Parties. We may share your
personal information with third-party service providers acting on our behalf to help us operate our Services. Service providers and vendors provide us with support services such as credit card processing, website hosting, email and postal delivery, analytics services, conducting surveys and research, and performing network maintenance. These third parties can only use your data in accordance with our written instructions and must comply with the information security protections we have put in place.

c. Maintain Legal and Regulatory Compliance. We have the right to disclose your personal information as required by law, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator or any other legal process served on Cult Gaia. If there is a takeover, sale or purchase of our business, we may disclose your personal information to the new (or prospective) owner of the business.

d. Response to Subpoenas or Court Orders or to Protect Rights and to Comply with Our Policies. We may disclose personal information to government authorities or third parties if: (i) required to do so by law, or in response to law enforcement requests and legal processes, such as a subpoena or court order; (ii) comply with requests from auditors, examiners or other regulators; (iii) we believe in our sole discretion that disclosure is reasonably necessary to protect against fraud, to protect the property or other rights of us or other users, third parties or the public at large; or (iv) we believe that you have abused the Site by using it to attack other systems or to gain unauthorized access to any other system, to engage in spamming or otherwise to violate applicable laws. You should be aware that, following disclosure to any third party, your information may be accessible by others to the extent permitted or required by applicable law.

e. During Business Transfers; Bankruptcy. In the event of a merger, acquisition, bankruptcy or other sale of all or a portion of our assets, any personal information owned or controlled by us may be one of the assets transferred to third parties. We reserve the right, as part of this type of transaction, to transfer or assign personal information and other information
we have collected from users of the Services to buyers, service providers, advisors, potential transactional partners or other third parties in connection with the advisors, potential transactional partners or other third parties of a
corporate transaction. Other than to the extent ordered by a bankruptcy or other court, the use and disclosure of all transferred user information will be subject to this Privacy Policy. However, any
information you submit or that is collected after this type of transfer may be subject to a new privacy policy adopted by the successor entity.

f. Third Party Advertisers. In certain circumstances, and subject to the applicable law, we may share your personal information with third parties to market their products or services to you. If you would like us to stop providing your information to our third-party marketing partners, you may opt-out by emailing us at privacy@cultgaia.com. To learn more about your choices and rights, please review the “Your Choices” section below.

g. Co-Branded Services and Features. Portions of our Site or Services may be offered as part of co-branded services and features. We will share your personal information with our co-branded
partners based on your voluntary use of or participation in a co-branded service or feature. The co-branded partners will be identified on the co-branded feature or service, along with an applicable co-branded partner's privacy notice. Use of your personal information by a co-branded partner will be subject to a co-branded partner’s privacy notice. If you wish to opt-out of a co-branded partner’s future use of your personal information, you will need
to contact the co-branded partner directly.

h. Vital Interests. We may disclose information to any party where we believe it is necessary.

i. Consent. We may disclose your personal information for any purpose with your consent.

5. SECURITY

To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. If you provide us with your credit card information, the
information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption.  Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

Please recognize that protecting
your personal information is also your responsibility. We ask you to be responsible for safeguarding your password, secret questions and answers and other authentication information you use to access our Services. If you feel
that the security of your account or personal data has been compromised, please immediately contact us. Please be aware that, despite our best efforts, no security system is impenetrable. In the event of a security breach, we will promptly notify you and the proper authorities if required by law.

6. RETENTION

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your personal information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable
laws), resolve disputes and enforce our legal agreements and policies.

If you send us correspondence, including emails, we retain such information electronically in the records of your account. We will also electronically retain customer service correspondence and other correspondence from Cult Gaia
to you. We retain these records to measure and improve our customer service and to investigate potential fraud and violations. We may, over time, delete these records as permitted by law.

We will also retain Site and Services usage data for internal analysis purposes. Usage data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Site,
or we are legally obligated to retain this data for longer periods. We may also retain de-identified, aggregate Services usage data for internal analysis purposes.

7. MANAGING COMMUNICATION PREFERENCES

Marketing Communications

You can opt-out of receiving marketing communications from us. Direct marketing includes any communications to you that are only based on advertising or promoting our products and services. We will only contact you by electronic means based on our legitimate interests, as permitted by applicable law, or your consent.

You may unsubscribe from our
marketing emails. Please note that if you have already requested products or services when you decide to unsubscribe, there may be a short period of time for us to update your preferences and ensure that we honor your request. You can unsubscribe by emailing us at hello@cultgaia.com or click on the unsubscribe button on the in the marketing email we send you.  

For users in the European Economic
Area, the United Kingdom and Switzerland, to the extent we can rely on legitimate interest under the applicable law, we will only send you information about our Services that are similar to those which were the subject of a previous sale or negotiations of a sale to you. We will contact you by electronic means for marketing purposes only if you have consented to such
communication. You may raise such objections with regard to initial or further processing for purposes of direct marketing, at any time and free of charge.

Text Messages

You may elect to receive text messages from us. When you sign up to receive text messages, we will send you information about our store, new products, promotional offers and other updates. These messages may use information automatically collected based on
your actions while on our Site and may prompt messaging such as cart abandon messages (i.e., Cookies). To the extent you voluntarily opt to have text notifications sent directly to your mobile phone, we receive and store the information you provide, including your telephone number or when you read a text message. You may opt out of receiving text messages at any time by texting “STOP” to our text messages. To unsubscribe from SMS communications, follow the instructions in the message. For
more information about text messages, see our Terms and Conditions.

8. YOUR CHOICES

Depending on applicable law where you reside or are located, you may be able to assert certain rights identified below with respect to your personal information. Please refer to the “What Rights Apply” section to determine the rights you have in your jurisdiction. If any of the rights listed below are not provided to you under the law that governs the processing of your personal information, we have absolute discretion in providing you with those rights. Depending upon the applicable law, access to your rights under the applicable law may be denied: (a) when denial of access is required or authorized by law; (b) when granting access would have a negative impact on another's privacy; (c) to protect our rights and properties; or (d) where the request is frivolous or vexatious, or for other reasons.

a. Right to Know/Access. You may have the right to obtain a copy, or a list of categories of the personal information that we hold about you, as well as other supplementary information, such as the purposes of processing, and the entities to whom we disclose your personal information.

b. Right to Correct. You may have the right to correct any of your personal information in our records and systems. You may request us to rectify, correct or update any of your personal information held by us that is inaccurate.

c. Right to Delete. In certain jurisdictions, applicable law may give the right to request that we delete the personal information that we hold about you, subject to certain exceptions. This right is not absolute, and we may refuse such a request if there are compelling legitimate grounds for keeping
your personal information, for legitimate purposes, or as required by law. In addition, in the event your deletion request is honored, we may retain a record of your deletion request as required under applicable law.

d. Right to Portability. You may have the right to receive a copy of the personal information we have collected about you in a structured, commonly used and machine-readable format.

e. Right to Opt-Out Sale or Sharing for Targeted Advertising. You may have the right to opt-out of sale of your personal information.

f. Right to Opt-Out of Targeted Advertising. Like many websites, we use cookies, pixels, and similar technology, and we share certain personal information, such as your IP address or device identifiers, to certain third-party advertisers in order to improve your user experience and to optimize our marketing activities. You may have the right to direct us not to share your personal information for targeted advertising purposes.

g. Right to Limit Use and Disclosure of Sensitive Personal Information. If you are a California resident, to the extent your Sensitive Personal Information, as that terms is defined under California privacy law, is used to infer characteristic about you, you have the right to object to our processing of your Sensitive Personal Information.

h. Right to Opt-Out of Automated Decision-making or Profiling. You may have the right not to be subject to a decision which significantly impact your rights that is based solely on automated processing (where a decision is taken about you using an electronic system
without human involvement). No decision which has a significant impact on you will be made by us solely on the basis of automated decision-making.

i. Right Against Discrimination. You may have the right not to be discriminated against for exercising any of the rights described in this section. We will not discriminate against you for exercising your rights.

j. Right to Object. In certain jurisdiction, applicable law may give certain customers the right to object to processing of your personal information for direct marketing purposes or if we are processing your personal information on the basis of our legitimate interest.

k. Right to Restrict. In certain jurisdictions, applicable law may give you the right to restrict or object to us processing or transferring your personal information under certain circumstances. We may continue to
process your personal information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.

l. Right to Withdraw Consent. In certain jurisdictions, to the extent the processing of your Personal Information is based on your consent, you may withdraw your consent at any time. Your withdrawal will not affect the lawfulness of our processing based on consent before your withdrawal.

m. Right to Appeal. In certain jurisdictions, you may have the right to appeal if we refuse to take action on your rights request. Instructions on how to appeal will be provided to you upon such a denial, but in any event, such instructions will be substantially similar to those provided below for submitting requests.

n. Right to Lodge a Complaint. You may have the right to lodge a complaint with your local data protection authority about our processing of your personal information. Contact details for data protection authorities in the European Economic Area are available here, and contact details for the United Kingdom’s ICO are available here.

o. Shine the Light. If you are a California resident, you have the right to ask us for a notice describing what categories of personal information we share with third parties or corporate affiliates for those third parties’ or corporate affiliates’ direct marketing purposes. That notice will identify the categories of personal information shared with third parties and used for direct marketing purposes and the name and address of the third parties that received such personal information.

As noted above, depending on where you reside or are located at the time your personal information is collected, you may be able to assert certain rights with respect to your personal information. To determine which rights you have, please refer to the table below that references the rights as described
above. U.S. States not listed either do not have a law providing such rights, or it does not apply to our operations. If your country is not listed, please reach out for more information about your rights under the applicable law.

Submitting a Request to Exercise Your Rights

Right to Opt-out of Sharing/Sales. To the extent the applicable law provides you with the right to opt-out of the sale or sharing of your personal information for targeted advertising, you may exercise your right to opt-out rights by clicking here or by clicking the “Your Privacy Rights” in the footer of the website, or by switching the toggle to “OFF” under the “Sale of Personal Information through Cookies” tab.

California and Colorado residents may opt out by broadcasting an Opt-Out preference signal, such as the Global Privacy Control (GPC) (on the browsers and/or browser extensions that support such a signal). To download and use a browser supporting the GPC browser signal, go to: https://globalprivacycontrol.org/orgs. You will need to submit a separate opt-out of sharing request on each device and browser you use to visit our Site.  Please note that you may still receive generalized ads after opting out of targeted advertising.

If you would like us to make the connection between your browser and your account when you send the opt-out of “sale” / “sharing” of your request or GPC signal, and you have not yet opted out of “sale” / “sharing” your personal information, we recommend you advise of your opt-out choice by sending an email to us at privacy@cultgaia.com

Other Rights.  You may exercise your rights by emailing us at privacy@cultgaia.com with the subject line “Privacy Rights Request”.  In your request, please make clear which right you would like to exercise and identify your state and country of residence.  Once you have submitted your request, we will respond within the time frame permitted by the applicable law. Please note that we may charge a reasonable fee for multiple requests in the same 12-month period, as permitted by law.

Before fulfilling your request, we are required by law to have you to verify the personal information we already have on file to confirm your identity. If we cannot verify your identity based on the information we have on file, we may request
additional information from you, which we will only use to verify your
identity, and for security or fraud-prevention purposes.  

Depending on your state of residence in the U.S., you may use an authorized agent to submit a rights request on their behalf. If you use an authorized agent to submit requests on your behalf, we will require you to directly verify your identity with us, or have you directly
confirm with us that the authorized agent has been authorized to act on your behalf.

Depending on your state of residence in the U.S., you may appeal our decision to your request regarding your personal data. To do so, please email us at hello@cultgaia.com. We respond to all appeal requests as soon as we reasonably can, and no later than legally required.

9. LOCATION TRACKING

You may be able to adjust the settings of your device so that information about your physical location is not sent to us or third-parties by (a) disabling location services within the device settings; or (b) denying certain websites or mobile applications permission to access location information by changing the relevant preferences
and permissions in your mobile device or browser settings. Please note that your location may be derived from your WiFi, Bluetooth, and other device settings. See your device settings for more information.

10. CHILDREN

Our Services are not directed to, and we do not knowingly collect personal information from, children under the age of 18. If you are under 18, please do not attempt to fill out our forms or send any personal data about yourself to us. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such information from our files. Cult Gaia does not have knowledge that it sells or shares the Personal Information of consumers under 16 years of age.

11. THIRD PARTY WEBSITES

Our Site may contain links to third-party sites. This Privacy Policy does not apply to those third-party sites. We recommend that you read the privacy notice or privacy policy of any other sites that you visit as we are not responsible for the privacy practices of those sites.

12. TRANSMISSION OF INFORMATION TO OTHER COUNTRIES

Cult Gaia is located in the United States and our service providers may be located in the United States or other countries. When you access or use our Services, your personal information may be processed in the United States or any other country in which Cult Gaia, its affiliates, or service providers maintain facilities. Such countries or jurisdictions may have data protection laws that are less protective than the laws of the jurisdiction in which you reside.

We will take all the steps reasonably necessary to ensure that your personal information is treated
securely and in accordance with this Privacy Policy and no transfer of your personal information will take place to an organization or a country unless there are appropriate safeguards in place as required under the applicable data
protection laws. If you do not want your information transferred to or
processed or maintained outside of the country or jurisdiction where you are located, you should not use the Site or Services.

To the extent we transfer any EEA,
United Kingdom or Swiss personal information to another business, we transfer such data subject to appropriate safeguards as permitted under the data protection laws, including: (i) through
the use of standard contractual clauses approved by an appropriate regulatory authority, such as the European Commission or the U.K. Information Commissioner’s Office; (ii) an Article 49 derogations in specific situations; or (iii) any other compliant transfer mechanism. We may also rely on an adequacy decision of the appropriate regulatory authority confirming an adequate level of data protection in the jurisdiction of the party receiving the information.

13. CHANGES TO THIS PRIVACY POLICY

We may revise this privacy policy from time to time and will post the date it was last updated at the top of this Privacy Policy . We will provide additional notice to you if we make any changes that materially affect your privacy rights.

14. NOTICE OF FINANCIAL INCENTIVE

We offer our customers loyalty program (10% Off Program) that provides certain perks, such as rewards and special promotions. We may also provide other programs, such as sweepstakes, contests, newsletters, or other similar promotional campaigns (collectively, the “Programs”). When you sign up for one of our Programs, we will ask you to provide your name and contact information (such as email address and/or telephone number). Because
our Programs involve the collection of personal information, they might be interpreted as a “financial incentive” program under California law. The value of your personal information to us is related to the value of the free or discounted products or services, or other benefits that you obtain or that are
provided as part of the Program.

You may withdraw from participating in a Program at any
time by contacting us using the designated method set forth in the applicable Program terms. To learn more, please check out the Terms and Conditions for more information.

15. ADDITIONAL NOTICE FOR CALIFORNIA RESIDENTS

This section applies only to California residents. Pursuant to the California Consumer Privacy Act of 2018, as amended (“CCPA”), below is a summary for the last twelve (12) months of the personal information categories, as defined by California Civil Code section 1798.140 (o), that we collect, the reason we collect the personal information, where we obtain the personal information, and
the third parties that we may share the personal information.

Categories of Personal Information
We Collect and Our Purposes for Collection and Use

You can find a list of the categories of personal information that we collect in the “Personal Information We Collect” section above. For details regarding the sources from which we obtain personal information, please see the “How We Collect Your Personal Information” section above. We
collect and use personal information for the business or commercial purposes described in the “Why We Collect Your Personal Information” section above.

Categories of Personal Information
Disclosed and Categories of Recipients

We disclose the following categories of personal information for business or commercial purposes to the categories of recipients listed below:

- We disclose Identifiers with businesses, service providers, and third parties, such as advertising networks, analytics and social media networks.

- We disclose Device Information and Other Unique Identifiers with businesses, service providers, and third parties, such as advertising networks, analytics, and social media networks.

- We disclose Internet or Other Network Activity with businesses, service providers, and third parties, such as advertising networks, analytics, and social media networks.

- We disclose Geolocation Data with businesses, service providers, and third parties such as advertising networks, analytics, and social media.

- We disclose Financial Information with businesses and service providers who process payments.

- We disclose Commercial Information with businesses, service providers, and third parties, such as advertising networks, analytics, and social media networks.

- We disclose Inferences with businesses and service providers who help administer marketing and personalization.

Do Not Track Signals. Currently, we do not monitor or take any action with respect to Do Not Track signals or other mechanisms, which means that we collect information about your online activity both while you are using the Services and after you leave our Services.

16. ADDITIONAL NOTICE TO INDIVIDUALS IN CANADA

This Section provides additional information to individuals located in Canada at the time their personal information is collected by Cult Gaia. You may request details about our privacy practices, access or correct your personal information, or make a complaint by us by sending an email to privacy@cultgaia.com.  If you are not satisfied with our response to your inquiry, you may contact the Office of the Privacy Commissioner of Canada: 1-800-282-1376 (toll-free) or at priv.gc.ca.

17. ADDITIONAL NOTICE TO INDIVIDUALS IN THE EEA, UK AND SWITZERLAND

This section only applies to accessing our Service while located in the European Economic Area, the United Kingdom, or Switzerland (collectively, the “European Countries”) at the time personal information collection. Pursuant to the General Data Protection Regulation (GDPR), personal information is referred to as personal data. All capitalized terms in this Section have the meaning as defined in the General Data Protection Regulation (GDPR) and/or, as applicable, the Swiss Data Protection Act (including, but not limited to “Personal Data”, “Processing”, “Controller”, “Processor”, “Data Subject”, “Consent”).

We may ask you to identify which country you are located in when you use or access some of the Services, or we may rely on your IP address to identify the country that you are located in. When we rely on your IP address, we cannot apply the terms of this section to any individual that masks or otherwise hides their location information from us so as not to appear located in European Countries. If any terms in this section conflict with other terms contained in this Notice, the terms in this section shall apply to individuals in a European Country.

Our Relationship to You

The Controller for the Processing described in this Privacy Policy is Cult Gaia, 8111 Beverly Boulevard, Los Angeles, CA 90048. You can contact our Privacy Officer using: hello@cultgaia.com. 

Legal Bases for Processing Your
Personal Information 

The legal basis of our Processing of your Personal Data within the scope of application of the GDPR is as follows:

- Contract (Art. 6 (1) b GDPR), where we Process your purchase transactions (e.g. orders, exchanges and returns, shipping notifications) and answer your support and customer service requests as this is necessary for the performance of Our contract with you.

- Legitimate Interests (Art. 6 (1) f GDPR):

- In our legitimate interest in providing a secure Site user experience, we Process your Personal Data to administer our Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;

- For an appealing Site experience, we Process your Personal Data to allow you to participate in interactive features of our Site or our social media accounts, when you choose to do so;

- Responding to your comments and questions is part of our legitimate business interests in providing you with first class service;

- To protect our financial interests or to otherwise protect ourselves against fraud or unauthorized transactions, we
Process your Personal Data, e.g. we conduct credit card screenings, and perform monitoring to identify potential unauthorized users or hackers;

- Our legitimate interest in promoting our business is the purpose for Processing your Personal Data to facilitate any contests, sweepstakes, or promotions and process and deliver entries and rewards;

- To protect our rights and interests (e.g. protect the company against legal claims) we can use your data with, or otherwise distribute, share or disclose your Personal Data to any of the company’s professional advisors such as attorneys or accountants in order to facilitate their professional advice.

- Consent (Art. 6 (1) a GDPR):

- Unless consent is not required under applicable law, we send you promotional communication about Our products, services, offers, and events offered by Us and others, and provide news and information We think will be of interest to you only after you have consented to such communication. You can withdraw your consent at any time with future effect, e.g. by clicking the unsubscribe-link in each promotional email;

- We request your explicit consent to monitor and analyze your usage of our Services and advertising to understand their effectiveness, and to personalize your experience when you use our Services.

- We also request your consent to facilitate your use of various social media sharing features or other integrated tools (such as the Facebook “Like” button) which you may use as part of social media pages.

- Compliance with Legal Obligations (Art. 6 (1) c GDPR):

- We Process your Personal Data for compliance purposes as may be required by applicable laws or regulations or as requested by any judicial process or governmental agency (including without limitation for Company’s tax reporting) or as may be requested e.g. under any subpoena or court order.

Marketing 

We will only contact you if you are located in a European Country by electronic means (including email or SMS) based on our legitimate interests, as permitted by applicable law or your consent. If you do not want us to use your Personal Data in this way, please click the unsubscribe link at the bottom of any of our email messages to you or contact email us. You can object to direct marketing at any time and free of charge.

International Transfers

We may share your Personal Data with other businesses (including our group members, service providers or business partners, as described in this Notice), located in the European Countries, in the United States and/or otherwise in countries outside the European Countries which do not provide for an adequate level of data protection from an EU or Swiss law perspective. For such transfers, we will ensure that the recipients are subject to appropriate safeguards as permitted under the applicable data protection laws, e.g. by entering into appropriate data transfer agreements on the basis of EU standard contractual clauses issued by the Commission, or by reliance upon the Article 49 GDPR derogations or corresponding derogations under the Swiss Data Protection Act, as applicable.

18. HOW TO CONTACT US

If you have any questions or comments related to this Privacy Policy, contact our Privacy Compliance Officer at hello@cultgaia.com or contact by mail at: Cult Gaia,  Re: Privacy Compliance Officer, 8111 Beverly Boulevard, Los Angeles, CA 90048.