PRIVACY POLICY
This Privacy Policy describes how your personal information is collected, used, and shared when you visit or make a purchase from www.banilausa.com (the “Site”) or participate in our Affiliate Program.
DATA CONTROLLER
The data controller responsible for your personal information is: Banila Co USA, 580 Broadway, Suite 705, New York, NY 10012, United States (email: hello@banilausa.com)
Chief Privacy Officer (CPO) / Data Protection Officer (DPO): hello@banilausa.com
PERSONAL INFORMATION WE COLLECT
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, we collect information about the pages or products you view, referring websites or search terms and how you interact with the Site.
We collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
When you make or attempt to make a purchase through the Site, we collect certain information, including your name, billing address, shipping address, payment information, email address, and phone number.
If you apply for or participate in our Affiliate Program, we may collect additional personal information (“Affiliate Information”), including:
- Social media account information (e.g., profile URL, username, engagement metrics)
- Country of residence, language, and audience demographics
- Contact details (e.g., email, messaging handles)
- Shipping information for product seeding
- Content such as images, videos, captions, and posts (“User Content”)
User Content may contain personal information but is also subject to separate contractual terms governing intellectual property and content usage.
- When we refer to “Personal Information,”, we include Device Information, Order Information, Affiliate Information.
HOW DO WE USE YOUR PERSONAL INFORMATION?
We use your Personal Information for business and commercial purposes, including to operate our Site, fulfill transactions, communicate with you, and manage our Affiliate Program.
Business purposes include:
- Order fulfillment
- Customer communication
- Security and fraud prevention
Commercial purposes include:
- Marketing and advertising
- Affiliate Program management
- Campaign performance analysis
We use Order Information to process transactions, fulfill orders, and communicate with you regarding your purchases.
We use Device Information to help screen for potential risk and fraud, and to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site).
We use Affiliate Information and User Content to:
- Administer and operate our Affiliate Program
- Provide products, rewards, or other benefits
- Communicate campaigns, opportunities, and updates
- Evaluate performance, engagement, and audience metrics
Subject to applicable agreements and permissions, we may use User Content for advertising, marketing, promotional, and commercial purposes across any media now known or later developed.
Where required by applicable law, we rely on your consent or our legitimate interests to collect, use, and process your Personal Information. We may also rely on your consent or applicable agreements to use User Content for marketing and promotional purposes.
For individuals located in the EEA or the United Kingdom, we process your Personal Information on the following legal bases, as applicable:
- To perform a contract with you (e.g., processing orders or managing your participation in the Affiliate Program)
- Based on your consent (e.g., for marketing communications or use of User Content where required)
- For our legitimate interests (e.g., improving our Site, fraud prevention, and analytics), provided such interests are not overridden by your rights
- To comply with legal obligations
SHARING YOUR PERSONAL INFORMATION
We share your Personal Information with third parties to operate our business, including:
- Service providers (e.g., hosting, logistics, payment processing)
- Advertising and marketing partners
- Social media platforms
- Analytics providers
For example, we use Shopify to power our online store--you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy. We also use Google Analytics to help us understand how our customers use the Site--you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
We may also disclose your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
SALE OR SHARING OF PERSONAL INFORMATION
We do not sell Personal Information for monetary consideration. However, certain disclosures of Personal Information for cross-context behavioral advertising or marketing purposes may constitute “sharing” under applicable U.S. privacy laws.
TARGETED ADVERTISING
We may use your Personal Information to provide targeted advertisements or marketing communications. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out via:
- Facebook: https://www.facebook.com/settings/?tab=ads
- Google: https://www.google.com/settings/ads/anonymous
- Digital Advertising Alliance: http://optout.aboutads.info/
CALIFORNIA PRIVACY RIGHTS
If you are a California resident, you may have the right to:
- Know the categories and specific pieces of personal information we collect, use, disclose, or share
- Request deletion of your personal information
- Request correction of inaccurate personal information
- Access your personal information in a portable format
- Opt out of the “sale” or “sharing” of personal information, as such terms are defined under California law
- Limit the use of sensitive personal information, if applicable
- Not to be discriminated against for exercising your rights
You may exercise these rights by contacting us. You may also designate an authorized agent to make a request on your behalf, subject to verification requirements. Authorized agents must provide proof of authorization, and we may require verification of your identity prior to processing such requests.
You may also exercise your right to opt out of the “sale” or “sharing” of Personal Information by contacting us or by using a “Do Not Sell or Share My Personal Information[R김5.1]” link available on our website, where applicable.
We recognize and respond to Global Privacy Control (GPC) signals. If you enable GPC in your browser, we will treat it as a valid opt-out request for the sale or sharing of your personal information.
Residents of certain U.S. states may have additional rights under applicable privacy laws, including the right to opt out of targeted advertising or certain data processing activities. You may exercise such rights by contacting us.
INTERNATIONAL PRIVACY RIGHTS
If you are located in the European Economic Area (EEA), the United Kingdom, the Republic of Korea, Singapore, the Philippines, or Malaysia, you may have the right to access, correct, delete, restrict, or port your personal information, and to object to or withdraw consent from its processing, under applicable data protection laws. To exercise these rights, please contact us using the contact details below. You also have the right to lodge a complaint with the relevant supervisory authority in your country of residence.
If you are located in the Republic of Korea, where we provide your personal information to third parties, we will notify you of the recipient, purpose, items provided, and retention period, and obtain your separate consent prior to such provision, except as permitted by applicable law.
If you are located in Singapore and registered on the Do Not Call (DNC) Registry, we will not contact you for marketing purposes via voice call, text message, or fax unless you have provided clear and unambiguous consent.
If you are located in the Philippines, you may also lodge a complaint with the National Privacy Commission (NPC) at www.privacy.gov.ph.
SENSITIVE PERSONAL INFORMATION
We do not use or disclose sensitive personal information for purposes other than those permitted under applicable law.
DO NOT TRACK
We do not alter our Site’s data collection practices in response to Do Not Track signals.
CHILDREN
Our Affiliate Program is intended for individuals who are 18 years of age or older. We do not knowingly permit individuals under the age of 18 to participate in the Affiliate Program. If we become aware that a minor has registered for the Affiliate Program, we will terminate their participation and delete their Personal Information promptly.
With respect to general use of the Site, we do not knowingly collect Personal Information from children under the age of 13 without verifiable parental consent. If you have reason to believe that a child under the age of 13 has provided Personal Information to us without parental consent, please contact us and we will endeavor to delete that information from our databases.
For users between the ages of 13 and 15 located in the EEA or the United Kingdom, we will process their Personal Information only with the consent of a parent or legal guardian, in accordance with GDPR Article 8 and applicable member state laws.
DATA RETENTION
When you place an order through the Site, we will maintain your Order Information for our records unless and until you ask us to delete this information. We retain Personal Information for as long as necessary to fulfill the purposes described in this Privacy Policy.
Retention is based on:
- Duration of Program participation
- Business needs (e.g., marketing, analytics)
- Legal obligations (e.g., tax, compliance)
Shipping information collected for product seeding is retained only as necessary to fulfill delivery and resolve related issues and is deleted or anonymized thereafter where feasible.
We determine retention periods based on the nature of the information, the purposes for which it is processed, and applicable legal requirements.
INTERNATIONAL DATA TRANSFERS
Your Personal Information may be transferred to, stored, and processed in the Republic of Korea, where our affiliates and service providers operate. The Republic of Korea may have data protection laws that differ from those in your jurisdiction.
Where required under applicable data protection laws, we implement appropriate safeguards for international transfers of Personal Information, such as standard contractual clauses or equivalent legal mechanisms.
DATA BREACH NOTIFICATION
In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within the timeframe required by applicable law and, where required, notify affected individuals without undue delay.
CHANGES
We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.
CONTACT US
For more information about our privacy practices, please contact us by e-mail at hello@banilausa.com or by mail using the details provided below:
580 Broadway, suite 705, New York, NY, 10012, United States
