Privacy policy
This Privacy Policy describes how essuntial-us.com (the “Site” or “we”) collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site.
Privacy and data handling policy
"Amazon Information" means any information that is exposed by Amazon through the Marketplace APIs, Seller Central, or Amazon's public-facing websites. This data can be public or non-public, including Personally Identifiable Information about Amazon customers.
"Customer" means any person or entity who has purchased items or services from Amazon's public-facing websites.
"Seller" means any person or entity selling on Amazon's public-facing websites.
Unekorn LLC (referred to as “we” throughout this policy) is committed to protecting and respecting seller and customer privacy and keeping personal information secure. This policy applies to our websites i.e. essuntial-us.com and to our associated websites, including our other sites you visit to which this Privacy Policy is linked in the footer. All these websites are referred to as ‘our website’ in this policy.
This policy set out:
- details of the personal information that we may collect from you/Amazon (on your behalf);
- information about how we process, store, use, share, and dispose of your information (i.e. Data Protection and Privacy;
Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it.
Who is this policy addressed to?
When we refer to this policy as ‘User’ we are referring to a user of our services through our portal/ website.
Information we may collect from you
We may collect and process the following data about you:
1. On your behalf from E-commerce Channels (i.e. Amazon): We will collect information from E-commerce channels through API authorized by users on our portal/website. We only collect information that is required to process the data/information through our portal/website i.e. Order details, Invoice details, returns details, payment details, and tax-related details. We don’t collect the personal information of customers i.e. Name, Sex, Email id, Mobile no., address, etc. We strongly believe in the data privacy of your customers.
2. User company details/user details using our system and billing details of your organization
How we store/share/dispose your information (Data Protection and Privacy);
1. Data Governance. Our privacy and data handling policy governs the appropriate conduct and technical controls that are applied in managing and protecting information assets. We keep an inventory of software and physical assets (e.g. computers, mobile devices) with access to PII, and update regularly. A record of data processing activities such as specific data fields and how they are collected, processed, stored, used, shared, and disposed of for all PII Information should be maintained to establish accountability and compliance with regulations. We according to the privacy policy can rectify, erase, or stop sharing/processing the customers' information where applicable.
2. Encryption and Storage. All PII is encrypted at rest using industry best practice standards AES-256. The cryptographic materials (e.g., encryption/decryption keys) and cryptographic capabilities used for encryption of PII at rest are only accessible to the processes and services. PII is not stored in removable media (e.g., USB) or unsecured public cloud applications (e.g., public links made available through Google Drive). Any printed documents containing PII should be securely disposed of.
3. Least Privilege Principle. We have implemented fine-grained access control mechanisms to allow granting rights to any party using the Application (e.g., access to a specific set of data at its custody) and the Application's operators (e.g., access to specific configuration and maintenance APIs such as kill switches) following the principle of least privilege. Application sections or features that vend PII must be protected under a unique access role, and access should be granted on a "need-to-know" basis.
4. Logging and Monitoring. We gather logs to detect security-related events (e.g., access and authorization, intrusion attempts, configuration changes) to the Application and systems. We implements this logging mechanism on all channels (e.g., service APIs, storage-layer APIs, administrative dashboards) providing access to Amazon Information. All logs must have access controls to prevent any unauthorized access and tampering throughout their lifecycle. Logs themselves should not contain PII and must be retained for at least 90 days for reference in the case of a Security Incident. We have mechanisms to monitor the logs and all system activities to trigger investigative alarms on suspicious actions (e.g., multiple unauthorized calls, unexpected request rate and data retrieval volume, and access to canary data records). We should perform an investigation when monitoring alarms are triggered, and this should be documented in the Incident Response Plan.
5. Network Protection. We have implemented network protection controls to deny access to unauthorized IP addresses and public access must be restricted only to approved users.
6. Access Management. We assign a unique ID to each person with computer access to Amazon Information. Persons with access to data don’t create or use generic, shared, or default login credentials or user accounts. We review the list of people and services with access to Amazon Information on a regular basis (at least quarterly), and remove accounts that no longer require access. We restrict employees from storing Amazon data on personal devices. We will maintain and enforce "account lockout" by detecting anomalous usage patterns and log-in attempts, and disabling accounts with access to Amazon Information as needed.
7. Encryption in Transit. We encrypt all Amazon Information in transit (e.g. when the data traverses a network or is otherwise sent between hosts). This is accomplished using HTTP over TLS 1.2 (HTTPS). We enforce this security control on all applicable external endpoints used by customers as well as internal communication channels (e.g., data propagation channels among storage layer nodes, connections to external dependencies) and operational tooling. We disable communication channels that do not provide encryption in transit even if unused (e.g., removing the related dead code, configuring dependencies only with encrypted channels, and restricting access credentials to the use of encrypted channels). We use data message-level encryption where channel encryption (e.g., using TLS) terminates in untrusted multi-tenant hardware (e.g., untrusted proxies).
8. Incident Response Plan. We have and maintain a plan to detect and handle Security Incidents. Such a plan identifies the incident response roles and responsibilities, defines incident types that may impact Amazon, defines incident response procedures for defined incident types, and defines an escalation path and procedures to escalate Security Incidents to Amazon. We review and verify the plan every six (6) months and after any major infrastructure or system change. We investigate each Security Incident and document the incident description, remediation actions, and associated corrective process/system controls implemented to prevent future recurrence.
We will inform Amazon via email 3p.security@amazon.com within 24 hours of detecting any Security Incidents.
9. Request for Deletion or Return. We within no more than 72 hours after Amazon's request permanently, and securely delete (in accordance with industry-standard sanitization processes, e.g., NIST 800-88) or return Amazon Information upon and in accordance with Amazon's notice requiring deletion and/or return. We also permanently and securely delete all live (online or network accessible) instances of Amazon Information within 30 days after Amazon's notice.
Collecting Personal Information
When you visit the Site, we collect certain information about your device, your interaction with the Site, and the information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information that can uniquely identify an individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why.
Device information
- Examples of Personal Information collected: are the version of the web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.
- Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.
- Source of collection: Collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels
- Disclosure for a business purpose: shared with our processor Shopify
Order information
- Examples of Personal Information collected: name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number.
- Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
- Source of collection: collected from you.
- Disclosure for a business purpose: shared with our processor Shopify
Customer support information
- Purpose of collection: to provide customer support.
- Source of collection: collected from you.
Minors
The Site is not intended for individuals under the age of 13. We do not intentionally collect Personal Information from children. If you are the parent or guardian and believe your child has provided us with Personal Information, please contact us at the address below to request deletion.
Sharing Personal Information
We share your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above. For example:
- We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
- We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
Behavioural Advertising
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:
- We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://policies.google.com/privacy?hl=en.You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
- We share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our advertising partners. We collect and share some of this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (which you may consent to, depending on your location).
For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by:
[INCLUDE OPT-OUT LINKS FROM WHICHEVER SERVICES BEING USED. COMMON LINKS INCLUDE:
- FACEBOOK - https://www.facebook.com/settings/?tab=ads
- GOOGLE - https://www.google.com/settings/ads/anonymous
- BING - https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads]
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
Using Personal Information
We use your personal Information to provide our services to you, which includes: offering products for sale, processing payments, shipping and fulfillment of your order, and keeping you up to date on new products, services, and offers.
Lawful basis
Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:
- Your consent;
- The performance of the contract between you and the Site;
- Compliance with our legal obligations;
- To protect your vital interests;
- To perform a task carried out in the public interest;
- For our legitimate interests, which do not override your fundamental rights and freedoms.
Retention
When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of erasure, please see the ‘Your rights’ section below.
Automatic decision-making
If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.
We DO NOT engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.
Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.
Services that include elements of automated decision-making include:
- Temporary denylist of IP addresses associated with repeated failed transactions. This denylist persists for a small number of hours.
- Temporary denylist of credit cards associated with denylisted IP addresses. This denylist persists for a small number of days.
Your rights
CCPA
If you are a resident of California, you have the right to access the Personal Information we hold about you (also known as the ‘Right to Know’), to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below.
If you would like to designate an authorized agent to submit these requests on your behalf, please contact us at the address below.
Cookies
A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.
We use the following cookies to optimize your experience on our Site and to provide our services.
Cookies Necessary for the Functioning of the Store
| Name | Function |
|---|---|
| _ab | Used in connection with access to admin. |
| _secure_session_id | Used in connection with navigation through a storefront. |
| cart | Used in connection with shopping cart. |
| cart_sig | Used in connection with checkout. |
| cart_ts | Used in connection with checkout. |
| checkout_token | Used in connection with checkout. |
| secret | Used in connection with checkout. |
| secure_customer_sig | Used in connection with customer login. |
| storefront_digest | Used in connection with customer login. |
| _shopify_u | Used to facilitate updating customer account information. |
Reporting and Analytics
| Name | Function |
|---|---|
| _tracking_consent | Tracking preferences. |
| _landing_page | Track landing pages |
| _orig_referrer | Track landing pages |
| _s | Shopify analytics. |
| _shopify_s | Shopify analytics. |
| _shopify_sa_p | Shopify analytics relating to marketing & referrals. |
| _shopify_sa_t | Shopify analytics relating to marketing & referrals. |
| _shopify_y | Shopify analytics. |
| _y | Shopify analytics. |
[INSERT OTHER COOKIES OR TRACKING TECHNOLOGIES THAT YOU USE]
The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.
You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.
Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as www.allaboutcookies.org.
Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioural Advertising” section above.
Do Not Track
Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.
Changes
We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.
Contact
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at [email address] or by mail using the details provided below:
MZY LLC, 139 Rickey Blvd, # O, Bear DE 19701, United States
Last updated: 06/02/2023If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority. You can contact your local data protection authority, or our supervisory authority here: [ADD CONTACT INFORMATION OR WEBSITE FOR THE DATA PROTECTION AUTHORITY IN YOUR JURISDICTION. FOR EXAMPLE: https://ico.org.uk/make-a-complaint/]