Green Labs

Privacy Policy

The Green Labs Group INC

PRIVACY POLICY

June 2, 2021

The Green Labs Group INC. (“GL”, “us”, “we”, “our”) provides this “Privacy Policy” to inform our customers, website and app users (“you”) of our policies and procedures regarding the collection, use and disclosure of the personal information that we receive when you visit and use the www.greenlabs.io site and any websites owned and/or operated by GL (“Site” or collectively, the “Sites”), and when you use any of GL’s products, software or services (including Products, Services or Apps as defined in our Terms of Service). For ease of reading in this Privacy Policy, such websites, products, software and services (including the Sites, Products, Services and Apps) are referred to collectively as the “GL Services”. This Privacy Policy applies only to information provided to us when you use the GL Services.

For the purposes of the laws of European Union, including the General Data Protection Regulation (GDPR), we are the “data controller” of all personal information of individuals located in the European Economic Area (EEA) that are collected through the GL Services. 

In this Privacy Policy, we refer generally to your “personal information”, which means any data relating to you which identifies (such as your name) or could indirectly identify you (such as an identification number, or an online identifier).

Please read this Privacy Policy carefully to understand how we handle your personal information. By engaging with us in the ways set out in this Privacy Policy, you confirm that you have read and understood the entirety of this Privacy Policy, as it applies to you.

If you are a located in the EEA, you may have additional rights under GDPR, including the right to:

  1. ask us to stop using your personal information for direct-marketing purposes. If you exercise this right, we will stop using your personal information for this purpose; and
  2. ask us to consider any valid objections which you have to our use of your personal information where we process your personal information on the basis of our, or another person’s, legitimate interest.

If you are a California resident, you may be entitled to additional rights over your personal information. 

  1. CHANGES TO PRIVACY POLICY

This Privacy Policy may be updated from time to time to reflect changes to our personal information processing practices. If we make any material changes to the Privacy Policy, we will notify you by email or via the GL Services or other messaging systems, or by means of posting an updated version of this Privacy Policy on the Site. We encourage you to periodically review this page for the latest information on our privacy practices. Any modifications to this Privacy Policy will be effective upon our posting of the new terms and/or upon implementation of the new changes on the GL Service. In all of the above cases, your continued use of GL Services after any notice or posted modified Privacy Policy indicates that you have read and understood these changes.

  1. COLLECTION OF PERSONAL INFORMATION

You may provide us with your personal information voluntarily. However, we may also receive information about you from third parties such as our suppliers, contractors and consultants, business partners, which we refer to as “third party sources” or “suppliers” throughout this Privacy Policy. In the US, this also includes public and third party websites and public agencies. We may also collect personal information from you using a variety of technologies that automatically and passively collect information when you use our websites (usage data).

Depending on our relationship, we will collect and use your personal information in different ways. Please see the sub-headings below to find out more about the personal information that we collect about you and how we use this personal information

If you choose not to provide the personal data we request from you below, we may not be able to provide you with the products and/or services you have requested or otherwise fulfil the purpose(s) for which we have asked for the personal data unless they have been marked as optional (*).

  1. Visitors to our Sites

When you visit our Sites, we (or third parties on our behalf) may collect and use any of the following categories of personal information about you:

Type(s) of personal information

Business Purpose/activity

Our lawful basis for processing this personal information under GDPR (see section 5 for further details)

Browser type

We use this for analytics purposes to improve the functionality of our Sites

Legitimate interest

Browser IP address

a) We use this to identify you when you return to our Sites

a) Legitimate interest

b) When you have started a purchase journey for our Products, but abandoned your basket, we use this with other personal information to send you an abandoned basket email, so you can pick up where you left off to finish your purchase of our Products

b) Consent

Contact details (first and last name, email address)*

a) When you have started a purchase journey for our Products, but abandoned your basket, we use this with other personal information to send you an abandoned basket email, so you can pick up where you left off to finish your purchase of our Products

Legitimate interest

b) We collect this information where you have signed-up to join our mailing list (e.g. via a pop-up on our Sites) and will use it to send you email marketing. If you wish to stop receiving these emails, you can opt-out by changing your account settings or by clicking on an unsubscribe link in each such email

Consent

Usage data (mouse movements and clicks, keystroke data, video recording of all pages you visit on our Sites)*

We use this to improve our marketing and understanding of how our customers use our Sites so we can make improvements

Consent

Social media widgets data (e.g. IP address, data concerning which page you are visiting on our Sites, cookie data)*

Our Sites may include social media features, such as the Facebook “Like” button, Twitter “Follow” button, and widgets, such as the “Share This” button. We transfer this data to the third-party social media platform (as a joint controller with them), but any subsequent use of your personal information by the third-party social media platform will be governed by its own privacy policy which you should read carefully. We cannot be responsible for any personal information about you that is collected and stored by third parties.

Consent

Personal information you provide if you enter a survey, sweepstake, contest or other promotional activity, or attend an event (such as a trade show)

We use this to administer rewards, surveys, sweepstakes, contests, or other promotional activities or events sponsored or managed by GL or our business partners

Performance of a contract

Information provided when you correspond with us

We use this to deal with any enquiries or issues you have about our Products or Services and to provide customer support

Performance of a contract (including in order to take steps at the request of the visitor prior to entering into a contract)

 

  1. Other processing of your personal information

Whatever our relationship with you is, we may also collect, use and store your personal information for the following additional reasons:

  • to deal with any enquiries or issues you have about how we collect, store and use your personal information, or any requests made by you for a copy of the information we hold about you. If we do not have a contract with you, we may process your personal information for these purposes where it is in our legitimate interests for customer services purposes;
  • for internal corporate reporting, business administration, ensuring adequate insurance coverage for our business, ensuring the security of company facilities, research and development, and to identify and implement business efficiencies. We may process your personal information for these purposes where it is in our legitimate interests to do so;
  • to comply with any procedures, laws and regulations which apply to us – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others to comply, as well as where we are legally required to do so; and
  • to establish, exercise or defend our legal rights – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others, as well as where we are legally required to do so.
  1. COOKIES AND BEACONS

How We and Our Partners Use Cookies

Like many service providers, we collect certain information through the use of “cookies,” which are small text files that are saved by your browser or device when you access our GL Sites and Apps. We (and our third-party analytics providers, such as Google Analytics) may use both session cookies and persistent cookies to identify that you have logged into the GL Sites and Apps, and to tell us how and when you interact with GL Sites and Apps. We may use cookies to store your preferences and other information on your computer in order to save you time by eliminating the need to enter the same information repeatedly. We may also use cookies to monitor aggregate usage and web traffic routing on our Sites and Apps and to customize and improve GL Sites and Apps.

Unlike persistent cookies, session cookies are deleted when you log off from GL Sites and Apps and close your browser. Although most browsers automatically accept cookies, you can change your browser options to stop automatically accepting cookies or to prompt you before accepting cookies. The help section of your web browser, most likely found on the toolbar, typically tells you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Please note, however, that if you choose not to accept cookies, you may not be able to access all portions and/or features of GL Sites and Apps.

  1. BEHAVIORAL TARGETING / RE-TARGETING

We may partner with third-party advertising networks to either display advertising on GL Sites and Apps or to manage our advertising on other websites. We may and/or our advertising network partners may use cookies and web beacons to collect personal information about your activities on our Sites and other websites to provide you targeted advertising based upon your interests. Please note if you opt-out, this does not opt you out of being served advertising. You will continue to receive generic ads. GL does not collect personal information about an individual user’s online activities over time across third party web sites. Our Sites do not respond to your browser’s Do Not Track signal.

  1. OUR LEGAL BASIS FOR USING YOUR PERSONAL INFORMATION OF USERS LOCATED IN EEA

If you are located in the European Economic Area, we consider that the legal bases for using your personal information as set out in this Privacy Policy are as follows:

  1. a) our use of your personal information is necessary to perform our obligations under any contract with you or take steps to enter into a contract with you (for example, to sell our Products and provide you with GL Services, to fulfil an order which you place with us (make and receive payment) and provide customer services, ); or
  2. b) our use of your personal information is necessary for complying with our legal obligations (for example, if you contact us requesting access to personal information we hold about you); or
  3. c) where neither (a) nor (b) apply, use of your personal information is necessary for our legitimate interests or the legitimate interests of others (for example, to ensure the security of our Sites and Apps). Our legitimate interests are to:
  4. run, grow and develop our business and improve the GL Services;
  5. operate our Sites and Apps;

iii. carry out marketing, market research and business development;

  1. invest in and roll out new products to benefit the communities in which we operate; and
  2. for internal group administrative purposes.

We may process your personal information in some cases for marketing purposes on the basis of your consent (which you may withdraw at any time after giving it, as described below).

If we rely on your consent for us to use your personal information in a particular way, but you later change your mind, you may withdraw your consent by contacting us at [email protected] and we will stop doing so. However, if you withdraw your consent, this may impact the ability for us to be able to provide the GL Services that require use of your personal information for that relevant purpose.

  1. AGGREGATE AND NON-PERSONAL INFORMATION

GL may aggregate and analyze, non-personally-identifying information about the performance of GL Services. From time to time, GL may disclose and use aggregate and non-personally-identifying information for industry analysis, demographic profiling, marketing and advertising, and other business purposes, e.g., by reporting on trends in the usage of its devices, Sites or GL Services.

  1. DISCLOSURE TO THIRD PARTIES

We will not sell the personal information that you provide us. We do not provide personal information collected by GL Services to any third party for such third party’s direct marketing purposes.

We will share your personal information with the following categories of third parties:

  1. Our Service Providers. We may employ third-party companies and individuals to administer and provide GL Services on our behalf, (including, without limitation, bill and credit card payment processing, maintenance, administration, support, hosting, marketing (including email marketing) and database management services). These third parties may have access to your personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
  2. Compliance with Laws and Law Enforcement; Protection of Rights and Safety. GL cooperates with government and law enforcement officials and private parties to enforce and comply with the law. We will use, and disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to court orders), to protect the property and rights of GL or a third party, to enforce our legal agreements (including the Terms of Service, Terms of Use, Terms of Sale, End User License Agreement, and this Privacy Policy), to protect the safety of the public or any person, or to prevent or stop any activity we may consider to be, or to pose a risk of being, illegal, unethical, inappropriate or legally actionable.
  3. Business Transfers, Affiliates and Joint Ventures. GL may sell, transfer or otherwise share some or all of its assets, including your personal information, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy. We may share your personal information with our parent company, subsidiaries, joint ventures, or other companies under a common control that we may have now or in the future, in which case we will require them to honor this Privacy Policy.
  4. MINORS

GL takes children’s privacy seriously. Our GL Services are not directed to children under the legal age in your jurisdiction, and we do not knowingly collect personal information from children under the legal age in your jurisdiction. If you are under the legal age in your jurisdiction, please do not submit any personal information through our Sites or Apps without the consent and participation of a parent or guardian. If we learn that we have collected personal information from a child under the legal age in your jurisdiction we will take steps to delete such information from our files as soon as possible.

Please contact us at [email protected] if you are aware that we may have inadvertently collected personal information from a child under the legal age in your jurisdiction.

  1. INDIVIDUAL RIGHTS UNDER GDPR

If you are located in the European Economic Area, you have the following rights under GDPR:

  1. Right of access. You have a right of access to any personal information we hold about you. You can ask us for a copy of your personal information; confirmation whether your personal information is being used by us; details about how and why it is being used; and details of what safeguards are in place if we transfer your information outside of the European Economic Area (“EEA”).
  2. Right to rectify your information. You have a right to request the rectification of any of your personal information which is out of date or incorrect.
  3. Right to delete your information. You have a right to ask us to delete any personal information which we are holding about you in certain specific circumstances. You can ask us for further information on these specific circumstances by emailing us at [email protected].  
  4. Right to restrict use of your information: You have a right to ask us to restrict the way that we process your personal information in certain specific circumstances. You can ask us for further information on these specific circumstances by emailing us at [email protected].
  5. Right to stop marketing: You have a right to ask us to stop using your personal information for direct-marketing purposes. If you exercise this right, we will stop using your personal information for this purpose.
  6. Right to data portability: You have a right to ask us to provide your personal information to a third party provider of services. This only applies to your personal data that you have provided to us that we are processing with your consent and for the purposes of contract fulfilment, which is being processed by automated means. In such a case we will provide you with a copy of your data in a structured, commonly used and machine-readable format or (where technically feasible) we may transmit your data directly to a separate data controller.
  7. Right to object. You have a right to ask us to consider any valid objections which you have to our use of your personal information where we process your personal information on the basis of our or another person’s legitimate interest.
  8. Right to withdraw consent – where we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time. However, such withdrawal does not affect the lawfulness of the processing that occurred prior to such withdrawal.
  9. Where you are located in France: Right to provide us with instruction on the management of your data after your death. You have the right to provide us with instruction on the management of your personal data after your death.

We will consider all such requests and provide our response within a reasonable period (and in any event within one month of your request unless we tell you we are entitled to a longer period allowed by applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances, for example if we need to keep using the information to comply with our own legal obligations or to establish, exercise or defend legal claims.

If an exception applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make.

Please note that removing your personal information may limit our ability to provide GL Services to you. If you completely delete all such personal information, your account will be deactivated and you may lose access to the Services and your use of the Products.

  1. LINKS TO OTHER SITES AND SERVICES

GL Services may contain links to other websites or services. The fact that we link to a website or service is not an endorsement, authorization, or representation that we are affiliated with that third party. We do not exercise control over any third-party websites or services. Other websites and services follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit and services that you use.

  1. DATA RETENTION

We may retain an archived copy of your personal information as required by law or for legitimate business purposes. GL will retain personal information for as long as needed to provide you the GL Services, subject to this Privacy Policy. GL may retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

  1. SECURITY

The security of your personal information is important to us. We follow generally-accepted industry standards for the data and processing that we do, and take all reasonable steps to protect the personal information submitted to us, both during transmission and once we receive it, including without limitation:

(i) using encryption when collecting or transferring sensitive personal information;

(ii) limiting physical access to our premises;

(iii) limiting access to the personal information we collect about you;

(iv) ensuring that we have appropriate security safeguards to keep personal information secure; and

(v) where required by law, destroying or de-identifying personal information.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security. We will comply with all privacy laws and make any legally required disclosures regarding breaches of the security, confidentiality, or integrity of personal information consistent with our ability to determine the scope of a breach and our obligations to law enforcement.

  1. INTERNATIONAL TRANSFER

IMPORTANT: When you use GL Services, your data may be used, stored and/or access by staff operating outside the EEA such as the United States and possibly other countries, including Canada and Serbia, working for us, our partners or our suppliers. 

If we transfer any personal information about you outside of the EEA, we will take appropriate measures to ensure that we or the third-party recipient protects your personal information adequately in accordance with this Privacy Policy. These measures may include entering into European Commission approved standard contractual arrangements with them.

  1. COMPLAINTS

If you have a concern or complaint about how your personal information has been treated by us, you can contact us at [email protected].

In accordance with Article 77 of the General Data Protection Regulation, you may also make a complaint to the data protection regulator in the country where you usually live or work, or where an alleged infringement of the General Data Protection Regulation has taken place. In France, the data protection regulator is the Commission Nationale de l’Informatique et des Libertés (CNIL). In the UK, the data protection regulator is the Information Commissioner’s Office.

  1. PRIVACY NOTICE FOR CALIFORNIA RESIDENTS UNDER THE CALIFORNIA CONSUMER PRIVACY ACT

This Privacy Notice for California Residents is part of The Green Labs Group INC’s Privacy Policy and applies, in addition to the terms in the Privacy Policy, solely to residents of the State of California (“consumers” or “you”) in compliance with the California Consumer Privacy Act of 2018 (“CCPA”). 

CCPA allows California residents, upon a verifiable consumer request, to request that a business that collects consumer personal information give consumers access, in a portable and (if feasible) readily usable form, to the specific pieces and categories of personal information that the business has collected about the consumer, the categories of sources for that information, the business or commercial purposes for collecting the information, and the categories of third parties with which the information was shared. California residents also have the right to submit a request for deletion of information under certain circumstances.

We do not, and will not, sell your personal information. We collect, use and share your personal information as described below. 

COLLECTION, USE AND SHARING OF PERSONAL INFORMATION

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or household (“personal information”). We collect personal information from you when you use our website, mobile app or any of our products, software or services (together, “Services”). We obtain your personal information directly from you when you create your online or app account with us or use our Services or indirectly (e.g., through cookies or other tracking mechanisms). We also obtain your personal information from third parties that interact with us in connection with Services. In the preceding 12 months, we have collected and disclosed the following categories of consumer personal information:

Category

Examples

Identifiers.

Name, alias, online identifier, IP address, postal address, email address, account name.

Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

Name, physical characteristics or description, address, telephone number,  credit card number, debit card number, medical information, product and customer support inquiries.

Protected classification characteristics under California or federal law.

Age, race, color, veteran or military status.

Commercial information.

Records related to your purchases of our products or services, tendencies based on your order information, records related to survey, sweepstakes or contest entries.

Biometric information.

Face imagery, voice recordings, keystroke patterns

Internet or other similar network activity.

Browsing history, browser type, browser IP address, mouse and keystroke data, video recordings of the pages you visit on our sites and other electronic activity information collected through technologies like cookies, web beacons, social media widgets and browser web storage), log information, wi-fi

Geolocation data.

Physical location.

Inferences drawn from other personal information.

Profile reflecting a person’s preferences related to usage of our Services.

“Personal information” under the California Consumer Privacy Act does not include information that is

  • publicly available from government records;
  • de-identified or aggregated consumer information;
  • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; or
  • certain personal or financial information covered under certain sector-specific privacy laws.

ACCESS AND DATA PORTABILITY RIGHTS

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months, subject to certain exceptions. Once we receive and confirm your verifiable consumer request and unless an exception applies, we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we disclosed your personal information for a business purpose, a list specifying such disclosures, identifying the personal information categories that each category of recipient obtained.

DELETION REQUEST RIGHTS

You have the right to request that we delete your personal information, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  • Complete the transaction for which we collected the personal information, provide a product or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect and protect against security incidents, malicious, deceptive, fraudulent, or illegal activity or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise a right provided for by law.
  • Comply with the California Electronic Communications Privacy Act.
  • Engage in research in the public interest that adheres to applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Otherwise use the information internally in a lawful manner compatible with the context in which you provided the information.

EXERCISING ACCESS, DATA PORTABILITY AND DELETION RIGHTS

To exercise the access, data portability and deletion rights described above, you or your authorized agent can submit a verifiable consumer request by sending us an email to [email protected].  Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We may ask for additional information that will help us do so. We will only use that additional information in the verification process, and not for any other purpose. You do not have to create an account with us to submit a request.

RESPONSE TIMING AND FORMAT

We will respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.

We will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and capable of being transmitted by email.

We do not charge a fee to process or respond to your verifiable consumer request unless such request is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

NON-DISCRIMINATION

We do not, and will not, discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not deny you goods or services; charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; provide different quality of goods or services; or suggest you will receive a different price, rate, level, or quality of goods or services.

OTHER CALIFORNIA PRIVACY RIGHTS

California’s “Shine the Light” law (California Civil Code Section 1798.83) permits users of our Services that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please email us at [email protected].  

California law, CalOPPA (California Business & Professions Code Section 22575 (a)) requires us to let you know how we respond to web browser “Do Not Track” (DNT) signals. Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not honor Do Not Track requests at this time.