This Privacy Policy describes how Phresh LLC d/b/a Chi Universe (“we,” “us,” or “our”) collects, uses, and discloses your Personal Information when you access or make a purchase from our website, chiuniverse.com (the “Site”), access or make a purchase from our mobile application (the “App”), enroll in our yoga teacher training, subscribe to our newsletter, or otherwise access the various content, features, sales, or other services offered by us collectively, the “Services”).

By using the Services, you consent to and agree that we may collect, process, use, retain, share, and transfer your Personal Information as described in this Privacy Policy. We do not sell any Personal Information, as defined by California law. Thus, it is not necessary for you to opt-out of the sale of your Personal Information. Opt in for email is only for 18 and older. We do not collect data from Children on the App. 

Minors

No one under the age of 18 may provide any information to, on, or through the Services. We do not intentionally collect Personal Information from children. If we learn we have collected or received Personal Information from a child under 18 without verification of parental consent, we will delete that information. If you believe a child has provided us with Personal Information, please contact us at the address below to request deletion, or email us at chi@chiuniverse.com.  

This Privacy Policy supplements and is incorporated into our Terms of Service, which may be accessed here. By accessing, downloading, registering with, purchasing from, or otherwise using our Services, you agree to this Privacy Policy and our Terms of Service, including any updates thereto.

The security of your Personal Information is important to us. We make commercially reasonable efforts to secure and protect the privacy, accuracy, and reliability of your Personal Information and to protect it from loss, misuse, unauthorized access, disclosure, alteration, and destruction. As no data security protocol is impenetrable, we cannot guarantee the security of our systems or databases, nor can we guarantee that Personal Information we collect about you will not be breached, intercepted, destroyed, accessed, or otherwise disclosed without authorization. Accordingly, any information including your Personal Information is provided by you at your own risk.

Collecting Personal Information

When you access our Services, we collect certain information about your device, your interaction with the Site or App, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information that can uniquely identify an individual (including the information below) as “Personal Information.” See the list below for more information about what Personal Information we collect, to whom we may disclose it, and why.

• Device informationPurpose of collection: to load the Site or App accurately for you, and to perform analytics on Site or App usage to optimize our Site and App.
• Source of collection: Collected automatically when you access our Site or App using cookies, log files, web beacons, tags, or pixels.
• Disclosure for a business purpose: shared with our processor Shopify.

Order information

• Examples of Personal Information collected: name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number.
• Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
• Source of collection: collected from you.
• Disclosure for a business purpose: shared with our processor Shopify.

Customer support information

• Examples of Personal Information collected: Customer contact information, order details and device details if applicable.
• Purpose of collection: to provide customer support.
• Source of collection: collected from you.
• Disclosure for a business purpose: Not disclosed to any third party at the moment. It is handled internally to provide customer support.

 

Behavioral Advertising

As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:

• We use Google Analytics to help us understand how our customers use the Site and App. You can read more about how Google uses your Personal Information here: https://policies.google.com/privacy?hl=en.You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
• We use Kalvio to manage our customer subscriptions to keep them updated about our products and store news. We share information about your use of the Site and App, your purchases, and your interaction with our ads on other websites with our advertising partners. We collect and share some of this Personal Information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (which you may consent to, depending on your location).

For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt out of targeted advertising by visiting:

• FACEBOOK - https://www.facebook.com/settings/?tab=ads
• GOOGLE - https://www.google.com/settings/ads/anonymous
• BING - https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
• Members of the Digital Advertising Alliance - http://optout.aboutads.info/
• Members of the Network Advertising Initiative - https://optout.networkadvertising.org/?c=1

Sharing Personal Information

Service Providers and Contractors

We share your Personal Information with service providers to help us provide our Services and fulfill our contracts with you, as described above. For example:

• We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
• We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
• We use Kalvio to send new product updates, store news and other marketing material to exclusively subscribed customers for our emails.
• We may share your Personal Information with shipping services to enable them to deliver the products you order.

Other Interests

We may also share your Personal Information:

• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us is among the assets transferred.
• If we believe disclosure is necessary or appropriate to protect the rights, property, safety or vital interests (life, health, or safety) of our company, our customers, or others including by exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
• When we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or other harm or in connection with an investigation of suspected or actual illegal activity including illegal activity perpetrated through the Services or using our name.
• To respond to legal requests, such as subpoenas or court orders, or in compliance with applicable laws. We generally do not disclose user information unless we have a good faith belief that an information request by law enforcement or private litigants meets applicable legal standards. This may include sharing information with other companies, lawyers, agents, or government agencies. Nothing in this Policy is intended to limit any legal defenses or objections that you may have to a third party’s, including a government’s, request to disclose your Personal Information.
• With the public government, or other entity when it is aggregated such that it becomes non-personal information that does not identify any individual, thus removing it from the restrictions of this Privacy Policy.

 

Third-Party Information Collection

When you use our Services, certain third parties may use automatic information collection technologies to collect Personal Information about you or your device. These third parties may include:

• Your browser provider;
• Advertisers, ad networks, and ad servers;
• Analytics companies;
• Your mobile device manufacturer; and
• Your mobile service provider.

These third parties may also use tracking technologies to collect information about you when you use our Services. The information they collect may be associated with your Personal Information or they may collect information, including Personal Information, about your online activities over time and across different websites, apps, and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

Further, where links to the websites of other companies are available, we have no influence as to their function or content. As a result, we provide no guarantee nor assume any liability for the collection practices, tracking technologies, or website function and content of any third party. Any Personal Information accessed, collected, or otherwise used through these third-party collection practices, tracking technologies, and websites is always and solely the responsibility of the respective company. If you have any questions about a website, an advertisement, or other targeted content provided by a third party, you should contact the responsible provider directly.

 

Using Personal Information

We use your Personal Information to provide our Services to you, which includes: offering products for sale, processing payments, shipping and fulfillment of your order, and keeping you up to date on new products, services, and offers.

Lawful basis

Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your Personal Information under the following lawful bases:

• Your consent;
• The performance of the contract between you and us;
• Compliance with our legal obligations;
• To protect your vital interests;
• To perform a task carried out in the public interest;
• For our legitimate interests, which do not override your fundamental rights and freedoms.

Retention

When you access our Services, we will retain your Personal Information as long as it is necessary for the processing purpose in questions or in accordance with our data retention policy. We may retain your Personal Information for longer periods if required by law, if you give us your permission, or in case of a legal dispute in which your Personal Information may be used as evidence. For more information on your right of erasure, please see the ‘Your Rights’ section below.

Automatic decision-making

If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.

We DO engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.

Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.

Services that include elements of automated decision-making include:

• Temporary denylist of IP addresses associated with repeated failed transactions. This denylist persists for a small number of hours.
• Temporary denylist of credit cards associated with denylisted IP addresses. This denylist persists for a small number of days.

 

Your Rights

GDPR

Personal Information as used in this Privacy Policy is included in the term Personal Data as defined under the GDPR. Each capitalized term used, but not defined, in this section shall have the meaning given to such term in the GDPR. If you are a resident of the EEA or United Kingdom, your Personal Data will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: 

https://help.shopify.com/en/manual/your-account/privacy/GDPR.

Rights of European Union and United Kingdom Residents

If you are located in the European Union or the United Kingdom, you have certain rights regarding the Personal Data that we maintain about you, which in certain circumstances you will be able to exercise. The rights are as follows:

• Access. You may request a copy of the Personal Data that we maintain about you.
• Portability. If we maintain your Personal Data based on your consent or so that we can enter into or perform under a contract with you, you have the right to obtain your Personal Data from us that you consented to give us, that is necessary to enter into or perform the contract, or that is necessary to provide member benefits to you. We will give you your Personal Data in a structured, commonly used and machine-readable format.
• Correction. If you believe your Personal Data is incorrect, you may request that we correct, amend or delete your Personal Data that is inaccurate or incomplete.
• Deletion or Restriction of Processing. You may request that we erase or restrict the processing of your Personal Data.
• Object to Processing. You may object to the processing of your Personal Data in certain circumstances when we process your Personal Data for the purposes of our legitimate interests.
• Right to Complain. You have the right to file a complaint with a supervisory authority, in particular in the European member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your Personal Data infringes upon your rights.
• Withdraw Consent. If we are processing your Personal Data based on your consent to do so, you may withdraw that consent at any time.

You can unsubscribe to email messages by clicking the “unsubscribe” link at the bottom of the email. For other requests, please contact us via the contact information listed at the end of this document.

Collection of Personal Data

We only collect Personal Data that is reasonably necessary for us to provide our Services. Subject to applicable exceptions, we will obtain your Consent before collecting, using and disclosing your Personal Data for the specified purposes. In addition to circumstances in which you Consent to the use of your Personal Data, the Personal Data we collect may be used or processed where we have a legitimate interest in or other legal basis for processing such data.

The categories of your Personal Data we collect, purposes for which the Personal Data is or may be used, and with whom your Personal Data is disclosed is described above. If we need to process your Personal Data to fulfill or enter into a contract with you, failure to provide that Personal Data will mean that we cannot perform or enter into a contract with you. If we collect your Personal Data for one purpose and need to process it for a second purpose, we will provide you with specific notice at the time of collection regarding this secondary purpose to ensure fair and transparent processing before we engage in further processing.

Notice to Residents of Other Non-U.S. Countries

Our headquarters is in the United States. The Personal Information we or our service providers and contractors collect may be stored and processed in servers within or outside of the United States and wherever we and our service providers and contractors have facilities around the globe, and certain Personal Information may be accessible by persons or companies outside of the United States who provide services for us. As such, we and our service providers and contractors may transfer your Personal Data to, or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We will take reasonable steps to ensure that your Personal Information receives an adequate level of protection in the jurisdictions in which we process it.

If you are a resident of a country other than the United States, you acknowledge and consent to our collecting, transmitting, transferring, processing, storing, and otherwise using your Personal Information outside of the country in which you reside. Your acceptance of this Privacy Policy or use of our Site, App, or Services constitutes consent, either express or implied, to collect, use, and share your Personal Information as indicated herein.

CCPA

Each capitalized term used, but not defined, in this section shall have the meaning given to such term in the California Consumer Privacy Act of 2018 (“CCPA”). If you are a resident of California, you have the right to access the Personal Information we hold about you (also known as the ‘Right to Know’), to ask that your Personal Information be corrected, updated, or erased, and to opt out of the sale of your Personal Information. If you would like to exercise these rights, please contact us through chi@chiuniverse.com or call 424.259.2271. However, we do not sell any Personal Information, as defined by California law. Thus, it is not necessary for you to opt-out of the sale of your Personal Information. These rights do not apply to job applicants, employees, or business entities.

If you would like to designate an authorized agent to submit these requests on your behalf, please contact us at the address below.

Right of Access to Specific Information

You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable Consumer request, we will disclose to you:

• The categories of Personal Information we collected about you;
• The categories of sources for the Personal Information we collected about you;
• Our business or commercial purpose for collecting, sharing, or selling that Personal Information;
• The categories of third parties with whom we share that Personal Information;
• The specific pieces of Personal Information we collected about you (also called a data portability request) and provide a copy to you in an electronic or paper format; and
• The categories of Personal Information, if any, we disclosed for a business purpose to a third party.

Deletion Request Right

You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable Consumer request, we will delete (and direct our Contractors and Service Providers to delete) your Personal Information from our (and their) records, unless an exception applies (as described below).

As permitted by CCPA we may delete your Personal Information by (a) permanently and completely erasing the Personal Information on our existing systems with the exception of archived or back-up systems; (b) de-identifying the Personal Information; or, (c) aggregating the Personal Information.

We may deny your deletion request if retaining the information is necessary for us or one of our Contractors or Service Providers to:

• Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
• Debug products to identify and repair errors that impair existing intended functionality;
• Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
• Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
• Comply with a legal, regulatory or law enforcement obligation; or
• Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable Consumer request to us by calling using the contact information at the end of this Privacy Policy. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable Consumer request related to your Personal Information. You may only make a verifiable Consumer request for access or data portability twice within a 12-month period. To be verifiable, the Consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative of that person and
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm that the Personal Information relates to you. Making a verifiable Consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable Consumer request to verify the requestor's identity or authority to make the request.

Upon receiving a data access or deletion request from you, we will verify your identity based on the information we have on file for you. Upon verification of your identity, we will proceed to process your request (subject to the exceptions stated above).

We endeavor to confirm receipt of your request within ten (10) days of receiving it. We will respond to a verifiable Consumer request within forty-five (45) days of its receipt. If we require more time (up to an additional forty-five (45) days), we will inform you of the reason and extension period in writing.

We will deliver our written response via email to the email address associated with you or, if we are unable to determine your email address, via mail.

Any disclosures we provide will only cover the 12-month period preceding the verifiable Consumer request receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable Consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Please note that this right does not apply to business-to-business customers, employment applicants, or independent contractors to us, or if the disclosure of Personal Information is for purposes consistent with the California resident’s reasonable expectations, when considering the circumstances.

Non-Discrimination: We will not discriminate against you simply for exercising your rights under the CCPA.

Nevada Privacy Rights

If you are a Nevada resident who wishes to exercise your sale opt-out rights under Nevada Revised Statutes Chapter 603A may submit a request to the contact information listed at the end of this Privacy Policy. However, please know we do not currently sell data triggering that statute’s opt-out requirements.

 

Cookies

A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site or use our App. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the Site or App or browse from one page to another. Cookies also provide information on how people use the Site and App, for instance whether it’s their first time visiting or if they are a frequent visitor.

We use the following cookies to optimize your experience on our Site and through our App and to provide our Services.

Cookies Necessary for the Functioning of the Store

Name	Function
_ab	Used in connection with access to admin.
_secure_session_id	Used in connection with navigation through a storefront.
cart	Used in connection with shopping cart.
cart_sig	Used in connection with checkout.
cart_ts	Used in connection with checkout.
checkout_token	Used in connection with checkout.
secret	Used in connection with checkout.
secure_customer_sig	Used in connection with customer login.
storefront_digest	Used in connection with customer login.
_shopify_u	Used to facilitate updating customer account information.

 

Reporting and Analytics

Name	Function
_tracking_consent	Tracking preferences.
_landing_page	Track landing pages
_orig_referrer	Track landing pages
_s	Shopify analytics.
_shopify_fs	Shopify analytics.
_shopify_s	Shopify analytics.
_shopify_sa_p	Shopify analytics relating to marketing & referrals.
_shopify_sa_t	Shopify analytics relating to marketing & referrals.
_shopify_y	Shopify analytics.
_y	Shopify analytics.

 

The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.

You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as www.allaboutcookies.org.

Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioural Advertising” section above.

 

Do Not Track

Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.

Changes

We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.

Contact

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at bobbi@chiuniverse.com, by phone 1 (310) 880-1993, or by mail using the details provided below:

Phresh LLC 2328 Ocean Park Blvd #C, Santa Monica CA 90405, United States

https://chiuniverse.com/pages/ccpa-opt-out

Last updated: 6/22/2021