Privacy Policy

Introduction

At RITUALS, we respect and protect the privacy of every user who visits our webshop (www.ritualsussale.com) or engages with our services. This Privacy Policy outlines how we collect, use, store, and protect your personal data, in compliance with applicable data protection laws including the General Data Protection Regulation (GDPR) and the Modernization of Cosmetics Regulation Act (MOCRA) in the United States. By using our services, you acknowledge and consent to the practices described in this policy.

1. What Personal Data We Collect

We only collect personal data that is necessary for providing and improving our services, adhering to the principle of data minimization . The types of data we may collect include:
  • Identity & Contact Information: Name, email address (e.g., service@ritualsussale.com for communications), phone number, and shipping address (required for order fulfillment) .
  • Payment Information: Payment amount, payment method, and transaction details (processed securely through trusted third-party payment providers; we do not store full payment card information).
  • Usage Data: IP address, browser type, visit duration, pages viewed, and interaction with our webshop (to optimize user experience and service quality).
  • Sensitive Personal Data: We do not actively collect sensitive data (e.g., health information, biometrics) unless you voluntarily provide it. Any processing of such data will require your explicit, separate consent .

2. How We Use Your Personal Data

Your data is used solely for specific, legitimate purposes aligned with our services :
  • Fulfill and process your orders (including shipping, delivery tracking, and post-purchase support).
  • Provide customer service and respond to your inquiries (via email or other contact channels).
  • Ensure product safety and compliance with MOCRA requirements (e.g., maintaining records for FDA 备案 and facility registration) .
  • Improve our webshop, products, and services (based on usage patterns and feedback).
  • Send you relevant updates (e.g., order confirmations, return status, service announcements) – you may opt out of non-essential communications at any time.
We will never use your data for purposes unrelated to the above without obtaining your prior consent.

3. Data Storage & Security

  • Storage Limitation: We retain your personal data only for as long as necessary to fulfill the purposes stated herein, or as required by law (e.g., MOCRA mandates retaining adverse reaction records for up to six years) . After this period, your data will be securely deleted or anonymized.
  • Security Measures: We implement appropriate technical and organizational safeguards to protect your data against unauthorized access, disclosure, alteration, or loss . This includes encrypted data transmission, secure server storage, and regular security audits.
  • Data Breach Response: In the event of a potential data breach, we will immediately take remedial measures and notify relevant authorities and affected users as required by law .

4. Data Sharing & Disclosure

We do not sell, rent, or share your personal data with third parties for marketing purposes without your consent. We may share your data only in the following circumstances:
  • With trusted third-party service providers (e.g., payment processors, shipping carriers) who assist in fulfilling orders and providing services – these providers are bound by confidentiality agreements and may only use data for specified purposes.
  • To comply with legal obligations (e.g., responding to FDA inquiries, court orders, or regulatory requirements under MOCRA) .
  • To protect our legitimate business interests (e.g., preventing fraud, ensuring webshop security) or the safety of users and others .

5. Cross-Border Data Transfers

Your personal data may be transferred to countries outside your place of residence (including the United States, where our operations are based). We ensure all cross-border transfers comply with applicable laws (e.g., GDPR’s requirements for adequate protection) and implement appropriate safeguards (e.g., standard contractual clauses) to protect your data . By using our services, you consent to such transfers.

6. Your Data Rights

You have the following rights regarding your personal data, and we provide 便捷 mechanisms to exercise them:
  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Correction: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data (where legally permissible).
  • Right to Withdraw Consent: Withdraw consent for non-essential data processing at any time (without affecting the legality of prior processing) .
  • Right to Data Portability: Request your data in a structured, machine-readable format for transfer to another service provider.
To exercise these rights, please contact us at service@ritualsussale.com. We will respond to your request within a reasonable timeframe.

7. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal changes or service improvements. Any updates will be posted on this page with a clear notice. We encourage you to review this policy periodically to stay informed about how we protect your data.

8. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out to us: