1. INTRODUCTION


Rituals Cosmetics Enterprise B.V. (Keizersgracht 683, 1017 DW Amsterdam, The Netherlands) and our affiliated companies (hereinafter: “Rituals”, “we” or “us”) is committed to the proper handling of personal data, in accordance with applicable privacy laws (including where relevant the General Data Protection Regulation).

To ensure your privacy as far as possible, we adhere to the following core values:


  • Information:We inform you about why and how we collect and use your personal data. This is described in this Privacy Policy.

  • Limited collection:We inform you about why and how we collect and use your personal data. This is described in this Privacy Policy.

  • Security:We respect your rights under applicable privacy laws.

  • Individuals’ rights:: We respect your rights under applicable privacy laws (including the right to access, correct, or delete your personal data in accordance with such laws).


  • In this Privacy Policy (“Privacy Policy”) we describe how we (i) implement these core values to protect your privacy, (ii) how we collect, use, disclose and otherwise process your personal data, and (iii) about the rights and choices you have regarding such personal data. We strongly urge you to read this statement carefully, as it applies to our processing of personal data about customer and prospective customers, including purchasers of our products (“Products”), whether online or in one of our stores or via other Rituals’ points of sale, loyalty program members, visitors to our stores, and users who visit and access our websites, apps, or otherwise interact with us or use our services and applications (collectively referred to as: the "Services").



    Our use of the term “personal data” includes “personal information” and other similar terms as defined under applicable privacy laws.

    California residents. If you are a California resident, please be sure to review Section 13 “Information for California Residents” below for important information, as required by California privacy laws, about the categories of personal information we collect, use and disclose and your rights under California privacy laws.

    2. PERSONAL DATA WE COLLECT AND USE

    We collect personal data about you directly (such as when you buy our Products or provide information to us on and offline), automatically (such as when you access our website or use our services), and, in some cases, from third parties (such as social networks when you interact with us or discuss us on social media).



    In general, the personal data we collect about you include the following personal data: 
  • Your contact details. Your name, postal address and other contact details, such as your telephone number and e-mail address, and any other contact details you provide to us (including delivery address when you purchase our Products online).

  • Your electronic identification data, including personal data, and other information we collect automatically when you visit, use, and interact with our online website, apps and services (“Services”). For example, we collect data automatically including through cookies, IP address, app identifier, advertising ID, location information, browser type, device type, domain name, the website that led you to our website, the website to which you go after leaving our website, the dates and times you access our websites and online services, and the links you click and your other activities. We also may use pixels in HTML emails to understand if you read the emails we send to you, your interaction with the site and content (e.g. opening, clicking, reading, cursor-movement etc.), your interaction with our newsletter or with being confronted with online marketing advertisements of Rituals. We collect data automatically through your browser or device, by making use of cookies and other technologies to track visitors on the website (including web analytics), such as your IP address, MAC address, your browsing behavior, the Products and Services you like and the content of your abandoned shopping basket. You can review our Cookie Policy to find out more or click the Cookie Settings link in the footer of our websites to adjust your cookie preferences for our website (Please note that our websites do not recognize or respond to any signal which your browser might transmit through the so-called “Do Not Track” feature)...

  • Your account data. To complete your account at Rituals (“MyRituals”) online or instore via the onboarding application, we use your name, gender, email address, date of birth and other information you voluntarily provide to us, such as your phone number, favorite Rituals collection, additional interests and favorite categories or personal product advice (such as but not limited to soul wear, skincare, make up and haircare).

  • Your purchases in our stores. Only when you are a MyRituals member, we can link data from your purchases in our stores to your MyRituals profile based on the verification of your personal data at the counter that you provide (e.g., your MyRituals member card (number), email address and/or mobile telephone number), such as the amount and date of your purchases, the Product(s) or Service(s) you purchase, the location of the store, payment statuses, employee discount (if any), voucher code used (if any), gift with purchases (if applicable) and optional additional personal card or engraving data.

  • Your purchases online. To complete your online purchases via the official Rituals web shop or via other official social media-channels of Rituals, we use your name, gender, telephone number if you voluntarily provide this to us), delivery method and delivery address and all relevant information regarding your purchases, such as the amount and date of your purchases, the Product(s) or Service you purchase, the device through which you make your purchases, payment method, payment status, bank account details, (employee) discount, voucher code used (if any), gift with purchases (if applicable) and optional additional personal card or engraving data, delivery method and delivery address. In order to offer you third party partner payment methods, we might pass your personal data in the form of contact and order details to said third parties in the checkout process, in order for them to assess whether you qualify for their payment methods and to tailor those payment methods for you. Your personal data transferred is processed in line with the third party’s privacy notice. Please see this page for our payment partners.

  • Your personal data when using our Rituals Perfume Diffuser device and app. If you make use of our Rituals Perfume Diffuser App we record your name and email address. In order to be able to use the device in combination with the App, information in relation to the device is automatically collected, such as Wi-Fi strength, battery percentage, cartridge fill, scent, installed version, fan-information, online/offline status. We also collect and use other personal data you voluntarily provide to us, such as room size, and room name.

  • The personal data you share with us during the personalization-process when you buy a personalized Rituals product. If you personalize Rituals Products via us, we use your personalized data (e.g. the name you would like to be placed on the Rituals Products) in order to be able to handle your request and provide you our Services. Where available, Rituals may also offer the option to personalize your Rituals Online Gift Card via the Rituals website, (such as, but not limited to, personalization by means of uploading and usage of a picture, video, GIF or other file (hereinafter: ‘Image Material’). Rituals works together with third parties to provide you with such service, which third parties work on our behalf, as further explained in this Rituals Privacy Policy. The Image Material provided by you will be made available by Rituals on the Rituals Online Gift Card until the Rituals Online Gift Card has been completely redeemed, however in any event no longer than 12 months after receiving the Rituals Online Gift Card by recipient, after which the personalized Image Material shall be replaced by a standard Rituals image and the Image Material will be deleted by Rituals.

  • Your personal data when subscribing to our newsletter. To be able to provide you with the newsletter of Rituals containing inspirational and commercial content, we use your email address and additional information if you add such to your profile, such as name, date of birth and favorite store. Rituals also sends out personalized newsletters, based on your personal preferences.

  • Recordings (CCTV, events and telephone recordings). Some of our stores use video surveillance systems (CCTV). When you enter such stores, you are recorded by our video surveillance systems. If you attend events or fairs that Rituals hosts or attends, you can also be recorded if we make video footage of such event or fair. If you call us with a question or complaint, your telephone calls to us will be recorded.

  • Your communication data. Any data shared by you when communicating with us via email, online, telephone, social media or any other form, such as questions, requests or complaints.

  • Your personal data regarding raffles, subscribe and win, marketing campaigns, contests or sampling-activation. Any data shared by you when participating in a raffle, subscribe and win, lead generation campaign, contest or sampling-activation.

  • Your personal data regarding our (store) events. Any data shared by you when sign up to and/or participate in events hosted by us, such as workshops, store events etc.

  • Your ratings and reviews and feedback. The opinions, experiences, preferences and interests and product or event reviews that you publish on our websites or share with us online or through social media.
  • Health data. We can also collect certain limited information in relation to your health, such as regarding your allergies. We will only use health data you voluntarily provide us and such only with your prior consent or under your direction to do so and only for the purposes set out in this Privacy Policy. You may refuse or revoke your consent at any time, as set out below.


  • 3. PURPOSES OF USE PERSONAL DATA

    The personal data we collect is exclusively used for the following purposes:

    For the performance of our agreement with you:In order to carry out our obligations arising from any contracts entered into between you and us, and to provide you with the Products, Services and information that you request, including managing and handling your requests, inquiries or complaints. This also includes enabling you to make a purchase of our Products, to participate in our MyRituals program, responding to your requests to provide customer service, responding to your inquiries, providing you with essential information regarding our Products and Services you request, etc. 

    For our legitimate commercial interests:We use your personal data as described above (both on aggregated and on individual basis) for the purpose of advertising our Products and Services, to contact you via e-mail, regular mail, social media or otherwise for direct marketing or other commercial purposes. We also use your personal data to validate that the age requirements in order to create a MyRituals account are met and to send you a birthday gift. Furthermore, we use your personal data for analyzing and improving the quality of our Products and Services, such as providing you with customer services and aftersales, and to understand you as a customer (customer optimalization). This enables us to assess what may interest you, to measure or understand the effectiveness of advertising we serve to you and others and to deliver relevant advertising. In addition, based on your use of our Services and Products you purchased, we may target you with advertisement or other marketing materials that are customized to your personal preferences and experiences. 

    Improving and analyzing our products and services:

    We may also use your personal data, for our other legitimate commercial interests such as to operate and expand our business activities; to develop and improve or modify our Products and Services; to better understand how our services and website are accessed and used, in order to administer, monitor, and improve our services, for our internal purposes, and to generate aggregated statistics about the users of our Products and Services for research and analytical purposes.


    In support of our general business operations: Where necessary for the administration of our general business, accounting, record keeping and legal functions, including analyze operational and business results and risks, and maintain business records; to operate company policies and procedures; to enable us to negotiate or enter into corporate transactions, such as any merger, sale, reorganization, transfer of Rituals’ assets or businesses, acquisition, bankruptcy, or similar event; or for other legitimate business purposes permitted by applicable law.

    To secure and Protect our assets and rights: to protect and defend our (and others’) rights, property or safety; to prevent abuse and fraud related to online sale of our products and to monitor the compliance with our House Rules for the use of our website(s) and apps; to protect our business operations, secure our network and information technology, assets and services; unauthorized activities, access and other misconduct; where we believe necessary to investigate, prevent or take action regarding suspected violations of our General Terms and Conditions and other agreements with you, as well as fraud, illegal activities and other situations involving potential threats to the rights or safety of any person or third party.

    Complying with Legal Obligations: To comply with the law or legal proceedings. For example, we may use information in response to subpoenas, court orders, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements.

    Use of information based on your consent: Under circumstances we will also ask your consent for the processing of your personal data. For example, when you have not purchased our Products but would like to receive (MyRituals) direct marketing communications (such as newsletters, promotions, news on products) via email, other electronic means or telephone. Or when you would like to participate in our raffles, contests or our marketing campaigns.

    For children under the age of 16 we require consent of their parent or legal guardian be provided in order to perform a purchase.  You can withdraw your consent at any time (see under Section 12A below). 

    4. SOCIAL MEDIA

    You may find or engage with Rituals content on third-party sites, apps or social media services, such as Facebook, Twitter, Pinterest, Instagram, LinkedIn, etc. Please note that the respective third-party privacy policies and terms apply to those sites and services, not Rituals. You should be familiar with and understand the tools provided by those third parties that allow you to make choices about how you share personal data in your social media profile(s).



    We encourage you to read the applicable privacy notices, terms of use and related information about how your personal data is used in these third party environments. 

    Please note that depending on your choices and settings on these third party web and social media sites (and/or in combination with your settings on the Rituals pages), certain personal data may be shared by third parties with Rituals about your online activities and social media profiles (e.g. interests, marital status, gender, username, photo, comments and other content you have posted/shared on your social media profile). 



    5. SHARING YOUR PERSONAL DATA

    We share your Personal Data with the following parties: 

  • Other entities within the Rituals Group. Your Personal Data will be shared between the responsible Rituals entities that may use your Personal Data as described in this Privacy Policy. An overview of the relevant responsible Rituals entities can be found here.

  • Third Party suppliers. We engage third parties, from time to time, to help us provide our Products and Services, including:

  • -Service providers, suppliers (such as IT service providers) and sub-contractors; 

    - Customer service and call centers, to assist us with the Consumer Service-department;

    - Advertising and media companies that carry out marketing and media activities on our behalf (including affiliate marketing); 

    - Analytics and search engine providers that assist us in the improvement and optimization of our website and apps, such as Google Analytics.


    In providing their services, these third parties may access, receive, maintain or otherwise process personal data on our behalf. Our contracts with these service providers do not permit use of your personal data for their own commercial purposes. Consistent with applicable legal requirements, we take commercially reasonable steps to require such third party suppliers to adequately safeguard your personal data and only process it in accordance with our instructions. 


  • Third Parties.We may also share certain personal data with our business partners, auditors, advisors, consultants, or other support providers.

  • Corporate transaction. In addition, Personal Data may be disclosed as part of any actual or contemplated merger, sale or transfer of Rituals’ assets, including during negotiations related to such corporate transactions.

  • Third parties in case of legal requirement.We may also disclose your Personal Data if we believe we are required to do so by law. For example, in response to a valid court order, subpoena, government investigation, or as otherwise required by law. We also reserve the right to report to law enforcement agencies any activities that we, in good faith, believe to be unlawful.

  • To Protect our Rights and Interests. We may also disclose your Personal Data to protect the safety, rights, property, or security of Rituals, the Products and Services, any third party, or the general public; to detect, prevent, or otherwise address fraud, security, or technical issues; to prevent or stop activity which Rituals, in its sole discretion, may consider to be, or to pose a risk of being, an illegal, unethical, or legally actionable activity; to use as evidence in litigation; and to enforce our General Terms and Conditions and this Privacy Policy.

  • With consent. We may also disclose information about you, including Personal Data to any other third party, where you have consented or requested that we do so, for example in case of a promotional campaign with another sponsor.


  • 6. INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA

    Rituals is headquartered in the European Union, where most of the data processing takes place. However, please be informed that Rituals may transfer and process any Personal Data you provide to us to and in countries other than your country of residence. Data protection laws in these countries may not be considered to provide an equivalent level of protection to your Personal Data in your jurisdiction. Rituals will therefore seek to ensure that your personal information is subject to appropriate safeguards. For additional information regarding the mechanism under which your personal data is transferred outside of your country, and to receive a copy of such documentation you may make a request by emailing us at privacy@rituals.com. 



    7. SECURITY

    We will take reasonable steps to implement appropriate technical, physical, and organizational measures designed to protect your personal data against unauthorized or unlawful use, alteration, unauthorized access or disclosure, accidental or wrongful destruction, and loss. Please be aware that despite our efforts, no data security measures can guarantee security.


    We take steps to limit access to your Personal Data to those persons who need to have access to it for one of the purposes listed in this Privacy Policy. Furthermore, we contractually ensure that any Third Party supplier processing your Personal Data equally provide for confidentiality and integrity of your data in a secure way.



    8. DATA RETENTION

    We generally retain your Personal Data for as long as required to satisfy the purpose for which they were collected and used (for example, for the time necessary for us to provide you with customer service, answer queries or resolve technical problems), unless a longer period is necessary to comply with our legal obligations, resolve a dispute, maintain appropriate business records, enforce our agreements, or to defend a legal claim. 



    9. CHILDREN

    Our Services are not targeted to minors under the age of sixteen (16) and we do not knowingly or specifically collect personal data about minors under the age of 16. If you believe we have unintentionally collected such data, please notify us as set out in the Contact Us section below.



    10. YOUR RIGHTS

    Subject to the conditions set forth in the applicable law, you have the following rights with regard to our processing of your Personal Data: 


  • Right of access – You have the right to request confirmation if Rituals processes personal data about you, and if such is the case, access to the personal data and additional information. Upon request, we can also provide you with a copy of the personal data undergoing processing;

  • Right to rectification – You have the right to request that Rituals corrects, adjusts or completes your Personal Data if we have inaccurate or incomplete data relating to you. You can also correct, adjust or complete your personal data yourself by updating your profile. We also kindly request you to ensure that changes in personal circumstances (for example, change of address, bank account, etc.) are notified to Rituals so that we can ensure that your Personal Data is up to date. Rituals will take all reasonable steps to ensure that all Personal Data are correct;

  • Right to withdraw consent – You have the right to revoke your consent for receiving marketing communications at any time, by following the instructions in any marketing communication or by filling in the form as set out below. If we use your Personal Data based on your consent for other reasons than marketing communication, you can revoke your consent by filling the form as set out below;

  • Right to delete - You have the right to request deletion of any irrelevant Personal Data we hold about you when (i) the data is no longer necessary in relation to the purposes for which they are collected; (ii) you withdraw your consent and there is no other legal ground for processing; (iii) you object to the processing in case of direct marketing purposes, or – in any other case - there is no overriding legitimate ground for processing; (iv) we unlawfully processed your data. If you have such a request and all requirements are met, we shall make sure that Rituals erases the data of which we are not under a legal obligation to retain;

  • Right to restriction of data use - You have the right to restrict our use of your Personal Data where (i) you contest the accuracy of the Personal Data; (ii) the use is unlawful but you do not want us to erase the data; (iii) we no longer need the Personal Data for the relevant purposes, but you require them for the establishment, exercise or defence of legal claims; or (iv) you have objected to data use justified on our legitimate interests pending verification as to whether Rituals has indeed compelling interests to continue the relevant data use;

  • Right to data portability - to the extent that we use your Personal Data for the performance of an agreement with you, and that personal data is processed by automatic means, you have the right to receive all such Personal Data which you have provided to Rituals in a structured, commonly used and machine-readable format, and also to require us to transmit it to another data controller where this is technically feasible;

  • Right to object - to the extent that we are relying on our legitimate interests to use your Personal Data, you have the right to object to such use, and we must stop such processing unless we can either demonstrate compelling legitimate grounds for the use that override your interests, rights and freedoms or where we need to process the data for the establishment, exercise or defence of legal claims. You also have the right to object to profiling activities conducted by Rituals;

  • Right to lodge a complaint - You also have the right to lodge a complaint with a supervisory authority, in particular in your Member State of residence, if you consider that the collection and use of your Personal Data infringes this Privacy Policy or applicable law.

  • For further information regarding your rights, or to exercise any of your rights, please complete this Privacy Request Form

    If you are a California resident, please review Section 13, which includes information about your rights under California privacy law and how you can exercise these rights.



    11. CHANGES TO THE POLICY

    This Privacy Policy may be revised from time to time. If we make changes to this Policy, we will post the updated version of this Policy on our website. If the changes materially affect the way we collect, use, disclose or otherwise process your personal data, we will endeavor to notify you in advance of such change(s), such as by sending a notice to the primary email address associated with your account or by posting a notice on the website. We encourage you to periodically check back and review this Policy for the latest updates.



    12. CONTACT US

    If you have any queries about this Privacy Policy or our handling of your Personal Data in general, please email us at  privacy@rituals.com and be sure to indicate the nature of your query.



    13. INFORMATION FOR CALIFORNIA RESIDENTS

    In this section, we provide additional information for California residents, as required under California privacy laws including the California Consumer Privacy Act (“CCPA”). This section does not address or apply to our handling of publicly available information lawfully made available by state or federal government records or other personal information that is exempt under the CCPA. While our collection, use and disclosure of personal information varies based upon our relationship and interactions with you, in this section we describe, generally, how we may collect (and in the prior 12 months have collected) personal information about California residents, as well as how we have disclosed such information for a business purpose.

    Personal Information Collection

    Category: Identifiers

    Description: Includes direct identifiers, such as name, alias user ID, username, account number; email address, phone number, address and other contact information; IP address and other online identifiers; SSN, driver’s license number, passport number, tax ID and other government identifiers; and other similar identifiers.

    Categories of Third Parties to Whom We May Disclose this Information:

  • affiliates and subsidiaries
  • service providers
  • business partners
  • advisors and agents
  • government entities and law enforcement
  • advertising networks
  • social networks
  • data analytics providers
  • internet service providers
  • operating systems and platforms


  • Category: Customer Records

    Description: Includes personal information, such as name, account name, user ID, contact information, employment information, account number, and financial or payment information), that individuals provide us in order to purchase or obtain our products and services. For example, this may include account registration information, or information collected when an individual purchases or orders our products and services or enters into an agreement with us related to our products and services.

    Categories of Third Parties to Whom We May Disclose this Information:
  • our affiliates and subsidiaries
  • business partners
  • service providers
  • advisors and agents
  • government entities and law enforcement


  • Category: Commercial Information

    Description: Includes records of personal property, products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies.

    Categories of Third Parties to Whom We May Disclose this Information:
  • affiliates and subsidiaries
  • business partners
  • service providers
  • advisors and agents
  • government entities and law enforcement


  • Category: Internet and Other Electronic Network Activity Information

    Description: Includes browsing history, clickstream data, search history, access logs and other usage data and information regarding an individual’s interaction with our websites, mobile apps and other Services, and our marketing emails and online ads.

    Categories of Third Parties to Whom We May Disclose this Information:
  • affiliates and subsidiaries
  • service providers
  • business partners
  • advisors and agents
  • government entities and law enforcement
  • social networks
  • data analytics providers
  • internet service providers
  • operating systems and platforms


  • Category: Audio, video and electronic data

    Description: Includes audio, electronic, visual, thermal, olfactory, or similar information such as CCTV footage (e.g., collected from visitors to our offices/premises, photographs and images (e.g., that you provide us or post to your profile) and call recordings (e.g., of customer support calls).

    Categories of Third Parties to Whom We May Disclose this Information:
  • affiliates and subsidiaries
  • service providers
  • advisors and agents
  • government entities and law enforcement


  • Category: Geolocation

    Description: Information such as location information about a particular individual or device.

    Categories of Third Parties to Whom We May Disclose this Information:
  • affiliates and subsidiaries
  • business partners
  • service providers
  • advisors and agents
  • government entities and law enforcement


  • Category: Education information

    Description: Information about an individual’s educational history such as the schools attended, degrees you were awarded, and associated dates.

    Categories of Third Parties to Whom We May Disclose this Information:
  • affiliates and subsidiaries
  • service providers
  • advisors and agents
  • government entities and law enforcement


  • Category: Inferences

    Description: Includes inferences drawn from other personal information that we collect to create a profile reflecting an individual’s preferences, characteristics, predispositions, behavior, attitudes, intelligence, abilities or aptitudes. For example, we may analyze personal information in order to identify the offers and information that may be most relevant to customers, so that we can better reach them with relevant offers and ads.

    Categories of Third Parties to Whom We May Disclose this Information:
  • our affiliates and subsidiaries
  • service providers
  • advisors and agents
  • government entities and law enforcement
  • analytics providers


  • Category: Sensitive personal information

    Description: In limited circumstances, we may collect:
    • [Social security, driver’s license, state identification card, or passport number.]
    • [Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.]
    • [Precise geolocation.]
    • [Racial or ethnic origin, religious or philosophical beliefs, or union membership.]
    • [The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication.]
    • [Genetic data.]
    • [Biometric information.]
    • [Personal information collected and analyzed concerning a consumer’s health.]
    • [Personal information collected and analyzed concerning a California resident’s sex life or sexual orientation.]

    Categories of Third Parties to Whom We May Disclose this Information:
    • [TBD]

    Aggregate and Non-Identifiable Information. As permitted by CCPA, we may collect, use, share, disclose, and otherwise process aggregate, anonymous, and in some cases de-identified information related to our business and the Services for research, marketing, analytics, and other purposes. Where we use, disclose or process de-identified information, we will maintain and use this information in de-identified form and not to attempt to reidentify the information, except in accordance with applicable privacy laws.

    Sales and Sharing of Personal Information. Categories of Personal Information Sold. The CCPA defines ‘sale’ as disclosing or making available personal information to a third party in exchange for monetary or other valuable consideration, and ‘share’ broadly as disclosing or making available personal information to a third party for purposes of cross-context behavioral advertising. We do not disclose personal information to third parties in exchange for monetary compensation. We may sell or share (as broadly defined by the CCPA): identifiers and internet and other electronic activity information to third-party ad companies, data analytics providers, and social media companies (e.g., through third-party tags and social buttons on our websites), in order to improve and measure our ad campaigns and reach our customers and potential customers with more relevant ads and tailored content. Where relevant, users can opt out of third-party tags and cookies, other than those that are “necessary”, by adjusting their cookie settings here We do not knowingly sell or share sensitive personal information about California residents, nor do we sell or share any personal information about California residents we know to be younger than sixteen (16) years old.

    Sources of personal information. As further described in the Section ‘Personal Data We Collect and Use’ above, we may collect personal information from the following sources:
  • directly from the individual 
  • analytics providers
  • automatically through cookies when you use our services
  • public records
  • social networks and third-party sites
  • third party business partners
  • service providers
  • payment processors
  • advisors and agents


  • Purposes of Collection, Use and Disclosure. As described in more detail in the Section “Purposes of Use of Personal Data” and the Section “Sharing Your Personal Data” above, we collect, use, disclose and otherwise process the above personal information for the following business or commercial purposes and as otherwise directed or consented to by you:
  • For the performance of our agreement with you
  • For our legitimate commercial interests
  • Improving and analyzing our products and services
  • In support of our general business operations
  • To secure and Protect our assets and rights:
  • Complying with Legal Obligations:
  • Based on your consent


  • Sensitive Personal Information]. Notwithstanding the above, should there be any sensitive personal information, we only use and this as authorized pursuant to the CCPA. Accordingly, we will only use and disclose sensitive personal information as reasonably necessary (i) to perform our services requested by you, (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents, (iii) to detect, prevent and respond to malicious, fraudulent, deceptive, or illegal conduct, (iv) to verify or maintain the quality and safety of our services, (v) for compliance with our legal obligations, (vi) to our service providers who perform services on our behalf, and (vii) for purposes other than inferring characteristics about you.

    Retention. We generally retain your personal information for as long as required to satisfy the purpose for which they were collected and used (for example, for the time necessary for us to provide you with customer service, answer queries or resolve technical problems), unless a longer period is necessary to comply with our legal obligations, resolve a dispute, maintain appropriate business records, enforce our agreements, or to defend a legal claim. 

    California residents’ rights.  Subject to the exceptions set forth under the CCPA, in general, California residents have the following rights with respect to their personal information:
  • Do-not-sell or share (opt-out): to opt-out of our sale and sharing of their personal information.
  • Right of deletion: to request deletion of their personal information that we have collected about them and to have such personal information deleted (without charge), subject to certain exceptions. 
  • Right to correct: the right to request that a business that maintains inaccurate personal information about the resident correct that personal information.
  • Right to know: with respect to the personal information we have collected about them in the prior 12 months, to require that we disclose the following to them (up to twice per year and subject to certain exemptions):
  • categories of personal information collected;
  • categories of sources of personal information;
  • categories of personal information about them we have disclosed for a business purpose or sold;
  • categories of third parties to whom we have sold or disclosed for a business purpose their personal information;
  • the business or commercial purposes for collecting or selling their personal information; and
  • a copy of the specific pieces of personal information we have collected about them.
  • Right to Limit use or disclosure of sensitive personal information: the right to limit the use or disclosure of sensitive personal information to those uses authorized by California privacy laws. However, we do not use or disclose sensitive personal information except for the purposes described above under “Sensitive Personal Information,” as authorized by California privacy laws.
  • Right to non-discrimination: the right not to be subject to discriminatory treatment for exercising their rights under the CCPA. 


  • Submitting CCPA requests. California residents (or their authorized agents) may submit a verifiable CCPA requests to know (access), correct, and delete their personal information by submitting a request online via our privacy request form. You may also submit request to us by phone at 1-855-635-8537(US Toll Free). We will respond to California residents’ requests as required by the CCPA. You must complete all required fields on our online privacy request webform (or otherwise provide us with this information via phone). We will take steps to verify your request by matching the information provided by you with the information we have in our records. If we are unable to adequately verify a request, we will notify the requestor. In some cases, we may request additional information in order to verify your request or where necessary to process your request. Authorized agents may initiate a request on behalf of another individual by contacting us through the above listed method; authorized agents will be required to provide proof of their authorization and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent. 

    Submitting an Opt-Out Request. You (or your authorized agent) may also submit a request to opt out of “sales” and “sharing” as defined by the CCPA by turning on “global privacy control”—or GPC—signals for your browser. If we recognize that your browser is transmitting a GPC signal, we will opt that browser out of “sales” and “sharing” (i.e., via third party tags and cookies for our website). You may also click the [“Do Not Sell or Share My Personal Information”] link (as well as the “Cookie Settings” link) in the footer of our website and turn off all cookies (other than those that are strictly necessary to the operation of our website), to opt out of sales and sharing (i.e., via cookies and tags on our website).

    Please note that your opt out is browser and device specific. If you come to the website from a different device or a different browser on the same device, you will need to apply your preferences or turn on GPC for that browser or device as well.

    Financial Incentives. We may make available certain programs or offerings that are considered “financial incentives” under the CCPA (each a “Program”). Your participation in a Program is entirely voluntary, and you are free to withdraw from the Program any time. If you choose to register for and participate in a Program, we may make available to you any certain incentives, such as special offers, programs, discounts and other benefits, as described here in the Terms and Conditions of our My Rituals Membership program. The value of these incentives is reasonably related to the value of the personal information we collect, and process related to the Program. In our analysis, when estimating the value of the personal information, we take into account, without limitation, the expenses that are incurred with the collection of your personal information, the offering and administration of the incentives (including third-party costs), any improvements made to our products and services based on the information obtained through the Program and the revenue generated by the use of the financial incentive by our customers.

    For more information about our privacy practices, you may contact us as set forth in the Contact Us section above.