PRIVACY POLICY
MOBILE APP PRIVACY AND DATA SECURITY STATEMENT
This privacy policy ("Privacy Policy") explains how HYPNOSIS collects, uses,
shares, and safeguards information about you ("You") when you use the HYPNOSIS
controlled websites (collectively, the "Website") or any other application of
ours that links to this privacy notice.
This privacy statement was amended as of July 17, 2024 and is effective as of
that date. The English language version of this privacy statement is the
controlling version regardless of any translation you may attempt.
WHERE DO WE GET YOUR PERSONAL INFORMATION FROM, WHAT CATEGORIES DO WE COLLECT,
AND HOW DO WE USE AND SHARE IT?
The table immediately below provides a detailed listing, on a category-by-category
basis, of the types of personal information we collect or obtain, how we do so,
and the ways in which we use and share it on an annual basis:
CATEGORIES OF INFORMATION WE COLLECT
General Identifiers
Business Purpose: General Use, Promotional Communications, Marketing/Performance
Analysis & Data Analytics, Improve the Website, Security Activity
Sources: Voluntary Submission, Automatic Collection
Third Parties: Corporate Affiliates, Promotional Or Fulfillment Vendors,
Marketing Support Vendors, Transaction Support Vendors / Payment Processors
Characteristics
Business Purpose: General Use, Promotional Communications, Marketing/Performance
Analysis & Data Analytics, Improve the Website, Security Activity
Sources: Voluntary Submission
Third Parties: Corporate Affiliates, Promotional Or Fulfillment Vendors,
Marketing Support Vendors
Commercial Information
Business Purpose: General Use, Promotional Communications, Marketing/Performance
Analysis & Data Analytics, Improve the Website, Security Activity
Sources: Voluntary Submission, Automatic Collection
Third Parties: Corporate Affiliates, Law Enforcement Or Government, Promotional
Or Fulfillment Vendors, Marketing Support Vendors, Transaction Support Vendors /
Payment Processors
Mobile Activity Data
Business Purpose: General Use, Promotional Communications, Marketing/Performance
Analysis & Data Analytics, Improve the Website, Security Activity
Sources: Voluntary Submission, Automatic Collection
Third Parties: Corporate Affiliates, Promotional Or Fulfillment Vendors,
Marketing Support Vendors, Transaction Support Vendors / Payment Processors
Financial Data
Business Purpose: General Use, Improve the Website
Sources: Voluntary Submission
Third Parties: Corporate Affiliates, Transaction Support Vendors / Payment
Processors
Audio/Visual Data
Business Purpose: General Use, Security Activity
Sources: Voluntary Submission, Automatic Collection
Third Parties: Corporate Affiliates, Law Enforcement Or Government, Transaction
Support Vendors / Payment Processors
WHAT CATEGORIES OF INFORMATION DO WE COLLECT?
We may have collected any of the following categories of personal information
from You within the past twelve (12) months:
General Identifiers. This is personal information such as a real name, alias,
postal address, signature or unique personal identifier, physical characteristics
or description, online identifier, mobile application identifiers, email address,
account name, or other similar identifiers.
Financial Data. This is personal information such as bank account number, credit
card number, debit card number, or any other information needed to complete a
transaction by our third party payment processors.
Characteristics. This is personal information such as gender, language preference,
age, and the like.
Commercial Information. This is personal information that includes records of
products or services purchased, obtained, or considered, or other purchasing or
consuming histories or tendencies.
Mobile Activity Data. This is personal information that includes electronic
network activity information, such as browsing history, search history, and
information regarding a consumer's interaction with an application or
advertisement regardless of device type used be it a personal computer, cell
phone or other mobile device.
Audio/Visual Data. This category includes electronic recordings, such as phone
call recordings and data collected through access to phone cameras for scanning
and inputting transaction details.
Inference Data. This is personal information drawn using the above-described
personal information to create a profile reflecting our customers' preferences.
Sensitive Data. HYPNOSIS does not collect any sensitive personal information.
HOW DO WE COLLECT YOUR INFORMATION?
We may collect information about you in a variety of ways but generally speaking,
it falls into one of the following categories:
Information You Provide To Us. This is personal information you choose to provide
in connection with signing up to our application such as your name, phone number,
address, email, providing content on the Website such as a review, or other
activities in which you participate on the Website or through our apps.
Information We Collect About You. Information our servers automatically collect
when you visit, use, or engage with the Website, such as your IP address, your
operating system, browser version, the programs you access on the Website, the
dates and times you visit the Website, device and usage information, such as
language preferences, referring URLs, country, location, information about how
and when you use our services and other technical information.
Information We Receive From Other Sources. HYPNOSIS works closely with third
parties (including, for example, third party ad-tech providers, with whom we
partner to provide you with the services and their advertising networks,
analytics, and search information providers). These third-parties may provide
HYPNOSIS with some additional information about you.
HOW WE USE YOUR INFORMATION
The following paragraphs generally describe how HYPNOSIS uses your information in
connection with the Website.
General Use. HYPNOSIS will use your information as necessary to carry out and
manage its app and to contact you. This includes, creating user accounts or
profiles as well as using your information to verify and administer your account
or profile, including processing payments, validating your compliance with the
terms and conditions, fulfilling orders for merchandise (if applicable),
processing transactions, and screening orders and transactions for potential risk
or fraud. We will use your information to communicate with you about HYPNOSIS'
app, your use of the app or your inquiries related to the app. HYPNOSIS will use
your information to ensure that content from our app is presented in the most
effective manner for you and for your computer or device, allowing you to
participate in interactive features of our app (when you choose to do so), and as
part of our efforts to keep our app safe and secure.
Improve the Website. HYPNOSIS continuously seeks to improve and optimize the
Website. To do so, we conduct research to understand the effectiveness of our
offerings, improve our offerings, and to better understand the HYPNOSIS
community. If we publish the results of our research to others, such research
will be presented in a de-identified and aggregate form such that individual
users cannot be identified.
Promotional Communications. We will use your personal information to communicate
with you by email, postal mail, phone, or text message with targeted
advertisements or marketing communications we believe may be of interest to you,
such as surveys, promotions, special events or our products.
Marketing/Performance Analysis & Data Analytics. We will use your information to
help us better understand your interests and needs, such as by engaging in
analysis and research regarding use of the app. We may use your information to
measure or understand the effectiveness of advertising and content we serve to
you and others, and to deliver and customize relevant advertising and content to
you. For example, we may generate analytics about how our customers browse and
interact with the Website, and to evaluate the success of any marketing and
advertising campaigns we pursue. For more information, please see the section
"HOW WE SELL OR SHARE YOUR PERSONAL INFORMATION" below.
Security Activity. We will use your information to protect HYPNOSIS, its
partners, its users, and non-users against activity that breaches our security
including fraudulent activity or acts that HYPNOSIS believes to be in breach of
applicable laws, rules, and codes or of its policies.
Combined Information. For the purposes discussed in this Privacy Policy, we may
combine the information that we collect through the app with information that we
receive from other sources, both online and offline, and use and share such
combined information in accordance with this Privacy Policy.
HYPNOSIS does not create user profiles that are in furtherance of decisions that
produce legal or similarly significant effects concerning a consumer.
Aggregate/De-Identified Data. We may aggregate and/or de-identify any information
collected through the app so that such information can no longer be linked to you
or your device ("Aggregate/De-Identified Information"). We may use Aggregate/De-
Identified Information for any purpose, including for research and marketing
purposes, and may also share such data with any third parties, including
advertisers, promotional partners, and sponsors.
RETENTION PERIOD
HYPNOSIS shall only store personal information for as long as it is required.
This is determined by considering the purposes for which it was obtained in
accordance with applicable laws. Our retention period is based on (1) the nature
of our relationship with the data subject and (2) any legal obligations we are
bound to fulfill.
HOW WE USE TRACKING TECHNOLOGY
An SDK is a set of tools and/or code that we embed in our software to allow
third parties to collect information about how people interact with our app. As
we continue to develop the Website and our app, HYPNOSIS may implement
additional methods to gather information about the HYPNOSIS community. Tracking
technology is useful for gathering information such as device type and operating
system, tracking the number of users on the Website, and understanding how users
engage with the Website. Please refer to your mobile operating system to learn
more about how you can opt-out of sharing in app information.
HOW WE DISCLOSE YOUR PERSONAL INFORMATION
Over the past twelve months, HYPNOSIS has disclosed the data categories
described within this Privacy Policy to the following categories of third
parties:
Corporate Affiliates. We may share personal information with our corporate
affiliates and corporate parents who will use such information in the same way as
we can under this statement.
Law Enforcement or Government. We may disclose personal information to government
agencies and authorities, and to other third parties when compelled to do so by
such government authorities, or at our discretion or otherwise as required or
permitted by law, including responding to court orders and subpoenas.
Successors for Business Sale/Purchase. If we, or any of our affiliates, sell or
transfer all or substantially all of our assets, equity interests or securities,
or are acquired by one or more third parties as a result of an acquisition,
merger, sale, reorganization, divestiture, consolidation, or liquidation,
personal information may be one of the transferred assets.
Marketing Support Vendors. We may need to disclose certain of your personal
information to vendors who we have engaged for technology and services that
support our marketing efforts this includes ad-tech partners and social media
websites.
Promotional or Fulfillment Vendors. In order to carry out promotions we make
available to you and/or deliver our goods and services, we are required to share
personal information with vendors who specialize in those activities.
Software and Technology Vendors. Our various service providers may have access to
or be provided with some of your personal data in connection with the tasks they
perform on our behalf such as maintaining portions of our networks or the
software applications that run on them.
Transaction Support Vendors/Payment Processors. We share personal information
with those of our vendors and business partners who need it to perform under the
contracts we have with them.
HOW WE SELL OR SHARE YOUR PERSONAL INFORMATION
HYPNOSIS does not sell your data in exchange for monetary consideration or value.
In order to support tailored advertisements, offers, or content that you may
find interesting when you browse the internet, HYPNOSIS shares or facilitates
the transfer of certain personal information with our trusted third party
partners that support online advertising, data co-operatives, mobile advertising,
data analytics, social media engagement, data brokers advertising networks or any
other activity that may be considered cross-contextual behavioral advertising.
This transfer could be defined as a sale, sharing for cross-context behavioral
advertising or targeted advertising.
In support of the activities listed above, over the past twelve months, HYPNOSIS
has shared the following categories of personal information: (i) general
identifiers, (ii) mobile activity data, (iii) characteristics, and (iv)
commercial information. For more information on how to exercise your rights in
relation to the sharing or sale of your personal information, please see the
section "Exercise Your Privacy Rights" below.
HOW DO WE PROTECT COLLECTED PERSONAL INFORMATION?
OUR DATA SECURITY PROGRAM
We have adopted, implemented and maintained an enterprise-wide corporate
information security and privacy program that includes technical, organizational,
administrative, and other security measures designed to protect, as required by
applicable law, against reasonably anticipated or actual threats to the security
of your personal information (the "Security Program"). Our Security Program was
created by reference to widely recognized industry standards. It includes, among
many other things, procedures for assessing the need for, and as appropriate,
either employing encryption and multi-factor authentication or using equivalent
compensating controls. We therefore have every reason to believe our Security
Program is reasonable and appropriate for our business and the nature of
foreseeable risks to the personal information we collect. We further periodically
review and update our Security Program, including as required by applicable law.
OUR INCIDENT RESPONSE AND MANAGEMENT PLAN
Despite the significant investment we've made in, and our commitment to, the
Security Program including enforcement of our vendor and service provider
oversight procedures, we cannot guarantee that your personal information, whether
during transmission or while stored on our systems, otherwise in our care, or the
care of our vendors and business partners, will be free from either failed or
successful attempts at unauthorized access or that loss or accidental destruction
will never occur. Except for our duty under applicable law to maintain the
Security Program, we necessarily disclaim, to the maximum extent the law allows,
any other liability for any such theft or loss of, unauthorized access or damage
to, or interception of any data or communications including personal information.
All that said, as part of our Security Program, we have specific incident
response and management procedures that are activated whenever we become aware
that your personal information was likely to have been compromised. Those
procedures include mechanisms to provide, when circumstances and/or our legal
obligations warrant, notice to all affected data subjects within the timeframes
required by law, as well as to give them such other mitigation and protection
services (such as the credit monitoring and ID theft insurance) as may be
required by applicable law. We further require, as part of our vendor and
business partner oversight procedures, that such parties notify us immediately if
they have any reason to believe that an incident adversely affecting personal
information we provided to them has occurred.
CHILDREN'S PRIVACY
Federal law imposes special restrictions and obligations on entities who direct
their operations toward, and collect and use information from, children under the
age of 13. We take those age-related requirements very seriously, and, consistent
with them, do not intend for our online and mobile resources to be used by
children under the age of 18, and certainly not by anyone under the age of 13.
Moreover, we do not knowingly collect personal information from minors under the
age of 18. If we become aware that anyone under the age of 18 has submitted
personal information to us via our online and mobile resources, we will delete
that information and not use it for any purpose whatsoever. We encourage parents
and legal guardians to talk with their children about the potential risks of
providing personal information over the Internet.
SUBMITTING INFORMATION FROM OUTSIDE THE UNITED STATES
We control and operate the online and mobile resources from within the United
States of America. Information collected through the Website and services may be
stored and processed in the United States or any other country in which we or our
vendors maintain facilities. Although we do not actively block or monitor
visitors from other countries, the Website is directed only at visitors from the
United States. As such, this Privacy Policy is consistent with U.S. law and
practice and is not adapted to other laws (including European data security and
privacy laws). HYPNOSIS will apply the applicable laws of the U.S. including as
embodied in this Privacy Policy in place of data protections under your home
country's law. That is, you freely and unambiguously acknowledge that this
Privacy Policy, not your home country's laws, controls how we will collect,
process, and transfer your personal information. Similarly, the English language
version of this Privacy Policy is the controlling version regardless of any
translation you may attempt.
EXERCISE YOUR PRIVACY RIGHTS
HYPNOSIS takes privacy seriously. Where applicable, data subjects have certain
rights they can request for HYPNOSIS to fulfill. These requests can be made by
either the data subject or an authorized agent. These rights include:
The Right to Know. You have the right to request that HYPNOSIS disclose the
personal data that HYPNOSIS has collected about you;
The Right to Amend. You have the right to correct any information that HYPNOSIS
has about you;
The Right to Opt Out Of Targeted Advertising. You have the right to opt-out of
receiving targeted advertisements as well as having a consumer behavioral
profiles built about you;
The Right to Delete. You have the right to request that HYPNOSIS delete
information that it maintains about you, subject to certain exceptions; and
The Right to Opt Out Of Your Personal Information Being Sold or Shared. HYPNOSIS
does not sell your information.
In order to exercise any of the rights detailed above, you may email us here:
support@hypnosis.com. We will use your email as proof of verification unless
otherwise prohibited. Exercising your rights under this section will not result
in any discrimination by HYPNOSIS. We will treat you the same as any other user.
If you disagree or dispute a decision that has been made on the scope or
application of the rights described in this clause, you may appeal this decision
by contacting support@hypnosis.com.
We will respond to your request to exercise any of the above rights in writing
(including via email), or orally if requested, as soon as practicable and in any
event not more than within one month after receipt of your request. In
exceptional cases, we may extend this period by up to two months and we will
tell you why. If you would like to exercise any of these rights, please contact
us using the contact details provided above.
CHANGES TO THIS PRIVACY STATEMENT
We reserve the right to change or update this statement from time to time. Please
check our online and mobile resources periodically for such changes since all
information collected is subject to the statement in place at the time of
collection. Typically, we will indicate the effective/amendment date at the
beginning of this statement. Where HYPNOSIS determines that such changes
materially affect your privacy rights, we will provide additional notice to you.
If we feel it is appropriate, or if the law requires, we'll also provide a
summary of changes we've made near the end of the new statement.
CONTACTING US
If you have questions about our privacy statement or privacy practices, please
contact our Privacy Office:
Email: support@hypnosis.com