LAST UPDATED AND EFFECTIVE:  OCTOBER 3, 2021

1. Who Is Collecting Your Personal Data?

Anya Labs, Inc. ("us," "we," or "our") offers and maintains the website located at www.thisisanya.com, including all subdomains and subparts, as well as our social media accounts on Facebook, Instagram, and other platforms (collectively, the “Site”).  When you visit the Site, you may choose to provide us with personal data that identifies you.  This Privacy Policy explains how we process and use your personal data, and it applies regardless of how you access the Site. 

Please take time to read this Privacy Policy carefully.  Please also review our Terms of Use link.

BY CLICKING THE BUTTON BEFORE USING THE SITE, YOU EXPRESSLY AGREE TO THE COLLECTION, USE, DISCLOSURE, RETENTION, AND DESTRUCTION OF YOUR PERSONAL DATA SUBMITTED TO US IN ACCORDANCE WITH THIS PRIVACY POLICY.

If you are a California resident, the section below titled “Privacy Rights for California Residents” includes a description of your rights and our handling of your Personal Data.

If you are a resident of the European Union, the section below titled “Privacy Rights for European Union Residents” includes a description of your rights and our handling of your Personal Data. 

If you are a resident of a country, like Brazil or Canada, that is outside the United States and the European Union and provides similar data subject rights to those provided in the GDPR, you should review the GDPR provisions of this Global Privacy Policy and contact us if you have any questions at PO Box 1327, Long Beach, NY 11561 or [email protected].

1. What Personal Data Do We Collect?

When you provide it to us, we collect information that identifies you (“Personal Data”), such as your:

• Name
• Email address
• Address
• Telephone number
• Birthday
• Payment information
• Content of your email messages to us

When you visit the Site, we collect data from the device or browser through which you access the Site (“Log Data”), such as:

• Your internet protocol (“IP”) address
• Browser type
• Browser version
• Statistics on your activities on the Site (such as the date and time of visits, the pages viewed, time spent at the Site)
• Information about how you came to the Site
• Data collected through Cookies or other similar technologies discussed in more detail in our Cookie Policy.

Much of this Log Data does not identify you personally. However, we may associate this Log Data with your Personal Data. When we do, we will treat any such combined data as Personal Data until such time as it can no longer be associated with you or used to identify you. 

1. What Is The Lawful Basis for Processing Your Personal Data?

We collect your Personal Data after receiving your explicit consent to do so.  You provide this consent by clicking the button prompt before using the site.

1. How Do We Use Your Personal Data?

We use your Personal Data for the purposes for which you provided it, including to:

• fulfill your product or service needs;
• register your online account;
• maintain our own accounts for billing and delivery;
• advise you about products, services, offers, or events that may be of interest to you; and
• provide customer service to you.

We may also use your Personal Data or Log Data to administer our internal business activities, including to:

• design and arrange the Site content and functionality in the most user-friendly manner;
• better understand customer trends and requirements and visitors to the Site;
• create non-personally identifiable data to be used for marketing;
• detect unauthorized activity on the Site;
• manage your account; and
• provide a service that is reliable, responsive, and efficient.

In addition, we may use third-party services and advertising networks, such as Google Display Network or Google Analytics, that collect, monitor, and analyze Log Data to deliver online behavioral advertising that serves ads to you on our behalf on other sites throughout the Internet.  We may also contract with third-party vendors to send direct mail or catalogs to customers whom we think may be interested in our products or services.

1. How Do We Share Your Personal Data?

No Sale of Personal Data

We will not sell your Personal Data to third parties, including third party advertisers. We also do not share your Personal Data with third parties for cross-context behavioral advertising.  There are, however, certain circumstances in which we may disclose, transfer, or share your Personal Data with certain third parties after obtaining your consent.  By clicking the button prompt before using the site, you expressly consent to our sharing your Personal Data, as set forth below.

Sharing Personal Data With Affiliates, Successors, and Agents

For purposes consistent with this Privacy Policy, we may share your Personal Data with:  

• our parent companies, subsidiaries, and/or affiliates;
• successors who acquire your Personal Data if we sell, merge, reorganize, dissolve, or similarly change our ownership or corporate structure;
• other companies we engage to perform business-related functions, such as:
  • vendors who provide services to our customers;
  • marketing agencies;
  • database service providers;
  • backup and disaster recovery service providers;
  • email service providers; and
  • payment processors.

Third parties with whom we share your Personal Data have agreed to be bound to maintain and use it securely and only in accordance with this Privacy Policy.

Sharing Data Through Social Media

We work with social media sites like Facebook, YouTube, Instagram, Pinterest, Twitter, and Google, and with application developers who specialize in social commerce so you can connect to us, share your interests, express opinions about products and services, purchase our products, and generate interest in our products and services among members of your social networks.

Using these integrated tools enables you to share your Personal Data with other individuals or the public, depending on the settings that you have established with social networking websites. If you use third party social media features available on our Site, we or the third party may collect or share your data, including your Personal Data. 

If you do not want us to be able to access information about you, including Personal Data, from Third Party Sites, you must limit data collection and disclosure in the privacy settings on the Third Party Sites.  We reserve the right to remove the Personal Data or other data of any person for any reason we, in our sole discretion, deem appropriate. 

Legally Compelled Disclosure of Personal Data

We may disclose your Personal Data if required to do so by law or in our good faith belief that such action is necessary to:

• comply with a legal obligation;
• protect or defend our rights, interests, or property, or that of third parties;
• prevent or investigate possible wrongdoing in connection with the Site;
• act in urgent circumstances to protect the personal safety of users of the Site or the public; or
• protect against legal liability.

1. What Are Your Rights About The Processing Of Your Personal Data?

You have the right to consent or withdraw your consent to the processing of your Personal Data at any time, subject to exceptions defined by law.  If you change your privacy preferences in the future, that will not limit the lawfulness of any processing performed based on your prior consent.  To withdraw consent, please email us at [email protected] and specify what you would like us to do.  You may have additional rights, under the laws of your jurisdiction, with which we comply. 

To stop email communications from us, you can also follow the unsubscribe instructions set forth at the bottom of our promotional e-mail messages.  You may also access and correct some of your Personal Data by logging into your online account, if you have one.  If you choose to limit our use of your Personal Data, you may not have access to certain functionality of the Site, such as promotions, product information, or opportunities. 

California Privacy Rights

If you are a California resident, you have the following rights:

• Access: You have the right to access a copy of your Personal Data that we hold about you, upon receipt of a verified request.
• Accuracy:
• Deletion: You have the right to delete your Personal Data, upon receipt of a verified request, with some exceptions.
• Equal Treatment: You have the right to equal treatment regardless of your exercise of your privacy rights.
• Sensitive Personal Data:
• Opt Out: You have the right to opt out of the sale of your Personal Data or the sharing of your Personal Data for cross-context behavioral advertising at any time.  We do not presently sell Personal Data or share it for cross-context behavioral advertising.

You, or a person registered with the California Secretary of State that you authorize to act on your behalf, may request the following information or exercise any of the above rights by emailing us at [email protected]: 

• the categories of Personal Data we collected, sold, or disclosed in the prior 12 months;
• the pieces of Personal Data we collected about you in the prior 12 months;
• our business purposes for collecting or selling Personal Data;
• the categories of sources from which we collected Personal Data in the prior 12 months;
• the categories of third persons with whom we sold or shared Personal Data in the prior 12 months;
• the categories of information we disclosed to third parties for their direct marketing purposes during the preceding calendar year;

We may provide this information in a standardized format that is not entirely specific to you.  Before we may fulfill a request to access, correct, limit the use of, or delete your information, we are required to verify your identity.  We will ask you to verify your name, address, email address, and telephone number.  

We have collected some of the following categories of Personal Data from our patrons within the last twelve (12) months:

Personal Data does not include: publicly available information; de-identified or aggregated consumer information; or information excluded from the scope of California privacy law, such as health or medical information covered by the Health Information ☐ sector-specific privacy laws, such as the Fair Credit Reporting Act (FCRA).

Privacy Rights for European Union Residents

We process Personal Data you submit to us to provide customer service to you, based on your consent, which you provide by clicking the button before using the site.

Unless subject to an exemption under the GDPR, you have the following rights:

• Consent: You have the right to withdraw your consent to the processing of your Personal Data at any time. 
• Access: You have the right to access a copy of your Personal Data that we hold about you.
• Accuracy: You have the right to correction of any inaccurate or out of date Personal Data. 
• Portability: You have the right to our transmission of your Personal Data directly to another data controller, where possible and applicable.
• Deletion: You have the right to delete your Personal Data when we no longer need it.
• Object: You have the right to object to the processing of your Personal Data, where applicable.
• Restriction: You have the right to restrict further processing of your Personal Data, where there is a dispute as to the accuracy or processing.
• Complaint: You have the right to lodge a complaint with the Information Commissioner’s Office.

To exercise any of these rights, please email us at [email protected] with the phrase “Privacy Opt-out” in the subject line and specify what you would like us to do (for example, Send me my data, Correct my data, Delete my data, Restrict use of my data, etc.). 

You have the right to file a complaint with the Data Protection Authority in your jurisdiction if you have concerns about how we process your Personal Data.  You may do so through the following links:

• The Netherlands:

1. How We Secure Your Personal Data

We secure your Personal Data by: keeping Personal Data up to date; storing and destroying it securely; not collecting or retaining excessive amounts of data; protecting Personal Data from loss, misuse, unauthorized access and disclosure, alteration, and destruction; and ensuring that appropriate technical measures are in place to protect Personal Data.   However, no network, server, database, or Internet or e-mail transmission, is ever fully secure or error free. Therefore, you should take special care in deciding what Personal Data you send to us electronically.  For more information on the security of your Personal Data, please reference our Terms of Use (link).

We comply with the Illinois Biometric Information Privacy Act (BIPA) and ensure the following:

• Biometric data stored cannot be used or reverse engineered to create a biometric fingerprint or facial image.
• Biometric data is secured using proper security measures and encryption.
• Biometric data is removed immediately from our devices and servers when we no longer need it.
• Biometric data registration and capture/authentication will be disabled if you do not consent to biometric usage.

1. How Long Will We Keep Your Personal Data?

[We will retain your personal data as long as necessary to carry out the function for which you provided it to us, including maintenance of your account. ]You may close your account, unsubscribe to emails, and otherwise limit our use of your Personal Data by contacting us at PO Box 1327, Long Beach, NY 11561 or [email protected]. However, we may retain your Personal Data for an additional period as is permitted or required under applicable laws. Even if we delete your Personal Data, it may persist on backup or archival media for an additional period of time.

1. How Do We Use Cookies?

What Are Cookies?

A cookie is a piece of information that is placed on your web browser or device when you access and/or use the Site.  Cookies store text and can later be read back by the Site or third parties.   Cookies can remember the information you access on one webpage to simplify your subsequent interactions with the Site or to use the information to streamline your transactions on related webpages.

What Do You Use Cookies For?

We use cookies to recognize your browser and you as a unique visitor to the Site through an anonymous unique identifier.  We use cookies to:

• monitor and analyze how you use the Site;
• remember your preferences to make your online experience easier and more personalized;
• route Site traffic to effectively distribute the Site workload across servers; and
• test new features.

In the future, we may use cookies placed by third parties to deliver focused online banner advertisements to you both on and off the Site.

How You Can Manage Cookies

You can manage cookies through your web browser's option settings.  You may be able to be notified when you are receiving new cookies and disable or delete cookies. Please refer to your web browser's help section for information on whether you can and how to do this.

Many of the third party technologies that enable targeted banner advertising also allow you to opt out. Such third party service providers include Adroll, Rubicon, Google, Media Math, Perfect Audience, Quantcast, Retargeter, and Yahoo! among others.  You can control your preferences directly with each such third party service provider.

You can learn more about cookies at the following third-party websites:

• All About Cookies: http://www.allaboutcookies.org/; and
• Network Advertising Initiative: http://www.networkadvertising.org/.

Note that if you disable, delete, or refuse to accept cookies, you may not be able to use some features of the Site and/or some of our pages might not display properly.

Do Not Track (DNT) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third-parties. We do not currently respond to DNT signals. Therefore, please be advised that third party web analytics companies may collect information about your online activities over time and across our website and other online properties.

1. What Data Is Not Covered By The Privacy Policy?

The limitations in and requirements of this Privacy Policy do not apply to:

• Third Party Sites: Any data you disclosed on websites not operated or controlled by us (“Third Party Sites”), even though we may provide links to them on the Site or in our emails. We are not responsible for the policies and practices employed by, or the content of, Third Party Sites. We suggest contacting those sites directly for information about their privacy policies and practices. 

• Non-Personally Identifiable Data: Any non-personally identifiable data we collect, including, without limitation, Log Data, domain names of your Internet Service Provider, your approximate geographic location, a record of your usage of the Site, the time of your usage, and aggregated personally identifiable information, but only to the extent the foregoing cannot be used to specifically identify you.

• Aggregated Personal Data: Any aggregated Personal Data that can no longer be used to identify you will be treated as non-personally identifiable data under this Privacy Policy.

1. We Do Not Collect The Personal Data of Children

We do not intentionally or knowingly collect any Personal Data from children under the age of eighteen (18), nor do we target our emails to them.  Children under the age of eighteen (18) should not submit any Personal Data through the Site.  We encourage parents and legal guardians to monitor their children's use of the Internet and instruct them to never provide Personal Data through the Site.  If you believe a child under the age of eighteen (18) may have provided Personal Data to us through the Site, please contact us at PO Box 1327, Long Beach, NY 11561 or [email protected]., and we will use reasonable efforts to delete it from the Site and our files.

1. International Privacy Laws

If you are visiting the Site from outside the United States, please be aware that you are sending information (including Personal Data) to the United States where our servers are located. That information may then be transferred within the United States or back out of the United States depending on the type of information and how it is stored by us. We will hold and process your Personal Data in accordance with privacy laws in the United States and this Privacy Policy. Please note that privacy laws in the United States may not be the same as, and in some cases may be less protective than, the privacy laws in your country, and while in the United States Personal Data may be subject to lawful access requests by government agencies.  If you are a resident of the European Union or a country, like Brazil or Canada, that provides similar data subject rights to those provided in the GDPR, you should review the GDPR provisions of this Global Privacy Policy in the section above titled “Privacy Rights for European Union Residents” for a description of your rights and our handling of your Personal Data. 

1. What If We Change This Privacy Policy?

We may occasionally make changes to this Privacy Policy.  If we wish to use your Personal Data for a new purpose not covered by this Privacy Policy, we will provide you with a new Privacy Policy explaining this new use prior to commencing the processing of your Personal Data pursuant to the new Privacy Policy and setting out the relevant purposes and processing conditions. If we change this Privacy Policy, your clicking of the button before using the site will signify your express consent to new uses of your Personal Data.

1. How You Can Resolve A Privacy Dispute With Us

If you have a complaint about this Privacy Policy or our privacy practices, we will work with you in an attempt to resolve your complaint.  Please contact us at [email protected].  Please also refer to the arbitration procedures described in the Dispute Resolution section of the Site’s Terms of Use.  BY CLICKING THE BUTTON BEFORE USING THE SITE, WE EACH AGREE TO SETTLE DISPUTES ONLY BY NON-CLASS, INDIVIDUAL ARBITRATION, INSTEAD OF SUING IN COURT (EXCEPT CERTAIN SMALL CLAIMS).  THE RULES IN ARBITRATION ARE DIFFERENT.  THERE IS NO JUDGE OR JURY, LIMITED DISCOVERY RIGHTS, AND REVIEW IS LIMITED, BUT AN ARBITRATOR CAN AWARD THE SAME DAMAGES AND RELIEF, AND MUST HONOR THE SAME LIMITATIONS STATED IN THE AGREEMENT, AS A COURT WOULD. 

To initiate an arbitration proceeding, you must send us a notice of your complaint that includes a written statement of your name, address, and contact information, the facts giving rise to your complaint, and the relief you are requesting (the “Dispute Notice”).  The Dispute Notice must be addressed to:  Anya Labs, Inc., 205 3rd Avenue, New York, NY 10003 and sent to us by certified mail as described in the Dispute Resolution section of the Site’s Terms of Use.  If we do not reach an agreement to resolve your privacy complaint within sixty (60) days after we receive your Dispute Notice, you may commence an arbitration proceeding under the Dispute Resolution section of the Site’s Terms of Use.   

1. How Can I Contact You?

If you have any questions about this Privacy Policy, our practices, or your dealings with us, or to exercise any and all of your rights, please contact us at PO Box 1327
Long Beach, NY 11561 or [email protected].