Privacy policy

Last Updated (20th January 2025)

Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we treat it. By using the Service, you consent to the collection and use of your information in accordance with this policy. Unless otherwise defined here, terms used in this Privacy Policy hold the same meanings as those in our Terms of Use.

INTRODUCTION
YOUR CONSENT
TYPES OF INFORMATION WE COLLECT
WHY WE COLLECT AND PROCESS YOUR PERSONAL DATA
HOW WE SHARE YOUR INFORMATION
LEGAL REASONS FOR HANDLING OF YOUR INFORMATION
RESERVE OF DATA
DATA SECURITY
YOUR DATA PROTECTION RIGHTS
MARKETING AND OPTING-OUT
CHILDREN POLICY
COOKIES AND OTHER TRACKING TECHNOLOGIES
SMS COMPLIANCE REQUIREMENTS FOR THIRD-PARTY SMS PROVIDERS
LEGAL REQUIREMENTS
SUCCESSORS
CHANGES
CONTACT

1. INTRODUCTION

Aloha (“The Brand,” “we,” “us,” or “our”) operates at www.alohabefree.com and all related domains, collectively referred to as the "Site." This page outlines our policies regarding the collection, use, and disclosure of personal information when you use our services, as well as the choices available to you regarding that data. We collect and use your data to provide and enhance our services. Because our offerings may require us to gather detailed personal or financial information, we are committed to ensuring you have the necessary information to make informed decisions about sharing your data with us.

Global Compliance Statement

We are committed to complying with all applicable data protection regulations, including:

Federal Law on the Protection of Personal Data Held by Private Parties (Mexico): Ensuring the lawful handling, processing, and protection of personal data of users in Mexico, with full respect for their privacy and informed consent.
GDPR (European Union): Protecting user data rights, including access, rectification, and erasure.
CCPA & CPRA (United States): Providing California residents with rights to access, delete, and opt out of data sales.
PIPL (China): Ensuring secure storage and lawful processing of personal data.
LGPD (Brazil): Offering robust protection for Brazilian users.
PIPEDA (Canada): Safeguarding personal information and ensuring consent.
Australia Privacy Act: Respecting Australian users' rights to access and correct their data.
India’s DPDP: Adhering to privacy obligations for Indian residents.

If you have specific inquiries or need clarification about compliance with your region's regulations, please reach out to us at legal@alohabefree.com.

2. YOUR CONSENT

Before we can process your personal data, we will ask you to agree to certain processing activities. Please note that if you have previously expressed your consent, you may withdraw freely at any time by sending an email. If you withdraw your consent, and if we have no other legal grounds for the processing, we will manage your personal data. Please note that in the event that we need to manage your personal information in order to manage the Site and/or provide our services, and you discuss or disagree with us to handle your personal information, the Site and/or our services may become inaccessible to you.

3. TYPES OF INFORMATION WE COLLECT

We collect various types of information from and about users of the Site, including:

Information through which you can be individually identified, such as your name, postal address, email address, telephone number, credit card number, and any other identifier through which you can be reached online or offline ("personal information").
Information about you that does not individually identify you, such as your age, interests, and use of various products, programs, and services.
Information about your internet connection and the equipment you use to access the Site, such as usage details and IP addresses.

We collect this information:
(i) Directly from you when you provide it to us. (ii) Automatically while you browse the Site. (iii) From third parties (for example, our business partners).

3.1 Information you Provide to Us

You may provide both personal and non-personal information while using our Site. For the purposes of this Privacy Policy, personal information refers to any details about an individual that can identify that person, while non-personal information includes data that cannot be used to directly identify an individual. The information you provide to us may include, but is not limited to:

Your name, email address, phone number, username, shipping address, and payment details.

This information is typically collected when you:

Send us an email or other communication.
Register for an account on our Site.
Purchase a product or service from us.
Respond to surveys, questionnaires, or feedback requests.
Provide information through other means, such as participation in promotional offers or customer support inquiries.

By providing this information, you enable us to deliver services, process transactions, and enhance your experience on our Site. We ensure that any data you share is handled securely and in compliance with applicable regulations.

3.2 Information We Collect Automatically

When you interact with the Site, we may use data collection technologies such as cookies, web beacons, web server log files, mobile analysis software, or other tracking technologies to gather information about your equipment, actions, and browsing patterns. This may include:

Details about your device and internet connection, such as IP address, operating system, device data and software (e.g., type, configuration, and unique identifiers), mobile operator, and geographical location (e.g., GPS, Wi-Fi, or information entered by the user).
Information about your interactions with the Site, including browsing patterns, pages visited, dates and times of access, payment history, correspondence, and other navigation data.
Information obtained from third-party analytics providers or advertising partners.

While the information collected through these tracking technologies may not always be personally identifiable, we may combine it with personal information, such as your name or email address, to provide a more comprehensive understanding of your preferences and interactions. Additionally, we may use these technologies to gather data about your online activities over time and across third-party sites or other online behavior monitoring services.

This information helps us to:

Enhance and improve the Site’s functionality.
Deliver more personalized services and content.
Understand user preferences and trends.

For further details on how we collect and use information from third parties, please refer to the relevant section below.

3.3 Third-Party Information

We may work with certain third parties (such as business partners, subcontractors, payment service providers, and analytics providers) and may receive specific information about you from them. While we do not browse or save information about your payment card, external service providers process payment card information when you use a payment card to place an order on our Site. We advise you to carefully review the payment service provider's privacy policy. However, these providers may share certain personal information with us, which may include:

The name of the payment cardholder.
Registered email address.
Your billing or shipping address.

Additionally, we collect and receive information about you from third parties, including:

Sites that publish our advertisements and offers.
Other online and offline sources.

We may integrate this information with data you have provided, as well as data from other sources, including offline data, browsing behavior on other sites, and interactions with our advertising. This combined information helps us:

Improve our services and offerings.
Enhance your overall experience on our Site.
Deliver tailored content and advertisements based on your preferences and behaviors.

3.4 Location Data

We may use and store information about your location if you provide consent to do so ("Location Data"). Location Data allows us to:

Provide location-specific features and functionality within our services.
Personalize your experience and improve the quality of our offerings.

You can enable or disable location services at any time through your device settings. Please note that disabling location services may limit certain features or functionalities of our Site.

4. WHY WE COLLECT AND PROCESS YOUR PERSONAL DATA

We take your privacy seriously and only use your personal data in accordance with applicable laws and for the following purposes:

To ensure that our Site content is displayed on your device in the most effective way.
To fulfill our obligations under any agreements entered into between you and Aloha.
To manage and maintain your account.
To keep our Site safe and secure.
To inform you about changes to our services.
To respond to and manage any comments, questions, or complaints you may have about the Site and our services, as well as those from other customers.
To conduct research, statistical, and behavioral analysis.
To contact you for marketing purposes, where applicable.
To manage our Site and support internal operations, including diagnostics, data analysis, testing, research, and statistical purposes.
To provide suggestions and recommendations about services that may interest you or other users of our Site.
To provide news, special offers, and general information about products, services, and events similar to those you have purchased or inquired about, unless you opt out of receiving such information.

We ensure that your personal data is handled responsibly and in compliance with applicable data protection regulations.

5. HOW WE SHARE YOUR INFORMATION

Your personal data may be shared with third parties as follows:

Third-Party Service Providers: We may share your personal data with third parties that perform specific actions on our behalf, such as processing personal data provided by users. These parties only receive your personal information when it is necessary for their tasks.
Service Providers and Partners: We may disclose your personal data to third parties, such as payment processors, billing services, customer support teams, auditors, and marketing partners, to complete transactions or provide specific services. Appropriate measures will be taken to protect your data during such transfers.
Fraud Prevention and Legal Compliance: Your personal data may be provided to outside organizations and agencies to detect and prevent fraudulent or illegal activities (including but not limited to fraudulent transactions).
Legal Obligations: We may transfer your personal data to third parties if required to fulfill a legal obligation, such as complying with a court order.
With Your Consent: Your personal data may be disclosed to third parties with your prior consent. This consent can be provided in writing, online through click-through agreements, or orally during communication with our customer service representatives.

We take all necessary precautions to ensure that your personal data is shared responsibly and in compliance with applicable privacy laws.

6. LEGAL REASONS FOR HANDLING OF YOUR INFORMATION

We process your personal information only when we have a valid legal basis for doing so. Under GDPR and other applicable laws, our legal basis for processing personal data includes:

Consent: When your consent is required for specific types of processing, such as direct marketing.
Contractual Necessity: When processing is necessary to enforce a contract between you and Aloha or to take steps at your request prior to entering into such a contract.
Legitimate Interests: To pursue our legitimate interests, provided they do not override your rights and freedoms. This includes fraud prevention, improving our services, and safeguarding account security.
Fraud Detection: To protect Aloha and our customers from fraudulent transactions.
Account Security: To ensure the security of your account and the Site.
Customer Support: To provide high-quality customer support and resolve issues.
Legal Obligations: When processing is necessary to comply with a legal obligation, such as responding to lawful requests from public authorities.

We ensure that any processing of your personal data is conducted responsibly, securely, and in accordance with applicable legal requirements.

7. RESERVE OF DATA

We store your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, including:

Meeting Legal Obligations: Compliance with applicable laws requiring data retention.
Resolving Disputes: Addressing conflicts or claims.
Enforcing Contracts and Policies: Upholding agreements and ensuring adherence to our terms.

Data Retention Periods

The retention periods for personal data are as follows:

Account Information: Retained as long as your account is active or as necessary to provide services.
Transaction Data: Retained for 7 years to comply with financial and legal obligations.
Marketing Data: Retained until you opt out or withdraw your consent.
Log Data: Retained for 2 years for security and analytics purposes.

Anonymized or aggregated data may be retained indefinitely for research or statistical purposes.

Legal Basis for Handling your Information

We handle your personal information only when there is a valid legal basis to do so. The legal grounds for processing your personal data include:

Consent: Required for specific activities, such as marketing communications and processing sensitive data.
Contractual Necessity: To fulfill or take steps related to a contract between you and Aloha, including providing requested services.
Legal Obligation: To comply with applicable laws, such as financial or regulatory requirements.
Legitimate Interests: For purposes such as improving services, preventing fraud, and ensuring platform security, provided these interests do not override your rights and freedoms.

By adhering to these principles, we ensure your data is managed responsibly, securely, and in compliance with applicable regulations.

8. DATA SECURITY

The security of your data is important to us, but please be aware that no method of Internet transmission or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute safety. We recommend that you take precautions, such as using strong passwords and ensuring your devices are secure, to help safeguard your personal data.

9. YOUR DATA PROTECTION RIGHTS

We are committed to ensuring that you are fully aware of your data protection rights under applicable global regulations. Below is a consolidated overview of these rights, which may vary depending on your jurisdiction:

Global Data Protection Rights

Right of Access: You can request a free copy of the personal information we hold about you.
Right to Rectification: You can request corrections to inaccurate personal information and the completion of incomplete information, subject to verification.
Right to Erasure: You can request the deletion of your personal information, subject to exceptions where retention is required by law or for legitimate purposes.
Right to Data Portability: You can request that we electronically transfer your personal information in a machine-readable format.
Right to Restrict Processing: You can request limitations on how we process your personal information in certain circumstances.
Right to Withdraw Consent: You may withdraw previously given consent for data processing activities at any time.

Region-Specific Rights

1. Mexico (Federal Law on Protection of Personal Data Held by Private Parties)

Right to Access: Request access to your personal data.
Right to Rectification: Request corrections to inaccurate or incomplete data.
Right to Cancelation: Request the cancellation of personal data when processing is unnecessary or exceeds the agreed purposes.
Right to Opposition: Object to the processing of personal data for specific purposes, including marketing.

2. European Union (GDPR)

Comprehensive rights as listed above.
Additional rights to object to automated decision-making and profiling.

3. United States (CCPA & CPRA)

Right to Know: Request information about the personal data collected, including categories of data, purposes of processing, and third parties with whom data is shared.
Right to Delete: Request the deletion of personal data, subject to legal exceptions.
Right to Opt-Out of Sale: Opt-out of the "sale" of your personal data as defined by state laws. Some data sharing may qualify as a sale under these laws.
Right to Correct: Request corrections to inaccurate personal information.
Right to Limit Use of Sensitive Data: Restrict the processing of sensitive personal data for essential purposes only.

4. China (PIPL)

Secure storage and lawful processing of personal data.
Rights to access, correct, delete, and restrict data processing.

5. Brazil (LGPD)

Comprehensive data protection rights similar to GDPR, tailored to Brazilian regulations.
Rights to access, correct, and request the deletion of data.

6. Canada (PIPEDA)

Right to Access: View and challenge the accuracy of personal data.
Right to Withdraw Consent: Revoke consent for the collection, use, or disclosure of personal information.

7. Australia (Privacy Act 1988)

Right to Access and Correction: Review and update personal information.
Right to Make Complaints: File complaints about how personal data is handled.

8. India (DPDP)

Rights to access, rectify, and erase personal data.
Transparency and consent requirements for lawful data processing.

Additional Considerations

While we strive to accommodate all requests, please note:

Full deletion of personal information may not always be possible due to legal or regulatory obligations, or technical constraints (e.g., backup systems).
If we are unable to fulfill your request, we will provide a detailed explanation of the reasons.
All requests are processed within one month, as required by applicable laws.

To exercise any of your data protection rights, please contact us. For verification purposes, we may only process requests

10. MARKETING AND OPTING-OUT

If you have given us your consent, we may contact you via email, text messages, and similar services about our offerings, promotions, and special offers that may interest you.

Right to Opt-Out

You have the right at any time to ask us to stop processing your information for direct marketing purposes. To exercise this right, you may:

Use the cancellation link provided at the bottom of our marketing emails.
Contact us directly and request an opt-out.

Once you opt out, you will no longer receive marketing communications from us unless you provide your consent again in the future.

11. CHILDREN POLICY

We value the privacy and safety of our users, including children. Our Site is not intended for use by children under the age of 13 without parental or guardian consent. If you are under 13, you may only use this Site and provide personal information with the explicit consent and supervision of a parent or legal guardian.
Safety Disclaimer: For our essential oils, they must be used with care. We recommend that all users, especially minors, consult with a parent or guardian before using these products and follow all safety instructions.
We do not knowingly collect personal information from individuals under 13 without such consent. If we become aware of collecting or receiving personal data from a child under the age of 13 without parental or guardian consent, we will take immediate steps to delete that information from our records.
Reporting Concerns: If you believe that we might have inadvertently collected information from or about a child under the age of 13 without appropriate consent, please contact us at legal@alohabefree.com. We will promptly investigate and address the matter to ensure compliance with our privacy commitments.

12. COOKIES AND OTHER TRACKING TECHNOLOGIES

Cookies are small text files that are stored on your device when you visit a website. They contain a small amount of information that helps improve your experience and navigation on our Site. When you revisit the Site, cookies allow us to recognize your browser, log you in faster, and analyze how you interact with our content.

We use cookies and similar tracking technologies to collect certain types of information automatically. This includes data such as your IP address, device type, browser type, interactions with links, pages viewed, and other related information. This data helps us enhance the functionality of the Site and improve our services.

Types of Cookies We Use

Below are the categories of cookies we may use on our Site:

Advertising Cookies

These cookies are used by ad servers to deliver advertisements that may be relevant to your interests. They allow advertisers to collect information about your visits to the Site and other websites, monitor ad performance, and track the frequency and effectiveness of ads displayed to you

Analytics Cookies

These cookies help us analyze how users interact with our Site. They enable us to identify popular features, understand user behaviors, and improve the Site’s functionality and user experience.

Strictly Necessary Cookies

These cookies are essential for the basic operation of the Site. Without them, certain features and functionalities may not work correctly. Disabling these cookies in your browser may impact your experience on the Site.

Personalization Cookies

These cookies allow us to recognize repeat visitors and personalize their experience. They help us remember your preferences, browsing history, and settings to make your interactions with the Site more seamless and tailored to your interests.

Security Cookies

These cookies are used to identify and prevent potential security threats. They help protect your data from malicious parties and ensure the integrity of your sessions.

Other Tracking Technologies

We may also use tracking technologies like web beacons, pixel tags, and similar technologies:

Web Beacons and Pixel Tags

These are small, invisible images or scripts embedded on our Site or emails. They help us track user behavior, such as whether an email has been opened or if specific pages have been visited. While web beacons and pixel tags cannot be declined directly, their functionality can be limited by disabling the cookies they interact with.

Your Choices

Managing Cookies

You can manage or disable cookies through your browser settings. Most browsers allow you to block or delete cookies. Please note that disabling certain cookies, particularly strictly necessary cookies, may affect the functionality of the Site.

Consent for Cookies

In compliance with GDPR and other applicable regulations, we will seek your consent before placing non-essential cookies on your device. By continuing to use our Site after accepting the cookie banner, you consent to the use of cookies as described in this policy.

Opting Out of Targeted Advertising

You may opt-out of targeted advertising cookies through your browser settings or third-party tools, such as the Digital Advertising Alliance (DAA) or the Network Advertising Initiative (NAI) websites.

13. SMS Compliance Requirements for Third-Party SMS Providers

Consent for SMS Communications

We send SMS communications only to individuals who have explicitly opted in. By providing your phone number and opting in, you agree to receive SMS messages, including promotional and transactional content, under this Privacy Policy.

Information Collected for SMS Communications

To send SMS messages, we collect and process the following data:

Phone number
Date and time of consent
Message interactions, including opens and responses
Purchase or activity history related to the messages

Third-Party SMS Providers

We partner with third-party providers like Klaviyo to manage and deliver SMS communications. These providers adhere to relevant data protection laws, and their privacy policies govern how your data is handled.

Unsubscribe and Opt-Out Mechanism

You can unsubscribe from SMS communications by:

Replying "STOP" to any SMS message you receive from us.
Contacting us at clientservice@alohabefree.com to request an opt-out.

Once unsubscribed, you will no longer receive SMS messages unless you re-subscribe by opting in again.

Compliance with Laws

We ensure all SMS communications comply with applicable laws, including:

TCPA (U.S.): SMS messages are sent only with explicit consent and include proper opt-out mechanisms.
GDPR (EU): Communications are sent only with clear opt-in consent, allowing users to manage their data rights.
CAN-SPAM Act (U.S.): Promotional SMS messages adhere to spam prevention regulations.
Other relevant global laws: We comply with SMS and telecommunication standards applicable in countries where our services are available.

Data Retention for SMS Communications

Data related to SMS communications will be retained for as long as necessary to provide the service, fulfill legal obligations, or resolve disputes. This includes maintaining records of consent and interactions for compliance and accountability purposes.

14. LEGAL REQUIREMENTS

Aloha may disclose your personal data in good faith, believing that such action is necessary to:

Fulfill a Legal Obligation: Compliance with applicable laws, regulations, or court orders.
Protect Rights or Property: Safeguard the rights, property, or operations of Aloha.
Investigate Irregularities: Prevent or address potential wrongdoing in connection with the service.
Ensure Personal Safety: Protect the safety of users of the service or the general public.
Defend Against Legal Liability: Respond to legal claims or actions effectively.

15. SUCCESSORS

Aloha may be involved in mergers, acquisitions, or bankruptcy while providing the Site. In such events, personal information may be part of the transferred assets to the entities acquiring all or part of our assets or another entity with which we have merged. Under such circumstances, we will indulge the acquiring party to follow the terms and practices described in this Privacy Policy. However, once information has been transferred, we cannot promise that the acquiring party will treat your information the same as described in this Privacy Policy. There may be a change in privacy rights.

16. CHANGES

We reserve the right to update or revise this policy at any time. Any changes or modifications will be posted on this page, and the updated version will be effective immediately upon posting.

We encourage you to review this policy periodically to stay informed about how we protect your information and comply with legal obligations. By continuing to use our Site or Services after changes to this policy are posted, you accept the revised terms.

If you do not agree to the updated terms, you must discontinue use of our Site and Services.

17. CONTACT

If you have any questions regarding this Privacy Policy or how your data is handled, please reach out to us at legal@alohabefree.com.

We are committed to addressing your inquiries promptly and ensuring your privacy is protected.