Halloween Sale - 10% OFF sitewide  (applied in cart)

Privacy Policy

Introduction

Effective Date: September 10, 2024

We respect your privacy.

This policy, therefore, describes how we collect, process and hold your personal data if you visit our website, use our services or otherwise provide us with personal data.

We are Talisa US, LLC of 250 Greenwich St, New York, NY, 10007, USA. We are the sole data controller of your personal data.

This policy affects your legal rights and obligations so please read it carefully. If you have any questions, please contact us at dataprotection@talisa.com or call us on (646) 846-1810.

Personal Data that We Collect

When you browse our website, subscribe to our newsletter, open an account on our website or purchase an item, we may collect, process, store and use personal data including your name, phone number, mobile number, physical address, email address and IP address together with payment information and browsing history. Personal data however does not include information that has been irreversibly anonymized or aggregated so that it can no longer enable us, whether in combination with other information or otherwise, to identify you.

All personal data that you provide to us must be true, complete and accurate. If you provide us with inaccurate or false data, and we suspect or identify fraud, we will record this.

You do not need to provide us with any personal data to browse through our website. However, we may still automatically collect certain information as described below.

When you contact us by email, we may keep a record of the correspondence and we may also record any telephone call we have with you.

In addition, if you choose to engage in social sharing, for example, by connecting your social media account (e.g., Facebook) to your customer account or by logging into your customer account from your social media account, the social media site may share information with us about your use of their services, including profile information, information about your contacts and content you have viewed or liked. Where applicable, please refer to the social media site’s privacy settings to control how your information is shared.

Data that We Automatically Collect

When you visit our website, we, or third parties on our behalf, automatically collect and store information about your device and your activities. This information could include (a) your computer or other device’s unique ID number; (b) technical information about your device such as type of device, web browser or operating system; (c) your preferences and settings such as time zone and language; and (d) statistical data about your browsing actions and patterns.

We collect this information using cookies in accordance with our Cookie Policy described below and we use the information we collect to improve our website, the services we provide, and for analytical and research purposes.

Cookies

A cookie is a small text file containing a unique identification number that is transferred (through your browser) from a website to the hard drive of your computer.

The cookie identifies your browser but will not let a website know any personal data about you, such as your name and/or address. These files are then used by websites to identify when users revisit that website.

Our website uses cookies so that we can recognize you when you return and personalize your settings and preferences. Most browsers are initially set up to accept cookies. You can change your browser settings either to notify you when you have received a cookie, or to refuse to accept cookies. Please note that our website may not operate efficiently if you refuse to accept cookies.

We might use cookies from third-party partners such as Google and Facebook for marketing purposes. These cookies allow us to display promotional materials to you on other sites you visit across the Internet. We may also share information about your behavior on our website with third parties (including operators of third-party websites and/or social networking sites) in order to target advertisements and other content. The above excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.

In some cases, we use cookies to associate user activity with the third party website that referred the user to our website, or to associate user activity that we referred to a third party website. We do not share any personal information or information about individual user activities with these partner entities. We also use cookies to associate user activity with the email campaign that referred the user to our website.

We use cookies to limit certain types of cyber-attacks. We also use cookies during fraud reviews and investigations. Some of our cookie/device tracking happens through third-party vendors, other times we use our own indexes to identify activity related to specific cookies.

Session Cookies are temporary cookies that remain in the cookie file of your browser until you leave our website. Persistent Cookies, on the other hand, commonly remain in the cookie file of your browser for longer periods depending on the lifetime of the specific cookie. When we use session cookies to track the total number of visitors to our Site, for example, this is done on an anonymous aggregate basis.

We also use Google Analytics to monitor how the website is used. Google Analytics collects information anonymously and generates reports detailing information such as the number of visits to the website, where visitors generally came from, how long they stayed on the website, and which pages they visited. Google Analytics places several persistent cookies on your computer’s hard drive. These do not collect any personal data. If you do not agree to this use you can disable persistent cookies in your browser. This will prevent Google Analytics from logging your visits.

Marketing Communications

It is necessary for our legitimate interests to use your personal data to send you marketing communications, which may include newsletters, blog posts, surveys and information about new products.

You can choose to no longer receive marketing communications by contacting us at support@talisa.com or clicking unsubscribe from a marketing email.

If you do unsubscribe to marketing communications, it may take up to 5 business days for your new preferences to take effect. We shall therefore retain your personal data in our records for marketing purposes until you notify us that you no longer wish to receive marketing emails from us.

Why We Process Personal Data

We will use your personal data in order to comply with our contractual obligations, to supply to you the products that you had purchased, including to contact you with any information relating to the shipment and delivery of the product to you in accordance with any requests you make and that we agree to, and to deal with any questions, comments or complaints you have with respect to the same, if any.

We may also use your personal data for our legitimate interests, including dealing with any customer services you require, enforcing the terms of any other agreement between us, for regulatory and legal purposes (for example anti-money laundering), for audit purposes and to contact you about changes to this policy.

Sharing Personal Data

We may share your personal data with our employees, service providers, sub-contractors and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including marketing services providers (e.g., Google Analytics and Facebook), payment and shipment providers, email communication providers (e.g., Mail-Chimp), IT service providers, accountants, auditors and lawyers.

Under certain circumstances we may have to disclose your personal data under applicable laws and/or regulations, for example, as part of anti-money laundering processes or protect a third party’s rights, property or safety.

We may also share your personal data in connection with, or during negotiations of, any merger, sale of assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.

We will neither sell your personal data nor will we share, rent or trade your personal data with third parties other than as disclosed within this Privacy Policy unless we have your consent.

Legal Basis for Processing of Personal Data of EEA Residents

If you reside within the EEA, our processing of your personal data will be legitimized as follows:

Whenever we require your consent for the processing of your personal information such processing will be justified pursuant to Article 6(1) lit. (a) of the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

If the processing of your personal information is necessary for the performance of a contract between you and us or for taking any pre-contractual steps upon your request, such processing will be based on GDPR Article 6(1) lit. (b).

Where the processing is necessary for us to comply with a legal obligation, we will process your information on basis of GDPR Article 6(1) lit. (c), and where the processing is necessary for the purposes of our legitimate interests, such processing will be made in accordance with GDPR Article 6(1) lit. (f).

Your rights Under GDPR

You have the right to obtain from us a copy of the personal data that we hold for you, and to require us to correct errors in the personal data if it is inaccurate or incomplete or to limit or object to its processing. You also have the right at any time to require that we delete your personal data or transfer it to a third-party. To exercise these rights, or any other rights you may have under applicable laws, please contact us at dataprotection@talisa.com.

Please note, however, that we reserve the right to charge an administrative fee if your request is manifestly unfounded or excessive.

Additionally, such rights of rectification, objection, restriction, access, portability and deletion are subject to certain limitations, as provided for by applicable laws. Individual requests will be completed as soon as possible following their receipt and in any event within thirty (30) days from our confirmation of such receipt.

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request. For more information on the GDPR, please refer to:

  • https://eugdpr.org/
  • https://gdpr.algolia.com/

Cross-border Transfer of Personal Data

We may share personal data with our employees, consultants and third party service providers outside your country but only for purposes of performing the services for which you provided your personal data, even to countries that might not offer a level of protection for your personal information that is equivalent to the one offered in your country of residence or in similar countries found to provide adequate safeguards to your personal data. We will obtain your express consent, however, before using your personal data for any purposes other than performing the services for which you provided the personal data.

For EU and Swiss users only - Transferring your information outside the European Economic Area.

As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Economic Area (“EEA”) and Switzerland. This may happen if any of our servers are from time to time located in a country outside of the EEA or Switzerland. These countries may not have similar data protection laws to the EEA or Switzerland.

In such circumstances, we will enter into model contractual clauses as adopted by the European Commission, or rely on alternative legal bases such as the EU-US Data Privacy Framework and Swiss-US Data Privacy Framework (described below), where applicable, or binding corporate rules where our affiliates, consultants or service providers have adopted such internal policies approved by European data protection authorities.

If you use our services while you are outside the EEA or Switzerland, your information may be transferred outside the EEA or Switzerland in order to provide you with those services.

Data Privacy Framework Principles and Framework

Talisa US LLC complies with the EU-U.S. Data Privacy program Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy program Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.

Talisa US LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework program Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF.

Talisa US LLC has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework program Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.

To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

With respect to personal data received or transferred pursuant to the Data Privacy Framework (DPF), Talisa US, LLC is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission. Pursuant to the Data Privacy Framework (DPF), EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Data Privacy Framework, should direct their query to dataprotection@talisa.com. If requested to remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to dataprotection@talisa.com.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Talisa US, LLC accountability for personal data that it receives in the United States under the Data Privacy Framework and subsequently transfers to a third party is described in the Data Privacy Framework Principles. In particular, Talisa US, LLC remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Talisa US, LLC proves that it is not responsible for the event giving rise to the damage.

In compliance with the EU-US Data Privacy Framework Principles, Talisa US LLC commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union and Swiss individuals with DPF inquiries or complaints should first contact Talisa US, LLC by email at dataprotection@talisa.com or via post at:

Ariel Shavit at: Talisa US, LLC Data Protection Officer
250 Greewich Street Floor 38
New York, NY 10007

Talisa US, LLC has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

Notifications and Updates

Our website sends new registered users a welcoming email to verify password and username. After you register with our website and have provided consent to receiving marketing emails, we may send you on a regular basis via emails information on other services or products that we believe may be of interest to you. We give you the option at all times to unsubscribe from receiving these types of communications.

We may also send you notifications regarding updates to our website and our services only if you have provided consent to receiving updates about our opportunities, services and products. We may also communicate with you to provide requested services and with respect to issues relating to your account via email or phone.

Security

We shall process your personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

All information you provide to us is stored on our secure servers. Any payment transactions are encrypted using SSL technology. Where we have given, or you have chosen a password, you are responsible for keeping this password confidential. You acknowledge, however, that no system can be completely secure. Therefore, although we take these steps to secure your personal data seriously, we do not and cannot promise that your personal data will always remain completely secure.

Links

Our website may contain links to other sites. Once you have used these links to leave our website, you should note that we do not have any control over that other site. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this policy. You should exercise caution and look at the privacy policy applicable to the site in question.

Retention

If you register with us, we shall retain your personal data until you close your account. If you receive marketing communications from us, we shall retain your personal data until you opt-out of receiving such communications.

If you have otherwise ordered or purchased an item from us or contacted us with a question or comment, we shall retain your personal data for 6 months following such contact to respond to any further queries you might have.

General

If any provision of this policy is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision shall be construed, as nearly as possible, to reflect the intentions of the parties and all other provisions shall remain in full force and effect.

The website and services are intended to be used by individuals over the age of 18. If we become aware that we have collected the personal data of an individual under 16, we will take steps to delete the information as soon as possible. Please immediately contact us by sending an email to dataprotection@talisa.com if you become aware that an individual under 16 has provided us with personal data.

This policy shall be governed by and construed in accordance with the law of New York, and you agree to submit to the exclusive jurisdiction of the New York's Courts.

We may change the terms of this policy from time to time. You are responsible for regularly reviewing this policy so that you are aware of any changes to it. If you continue to use our website after the time we state the changes will take effect, you will have accepted the changes.

© 2024 Talisa. All Rights reserved.