Effective Date: December 16, 2022
Click on one of the links below to jump to the listed section:
In addition, if you apply for a job with us, please see our Career’s Privacy Notice.
In connection with your use of the Services, you may provide personal information to us in various ways. The types of personal information we obtain include:
You are not required to provide this information but, if you choose not to do so, we may not be able to offer you certain Services and related features.
We will use the information we obtain through the Services as needed to fulfill our contractual obligation to provide you with the products and services you request and to deliver products ordered (including, but not limited to, transportation and customs clearance through related third party service providers).
We also will use the information we obtain through the Services if we have a legitimate interest to do so, including to support the following functions and activities:
In addition, we will use your contact information to send you Health Newsletters, emails, SMS, push notifications and in-app notifications about our products, services, sales and special offers if you sign up to receive them and have not opted out.
We may combine information we obtain about you through our websites with the information obtained through our apps for the purposes described above. We also may use the information we obtain in other ways for which we provide specific notice at the time of collection or otherwise with your consent.
A “cookie” is a text file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. Cookies may be set either directly by the website a user is visiting (“first-party cookies”), or by a domain other than the website the user is visiting (“third-party cookies”). A “Flash cookie,” also known as a local shared object, functions like a web cookie to personalize a user’s experience on sites that use Adobe Flash Player. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, links web pages to web servers and their cookies and may be used to transmit information collected through cookies back to a web server. We and our third-party service providers may use beacons in emails to help us track response rates, identify when our emails are accessed or forwarded, and for other purposes listed above.
The following types of cookies and similar technologies are used on the Services:
We use necessary cookies to help enable the Services to function, including to (1) identify you once you have logged in to your account, (2) keep track of preferences you specify while you use the Services, and (3) manage the security of the Services.
Through our Services, we may obtain personal information about your online activities over time and across third-party apps, websites, devices and other online services. On our Services, we use third-party online analytics services, such as those of Google Analytics. The service providers that administer these analytics services use automated technologies to collect data (such as email address, IP addresses, cookies and other device identifiers) to evaluate, for example, use of our Services and to diagnose technical issues. To learn more about Google Analytics, please visit www.google.com/analytics/learn/privacy.html, and to opt out of being tracked by Google Analytics across all websites, please visit: http://tools.google.com/dlpage/gaoptout.
Through our Services, both we and certain third parties may collect information about your online activities to provide you with advertising about products and services tailored to your individual interests. You may see our ads on other websites or mobile apps because we participate in advertising networks. Ad networks allow us to target our messaging to users considering demographic data, users’ inferred interests and browsing context. These networks track users’ online activities over time by collecting information through automated means, including through the use of browser cookies, web beacons, device identifiers, server logs, web beacons and other similar technologies. The networks use this information to show ads that may be tailored to individuals’ interests, to track users’ browsers or devices across multiple websites and apps, and to build a profile of users’ online browsing and app usage activities. The information our ad networks may collect includes data about users’ visits to websites and apps that participate in the relevant ad networks, such as the pages or ads viewed and the actions taken on the websites or apps. This data collection takes place both on our Services and on third-party websites and apps that participate in the ad networks. This process also helps us track the effectiveness of our marketing efforts.
To learn how to opt out of ad network interest-based advertising in the U.S., please visit www.aboutads.info/choices and http://www.networkadvertising.org/choices/. In the European Union, please visit www.youronlinechoices.eu.
To the extent required by applicable law, we will obtain your consent before placing non-essential cookies or similar technologies on your device, and keep your choice for a period of six (6) months. If you are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”), Russia or Kazakhstan, you can change your cookie preferences at any time by clicking on the “Cookie Preferences” icon at the bottom of each page of our Services.
You also can stop certain types of cookies from being downloaded on your device by selecting the appropriate settings on your web browser. Most web browsers will tell you how to stop accepting new browser cookies, how to be notified when you receive a new browser cookie and how to disable existing cookies. The following external links will explain how to manage cookies for the most common browsers:
To find out how to manage cookies for other browsers, please click “help” on your browser’s menu or visit www.allaboutcookies.org. [Flash cookies typically cannot be controlled, deleted or disabled through your browser settings and instead must be managed through your Adobe Flash Player settings. To manage Flash cookies, which we may use on our website from time to time, you can go to the Adobe Flash Player Support page available here. In addition, your mobile device settings may allow you to prohibit mobile app platforms (such as Apple and Google) from sharing certain information obtained by automated means with app developers and operators such as us. Our Services are not designed to respond to “do not track” signals received from browsers. Please note that without cookies or other automated tools we use to collect this type of data, you may not be able to use all the features of our Services.
Our Services also use a chatbot to provide automated customer assistance. A chatbot is a computer program that communicates with you, using text on a digital message interface and artificial intelligence. Put simply, if you ask a question through our chatbot, the chatbot will reply to you in human-ish behavior. Our chatbot is supported by Ada Support, a third-party chatbot service provider located in Canada, who performs services on our behalf (“Ada”). Ada uses an automated decision making process, when deciding on the correct answer to serve based on your question, and will receive message logs and usernames when you interact with the chatbot. Message logs contain information such as details of your account with us, including your username, e-mail address, phone number and address, as well as any other content you choose to submit when you make a customer support inquiry through the chatbot. Ada will retain the content of those messages, together with responses to those messages and any outcome from those messages. This information will be retained for twelve (12) months and will be used only to provide customer support and improve the quality of the chatbot services. If you are located in the EEA, UK or Switzerland, the above information will be transferred to Ada in Canada - a country which has been recognized by the European Commission, UK and Swiss Administration as providing an adequate level of data protection.
We also may disclose information about you: (1) if we are required to do so by law or legal process (such as a court order or subpoena); (2) in response to requests by government agencies, such as law enforcement authorities; (3) to establish, exercise or defend our legal rights; (4) when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss; (5) in connection with an investigation of suspected or actual illegal activity; (6) in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation); or (7) otherwise with your consent.
We may use third-party service providers when we use your personal information. The personal information may be shared with such third-party service providers.
You can see the list of the service providers and services to be performed by each such service providers here.
|Name of service provider||The service provided|
|Adyen B.V.||Global online payment services|
|Ad Efficiency||Paid marketing agency|
|CJ Korea Express||Shipping|
|eBay Korea, LLC.||Ecommerce marketplace, affiliate marketing|
|Paid social media|
|FullStory||Digital analytics tool|
|KCP Co, Ltd.||Online payment services|
|Iterable, Inc.||Platform & related services for marketing automation & personalization|
|Lotte Global Logistics||Customs Broker|
|MaestroQA, Inc.||Customer service|
|NHN KCP||Online payment services|
|PayPal, Inc.||Online payment services|
|Performance Horizon/Partnerize||Marketing technology|
|Rakuten, Inc.||Ecommerce marketplace, affiliate marketing|
|SADA Systems, Inc.||Cloud solutions provider|
|SK Telecom||Wireless telecommunications|
|ThreatMetrix, Inc.||Rules engine, fraud risk|
|Zendesk||Customer Service Software|
Name of the entity to which the personal information is transferred (in case of a corporation, the name of the corporation and the contact information of the person responsible for the management of information); Amazon Web Services Inc. (https://aws.amazon.com/compliance/contact/).
The country to which the personal information is transferred: USA.
Transfer timing and method: Transmission using a secure network when using the service.
The items of personal information to be transferred: Personal information collected/used while using the service.
The purpose of using the personal information by the entity to which the information is transferred and the period for retention and use thereof: Operation and management of the cloud server storing personal information during the personal information retention period or until the end of the customer contract.
We offer you certain choices in connection with the personal information we obtain about you. For example, if you have created an account with us, you can change your communication preferences by logging into your account and clicking on “Communication Preferences”. To the extent provided by applicable law, you also can object to the use of your personal information for direct marketing purposes and unsubscribe from our marketing mailing lists by following the “Unsubscribe” link in our emails, texting STOP to the short code number from which our SMS are being sent or contacting us as specified in the How to Contact Us section below. We will apply your preferences going forward.
To the extent provided by applicable law, you may: (1) request access to the personal information we maintain about you; (2) request that we update, correct, amend, or erase your information; or (3) request the restriction of our use of your personal information, by contacting us as specified in the How to Contact Us section below.
To the extent provided by applicable law, you also may object to the use of your personal information in certain situations in which we use that information based on our legitimate interests, as described above. In addition, to the extent provided by applicable law, you may receive, in a structured, commonly used and machine-readable format, your personal information you have provided to us based on your consent or a contract to which you are party. You have the right to have this information transmitted to another company, where it is technically feasible. To exercise these rights, please contact us as specified in the How to Contact Us section below.
Depending on your location, you may have the right to file a complaint with a privacy regulator if you are not satisfied with our response.
Our Services may provide links to other online services and websites for your convenience and information, and may include third-party features such as apps, tools, widgets and plug-ins (e.g., Facebook, Google , Instagram, LinkedIn, Pinterest, Twitter, and YouTube). These services, websites, and third-party features may operate independently from us. The privacy practices of these third parties, including details on the information they may collect about you, are subject to the privacy statements of these parties, which we strongly suggest you review. To the extent any linked online services or third-party features are not owned or controlled by us, iHerb is not responsible for these third parties’ information practices.
We will retain your personal information until the purposes of the collection is achieved, subject to the following:
|Records to be Retained||Applicable Law||Retention Period|
|Records of contract or withdrawal of subscription||Act on the Consumer Protection in Electronic Commerce, etc.||5 years|
|Records of payment and supply of goods||5 years|
|Records of consumer complaints and the settlement of dispute||3 years|
|Records of consumer complaints and the settlement of dispute||6 months|
|Books and supporting documents for all transactions specified by the Tax Act||Framework Act on National Taxes||5 years|
|Records of electronic financial transactions||Electronic Financial Transactions Act||5 years|
|Records of visits to service provider’s online site||Protection of Communications Secrets Act||3 months|
We separately store or delete the personal information of the members who have not used our service for a period of one year. The Company will destroy personal information in accordance with the following procedures and methods:
A. Procedures for destruction
Any personal information retained after the purpose is achieved pursuant to relevant laws will be transferred to a separate database (or a separate filing cabinet in the case of paper). It will be destroyed after being stored for the required time periods under applicable laws. Such personal information will not be used for any purpose other than the preservation, unless otherwise required by law.
B. Methods of destruction
Papers containing personal information will be shredded or incinerated. Personal information stored in electronic files will be deleted using the technical method that prevents reproduction of the records.
We maintain administrative, technical and physical safeguards designed to protect personal information we obtain through the Services against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.
iHerb, LLC. Attn: Legal Department 301 North Lake Avenue, Suite 600 Pasadena, CA 91101, United States
For users in South Korea: iHerb’s Korean Domestic Representative is Bae, Kim & Lee LLC, Representative Attorney Yangho Oh, Centropolis B, 26 Ujeongguk-ro, Jongno-gu, Seoul, Korea 03161. Telephone: 02-3404-0107 Email: [email protected]. If you would like to exercise your privacy rights, please contact us by using this form that will appear once you log in to your account.
Subject to applicable law, data requests submitted by email or sent via postal mail may require that you provide additional documentation necessary to confirm your identity.
If you prefer not to provide additional documentation along with your request, we recommend you utilize the above form as it will automatically validate your identity.