checkoutarrow
US
24/7 Support

Privacy Policy

iHerb, LLC.: Privacy Policy

Effective Date: August 27, 2020

iHerb, LLC., being a data controller with regard to your personal information, and its subsidiaries(collectively, “iHerb”) respect your concerns about privacy. This Privacy Policy describes the types of personal information we collect about individuals through our website and mobile apps (collectively, the “Services”), how we may use the information, with whom we may share it, and the choices available regarding our use of the information. The Privacy Policy also describes the measures we take to safeguard the personal information, how long we retain it and how individuals can contact us about our privacy practices and to exercise their rights.

Click on one of the links below to jump to the listed section:

In connection with your use of the Services, you may provide personal information to us in various ways. The types of personal information we obtain include:

  • contact information (such as name, email address, shipping address and instructions, postal code, telephone number, and personal ID);
  • login credentials to create an account on the Services (such as email address and password);
  • information contained on your social media public profile, to the extent you decide to create an account on the Services using your social media account;
  • information you choose to submit on your personalized public profile “My Page”, including web address name, user name, photograph, links to your social media accounts and any other information you choose to submit on the “Page Description” section of your “My Page”;
  • user generated content related to product reviews, comments, questions and answers;
  • payment information, such as name, billing address, account number, and payment card details (including card number, expiration date and security code) for payments processed by us. To the extent any payments are processed by any other third parties such as PayPal or Apple Pay, then the privacy policies of those parties shall govern such information;
  • bank account and tax information related to any company programs that may offer customer payouts (such as Rewards program);
  • order history, including information about products purchased or viewed on the Services;
  • details you provide through contests, sweepstakes and surveys;
  • social media information, such as social media handles, content and other data shared with us through third-party features that you use on our Services (such as apps, tools, payment services, widgets and plugins offered by social media services like Facebook, Google , Instagram, LinkedIn, Pinterest, Twitter and YouTube) or posted on social media pages (such as our social media pages or other pages accessible to us);
  • other personal information contained in content you submit on the Services, such as through our “Contact Us” feature or other customer support tools; and
  • information you submit in connection with a career opportunity at iHerb, such as contact details, information in your resume and cover letter, and details about your current employment;
  • Country/region and language preference based on mobile device settings and/or IP;
  • IP address, device, operating system, and browser information that we detect.

You are not required to provide this information but, if you choose not to do so, we may not be able to offer you certain Services and related features.

We will use the information we obtain through the Services as needed to fulfill our contractual obligation to provide you with the products and services you request, to deliver products ordered (including, but not limited to, transportation and customs clearance through related third party service providers); and to manage career opportunities with iHerb.

We also will use the information we obtain through the Services if we have a legitimate interest to do so, including to support the following functions and activities:

Functions and activities we perform Legal grounds we rely on
establishing and managing your account; contractual necessity
communicating with you about your account or transactions and sending you information about features and enhancements; contractual necessity and (or) our legitimate interest
processing claims in connection with our products and services, and keeping you informed about the status of your order; contractual necessity and (or) our legitimate interests
managing our Rewards and loyalty programs; contractual necessity
posting your product reviews and managing our Reviews program; your consent, contractual necessity, and (or) our legitimate interest
improving and customizing your experience with the Services, including providing recommendations based on your preferences; your consent, contractual necessity, and (or) our legitimate interest
identifying and authenticating you so you may use the Services; contractual necessity
marketing our products to you and providing you with promotions, including special deals, coupons, discounts and chances to win contests; your consent
communicating with you about, and administering your participation in, contests, sweepstakes or surveys; your consent and (or) contractual necessity
responding to your requests and inquiries and providing customer support, such as through our chatbot or other customer support tools; contractual necessity, our legal obligation, and (or) our legitimate interest,
operating, evaluating and improving our business (including developing new services; enhancing and improving our Services; managing our communications; analyzing our user base and Services; performing data analytics and market research; and performing accounting, auditing and other internal functions); our legitimate interest, and (or) carrying out research and statistics based on depersonalized personal information
protecting against, identifying and preventing fraud and other criminal activity, claims and other liabilities; legal obligation and (or) our legitimate interest
complying with and enforcing applicable legal requirements, relevant industry standards and our policies, including this Privacy Policy and iHerb’s Terms of Use, Rewards Program Terms of Use; and legal obligation and (or) contractual necessity
communicating with you about changes to our policies. contractual necessity, our legal obligation, and (or) our legitimate interest
saving your personal data for future purchases your consent

In addition, we will use your contact information to send you Health Newsletters, emails, SMS, push notifications and in-app notifications about our products, services, sales and special offers if you sign up to receive them and have not opted out.

We may combine information we obtain about you through our websites with the information obtained through our apps for the purposes described above. We also may use the information we obtain in other ways for which we provide specific notice at the time of collection or otherwise with your consent.

We build in the function into our Services enabling saving your data for automatic filling of information about you in case of future purchases and passing customs clearance procedures. By pushing “Save for Future Purchases” button you provide your consent to processing personal data for this purpose.

When you use our Services or open our emails, we may obtain certain information by automated means, such as browser cookies, Flash cookies, web beacons, device identifiers, server logs and other technologies. The information we obtain in this manner may include your device IP address, domain name, identifiers associated with your devices, device and operating system type and characteristics, web browser characteristics, language preferences, clickstream data, your interactions with our Services (such as the web pages you visit, links you click and features you use), the pages that led or referred you to our Services, dates and times of access to our Services, and other information about your use of our Services. We also may receive your device’s geolocation and other information related to your location through GPS, Bluetooth, WiFi signals and other technologies for certain purposes listed above, such as to provide you with our Services. Your device may provide you with a notification when the Services attempt to collect your precise geolocation.

A “cookie” is a text file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “Flash cookie,” also known as a local shared object, functions like a web cookie to personalize a user’s experience on sites that use Adobe Flash Player. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, links web pages to web servers and their cookies and may be used to transmit information collected through cookies back to a web server. We and our third-party service providers may use beacons in emails to help us track response rates, identify when our emails are accessed or forwarded, and for other purposes listed above.

To the extent required by applicable law, we will obtain your consent before placing cookies or similar technologies on your computer. You can stop certain types of cookies from being downloaded on your computer by selecting the appropriate settings on your web browser. Most web browsers will tell you how to stop accepting new browser cookies, how to be notified when you receive a new browser cookie and how to disable existing cookies. You can find out how to do this for your particular browser by clicking “help” on your browser’s menu or by visiting www.allaboutcookies.org. [Flash cookies typically cannot be controlled, deleted or disabled through your browser settings and instead must be managed through your Adobe Flash Player settings. To manage Flash cookies, which we may use on our website from time to time, you can go to the Adobe Flash Player Support page available here. In addition, your mobile device settings may allow you to prohibit mobile app platforms (such as Apple and Google) from sharing certain information obtained by automated means with app developers and operators such as us. Our Services are not designed to respond to “do not track” signals received from browsers. Please note that without cookies or other automated tools we use to collect this type of data, you may not be able to use all the features of our Services.

The following types of cookies and similar technologies may be used on the Services:

Internal Cookies Essential For The Services To Function

We use first-party cookies to help enable the Services to function, including to (1) keep track of preferences you specify while you use the Services, (2) access your information when you log into the Services to provide you with customized content and (3) manage the security of the Services.

Cookie-Based Digital Experience Technologies

On our Services, we use certain cookie-based technologies, such as FullStory, in order to log customers’ session and further reproduce them – these technologies do not imply live time/direct screen capture but just allow to re-create the session based on the customer’s events on our Services. We will use them to improve our Services by way of session replay, tracking our Services performance and error reporting.

Third-Party Web Analytics Cookies

Through our Services, we may obtain personal information about your online activities over time and across third-party apps, websites, devices and other online services. On our Services, we use third-party online analytics services, such as those of Google Analytics. The service providers that administer these analytics services use automated technologies to collect data (such as email address, IP addresses, cookies and other device identifiers) to evaluate, for example, use of our Services and to diagnose technical issues. To learn more about Google Analytics, please visit www.google.com/analytics/learn/privacy.html.

Internal and Third-Party Advertising Cookies

Through our Services, both we and certain third parties may collect information about your online activities to provide you with advertising about products and services tailored to your individual interests. You may see our ads on other websites or mobile apps because we participate in advertising networks. Ad networks allow us to target our messaging to users considering demographic data, users’ inferred interests and browsing context. These networks track users’ online activities over time by collecting information through automated means, including through the use of browser cookies, web beacons, device identifiers, server logs, web beacons and other similar technologies. The networks use this information to show ads that may be tailored to individuals’ interests, to track users’ browsers or devices across multiple websites and apps, and to build a profile of users’ online browsing and app usage activities. The information our ad networks may collect includes data about users’ visits to websites and apps that participate in the relevant ad networks, such as the pages or ads viewed and the actions taken on the websites or apps. This data collection takes place both on our Services and on third-party websites and apps that participate in the ad networks. This process also helps us track the effectiveness of our marketing efforts.

To learn how to opt out of ad network interest-based advertising in the U.S., please visit www.aboutads.info/choices and http://www.networkadvertising.org/choices/. In the European Union, please visit www.youronlinechoices.eu.

Third-Party Cookies Intended To Improve The Interactivity Of The Services

Our Services also support certain third-party services, including social sharing buttons (such as Facebook, Google , Instagram,Pinterest, and Twitter), Tweet lists from Twitter and videos posted on the Services from YouTube. These features use third-party cookies that are placed directly on your device by these services. The privacy practices of these third parties, including details on the information they may collect about you, are subject to the privacy notices of these parties, which we strongly suggest you review. iHerb is not responsible for these third parties’ information practices.

Chatbot Logs

Our Services also use a chatbot to provide automated customer assistance. A chatbot is a computer program that communicates with you, using text on a digital message interface and artificial intelligence. Put simply, if you ask a question through our chatbot, the chatbot will reply to you in human-ish behavior. Our chatbot is supported by Ada Support, a third-party chatbot service provider located in Canada, who performs services on our behalf (“Ada”). Ada uses an automated decision making process, when deciding on the correct answer to serve based on your question, and will receive message logs and usernames when you interact with the chatbot. Message logs contain information such as details of your account with us, including your username, e-mail address, phone number and address, as well as any other content you choose to submit when you make a customer support inquiry through the chatbot. Ada will retain the content of those messages, together with responses to those messages and any outcome from those messages. This information will be retained for twelve (12) months and will be used only to provide customer support and improve the quality of the chatbot services. If you are located in the European Economic Area (“EEA”), United Kingdom (“UK”) or Switzerland, the above information will be transferred to Ada in Canada - a country which has been recognized by the European Commission, UK and Swiss Administration as providing an adequate level of data protection.

We will carry out the following operations on your personal information with and without use of automated means: collection, recording, systematization, accumulation, storage, specifications (updating, modification), retrieval, use, transfer (provision, access), depersonalization, blockage deletion, destruction of your personal information.

To the extent required by applicable law, we will obtain your consent before carrying out any of these operations on your personal data in accordance with the manner and procedure under the applicable data protection laws.

We do not disclose personal information we obtain about you, except as described in this Privacy Policy. We will share your personal information with our (1) subsidiaries and affiliates, and (2) third-party service providers who perform services on our behalf (such as payment processing and authorization, order fulfillment, transportation, customs clearance, marketing, data analytics, customer support and fraud prevention) for the purposes described in this Privacy Policy. We do not authorize our service providers to use or disclose the information except as necessary to perform services on our behalf or comply with legal requirements. We also may disclose information about you: (1) if we are required to do so by law or legal process (such as a court order or subpoena); (2) in response to requests by government agencies, such as law enforcement authorities; (3) to establish, exercise or defend our legal rights; (4) when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss; (5) in connection with an investigation of suspected or actual illegal activity; (6) in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation); or (7) otherwise with your consent. Moreover, in exceptional circumstances we will need to verify the information we obtain from you with the third parties, which implies that your personal information may be received from them. In particular, this is the case, if it is revealed that your information (such as taxpayer identification number) necessary for customs clearance is not accurate – in such scenario, this information will be verified with the tax authority.

If you would like to get more information on the third parties with whom we share your personal information, please contact us as described in “How To Contact Us” and we will provide you with the information on names, locations of the third parties as well as their roles in processing of your personal information.

We may transfer the personal information we collect about you to recipients in countries other than the country in which the information originally was collected. Those countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your information to recipients in other countries (such as the U.S.), we will protect that information as described in this Privacy Policy and will comply with applicable legal requirements providing adequate protection for the transfer of personal information to recipients in countries other than the one in which you provided the information. Moreover, in any case, when processing your personal information we comply with specific requirements of applicable laws on initial processing of such information with the use of databases located in a country of your citizenship.

iHerb, LLC. is certified under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks developed by the U.S. Department of Commerce, and the European Commission and Swiss Federal Data Protection and Information Commissioner, respectively. Click here to view our EU/Swiss-U.S. Privacy Shield Privacy Policy. As of July 16, 2020, we no longer rely on the Privacy Shield to transfer personal information to the U.S.

To the extent required by applicable law, we will obtain your consent before transferring your personal data to other countries.

We offer you certain choices in connection with the personal information we obtain about you. For example, if you have created an account with us, you can change your communication preferences by logging into your account and clicking on “Communication Preferences”. To the extent provided by applicable law, you also can object to the use of your personal information for direct marketing purposes and unsubscribe from our marketing mailing lists by following the “Unsubscribe” link in our emails, texting STOP to the short code number from which our SMS are being sent or contacting us as specified in the How to Contact Us section below. We will apply your preferences going forward.

To the extent provided by applicable law, you may: (1) request access to the personal information we maintain about you; (2) request that we update, correct, amend, or erase your information; or (3) request the restriction of our use of your personal information, by contacting us as specified in the How to Contact Us section below.

Depending on your location, you may have the right to file a complaint with a privacy regulator if you are not satisfied with our response.

Our Services may provide links to other online services and websites for your convenience and information, and may include third-party features such as apps, tools, widgets and plug-ins (e.g., Facebook, Google , Instagram, LinkedIn, Pinterest, Twitter, and YouTube). These services, websites, and third-party features may operate independently from us. The privacy practices of these third parties, including details on the information they may collect about you, are subject to the privacy statements of these parties, which we strongly suggest you review. To the extent any linked online services or third-party features are not owned or controlled by us, iHerb is not responsible for these third parties’ information practices.

To the extent required by applicable law, we keep the personal information you provide for the duration of our relationship, plus a reasonable period to comply with the applicable statute of limitations or if otherwise required under applicable law.

We maintain administrative, technical and physical safeguards designed to protect personal information we obtain through the Services against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.

Such safeguards implemented by iHerb include but not limited to the following:

  • restriction of access to the personal information on a need-to-know basis, so access to such information is provided only to individuals who require it to perform their job duties;
  • use of state-of-the-art data security tools, such as anti-malware protection and firewalls;
  • ensuring physical security of premises where our information systems and databases are located;
  • ensuring safety of mediums containing the personal information;
  • appointment of employees responsible for processing and protection of personal information by iHerb;
  • implementation of local policies governing various aspects of processing and protection of personal information by iHerb and making them available to our employees;
  • other security safeguards which are necessary to neutralize actual security threats.

The Services are designed for a general audience and are not directed to children under the age of 16. iHerb does not knowingly collect or solicit personal information from children under the age of 16 through the Services. If we learn that we have collected personal information from a child under the age of 16, we will promptly delete that information from our records. If you believe that a child under the age of 16 may have provided us with personal information, please contact us as specified in the How to Contact Us section of this Privacy Policy.

This Privacy Policy may be updated periodically and without prior notice to you to reflect changes in our personal information practices. We will indicate at the top of the Privacy Policy when it was most recently updated.

If you would like to exercise your privacy rights, please contact us by using this form that will appear once you log in to your account. If you would like to exercise your privacy rights, please Email Us or write us, using the contact details below if you wish to exercise these rights or if you have any questions about this Privacy Policy:

iHerb, LLC. Attn: Legal Department 301 North Lake Avenue, Suite 600 Pasadena, CA 91101, United States

Subject to applicable law, data requests submitted by email or sent via postal mail may require that you provide additional documentation necessary to confirm your identity.

If you prefer not to provide additional documentation along with your request, we recommend you utilize the above Form as it will automatically validate your identity.

The entity responsible for the processing of your personal information in the EEA and the UK is iHerb, LLC.