Last updated: 10th of November, 2020
Interpretation and Definitions
- “You” means the individual accessing or using the service, or the company, or other legal entity on behalf of which such individual is accessing or using the service, as applicable.
- “Company” (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Waterdrop Microdrinks, LLC, 200 S Wacker Drive, Suite 3100, Chicago, IL 60606.
- “Affiliate” means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
- “Account” means a unique account created for You to access Our service or parts of Our service.
- “Website” refers to the Company’s website, accessible from https://www.waterdrop.com/
- “Country” refers to: United States of America.
- “Service Provider” means any natural or legal person who processes the Personal Data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate our service, to provide the service on behalf of the Company, to perform related services or to assist the Company in analyzing how our service is used.
- “Third-Party Social Media service” refers to any website or any social network website through which a user can log in or create an account to use the service.
- “Personal Data” is any information that relates to an identified or identifiable individual.
- “Cookies” are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
- “Usage Data” refers to data collected automatically, either generated by the use of the service or from the service infrastructure itself (for example, the duration of a page visit).
The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states and other data protection regulations is:
- If you reside in the State of California in the United States, please click here for additional California-specific privacy disclosures.
- If you reside in the State of Nevada in the United States, Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt out of future sales of certain covered information that a website operator has collected or will collect about the resident. To submit such a request, please contact us at email@example.com or 1-800-656-2140.
Collecting and Using Your Personal Data
Categories of Data Collected and Purposes
We collect and process the following categories of data for the purposes listed below. We have identified the legal basis as well as the applicable retention period for the specific purposes.
|Purpose of the Processing||Personal Data||Legal basis||Retention period|
|Management of product purchases, deliveries, invoicing and accounting regulations||First name, last name, email address, postal address, telephone number, delivery address, order placed, delivery tracking number, registration and unsubscription date, means of payment, credit card number||Performance of the Contract, legal obligations and legitimate interest of the Responsible Entity to establish, exercise and defend his rights in Court||10 years from the date of the Product purchase EXCEPT 15 months from the product purchase date for banking data (immediately for the visual cryptogram)|
|Creation and management of customer accounts||First name, last name, email address, postal address, telephone number, date of creation of the customer account, date of deletion of the customer account||Legitimate interest of the Responsible Entity in the creation of a customer account following the purchase of a product by You||3 years from Your last login to Your customer account OR immediately upon deletion of the customer account|
|Management of commercial relations and prospecting||First name, last name, email address, postal address, telephone number, purchase history||Legitimate interest of the Responsible Entity to promote its products||3 years from the last contact by You or from the end of the commercial relationship|
|Newsletter management and Mobile Message Services (subscription required)||Email address, first name, last name, telephone number||Legitimate interest of the Responsible Entity to promote its products||Upon unsubscription|
|Securing and improving the Site||IP Address, Browsing Personal Data||Legitimate interest of the Responsible Entity to protect the website and service, identify, investigate, and respond to fraud, illegal activity (such as incidents of hacking or misuse of our websites, and claims and other liabilities, including by enforcing the terms and conditions that govern the services we provide||13 months|
|Complaints, customer service management and collection of reviews||First name, last name, email address, postal address, telephone number, purchase history, communication exchanges between You and Us, IP address||Performance of the Contract, Legitimate interest of the Responsible Entity to improve its products and customer service to the fullest extent||3 years from the last contact by You|
|Site statistics and personalized advertising||IP address, Browsing Personal Data, Usage Data (as explained below), and collection of consent||Your consent||13 months|
|Sponsorship||Email address, first and last name, and collection of consent||Your consent||3 years after the application for a sponsorship link|
The Responsible Entity reserves the right to anonymize the Personal Data processed before deleting it. The anonymized data may then be processed for statistical purposes.
Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, pages of our service that You visit, navigation on our pages, time and date of Your visit, time spent on those pages, unique device identifiers and other diagnostic data.
When You access the service by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data. We may also collect information that Your browser sends whenever You visit our service or when You access the service by or through a mobile device.
Tracking Technologies, Cookies and Server Log Files
Absolutely necessary cookies, also called "strictly necessary", guarantee functions without which You would not be able to use this website as intended. These cookies are used by the Company and its Affiliates and are therefore so-called first party cookies. They are only stored on Your computer during the current browser session. Such cookies ensure, for example, the functionality of a change from http to https in case of a page change, and thus the compliance with increased security requirements for data transmission.
First Party Cookies, where there is consent required on this Website: Cookies, which according to a purely legal definition are not absolutely necessary in order to use the Website, nevertheless fulfil important tasks. Without these cookies, functions that enable comfortable surfing on our Website, such as saving a language selection You have made, are no longer available and would therefore have to be queried again on each page.
If You delete all Your cookies at a later date, You will need to go through the process again; the same applies if You visit this Website from other computers. If Your security settings are too high and the cookie is blocked, we will not be able to process Your request. You will be notified and should repeat the opt-out process with lower security settings.
This following list of web analysis tools is subject to change at any time. The Responsible Entity undertakes to require its Third Party Service Providers to provide sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the processing complies with legal and regulatory requirements and guarantees the protection of Your rights. In addition, the Responsible Entity may share Personal Data with any Third Party Service Provider for Processing when a legal obligation to do so is in force.
Use of Google Analytics
We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics sets cook ies on the user's computer (for cookies, see above) and enables us to analyse Your use of our Website. The information generated by the cookies about Your use of our Website (including Your IP address) is usually transferred to a Google server in the USA and stored there. As far as possible, the IP address of Google users within member states of the European Union or in other signatory states to the Agreement on the European Economic Area is shortened beforehand. The full IP address is only transferred to a Google server in the USA and shortened there in exceptional cases.
This information is used by Google on our behalf to evaluate Your use of our Website, to compile reports on the activities of the Website and to provide other services associated with the use of our Website and the Internet. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. The IP address determined by Google Analytics will not be merged with other Google data.
Our Website also uses Google Optimize 360. It is an experience personalization and testing platform with native connections to our Google performance and advertising data. Google Optimize 360 allows us to create a custom segmented customer experiences and then test those experiences to increase engagement, interactions, and conversion goals.
Use of Google Ads
On our Website we use Google Ads Conversion, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. With this service we can use advertising material (so-called Google Ads) on external websites to draw attention to our offers and services. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are.
These advertising media are delivered by Google via so-called "Ad Servers". For this purpose, we use ad server cookies (for cookies, see above), through which certain parameters can be measured to measure success, such as the display of ads or clicks by users. If You reach our Website via a Google ad, Google Ads will store a cookie on Your device. These cookies usually expire after 30 days and are not intended to identify You personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be contacted) are usually stored as analysis values for this cookie.
These cookies enable Google to recognize Your internet browser. If a user visits certain pages of an ad client's website and the cookie stored on their computer has not expired, Google and the client may recognize that the user clicked on the ad and was redirected to that page. A different cookie is associated with each ad client. As a result, cookies cannot be tracked through the websites of ad clients.
Use of Google Tag Manager (GTM)
Use of Hubspot
Use of Shopify
Our Website uses Shopify as well as several tools provided by Shopify. This is an e-commerce platform that we use to provide our customers with an exceptional online experience. For more information on how Shopify handles customer data, please visit: https://www.shopify.com/legal/privacy/customers
Use of Klaviyo
Use of Address Validator
Use of Back in Stock
Use of Bonjoro
Use of Data Export
Use of Easy GDPR
Use of Glew Analytics
Our Website uses Glew Analytics. This is a advanced ecommerce analytics software. For more information about how Glew Analytics handles user data, https://glew.io/privacy-policy/
Use of Gorgias
Our Website uses Gorgias. This is a tool that allows us to use a multichannel customer service from one single app, so that we can contact and provide help to our customers more easily. For more information about how Gorgias handles user data, https://www.gorgias.com/privacy
Use of Judge.me
Our Website uses Judge.me. This is a tool that allows us to collect reviews from our customers and show them on our website. For more information about how Judge.me handles user data: https://judge.me/privacy
Use of Lucky Orange
Our Website uses Lucky Orange. This is a tool that allows us see historical statistics of the users on our Website and see what keywords, locations, referrers, tweets, languages the users are showing. We use this tool in order to optimize user experience and to analyze our user behaviour. The behaviour of the users is recorded anonymously. You can refuse to store Lucky Orange cookies by selecting the appropriate settings in Your browser software. Please note, however, that this may lead to a malfunction of our Website. For more information about how Lucky Orange handles user data, please visit: https://help.luckyorange.com/category/94-privacy-and-security
Use of Push Owl
Our Website uses Push Owl. This is a tool that allows us to send push notifications to users in order to recover abandoned carts and to automate marketing for retention purposes. For more information about how Push Owl handles user data, please visit: https://pushowl.com/privacy?utm_source=apps.shopify.com&utm_medium=referral&utm_campaign=privacy-policy
Use of Recurring Billing by Recharge
Our Website uses Recurring Billing. This is a tool that allows us to ease the process for our customers to order their products on a subscription basis. For more information about how Recurring Billing handles user data, please visit: https://rechargepayments.com/privacy-policy
Use of Stitch Data
Our Website uses Stitch Data. This is a tool that allows us to secure, analyze, and govern user data by centralizing it in a data infrastructure. For more information about how Stitch Data handles user data, please visit: https://www.stitchdata.com/privacy/
Use of Xporter Data Export Tool
Our Website uses Xporter Data Export Tool. This is a tool that allows us to secure, analyze, and govern user data. For more information about how Xporter Data Export Tool handles user data, please visit: https://exports.eshopadmin.com/privacy
Use of XAD Spoteffects
Our Website uses Spoteffects. This is a tool that allows us to monitor and analyse performance-based TV campaigns, as well as for to synchronize with online measures. For more information about how Spoteffects handles user data, please visit: https://xadspoteffects.com/en/privacy-policy/#page-content
Use of Celigo
We work together with Celigo. This is a tool that allows us to export data from our customers to ensure correct fulfillment of their orders. For more information about how Celigo, Inc. handles user data, please visit: https://www.celigo.com/privacy-04-23-2019-v4/
Use of Facebook Pixel
Our Website uses the Facebook pixel. These are cookies (see below for details) from Facebook Inc. The Facebook pixel is used to analyze the behavior of users. This data can be processed in the USA or within the EEA. You can refuse to store Facebook pixels by selecting the appropriate settings in Your browser software. Please note, however, that this may lead to a malfunction of our Website. The Facebook pixel records these five types of data:
- Http headers: everything that is present in HTTP headers. HTTP headers are a standard web protocol that is sent between any browser request and any server on the Internet. HTTP headers contain IP addresses, information about the web browser, page location, document, referrer and the visitor to the web page.
- Pixel-specific data: this includes the pixel ID and the Facebook cookie.
- Button-click data: this includes any buttons clicked by visitors to the Website, the labels of those buttons, and any pages viewed as a result of clicking on the button.
- Optional values: Developers and marketers can optionally send additional information about the visit via personalized data events. Examples of personalized data events are the conversion value, page type, and more.
- Form field names: these include the names of web page fields such as "email", "address" and "quantity" that are filled out when a product or service is purchased. The pixel does not capture field values unless the advertiser includes them in the extended match or under optional values.
Use of Twitter Pixel
Our Website uses the Twitter pixel. These are cookies from Twitter Inc. The Twitter pixel is used to analyze the behavior of the users. This data may be processed in the USA or within the EEA. You can refuse to save Twitter pixels by selecting the appropriate settings in Your browser software. Please note, however, that this may lead to a malfunction of our Website.
Use of Linkedin Ads
Our Website uses Linkedin Ads. For further information on how LinkedIn handles customer data, please visit: https://www.linkedin.com/legal/privacy-policy
Our Website uses social plugins ("plugins") from various social networks. With the help of these plugins You can, for example, share content or recommend products to others. The plugins are deactivated by default on waterdrop.com and therefore do not send any data. If You activate these plugins, Your browser will establish a direct connection with the servers of the respective social network as soon as You call up a Website of our Internet presence. The content of the plugin is transmitted directly from the social network to Your browser, which integrates it into the Website. Of course, the plugins can be deactivated again with one click. By integrating the plugins, the social network receives the information that You have called up the corresponding page of our Website. If You are logged in to the social network, it can assign the visit to Your account. If You interact with the plugins, for example, by clicking the Facebook "Like" button or making a comment, the corresponding information is transmitted directly from Your browser to the social network and stored there. The purpose and scope of data collection and the further processing and use of data by social networks as well as Your rights and setting options for the protection of Your privacy can be found in the data protection notices of the respective networks or websites. You will find the links below.
If You do not want social networks to collect data about You via our Website, You must log out of these networks before You visit our Website. On our Website we use the following plugins:
Facebook, Google+, Twitter, Instagram and Pinterest
Legal basis for the use of the Social Plugins is Your consent. Even if You are not logged in to the social networks, data can be sent to the networks from websites with active social plugins. An active plugin sets a cookie with an identifier each time You visit the Website. Since Your browser sends this cookie every time You connect to a network server without being asked, the network could in principle use it to create a profile of which websites the user belonging to the identifier has visited. And it would then also be possible to assign this identifier to a person again later - for example, when logging in to the social network later.
Our pages integrate plug-ins from the social network Facebook, provider Facebook Inc. 1 Hacker Way, Menlo Park, California 94025, USA, and Facebook Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. You can recognize the Facebook plug-ins by the Facebook logo or the "Like Button" ("Like") on our site. An overview of the Facebook plug-ins can be found here: https://developers.facebook.com/docs/plugins/
When You visit our pages, the plug-in establishes a direct connection between Your browser and the Facebook server. Facebook thereby receives the information that You have visited our site with Your IP address. If You click on the Facebook "Like-Button" while You are logged in to Your Facebook account, You can link the contents of our Pages on Your Facebook profile. This allows Facebook to associate Your visit to our Pages with Your user account.
In addition, we maintain an online presence on Facebook, the so-called fan page, in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services.
Our Website uses so-called social plugins ("Plugins") of the microblogging service Twitter, which is operated by Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). The plugins are marked with a Twitter logo, for example in the form of a blue "Twitter bird". If You call up a page of our Website that contains such a plugin, Your browser establishes a direct connection to the servers of Twitter.
If You do not want Twitter to associate the data collected via our Website directly with Your Twitter account, You must log out of Twitter before visiting our Website. You can also completely prevent the Twitter plugins from loading by using add-ons for Your browser.
We use plug-ins from the social network Google+, which is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). An overview of Google's plugins and their appearance can be found here: developers.google.com/+/web/
If You do not want social networks to collect information about You through active plugins, You can either simply disable the social plugins with a single click on our Websites or select the "Block third-party cookies" function in Your browser settings. Then the browser will not send cookies to the server for embedded content from other providers. With this setting, however, other cross-site functions besides the plugins may no longer work.
We may share Your Personal Data in the following situations:
- With service providers: We may share Your Personal Data with service providers that provide services on our behalf (including providers of payment processing, technology support, web hosting, and email communications)
- For business transfers: We may share or transfer Your Personal Data in connection with, or during negotiations of, any bankruptcy, reorganization, sale of assets, merger, sale of Company assets, financing, or acquisition of all or a portion of our business to another company.
- Advertising and marketing partners
- Analytics organizations
- With other users: when You share Personal Data or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside. If You interact with other users or register through a Third-Party Social Media service, Your contacts on the Third-Party Social Media service may see Your name, profile, pictures and description of Your activity. Similarly, other users will be able to view descriptions of Your activity, communicate with You and view Your profile.
- with public authorities, in particular law enforcement authorities, if we are under a legal obligation to provide such data or where we want to safeguard or enforce our rights
- accountants, lawyers and tax advisors.
In addition, we may share Your information to comply with legal and regulatory requirements, and protect against and prevent fraud, illegal activity (such as identifying and responding to incidents of hacking or misuse of our Websites and mobile applications), and claims and other liabilities.
In the last 12 months, we have disclosed all of the categories of personal information described in Section “Categories of Data Collected and Purposes” for business purposes. For example, we may share your IP address with service providers that provide crash monitoring and site optimization services to us. California residents have the right to opt out of our disclosures of personal information that we have disclosed to third parties for valuable consideration. What is covered as a “sale” under California law is not yet clear, but we currently do not “sell” your information as we understand it.
Our Website includes profiling, where we analyse Your use of the Website as well as the purchases You make to offer You products and services which we consider more suitable for Your particular interests.
Retention of Your Personal Data
Transfer of Your Personal Data
Your information, including Personal Data, is processed at the Company's operating offices and in the offices of our service providers. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.
Disclosure of Your Personal Data
Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Other legal requirements
The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:
- Comply with a legal obligation
- Protect and defend the rights or property of the Company
- Prevent or investigate possible wrongdoing in connection with the service
- Protect the personal safety of Users of the service or the public
- Protect against legal liability
Security of Your Personal Data
The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is secure. While we strive to use commercially acceptable means to protect Your Personal Data, we cannot guarantee its absolute security.
Your data protection rights
As a data subject, You have the right to obtain information about Your stored personal data, its origin and recipients and the purpose of the data processing at any time. Furthermore, You have the right to correct and transfer Your data and, if applicable, to object to, restrict the processing or delete processed data.
Your request for information, deletion, correction, objection and/or data transfer can be addressed to the following contact person:
Waterdrop Microdrinks, LLC
200 S Wacker Drive
Chicago, IL 60606
Tel.: 1- 800-656-2140
As a resident of California, you have specific rights, such as:
- Right to access personal information. You may be entitled to receive the specific pieces of your personal information we have collected in the 12 months preceding your request.
- Right to data portability. You may be entitled to receive a copy of your electronic personal information in a readily-usable format.
- Right to know. You may be entitled to receive information regarding the categories of personal information we collected, the sources from which we collected personal information, the purposes for which we collected and shared personal information, the categories of personal information that we sold and the categories of third parties to whom the personal information was sold, and the categories of personal information that we disclosed for a business purpose in the 12 months preceding your request.
- Right to deletion. You may be entitled to request that we delete the personal information that we have collected from you. We will use commercially reasonable efforts to honor your request, in compliance with applicable laws. Please note, however, that we may need to keep such information, such as for our legitimate business purposes or as required to comply with applicable law.
- Right to opt-out of certain sharing with third parties. You may be entitled to direct us to stop disclosing your personal information to third parties for monetary or other valuable consideration. What is covered as a “sale” under California law is not yet clear, but we currently do not “sell” your information as we understand it.
You may freely exercise these rights without fear of being denied goods or services. If you are a California resident and would like to exercise one of your rights, please complete this form and send it to firstname.lastname@example.org. You may also call us at +1- 800- 656-2140. Please note that California law requires us to verify the requests we receive from you when you exercise certain of the rights listed above. We (or third parties we engage to assist us) may ask you to provide certain information to us in order for us to verify the request.
In addition to these rights, pursuant to California’s “Shine the Light” law, California residents who share personal information with us have the right to request and obtain from us once per year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. If you would like to exercise this right, please use the contact information listed in this section to contact us.
Our service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.
If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.
Links to Other Websites
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.