Privacy Policy

Last updated:

1. Introduction

Herbluminous ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website herbluminous.world and use our services.

We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) where applicable, as well as United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and other applicable state consumer privacy statutes. By using our website, you consent to the data practices described in this policy.

2. Data Controller Information

The data controller responsible for your personal data is:

Herbluminous
2700 E 26th St, Minneapolis, MN 55406, United States
Phone: +1 612 722 8260
Email: callme@herbluminous.world

3. Information We Collect

3.1 Information You Provide

We collect information you voluntarily provide when you:

• Fill out our contact form (name, email address, message content)
• Book a consultation
• Subscribe to our communications
• Communicate with us via email or phone

3.2 Automatically Collected Information

When you visit our website, we may automatically collect:

• IP address and approximate location
• Browser type and version
• Operating system
• Pages visited and time spent on pages
• Referring website addresses
• Device information

3.5 Categories of Personal Information

Under applicable US state privacy laws, the categories of personal information we may collect include:

• Identifiers: Name, email address, phone number, IP address
• Commercial Information: Records of services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
• Internet or Network Activity: Browsing history, search history, information regarding your interaction with our website
• Geolocation Data: Approximate location derived from IP address
• Professional or Employment Information: If provided in your message
• Inferences: Preferences, characteristics, and behaviors derived from your interactions

If you voluntarily provide health-related or other sensitive information in your messages or during consultations, we treat that information with enhanced care and limit its use to providing the services you requested. We do not use sensitive personal information for inferring characteristics or for any purpose beyond delivering our services to you.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: When you have given explicit consent for specific purposes
• Contract: When processing is necessary to fulfill our contractual obligations
• Legitimate Interest: When we have a legitimate business interest that does not override your rights
• Legal Obligation: When we are required by law to process your data

5. How We Use Your Information

We use the collected information for the following purposes:

• To respond to your inquiries and provide customer support
• To process and manage consultation bookings
• To send you information about our services (with your consent)
• To improve our website and services
• To analyze website usage and trends
• To comply with legal obligations

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your data with:

• Service Providers: Third-party companies that help us operate our website and services (hosting, analytics)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

• Contact form submissions: 2 years from the date of submission
• Consultation records: 5 years from the last interaction
• Analytics data: 26 months

After these periods, your data will be securely deleted or anonymized.

8. Your Rights Under GDPR

If you are located in the European Economic Area, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact us using the information provided above.

8.5 US Consumer Privacy Rights

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, Texas, or any other US state with comprehensive consumer privacy laws, you have the following rights regarding your personal information:

Right to Know

You have the right to request disclosure of the specific pieces of personal information we have collected about you, the categories of personal information collected, the categories of sources, the business or commercial purposes for collecting, and the categories of third parties with whom we share personal information.

Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions under applicable law.

Right to Correct

You have the right to request correction of inaccurate personal information.

Right to Opt-Out of Sale or Sharing

We do not sell your personal information for monetary consideration. We do not share your personal information for cross-context behavioral advertising. If our practices change, we will update this policy and provide an opt-out mechanism.

Right to Limit Use of Sensitive Personal Information

If you voluntarily provide sensitive personal information (such as health-related information), we limit its use to providing the services you requested. We do not use sensitive personal information for inferring characteristics or for any purpose beyond delivering our services to you. You have the right to request that we limit the use and disclosure of your sensitive personal information to that which is necessary to perform the services.

Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights. This means we will not deny you services, charge different prices, or provide a different level or quality of services solely because you exercised your rights.

How to Exercise Your Rights

To exercise your rights, please contact us using the information provided in Section 13. You may also designate an authorized agent to make a request on your behalf. We will verify your identity before processing your request by matching information you provide with information we have in our records.

We will respond to verifiable consumer requests within 45 days of receipt, or as required by applicable state law. If we need more time, we will inform you of the reason and extension period in writing.

California Shine the Light

California Civil Code Section 1798.83 permits California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• SSL/TLS encryption for data transmission
• Secure data storage with access controls
• Regular security assessments
• Staff training on data protection

10. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

10.5 Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected individuals in accordance with applicable state and federal laws, including but not limited to state data breach notification statutes. Notification will be provided without unreasonable delay and in no event later than required by applicable law, and will include the types of information involved, steps taken to secure the data, and contact information for further assistance.

10.6 Do Not Track

Some browsers have a "Do Not Track" feature that signals to websites that you do not want to have your online activities tracked. At this time, we do not respond to Do Not Track browser signals. However, you may manage your tracking preferences through our Cookie Policy and browser settings.

11. Children's Privacy

Our services are not directed to individuals under the age of 13, and we comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information promptly.

Our services are also not directed to individuals under the age of 16. If you believe we have collected data from a minor, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Herbluminous
2700 E 26th St, Minneapolis, MN 55406, United States
Phone: +1 612 722 8260
Email: callme@herbluminous.world

14. Supervisory Authority

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with a supervisory authority in your country of residence.