Last Modified: May 5, 2020
BoxyCharm Inc. collectively with its affiliates (the “Company” or “We” or “Us”) is committed to respecting your privacy.
This Policy describes the personal information We collect when you:
- visit or use any of our website(s) (such as www.boxycharm.com) (the "Website"), or use of mobile applications (collectively with the Website, the "Sites"),
- when you communicate with Us, participate in any of our direct online forums, social networking accounts or interact with any of our marketing communications; and
- subscribe to our subscription service or purchase any goods
This Policy does not apply to information We collect through any other means, or to information collected on any other website or mobile application other than the Sites, including any affiliate or third-party site or by any third-party application that may link to or be accessible from the Sites.
Please read the following Policy carefully to understand our practices regarding your personal information and how to exercise your rights.
If you have any questions or concerns about our use of your personal information, then please contact Us using the contact details provided at the bottom of this Policy.
We recommend that you read this Policy in full to ensure you are fully informed. However, if you only want to access a particular section of this Policy, then you can click on the relevant link below to jump to that section.
What does BoxyCharm do?
BoxyCharm Inc. is an e-commerce organization that provides subscription services. Its box contains a selection of luxury brand beauty products, such as makeup, cosmetics, as well as nail care, skin care, hair care, fragrance, and similar products. BoxyCharm Inc. is headquartered in 880 SW 145 Avenue, Ste.300, Pembroke Pines, Florida, USA 33027 with a satellite office located in Toronto, Canada.
For more information about BoxyCharm, please see the ‘FAQ and Help’ section of our website.
What Information Do We Collect About You and Why?
We collect several types of information from and about users of our Sites, social networking accounts, and marketing communication, including:
Information you voluntarily provide to Us:
Certain parts of our Services ask you to provide personal information. You can choose not to provide certain information, but then you might not be able to take advantage of parts of our Services. Such information may include identification and contact information (such as your name, e-mail address, social media username(s), shipping address, telephone number), payment information (such as your credit card information); and any communications or information you share with Us when you submit an enquiry, post on our Sites forums or user discussion threads, report a technical problem with our Sites or an order, respond to a survey or participate in a contest or promotion. We collect this personal information for the following business purposes:
- Account registration: We collect information that is necessary for you to register an account with, and log in to, our Services such as personal identifiers (including your name, address, telephone number, login detail and email address) and financial information (such as your debit or credit card number and billing address). This allows us to perform our contract with you (i.e. deliver our Services), and to fulfil our obligations under applicable Terms and Conditions and laws. Where we have not entered into a contract with you, we base the processing of your personal information on our legitimate interest to operate and administer our Services.
- Social Networking: We may allow you to enable or log in to the Services or access any of the features, functionalities, products or services of the Services via social networking services such as Facebook (“Social Networking Service(s)”). To use these features, you may be required to log into the relevant Social Networking Service. We will collect relevant information necessary to enable Us to access that Social Networking Service and your user information contained within or held by that Social Networking Service such as your personal identifiers (including your social media handle). As part of our Website’s integration with Social Networking Services, the Social Networking Service would provide Us with access to certain information, including your commercial information such as your preferences and/or postings, that you have provided to that Social Networking Service. We may use this information to improve the services we provide to you and our customer base and we rely on our legitimate interest in improving our Services to do so. We will always use, store, and disclose such information in accordance with this Policy. However, please remember that the manner in which Social Networking Services use, store and disclose your information is governed by the specific policies of those third parties and the settings you enable or disable from within your social media account, for which we are not responsible.
- Provide you with our Services and fulfil your orders: We collect information that is necessary to fulfil our obligations under applicable Terms and Conditions and perform our contract with you to subscribe you to our Services, to fulfil your orders, provide you with updates on the status of your orders, to provide you with a personalized profile of your order history, and to allow you to make returns with Us. This includes your personal identifiers (including your name, address, telephone number, username and email address) commercial information (such as products or services you purchased) and financial information (such as your debit or credit card number and billing address);
- Recommendations and personalization: We use your personal information, such as commercial information (including products and services purchased and purchasing tendencies) and inferences drawn from your purchase history to create a profile about you reflecting your preferences to recommend features, products, and services that might be of interest to you, identify your preferences, referral of your network, and personalize your experience with Our Services and we rely on our legitimate interest in supporting our marketing activities or advertising our Services or, where necessary, on your prior consent.
- Rights and obligations: We collect information such as your personal identifiers (including your name, email address, login details and postal address), commercial information (including your order and purchase history), and financial information (including your payment details) to carry out our obligations and enforce our rights arising from any contracts entered into between you and Us and we rely on our legal obligations under applicable laws to the extent this requires the processing or disclosure of personal information or is necessary for our legitimate interest in protecting against misuse or abuse of our Services, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes or to respond to lawful requests.
- Customer communications: We collect information that is necessary to respond to product and/or service enquiries, support requests or any other communications you submit through the Sites or our Social Media Services and we process your personal information to perform our contract with you and/or (if we have not entered into a contract with you) to the extent it is necessary for our legitimate interest in fulfilling your request and communicating with you. This includes your personal identifiers (such as your name and contact details), audio information (such as records of the calls made to our support and customer center) and commercial information (such as your purchase history and communications);
- Direct marketing: From time to time, We collect information to send you, in accordance with your marketing preferences, marketing information via email about our products and the products of our co-marketing partners and sponsors as necessary for our legitimate interests in conducting direct marketing or if required by law, with your consent. We use your personal identifiers (such as your email), and commercial information (such as your purchase history and purchasing tendencies) to contact you with marketing offers and resources, newsletters and other company updates;
- Personalize the marketing e-mails that We send you: We use inferences from your purchase history and website interactions to create a profile about you reflecting your preferences so that We can send you emails and offers that that are more relevant to you (see above);
- Contests and promotions: When you participate in contests and promotions, We collect and process information that is necessary to perform our contract with you and allow you to participate in contests and promotions offered or sponsored by Us, our co-marketing partners, and sponsors. This includes your personal identifiers (such as your name and email address). Your personal information may be shared with our co-marketing partners and sponsors to allow them to fulfil their contest obligations and for subsequent marketing offers and resources, newsletters and other company updates, in accordance with your marketing preferences.
- Forums and discussion threads: The Company may provide its users with the ability to interact among themselves via user forums or discussion threads that allow users of the Website to share information or exchange products with other users. We collect information that is necessary to allow you to participate in such forums and discussion threads and we rely on our legitimate interest in encouraging our customers to interact among themselves and exchange information and reviews about our Services to do so. The information collected in this context includes your personal identifiers (such as your email address and username) and the content of your posts to the forums and discussion threads.
- Fraud Prevention and Credit Risks: We use personal information, such as your personal identifiers (including your name and contact details), financial information (including your payment details), and commercial information (such as your purchase history and tendencies) to prevent and detect fraud and abuse in order to protect the security of our customers, the Company, and others and we rely on our and third parties' legitimate interest in promoting the safety of our Services and in protecting our rights and the rights of others. We may also use scoring methods to assess and manage credit risks. Where We need your consent to collect and use your personal information under applicable data protection laws, We will ask for this at the relevant time and make clear the purposes to which you are consenting.
Information We automatically collect when you navigate on our Services
As you navigate through and interact with our Services, We automatically collect and store certain information from your device about your use of the Services, including information about your device, browsing activities and patterns and interaction with content and services available through our Services. Like many websites, we use "cookies" and other unique identifiers and we obtain certain types of information when your web browser or device access our Services and any other content served by or on behalf of the Company on other websites.
This information may include, personal identifiers (such as your internet protocol (IP) address used to connect your device to the internet, device type, unique device identification numbers and browser-type) and geolocation information (such as broad geographic location -e.g. country or city-level location) and other technical information. We may also collect Internet or other electronic network activity information, including information about how your device has interacted with our Services, including the page interaction information (such as scrolling, clicks and mouse-overs).
The information We collect automatically helps Us to improve our Sites and to deliver a better and more personalized service, including, enabling Us to:
- Estimate our audience size and usage patterns;
- Store information about your preferences, allowing Us to customize our Services according to your individual interests;
- Speed up your searches;
- Recognize you when you return to our Services;
- Comply with lawful requests from third parties;
- Track your status;
- Fraud prevention and credit risk checking (see above);
- Make recommendations and personalize your experience of the Services (see above); and
- Verify or maintain the quality of our Services by improving, upgrading or enhancing them: for example, (i) for audit, research, and analysis of the information in order to maintain, improve, upgrade or enhance our Services, and to ensure that our technologies function properly, (ii) other internal operations, such as debugging, support, and security.
Information We Receive From Other Sources
We may receive personal information about you from other sources (including credit card fraudulent alert service, our co-marketing partners and sponsors).
The types of information We collect from third parties include: personal identifiers (such as and contact details from our marketing partners and updated delivery and address information from our carriers or other third parties, which we use to correct our records and deliver your next purchase or communication more easily); financial information and credit card fraudulent alert service and We use the information We receive from these third parties to send you communications about our products, deliver your orders, and protect you and Us from fraudulent transactions.
We may analyze aggregated, de-identified data and share these analyses at Our discretion, including with marketing agencies, media agencies and analytics providers to the extent it is permitted under applicable law. These other companies will not be able to relate this data to identifiable individuals.
In general, We will use the personal information We collect from you only for the purposes described in this Policy or for purposes that We explain to you at the time We collect your personal information. However, We may also use your personal information for other purposes that are not incompatible with the purposes We have disclosed to you (such as archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes) if and where this is permitted by applicable data protection laws.
If We use your personal information for an unrelated or new purpose, We will notify you and We will explain the legal basis which allows Us to do so. If we materially change the purpose for which we process personal information that we previously collected about you, we will obtain your consent where required by applicable law.
What About Cookies and Other Identifiers?
The technologies We use for this automatic data collection may include:
- Web Beacons. Our Services and the emails We send may contain small electronic files known as web beacons (also known as clear gifs or single pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email, and to gather other related usage statistics (for example, recording the popularity of certain content and verifying the integrity of systems and servers We operate).
Browser Do Not Track Signals
Although our Sites do not currently have a mechanism to recognize the various web browser Do Not Track signals, We do offer our customers choices to manage their preferences that are provided in this Policy. To learn more about browser tracking signals and Do Not Track, please visit http://www.allaboutdnt.org.
You can broadly opt out of participating companies’ website tracking technologies by visiting the websites for the Network Advertising Initiative, the Digital Advertising Alliance, and the European Interactive Digital Advertising Initiative.
Similarly, you can learn about your options to opt out of mobile app tracking by some advertising networks through your device settings and by resetting the advertiser ID on your mobile device.
When you make an opt-out choice, it does not necessarily mean that you will stop receiving ads altogether, but you will no longer receive personalized ads.
Who Do We Share Your Personal Information With?
We may disclose your personal information for the business purposes described above to the following recipients
Affiliates and Group Companies
to our group companies; because sometimes different bits of our group are responsible for different activities;
Companies that provide services which are essential for Us to be able to provide our Services to you, including:
- to our services providers and partners who provide data processing services to Us, or who otherwise process personal information for purposes that are described in this Policy or notified to you when We collect your personal information. Examples include: fulfilling orders for products or services, delivering packages, sending postal mail and email, removing repetitive information from customer lists, analyzing data, providing marketing assistance, processing payments, transmitting content, scoring, assessing and managing credit risk, fraud prevention agencies (who help Us tackle fraud) and providing customer service. These third-party service providers have access to personal information needed to perform their functions but may not use it for other purposes.
- to any competent law enforcement body, regulatory, government agency, court or other third party where We believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
- to a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that We inform the buyer it must use your personal information only for the purposes disclosed in this Policy;
- to other users: We may provide our users with the ability to interact among themselves via user forums or discussion threads that allow users of the Sites to share information or exchange products among other users. You should be aware that any information you provide on these forum and discussion threads - including profile information associated with the account you use to post the information - may be read, collected, and used by any member of the public who accesses the Sites. Your posts and certain profile information may remain even after you terminate your account. We urge you to consider the sensitivity of any information you input into these forums and discussion threads. To request removal of your information from publicly accessible websites operated by Us, please contact Us as provided below. In some cases, We may not be able to remove your information, in which case We will let you know if We are unable to and why;
- to third party providing search results and links (including paid listings and links); and
- to any other person with your consent to the disclosure.
What about Advertising?
We Do Not And Will Not Sell Your Personal Information Except In The Following Case(s):
- to our contest co-marketing partner and sponsors to allow them to fulfil their contest obligations and for subsequent marketing offers and resources, newsletters and other company updates.
Your Data Protection Rights
We strive to provide you with choices regarding the personal information you provide to Us and support the exercise of any data protection rights you may have under, and in accordance with applicable data protection law. Specifically:
- You may correct, update or request deletion of your personal information;
- You may request to access your personal information. For users that are California residents, this includes the right to request what personal information is collected or disclosed for a business purpose, or sold to third parties;
- If you are located in the EEA, you may object to the processing of your personal information or to ask Us to restrict processing of your personal information or request portability of your personal information;
- If you are located in the EEA, you also have the right to complain to a data protection authority about our collection and use of your personal information. (Contact details for data protection authorities in the EEA are available here.)
- If you do not wish to have your email address used for promotional purposes by the Company, you can opt-out by clicking the "unsubscribe" link at the bottom of any such communication, by contacting Us using the contact details provided under the "How to Contact Us" heading below or by emailing your request to [email protected].
California Residents’ Privacy Rights:
- California “Shine the Light”/Third Party Marketing: Residents of the State of California have the right to request information from Us regarding other companies to whom We have disclosed certain categories of information during the preceding year for those other companies’ direct marketing purposes. If you are a California resident and would like to make such a request, please contact us using the contact information below.
- California Consumer Privacy Act (“CCPA”):
- Categories of personal information we disclose: We may disclose any of the categories of personal information listed above and use them for the above-listed purposes or for other business or operational purposes compatible with the context in which the personal information was collected. Our disclosures of personal information include disclosures to Our “service providers,” which are companies that we engage for business purposes to conduct activities on our behalf. The categories of service providers with whom we share information and the services they provide are described above.
- Categories of personal information we “sell”: We may “sell” Personal Identifiers and Internet or Other Electronic Network Activity Information to third parties. To opt-out of such sales, please Contact Us.
Special Information for Nevada Residents:
Residents of the State of Nevada have the right to opt out of the sale of certain pieces of their information to other companies who will sell or license their information to others. At this time, We does not engage in such sales. If you are a Nevada resident and would like more information about Our data sharing practices, please use the contact information provided below.
You can exercise any of the above rights by contacting Us using the contact details provided under the “How to contact us” heading below, and We will fulfil your request in accordance with applicable data protection laws. However, to ensure everyone's protection, we must verify your identity. To do so, We may require you to provide Us with verification information prior to accessing any records containing personal information about you. We do this by:
- Asking you to provide personal identifiers we can match against information We may have collected from you previously and confirm your request using the email or telephone number stated in the request; or
- Having you submit your request through your account page (if you are a subscriber), which will automatically verify your identity and will result in faster processing of your request.
We provide financial incentives in the form of sales, offering of promotional products and prizes from contests for the collection, sale or use of personal information. For more information, please Contact Us.
How Do We Keep Your Information Secure?
We have implemented measures appropriate to the nature of the personal data We store, designed to secure your personal information from accidental loss and from unauthorized access, use, alteration and disclosure. For example, any payment transactions will be encrypted using SSL technology which encrypts transmitted information. In addition, only employees and third parties who need access to this information in order to perform their duties have access to your personal information and/or financial information.
The safety and security of your information also depends on you. Where We have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping the password confidential. You should not share your password with anyone. We urge you to be careful about giving out information in public areas of the Sites like message boards. If you believe your password has been compromised or stolen, you should reset the password on the Website immediately and review your financial records for any incorrect charges.
Unfortunately, the transmission of information via the internet is not completely secure. Although We do our best to protect your personal information, We cannot warrant or guarantee the security of your personal information transmitted to our Sites.
We retain personal information We collect from you where We have an ongoing legitimate business need to do so (for example, to provide you with our Services or to comply with applicable legal, tax or accounting requirements).
When We have no ongoing legitimate business need to process your personal information, We will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then We will securely store your personal information and isolate it from any further processing until deletion is possible.
International Data Transfers
Your personal information, may be transferred to — and maintained on — computers or servers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
Specifically, our website servers are located in the United States and our third party service providers and affiliates operate around the world. This means that when We collect your personal information, We may process it in any of these countries.
However, We have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Policy. If you are located in the EEA, where We transfer your personal information to other countries, We rely on:
- European Commission adequacy decisions, which acknowledge that the non-EEA countries listed here have national laws that protect personal information to a substantially similar standard required by European Union law;
- the European Commission’s Standard Contractual Clauses, which require non-EEA recipients of personal information to continue to protect the personal information they receive to the standard required by European Union law; or
- other lawful data transfer mechanisms or derogations from data transfer restrictions.
Further details can be provided upon request. Please see contact information below under the "How to Contact Us" heading.
Refer a Friend
If you refer a friend to our Site or for any product or service We provide, We will ask you for that friend’s name and email address. We will send that friend a one-time email inviting them to visit the Website. That email will also provide your friend with the ability to ask Us to remove his or her information from Our database. If you submit any personal information about other people to Us or to our service providers, you represent that you have the authority to do so and to allow Us to use their personal information in accordance with this Policy (for example, by asking for their consent).
Links to Third Party Websites
The Sites may include links to third-party web sites. The policies and procedures We described here may not apply to third-party sites. Any links from the Website do not imply that the Company endorses or has reviewed the third-party sites. We encourage you to read those sites' privacy policies directly for information on their privacy practices.
As stated in our Terms and Conditions, our Sites and Services are not intended for persons under 16 years of age. If you are under the age of 16, you are not authorized to use the Sites and Services. No person under age 16 may provide any personal information to or on the Sites. We do not knowingly collect or sell personal information from persons under the age of 16. If you are a parent or guardian and you learn that your children under the age of 16 have provided Us with personal information, please contact Us using the contact information provided under the "How To Contact Us" heading below. In the event that We learn that We have collected personal information from a person under age of 16 without verification of parental consent, We will use all reasonable efforts to remove such personal information.
This Policy may change from time to time, so please check this Policy periodically for updates. When We update this Policy, We take appropriate measures to inform you, consistent with the significance of the changes We make. We will obtain your consent to any material changes if and where this is required by applicable data protection laws.
You can see when this Policy was last updated by checking the “last updated” date.
How to Contact Us
If you have questions regarding this Policy, if you would like to exercise your rights or if you have a disability and need to access this notice in a different format please contact Us at:
880 SW 145th AVE
Pembroke Pines, FL, 33027
+1 (888) 914-9661 PIN: 410436
You can access a printable version of this Policy here.
The data controller of your personal information is Boxy Charm, Inc.