Effective Date: [_____Sep 24, 2021_____]
Last Reviewed/Updated: September 6, 2021
1. Information We Collect
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:
In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some personal information included in this category may overlap with other categories.
C. Protected classification characteristics under California or federal law.
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
D. Commercial information.
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
E. Biometric information.
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
F. Internet or other similar network activity.
Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
G. Geolocation data.
Physical location or movements.
H. Sensory data.
Audio, electronic, visual, thermal, olfactory, or similar information.
I. Professional or employment-related information.
Current or past job history or performance evaluations.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
K. Inferences drawn from other personal information.
Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
We obtain the categories of personal information listed above from the following categories of sources:
2. Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following purposes:
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
3. Sharing Personal Information
We may share your personal information by disclosing it to a third party for a business purpose. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, Himalaya has disclosed personal information for a business purpose to the categories of third parties indicated in the chart below.
We do not sell personal information. In the preceding twelve (12) months, Himalaya has not sold the following categories of personal information to the categories of third parties indicated in the chart below. For more on your personal information sale rights, see Personal Information Sales Opt-Out and Opt-In Rights.
Personal Information Category
Category of Third-Party Recipients
Business Purpose Disclosures
B: California Customer Records personal information categories.
C: Protected classification characteristics under California or federal law.
D: Commercial information.
E: Biometric information.
F: Internet or other similar network activity.
G: Geolocation data.
H: Sensory data.
I: Professional or employment-related information.
J: Non-public education information.
K: Inferences drawn from other personal information.
We use the following social media plug-ins: Facebook, WhatsApp, Instagram, Twitter, Line, Apple iMessage, and may in the future use others. This allows you to communicate with such service and “like” or “comment” on the Platform. The social media plug-in enables a direct communication between your end user device and the servers of the social media provider, allowing the social media provider to communicate with you and collect information about you browsing our Platform. This processing represents our legitimate interest to improve your Platform User experience and to optimize those services and functionalities offered via the Platform. When you use a social media plug-in, transfer of your Personal Information may take place whether you have a registered user account with the applicable social media provider or not. Please note that we are not responsible for the content and the data collection on respective third-party websites or apps and that we neither control the extent of Personal Information collected by the respective plug-in provider nor do we know the purpose for processing or the period your Personal Information will be retained. For further information as to how and for what purpose the social network provider processes your data, please see the relevant privacy policies of these social network providers, and their notification when you connect to the social network in question. We recommend that you check and review the relevant privacy policies of any additional social network provides that we may add plug-ins for in the future.
As described in more detail in Sections 4 and 7 of the Terms of Service, certain personal information that you upload to the Platform (such as certain Account profile information), certain User Content (such as Creator Content you upload to and make public on the Platform, or comments that you post to the Platform), and certain Platform usage information (such as User Content you “like”), will automatically, or upon your selection, be made publicly available to other Users on the Platform. You acknowledge and agree that certain Account information (such as your Account profile name, picture, and/or User Content, etc.) that you provide in connection with (i) the registration of your Account and (ii) your general use of the Platform, such as uploading User Content, will be publicly viewable by all Users of the Platform. We are not responsible for the privacy practices of the other Users who will view and use this information, so you should carefully consider whether to upload any User Content on the Platform or how you identify yourself on the Platform. You should not disclose your home address or the address of your place of business, or other locations you frequent on a regular basis in any User Content.
Himalaya does not retain your username or password for Media Login Channels for any longer than is necessary to complete an interaction. If you would like to disconnect a Media Login Channel user account from the Platform, refer to the settings of that social media account and its provider.
We may offer sweepstakes, contests, and other promotions through the Platform (any, a “Promotion”) that may require registration. By participating in a Promotion, you are agreeing to the official rules that govern that Promotion, which may contain specific requirements of you, including, except where prohibited by law, allowing the sponsor(s) of the Promotion to use your name, voice, likeness or other indicia of persona in advertising or marketing associated with the Promotion. If you choose to enter a Promotion, your personal information may be disclosed to third parties or the public in connection with the administration of such Promotion, including, without limitation, in connection with winner selection, prize fulfillment, and as required by law or permitted by the Promotion’s official rules, such as on a winner’s list.
4. Storage and Transfer of Information
Information collected by us may be stored and processed in the United States or any other country in which we or our agents maintain facilities. By using the Platform, you expressly consent to any such transfer and storage of information outside of your country of residence, where data protection laws may be different and/or less stringent. However, we will endeavor to take reasonable measures to keep up an adequate level of data protection also when sharing your Personal Information with such countries.
With respect to any personal information that may be originally collected and stored in the EEA, if and when we transfer your personal information to countries outside the EEA, we will do so under the Commission’s model contracts for the transfer of personal information to third countries (i.e., standard contractual clauses). For a copy of these Standard Contractual Clauses, please contact us at firstname.lastname@example.org.
5. Your Rights and Choices
The Regulations provide individuals with specific rights regarding their personal information. This section describes your rights and explains how to exercise those rights. As an overview, you may have the following rights under the Regulations:
As far as we process your personal information on the basis of our legitimate interests, you can object to processing at any time. You can find a detailed description of our processing activities and the legal basis in the sections above. If you object to such processing, we ask you to state the grounds of your objection in order for us to examine the processing of your personal information and decide whether to adjust the processing accordingly.
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months (the “right to know”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will disclose to you:
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.
To exercise your rights to know or delete described above, please submit a request by emailing us at email@example.com.
Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information.
You may only submit a request to know twice within a twelve (12)-month period. Your request to know or delete must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. You do not need to create an account with us to submit a request to know or delete. We will only use personal information provided in the request to verify the requestor’s identity or authority to make it. For instructions on exercising your sale opt-out or opt-in rights, see Personal Information Sales Opt-Out and Opt-In Rights.
We will confirm receipt of your request within seven (7) business days. If you do not receive confirmation within the seven (7)-day timeframe, please contact firstname.lastname@example.org.
We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another forty-five (45) days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the twelve (12)-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, specifically via secure email unless otherwise agreed.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
If you are age sixteen (16) or older, you have the right to direct us to not sell your personal information at any time (the “right to opt-out”). However, Himalaya does not sell your personal information, including the personal information of consumers we actually know are less than sixteen (16) years old.
6. Information Relating to Children
Our Platform is not directed to children under the age of thirteen (13), and we do not knowingly collect, use, or disclose Personal Information from (i) children under the age of thirteen (13) or (ii) children between the age of 13 and 18 (or any greater age required to be deemed to have reached the age of majority under the applicable law of the state or jurisdiction of such child’s primary residence) that do not have parental or legal guardian consent to use the Platform. If we ever discover that we have inadvertently collected Personal Information from children under the age of thirteen (13) on or through the Platform, we will delete it from our records as soon as possible.
If you believe that we have Personal Information about, or have collected Personal Information from, (i) a child under thirteen (13), or (ii) between the age of thirteen (13) and eighteen (18) (or any greater age required to be deemed to have reached the age of majority under the applicable law of the state or jurisdiction of such child’s primary residence) without parental/legal guardian consent, or that such a person is using the Platform, please see Section 14 of the Terms of Service for available remedies, including how to contact us to report this.
However, we may offer you certain financial incentives permitted by the Regulations that can result in different prices, rates, or quality levels. Any Regulations-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
8. Other California Privacy Rights
California’s “Shine the Light” law (California Civil Code Section § 1798.83) permits users of our Platform that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to email@example.com.
9. Cookies and Other Tracking Technologies
A more detailed list of the cookies we currently, or in the future may, use and how we use, or may use, them are as follows:
10. Web Beacons
Our Platform may contain electronic images known as Web beacons (sometimes called single-pixel gifs) and are used along with cookies to compile aggregated statistics to analyze how the Platform is used.
We use third parties to gather information about how you and others use the Platform. For example, we will know how many Users access a specific page and which User Content they clicked on. We use this aggregated information to understand and optimize how the Platform is used.
11. Link to Third Party Websites
The Platform may include links to other websites, mobile applications or services (“Third Party Sites”), whose privacy practices may differ from those set forth herein. Such links are not an endorsement by Himalaya of those Third Party Sites and/or the products or services they offer. If you visit Third Party Sites or submit Information to any of those Third Party Sites, your visit and Information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any Third Party Site you visit, as it may differ substantially from that of this privacy statement. Himalaya makes no representations or warranties with respect to, nor is Himalaya responsible for the privacy policies of, any Third Party Sites. If you decide to click on any such links or access any Third Party Sites appearing on the Platform, you do so at your own risk.
12. Do Not Track Requests
Please note that your browser setting may allow you to automatically transmit a “Do Not Track” signal to websites and online service you visit. There is no consensus among industry participants as to what “Do Not Track” means in this context. Like many websites and online services, we do not alter our practices when we receive a “Do Not Track” signal from a visitor’s browser. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
We follow generally accepted industry standards to protect your information, both during transmission and once we receive it, and to keep such information confidential (unless it is non-confidential by nature, for example, publicly-available information) and free from any unauthorized alteration. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure, and the nature of security risks is constantly evolving, as are the technical and organizational industry standards relating to management of those risks. While we strive to keep current our security technology and will review, refine and upgrade our security technology as we deem appropriate based on new tools that may become available in the future, the complete and absolute security of any Information collected, stored or used by us cannot therefore be guaranteed. In the unlikely event that an unauthorized third party compromises our security measures, we will not be responsible for any damages directly or indirectly caused by an unauthorized third party’s ability to view, use or disseminate such information. If you ever discover inaccuracies in our data or if your Personal Information changes, we urge you to notify us immediately.
If you have any questions about security on our Platform, you can contact us at firstname.lastname@example.org.
14. Email Notifications and Opt-Out
16. Contact Information