PRIVACY POLICY – US ONLINE SHOP

    • BLUE LAGOON USA INC.
    • BLÁA LÓNIÐ HEILSUVÖRUR EHF. 



    BLUE LAGOON USA INC.

    This is the Privacy Policy ("Privacy Policy") of Blue Lagoon USA Inc., a company registered in USA, with its office address at 141 EAST BOSTON POST ROAD, Mamaroneck, NY 10543, USA (also referred to as "we", "us" or "our" in this Privacy Policy). Blue Lagoon USA Inc. is a subsidiary of Bláa Lónið Heilsuvörur ehf., a company registered in Iceland, and operates an online shop for Blue Lagoon skin care products, spa products as other home products for American market (the "Shop").

    This Privacy Policy sets forth how we collect, store, process, transfer, share and use data that identifies or is associated with you and your household (collectively, "Personal Information"). Information collected through cookies or other tools on the Shop or with subscriptions to newsletters is collected by Bláa Lónið Heilsuvörur ehf. and is not subject to this Privacy Policy. See here for the Privacy Policy and Cookie Policy of Bláa Lónið Heilsuvörur ehf. regarding its collection and processing of information.

    We value your trust and we commit to safeguarding any Personal Information you leave with us. It is important that you read this Privacy Policy carefully as it explains what types of information we collect, what purposes it will be used for, whom it may be shared with and choices available regarding our use of the personal information.

    By accepting our Terms of Use (and in some jurisdictions, by acknowledging this Privacy Policy), you are confirming that you have read and understood this Privacy Policy, and are aware of the processing of your Personal Information and how the processing will be conducted. If you do not want us to collect or process your Personal Information in the ways described in this Privacy Policy, you should not use the services or purchase the products provided through the Shop. We are not responsible for the content or the privacy policies or practices of any linked pages, including any links posted in any user comments.

    By accessing and purchasing products from the Shop, you acknowledge that we will use your information in the United States of America and, in some instances, Iceland and other countries where we operate. Please be aware that privacy laws and standards in certain countries, including the rights of authorities to access your personal infomration, may differ from those that apply in the United States of America.

     

    WHAT PERSONAL INFORMATION WE MAY COLLECT AND FOR WHAT PURPOSES

     

    We do not collect Personal Information without your knowledge or consent. We collect Personal Information that you voluntarily submit to us when you purchase a product from the Shop and otherwise use our services, including, but not limited to, creating an account and profile, or when you leave your comments or reviews on a product page. 

    Our online shop

    When you purchase a product from our Shop we first and foremost collect and use the Personal Information you provide us in order to service and process your purchase order and to improve our services and products.

    We may collect the following information:

    • Identification and contact information, such as your full legal name, email address, phone number, shipping and billing address in connection with your purchase(s) of any products from the Shop.
    • Payment information, such as credit card number, expiration date, and CVC code in connection with your purchase(s) of any products from the Shop.
    • Choice of shipping method.
    • Information on your purchase that you have especially submitted to us, e.g. a gift message.
    • Purchase history for registered users.
    • Our communication and correspondence with you.
    • Customer feedback, reviews, requests, inquiries, and complaints provided by you, and the associated contact details (e.g., email address) contained therein.

     

    Your Personal Information may be used to:

    • Process your order.
    • Send you status, updates, and tracking information on a product you have purchased.
    • Carry out accounting, billing and other internal business functions.
    • Provide third party services, e.g. warehouse and courier services.
    • Respond to inquiries, requests and feedback you have submitted, e.g. by email.
    • Send you tracking information for your purchases.
    • Improve our products and services, develop, test, and improve new services.
    • Meet legal and regulatory requirements.
    • Diagnose, troubleshoot, and fix technical problems or issues.
    • Maintain registered user accounts.

     

    When we ask you to provide us with any Personal Information, we will indicate when such provision is required in order to provide you with a particular service. Your provision of such Personal Information to us is your acknowledgement and consent to our use of such Personal Information to better the services offered on the Shop. Please be aware that if you do not wish to provide us with such required Personal Information, we may not be able to provide you with the product requested.

    The processing of your Personal Information is solely based on contractual requirements, our legitimate interests of improving our services and products, legal requirements or your consent. Whenever we process personal information based on your consent, you may withdraw your consent at any time. You can write to us at skincare@bluelagoon.com with “Privacy“ in the subject line and withdraw your consent.

    Please note that Bláa Lónið Heilsuvörur ehf. might process information in relation to usage and interaction with the US online shop website, e.g. for statistical analysis, to improve the website and tailor the content to your needs, which may include your Personal Information. Also if you become a member of the Blue Lagoon Skin Care Club, Bláa Lónið Heilsuvörur ehf. processes your contact information for the purpose of communicating with you with newsletters and such. For more information please see the Privacy Policy and Cookie Settings of Bláa Lónið Heilsuvörur ehf.

    Additional use for analysis and market research

    We may use pseudonymized or anonymized information generated from your personal information to carry out analysis and market research so that we can understand how to improve the products and services we offer and make sure that our products meet the needs of our customers. The personal information is processed based on our legitimate interests to improve our products and services. Such pseudonymized or anonymized information may be analyzed by a third party company solely in connection with the uses set forth in this paragraph.

     

    PRESERVATION OF YOUR PERSONAL INFORMATION

    Your Personal Information will be stored only for the duration needed to be used in conformity with the original purpose described herein or as otherwise necessary to comply with legal requirements.

     

    SHARING OF PERSONAL INFORMATION WITH THIRD PARTIES AND WITHIN THE BLUE LAGOON GROUP

    We may share Personal Information with third parties to faciliate our services, provide requested services on our behalf and/or to assist us in analyzing our services and products. For example, we may share Personal Information with our partner who provides us with marketing and sales support. Our warehouse partner and its courier services also have selected access to your personal information for delivery purposes only. Personal Information might also be shared with third parties who supply us with information technology services, cloud, web, or analytic services and payment services.

    These third parties have access to your personal information only to perform specific tasks on our behalf and are bound by confidentiality obligations and are obligated not to disclose or use your Personal Information for any other purposes.

    Your personal information may be shared within the Blue Lagoon group, with our parent companies Bláa Lónið Heilsuvörur ehf. and Blue Lagoon Ltd., as those companies might provide us with certain services, such as IT support, accounting services, sales and marketing support.

    We do reserve the right to disclose your personal information when required to do so by law, subpoena or a court order if such sharing is necessary to abide by the applicable law, or as reasonably required by law enforcement or a government entity, or to investigate possible threats, illegal activity, or any potentail breach of our agreements (e.g., our Terms and Conditions), or to protect the rights, safety, and property of us, our employees, our Shop users, and other related entities. We also reserve the right to disclose your personal information to our legal representatives who are bound by confidentiality obligations to uphold our legal rights as a business or the rights of our employees.

    Any disclosure of personal information by us to a third party will only be made on a confidential basis.

    Except as set forth in the Terms and Conditions, we do not currently utilize your metadata. Metadata is technical data associated with a user’s content (e.g., postings, pictures, comments). 

    SECURITY 

    Payment transactions are safeguarded at all times. They are Payment Card Industry Data Security Standard ("PCI DSS") certified to insure safe transactions of payment card information. Our websites are secured with Secure Sockets Layer ("SSL") certificates with the highest level of encryption and security. SSL provides secure, encrypted communications between a website and an internet browser.

    We maintain reasonable and appropriate administrative and technical safeguards designed to protect the Personal Information you provide against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use. In connection with our security practices, Personal Information might be stored by third parties who must comply with applicable privacy laws and regulations and carry out appropriate security safeguards in order to protect leakage, loss and unauthorised use of information.

    For your reference, we will never contact you via phone call or email requesting your username or password (for the Shop and its platforms or any other website, app, or account), bank account information, credit card information, or social security number.  We are located in the United States and, except as otherwise stated in this Privacy Policy, store all Personal Information obtained by us in the United States and Luxembourg.

    YOUR RIGHTS REGARDING PROCESSING OF YOUR PERSONAL INFORMATION – WITHDRAWAL OF CONSENT

    Certain privacy laws in the United States, including the California Consumer Privacy Act (“CCPA”), provide users with rights related to their personal information. Consistent with those laws, we give you the choice of accessing, editing, or removing certain information, as well as choices about how we contact you. You may change or correct your account information by emailing us at skincare@bluelagoon.com or through My account. You may also remove certain optional information that you no longer wish to be publicly visible on the Shop. You can also request to permanently close your account and delete your Personal Information. Depending on your location, you may also benefit from a number of rights with respect to your information. While some of these rights apply generally, certain rights apply in limited cases. With respect to your Personal Information that we have, you have the following rights:

    Access: You have the right to access your Personal Information at all times. Additionally, you have the right to access the following information (i) whether or not and where we process your Personal Information; (ii) more information regarding the type of Personal Information we process, why we process your Personal Information, and how we determine the retention period relating to storing and holding your Personal Information; and (iii) the categories of the third parties with whom we may share your Personal Information.

    Receive a Copy: You have the right to receive a copy of the Personal Information that you have provided to us, or request that we provide this information to another person on your behalf. You can request a copy by downloading personal data from the Privacy settings through My Account or by emailing us at skincare@bluelagoon.com.

    Rectification: You have the right to request that we correct inaccurate or incorrect information about you.

    Restrict Processing: You have the right to restrict processing concerning your Personal Information, except where necessary to effectuate our services.

    Objection: If the processing of your Personal Informaton is based on our legitimate interests, you have the right to object to such processing. We will assess each situation, and inform you of any compelling and legitimate reason for us to continue to process and hold your Personal Information.  You may, however, object to the use of your Personal Information for marketing purposes or activities at any time for any reason.

    Erasure: You have the right to have your Personal Information erased if the information is no longer necessary in relation to the purposes for which it was collected, you have withdrawn your consent on which the processing is based or your information has been unlawfully processed. An exception to this shall be made if the Personal Information is required to be kept in accordance with law, regulation, or to protect our safety, security, and integrity.

    Withdraw Consent: Where we rely on consent, you can choose to withdraw your consent to our processing of your Personal Information using specific features provided to enable you to withdraw consent, like an email unsubscribe link,your account privacy preferences or by sending us e-mail at skincare@bluelagoon.com. This is without prejudice to your right to generally permanently close your account and delete your Personal Information.

    You may transfer personal information concerning you, which you have provided to us, to another party when the processing has been based on your consent and the processing is carried out by automated means. This right shall, however, not adversely affect the rights and freedoms of others.

    Process to Enforce Rights: If you wish to enforce any of your rights outlined in this section of the Privacy Policy or have any other questions regarding this Privacy Policy or regarding our processing and protection of personal information, please contact us by email at skincare@bluelagoon.com with “Privacy“ in the subject line. You will not be discriminated against for exercising any of your privacy rights listed above.

    We may require you to provide an appropriate proof of identity if you make a request in accordance with the aforementioned, e.g. a copy of a government issued ID, such as your passport or driving licence and your signature.

     

    ADDITIONAL RIGHTS UNDER THE CCPA

    The CCPA provides California residents with the following additional rights:

     Right to Know: California residents may request disclosure of the specific pieces and/or categories of Personal Information that the business has collected about them, the categories of sources for that personal information, the business or commercial purposes for collecting the information, the categories of personal information that we have disclosed, and the categories of third parties with which the information was shared.

     

    Right to Opt-Out: To the extent that we “sell” personal information (as that term is defined under the CCPA), California residents are entitled to opt-out of the “sale” of data at any time.

     

    MANAGING RIGHTS

    If you would like to manage, change, limit, or delete your personal information, you can do so via your account settings, or emailing us at skincare@bluelagoon.com. Once you contact us to exercise any of your rights, we will confirm receipt of your request and respond to your request within a reasonable time period.

    Limiting use of, or deleting, your Personal Information may impact features and uses that rely on that information. However, we will not discriminate against you for exercising any of your rights, including otherwise denying you goods or services, providing you with a different level or quality of products or services, or charging you different prices or rates for services.

    We may verify your identity before we are able to process any of the requests described in this Section, and in our discretion, deny your request if we are unable to verify your identity. As a part of this process, government or other identification may be required. You may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government issued identification, and the authorized agent’s valid government issued identification, and we may verify the authenticity of the request directly with you.

     

    ADDITIONAL DISCLOSURES FOR CALIFORNIA RESIDENTS

    Notice of Collection: The CCPA requires disclosure of the categories of Personal Information collected over the past twelve (12) months. The categories of Personal Information that we have collected (as described by the CCPA) are:

    • Identifiers – This includes information such as contact information, government ID, etc.
    • Information protected against security breaches – This includes information such as your name, username, password, and credit or debit card information. This category includes personal information protected under pre-existing California law (Cal. Civ. Code 1798.80(e)), and overlaps with other categories listed here.
    • Commercial information

     

    Purpose of Collection: We collect and use these categories of personal information for our business and commercial purposes, including providing and improving the services provided and the Shop, maintaining the safety and security of the services, processing purchase and sale transactions, and for advertising and marketing services. Notwithstanding the foregoing, if you opt out of our cookie policy, then such personal information shall not be used for direct advertising and marketing unless you sign up for such (e.g., our newsletter).

     

    Third Party Advertising and Your Opt-Out Rights: We do not sell Personal Information to third parties for monetary value. However, the term “sale” is defined broadly under the CCPA. To the extent that “sale” under the CCPA is interpreted to include interest based advertising or other data uses, we will comply with applicable law as to those activities. To opt-out of receiving interest based advertising, you can exercise your choice by using your account privacy settings or opting out of our cookie policy. The right to opt-out of interest based advertising is available to all users.

     

    Do Not Track Signals: Some Internet browsers - like Internet Explorer, Firefox, and Safari - include the ability to transmit “Do Not Track” or “DNT” signals. Since uniform standards for “DNT” signals have not been adopted, our websites do not currently process or respond to “DNT” signals. We take privacy and meaningful choice seriously and will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard. To learn more about “DNT”, please visit All About Do Not Track.

     

    Shine the Light: California law entitles residents to ask for a notice describing what categories of personal information we share with third parties for their own direct marketing purposes. Other than to Bláa Lónið Heilsuvörur ehf. (as described above), or unless you request us to or consent to it, we do not share any Personal Information to third parties for their own direct marketing purposes. If you have questions about these practices, you can contact us.

     

    Accessibility: If you have a disability and would like to access this policy in an alternative format, please contact us at skincare@bluelagoon.com.

     

    COOKIES

    Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information.

    We use cookies to:

    • Help us remember and process the items in your shopping cart.
    • Help us understand your preferences based on previous or current activity on the Shop and previous purchases, which enables us to provide you with improved services.
    • Help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.
    • Help us with our marketing activities.

    You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies through your browser settings. Since each browser is a little different, look at your browser’s Help Menu to learn the correct way to modify your cookies. If you turn cookies off, some features will be disabled. While you will still be able to place orders, it may make your site experience less efficient and may not function to its full potential.

     

    MINORS

    We require all account owners to be at least eighteen (18) years of age ("Minors"). Minors under eighteen (18) years of age and least thirteen (13) years of age (each, a "Permitted Minor") are permitted to make purchases through the Shop only if they have permission and direct supervision by the owner of the account. Minors under the age of thirteen (13) are not permitted to access, use the services provided by us, or make purchases on the Shop. You are responsible for any and all account activities conducted by a Permitted Minor on your account.

    Permitted Minors may not make purchases unless they have appropriate permission and are under the direct supervision of their parent or legal guardian who owns the account.

    All financial information on the account, such as a credit card, must be that of the parent or legal guardian.

    We do not intentionally or knowingly collect or "sell" (as that term is defined under applicable law, including the California Consumer Privacy Act), the Personal Information of Minors. If you learn that a Minor has provided us with information, you and/or a parent or guardian of the Minor should contact us at skincare@bluelagoon.com and we will remove the information from our database immediately and terminate any account(s) that the Minor may have created. 

    PRIVACY POLICY AMENDMENTS

     

    We reserve the right to make changes to this Privacy Policy at any time so that it reflects how we process personal information from time to time. Changes, additions or deletions shall be effective immediately when updated version is published to this page. Please check this page from time to time for any changes as such changes will be a part of all new purchases and inquiries as of the time of publication. The date of the latest revision of this Privacy Policy is set at the bottom of this page. 

     

    HOW TO CONTACT US

    If you have any questions or comments about this Privacy Policy, please contact us by email at skincare@bluelagoon.com or through our contact form on our website.

     

    LAST MODIFIED

    This Privacy Policy was last modified on January 26, 2021.

     

  • BLÁA LÓNIÐ HEILSUVÖRUR EHF.

    Bláa Lónið Heilsuvörur ehf., Id. no. 671296-2819, is a company registered in Iceland, with its office address at Norðurljósavegur 9, 241 Grindavík, Iceland (also referred to as „we“ in this Privacy Policy). Blue Lagoon USA Inc. is a subsidiary of Bláa Lónið Heilsuvörur ehf. and operates US online shop for Blue Lagoon skin care products, spa products as other home products for American market.

    This Privacy Policy applies to personal information and data which Bláa Lónið Heilsuvörur ehf. collects and processes through cookies and other tools regarding those who visit the US online shop website and those who join the Blue Lagoon Skin Care Club (newsletter). The data controller for the purposes of this Privacy Policy is Bláa Lónið Heilsuvörur ehf.

    Your privacy is of paramount importance to us. We value your trust and we commit to safeguarding any personal information you leave with us. It is important that you read this Privacy Policy carefully as it explains what types of information we collect, what purposes it will be used for, whom it may be shared with and your rights regarding the personal information processed.

    By confirming you have read this Privacy Policy, you are confirming that you are aware of the processing of your personal information and how the processing will be conducted.

     

    WHAT PERSONAL INFORMATION WE MAY COLLECT AND FOR WHAT PURPOSES

    Our website

    The US online shop website uses cookies and other tools. We might process information in relation to usage and interaction with the online shop website, e.g. for statistical analysis and to improve the website. The cookies are also used to provide you with as relevant information as possible and tailor the content to your needs. Examples of this would be presenting the appropriate currency and preserving user‘s selection during any purchase process.

    Google Analytics, Google Adwords and other tools are also used on the online shop website. Google Analytics is for example used to collect information on how visitors use the website, information such as IP address, operating system, browser type, origin of traffic etc. This data is then used to measure performance and implement improvements as needed. Google AdWords is used for remarketing, to advertise products and services on third party websites tailored to specific targeting groups and previous visitors to our website. This could be in the form of an advertisement on the Google search results page or a site in the Google Display Network. Third-party vendors, including Google, use cookies to serve ads based on someone’s past visits. You can set preferences for how Google advertises to you using the Google´s Ads settings page. 

    You can choose not to accept certain cookies when you visit the online shop website. You can also choose not to accept cookies by disabling them in the settings of your web browser. See further our Cookie Policy for information about the use of cookies and other tracking technologies. 

    You have the right to object at any time to the processing of your personal information to the extent that it is related to direct marketing purposes. If you object to remarketing based on your information you can for example opt out of a third-party vendor's use of cookies by visiting the Network Advertising Initiative opt-out page.

    Blue Lagoon Skincare Club

    If you become a member of our Blue Lagoon Skin Care Club we process your contact information for the purpose of communicating with you. We may use your personal information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. The personal information is processed based on your consent.

    When processing is based on your consent you have the right to withdraw your consent at any time without affecting the lawfulness of the processing based on your consent before its withdrawal. You can write to us at contact@bluelagoon.com with “Privacy“ in the subject line and withdraw your consent. Each marketing communication sent to you via e-mail will also provide you with the option to unsubscribe from receiving any further marketing material from us.

     

    Additional use for analysis and market research

    We may use pseudonymized or anonymized information generated from your information to carry out analysis and market research so that we can understand how to improve the products and services we and our affiliates offer. The personal information is processed based on our legitimate interests to improve our products and services.

     

    PRESERVATION OF YOUR PERSONAL INFORMATION

    Your personal information will be kept for the duration needed to be used in conformity with the original purpose of its collection unless otherwise necessary to comply with legal requirements.

     

    SHARING OF PERSONAL INFORMATION WITH THIRD PARTIES AND WITHIN THE BLUE LAGOON GROUP

    We may share personal information with third parties (e.g. data processors) to faciliate our services, provide requested services on our behalf and/or to assist us in analyzing our services and products. For example, we may share personal information with our partner who provides us with marketing support. Personal information might also be shared with third parties who supply us with information technology services or cloud services.

    These third parties have access to your personal information only to perform specific tasks on our behalf and are obligated not to disclose or use your information for any other purposes. These third parties may be located outside of Iceland. However, we will not transfer personal information outside the European Economic Area unless permitted by applicable privacy legislation, such as based on standardized contractual terms, your consent or a notice issued by the Data Protection Authority listing states granting personal information adequate protection.

    Your personal information may be shared within the Blue Lagoon group as Blue Lagoon Ltd. might provide us with certain services, such as IT support and marketing support.

    We do reserve the right to disclose your personal information when required to do so by law, subpoena or a court order, or by the reasonable requests of law enforcement or a government entity. We also reserve the right to disclose your personal information to our legal representatives to uphold our legal rights as a business or the rights of our employees.

    Any disclosure of personal information by us to a third party will only be made on a confidential basis. 

     

    SECURITY 

    Personal information is stored and managed inhouse or by third parties who must comply with privacy laws and regulations and carry out appropriate security safeguards in order to protect leakage, loss and damage of information.

    In case of a personal data breach, we will without undue delay and not later than 72 hours after becoming aware of it, notify the personal data breach to the Icelandic Data Protection Authority (Persónuvernd), unless the personal data breach is unlikely to result in a risk to your rights and freedoms. When the personal data breach is likely to result in a high risk to your rights and freedoms, we will communicate the personal data breach to you without undue delay unless otherwise stated by law.

     

    YOUR RIGHTS REGARDING PROCESSING OF YOUR PERSONAL INFORMATION – WITHDRAWAL OF CONSENT

    You have the right to access your personal information at all times and to have the information corrected if inaccurate or incorrect. You have the right to restrict processing concerning your personal information if you contest the accuracy of the information. The processing may be restricted for a period enabling us to verify the accuracy of the information. You also have the right to restrict the processing of your personal information if the processing is considered unlawful or if we no longer need the information for the purposes of processing but you don‘t want the information erased. 

    If the processing of your personal informaton is based on our legitimate interests, you also have the right to object to such processing. You have the right to object at any time to the processing of your personal information to the extent that it is related to direct marketing purposes.

    You have the right to have personal information erased if the information is no longer necessary in relation to the purposes for which it was collected, you have withdrawn your consent on which the processing is based or your information has been unlawfully processed. An exception to this shall be made if personal information is required to be kept in accordance with law.

    You have the right to transfer personal information concerning you, which you have provided to us, to another party when the processing has been based on your consent and the processing is carried out by automated means. This right shall, however, not adversely affect the rights and freedoms of others. 

    If you wish to have your personal information removed from our database, withdraw your consent for processing or have any other questions regarding this Privacy Policy or our processing and protection of personal information, please contact us by email at contact@bluelagoon.com with “Privacy“ in the subject line.

    We may require you to provide an appropriate proof of identity if you make a request in accordance with the aforementioned, e.g. a copy of a government issued ID, such as your passport or driving licence and your signature.

     

    MINORS 

     

    We do not intentionally collect personal information from minors (children under 13). If a minor has provided us with information, a parent or guardian of the minor should contact us and we will remove the information from our database immediately. 

     

    PRIVACY POLICY AMENDMENTS 

     

    We may make changes to this Privacy Policy at any time so that it reflects how we process personal information from time to time. Changes, additions or deletions shall be effective immediately after an updated version has been published and be a part of all new website visits and newsletter registrations after publication. The date of the latest revision of this Privacy Policy is set at the bottom of this page.  

     

    COMPLAINTS 

     

    You have the right to lodge a complaint to the Data Protection Authority (Persónuvernd), Rauðarárstígur 10, 105 Reykjavík, Iceland (www.personuvernd.is) if you disagree with our processing of personal information.

     

    15th July 2020

  • BLUE LAGOON USA INC.
  • BLÁA LÓNIÐ HEILSUVÖRUR EHF. 



BLUE LAGOON USA INC.

This is the Privacy Policy of Blue Lagoon USA Inc., a company registered in USA, with its office address at 141 EAST BOSTON POST ROAD, Mamaroneck, NY 10543, USA (also referred to as „we“ in this Privacy Policy). Blue Lagoon USA Inc. is a subsidiary of Bláa Lónið Heilsuvörur ehf., a company registered in Iceland, and operates an online shop for Blue Lagoon skin care products, spa products as other home products for American market.

This Privacy Policy applies to personal information and data which we collect and process regarding customers and potential customers of the online shop. Information collected through cookies or other tools on the online shop website or newsletter are collected by Bláa Lónið Heilsuvörur ehf. and is not subject to this Privacy Policy. See here the Privacy Policy of Bláa Lónið Heilsuvörur ehf. regarding its collection and processing of information.

We value your trust and we commit to safeguarding any personal information you leave with us. It is important that you read this Privacy Policy carefully as it explains what types of information we collect, what purposes it will be used for, whom it may be shared with and choices available regarding our use of the personal information.

By confirming you have read this Privacy Policy, you are confirming that you are aware of the processing of your personal information and how the processing will be conducted.

 

WHAT PERSONAL INFORMATION WE MAY COLLECT AND FOR WHAT PURPOSES

 

Our online shop

When you purchase a product from our US online shop we first and foremost collect and use the personal information you provide to service and process your purchase order and to improve our services and products.

Please be aware that if you do not wish to provide us with personal information we may not be able to provide you with the product requested.

The information we may collect and process include:

  • Identification and contact information, such as name, email address, phone number, shipping and billing address.
  • Payment information, such as credit card number, expiration date, and CVC code.
  • Choice of shipping method.
  • Tracking information.
  • Information on your purchase that you have especially submitted to us, e.g. a gift message.
  • Purchase history.
  • Record of our communication and correspondence with you.
  • Customer feedback and complaints.

 

Your personal information may be used to:

  • Process your order.
  • Send you status and updates on a product you have purchased.
  • Carry out accounting, billing and other internal business functions.
  • Provide third party services, e.g. warehouse and courier services.
  • Respond to inquiries, requests and feedback you have submitted, e.g. through our website or by email.
  • Send you tracking information for your purchases.
  • Improve our products and services.
  • To meet legal and regulatory requirements.

 

When you send us requests, inquiries, complaints or feedback we process your contact details as well as the information you send us in order for us to respond.

The processing of your personal information is based on contractual requirements, our legitimate interests of improving our services and products, legal requirements or your consent. Whenever we process personal information based on your consent, you may withdraw your consent at any time. You can write to us at contact@bluelagoon.com with “Privacy“ in the subject line and withdraw your consent.

Please note that Bláa Lónið Heilsuvörur ehf. might process information in relation to usage and interaction with the US online shop website, e.g. for statistical analysis, to improve the website and tailor the content to your needs. Also if you become a member of the Blue Lagoon Skin Care Club Bláa Lónið Heilsuvörur ehf. processes your contact information for the purpose of communicating with you. For more information please see the Privacy Policy and Cookie Policy of Bláa Lónið Heilsuvörur ehf.

Additional use for analysis and market research

We may use pseudonymized or anonymized information generated from your personal information to carry out analysis and market research so that we can understand how to improve the products and services we offer and make sure that our products meet the needs of our customers. The personal information is processed based on our legitimate interests to improve our products and services.

 

PRESERVATION OF YOUR PERSONAL INFORMATION

Your personal information will be kept for the duration needed to be used in conformity with the original purpose of its collection unless otherwise necessary to comply with legal requirements.

 

SHARING OF PERSONAL INFORMATION WITH THIRD PARTIES AND WITHIN THE BLUE LAGOON GROUP

We may share personal information with third parties to faciliate our services, provide requested services on our behalf and/or to assist us in analyzing our services and products. For example, we share personal information with our partner who provides us with marketing and sales support. Our warehouse partner and its courier services also have selected access to your personal information for delivery purposes only. Personal information might also be shared with third parties who supply us with information technology services, cloud services and payment services. 

These third parties have access to your personal information only to perform specific tasks on our behalf and are obligated not to disclose or use your information for any other purposes.

Your personal information may be shared within the Blue Lagoon group, with Bláa Lónið Heilsuvörur ehf. and Blue Lagoon Ltd., as those companies might provide us with certain services, such as IT support, accounting services, sales and marketing support.

We do reserve the right to disclose your personal information when required to do so by law, subpoena or a court order, or by the reasonable requests of law enforcement or a government entity. We also reserve the right to disclose your personal information to our legal representatives to uphold our legal rights as a business or the rights of our employees.

Any disclosure of personal information by us to a third party will only be made on a confidential basis. 

 

SECURITY 

Payment transactions are safeguarded at all times. They are PCI DSS (Payment Card Industry Data Security Standard) certified to insure safe transactions of payment card information. Our websites are secured with SSL certificates with the highest level of encryption and security. SSL stands for Secure Sockets Layer and provides secure, encrypted communications between a website and an internet browser.

We maintain reasonable administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use. Personal information might be stored by third parties who must comply with applicable privacy laws and regulations and carry out appropriate security safeguards in order to protect leakage, loss and unauthorised use of information.

 

YOUR RIGHTS REGARDING PROCESSING OF YOUR PERSONAL INFORMATION – WITHDRAWAL OF CONSENT

You have the right to access your personal information at all times and to have the information corrected if inaccurate or incorrect. You have the right to restrict processing concerning your personal information if you contest the accuracy of the information. The processing may be restricted for a period enabling us to verify the accuracy of the information. You also have the right to restrict the processing of your personal information if the processing is considered unlawful or if we no longer need the information for the purposes of processing but you don‘t want the information erased. 

If the processing of your personal informaton is based on our legitimate interests, you also have the right to object to such processing.

You have the right to have personal information erased if the information is no longer necessary in relation to the purposes for which it was collected, you have withdrawn your consent on which the processing is based or your information has been unlawfully processed. An exception to this shall be made if personal information is required to be kept in accordance with law.

You have the right to transfer personal information concerning you, which you have provided to us, to another party when the processing has been based on your consent and the processing is carried out by automated means. This right shall, however, not adversely affect the rights and freedoms of others. 

If you wish to have your personal information removed from our database, withdraw your consent for processing or have any other questions regarding this Privacy Policy or regarding our processing and protection of personal information, please contact us by email at contact@bluelagoon.com with “Privacy“ in the subject line.

We may require you to provide an appropriate proof of identity if you make a request in accordance with the aforementioned, e.g. a copy of a government issued ID, such as your passport or driving licence and your signature.

 

MINORS 

 

We do not intentionally collect personal information from minors (children under 13). If a minor has provided us with information, a parent or guardian of the minor should contact us and we will remove the information from our database immediately. 

 

PRIVACY POLICY AMENDMENTS 

 

We may make changes to this Privacy Policy at any time so that it reflects how we process personal information from time to time. Changes, additions or deletions shall be effective immediately after an updated version has been published and be a part of all new purchases and inquiries after publication. The date of the latest revision of this Privacy Policy is set at the bottom of this page.  

 

HOW TO CONTACT US

If you have any questions or comments about this Privacy Policy, please contact us by email at contact@bluelagoon.com.

 

15th July 2020



BLÁA LÓNIÐ HEILSUVÖRUR EHF.

Bláa Lónið Heilsuvörur ehf., Id. no. 671296-2819, is a company registered in Iceland, with its office address at Norðurljósavegur 9, 241 Grindavík, Iceland (also referred to as „we“ in this Privacy Policy). Blue Lagoon USA Inc. is a subsidiary of Bláa Lónið Heilsuvörur ehf. and operates US online shop for Blue Lagoon skin care products, spa products as other home products for American market.

This Privacy Policy applies to personal information and data which Bláa Lónið Heilsuvörur ehf. collects and processes through cookies and other tools regarding those who visit the US online shop website and those who join the Blue Lagoon Skin Care Club (newsletter). The data controller for the purposes of this Privacy Policy is Bláa Lónið Heilsuvörur ehf.

Your privacy is of paramount importance to us. We value your trust and we commit to safeguarding any personal information you leave with us. It is important that you read this Privacy Policy carefully as it explains what types of information we collect, what purposes it will be used for, whom it may be shared with and your rights regarding the personal information processed.

By confirming you have read this Privacy Policy, you are confirming that you are aware of the processing of your personal information and how the processing will be conducted.

 

WHAT PERSONAL INFORMATION WE MAY COLLECT AND FOR WHAT PURPOSES

Our website

The US online shop website uses cookies and other tools. We might process information in relation to usage and interaction with the online shop website, e.g. for statistical analysis and to improve the website. The cookies are also used to provide you with as relevant information as possible and tailor the content to your needs. Examples of this would be presenting the appropriate currency and preserving user‘s selection during any purchase process.

Google Analytics, Google Adwords and other tools are also used on the online shop website. Google Analytics is for example used to collect information on how visitors use the website, information such as IP address, operating system, browser type, origin of traffic etc. This data is then used to measure performance and implement improvements as needed. Google AdWords is used for remarketing, to advertise products and services on third party websites tailored to specific targeting groups and previous visitors to our website. This could be in the form of an advertisement on the Google search results page or a site in the Google Display Network. Third-party vendors, including Google, use cookies to serve ads based on someone’s past visits. You can set preferences for how Google advertises to you using the Google´s Ads settings page. 

You can choose not to accept certain cookies when you visit the online shop website. You can also choose not to accept cookies by disabling them in the settings of your web browser. See further our Cookie Policy for information about the use of cookies and other tracking technologies. 

You have the right to object at any time to the processing of your personal information to the extent that it is related to direct marketing purposes. If you object to remarketing based on your information you can for example opt out of a third-party vendor's use of cookies by visiting the Network Advertising Initiative opt-out page.

Blue Lagoon Skincare Club

If you become a member of our Blue Lagoon Skin Care Club we process your contact information for the purpose of communicating with you. We may use your personal information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. The personal information is processed based on your consent.

When processing is based on your consent you have the right to withdraw your consent at any time without affecting the lawfulness of the processing based on your consent before its withdrawal. You can write to us at contact@bluelagoon.com with “Privacy“ in the subject line and withdraw your consent. Each marketing communication sent to you via e-mail will also provide you with the option to unsubscribe from receiving any further marketing material from us.

 

Additional use for analysis and market research

We may use pseudonymized or anonymized information generated from your information to carry out analysis and market research so that we can understand how to improve the products and services we and our affiliates offer. The personal information is processed based on our legitimate interests to improve our products and services.

 

PRESERVATION OF YOUR PERSONAL INFORMATION

Your personal information will be kept for the duration needed to be used in conformity with the original purpose of its collection unless otherwise necessary to comply with legal requirements.

 

SHARING OF PERSONAL INFORMATION WITH THIRD PARTIES AND WITHIN THE BLUE LAGOON GROUP

We may share personal information with third parties (e.g. data processors) to faciliate our services, provide requested services on our behalf and/or to assist us in analyzing our services and products. For example, we may share personal information with our partner who provides us with marketing support. Personal information might also be shared with third parties who supply us with information technology services or cloud services.

These third parties have access to your personal information only to perform specific tasks on our behalf and are obligated not to disclose or use your information for any other purposes. These third parties may be located outside of Iceland. However, we will not transfer personal information outside the European Economic Area unless permitted by applicable privacy legislation, such as based on standardized contractual terms, your consent or a notice issued by the Data Protection Authority listing states granting personal information adequate protection.

Your personal information may be shared within the Blue Lagoon group as Blue Lagoon Ltd. might provide us with certain services, such as IT support and marketing support.

We do reserve the right to disclose your personal information when required to do so by law, subpoena or a court order, or by the reasonable requests of law enforcement or a government entity. We also reserve the right to disclose your personal information to our legal representatives to uphold our legal rights as a business or the rights of our employees.

Any disclosure of personal information by us to a third party will only be made on a confidential basis. 

 

SECURITY 

Personal information is stored and managed inhouse or by third parties who must comply with privacy laws and regulations and carry out appropriate security safeguards in order to protect leakage, loss and damage of information.

In case of a personal data breach, we will without undue delay and not later than 72 hours after becoming aware of it, notify the personal data breach to the Icelandic Data Protection Authority (Persónuvernd), unless the personal data breach is unlikely to result in a risk to your rights and freedoms. When the personal data breach is likely to result in a high risk to your rights and freedoms, we will communicate the personal data breach to you without undue delay unless otherwise stated by law.

 

YOUR RIGHTS REGARDING PROCESSING OF YOUR PERSONAL INFORMATION – WITHDRAWAL OF CONSENT

You have the right to access your personal information at all times and to have the information corrected if inaccurate or incorrect. You have the right to restrict processing concerning your personal information if you contest the accuracy of the information. The processing may be restricted for a period enabling us to verify the accuracy of the information. You also have the right to restrict the processing of your personal information if the processing is considered unlawful or if we no longer need the information for the purposes of processing but you don‘t want the information erased. 

If the processing of your personal informaton is based on our legitimate interests, you also have the right to object to such processing. You have the right to object at any time to the processing of your personal information to the extent that it is related to direct marketing purposes.

You have the right to have personal information erased if the information is no longer necessary in relation to the purposes for which it was collected, you have withdrawn your consent on which the processing is based or your information has been unlawfully processed. An exception to this shall be made if personal information is required to be kept in accordance with law.

You have the right to transfer personal information concerning you, which you have provided to us, to another party when the processing has been based on your consent and the processing is carried out by automated means. This right shall, however, not adversely affect the rights and freedoms of others. 

If you wish to have your personal information removed from our database, withdraw your consent for processing or have any other questions regarding this Privacy Policy or our processing and protection of personal information, please contact us by email at contact@bluelagoon.com with “Privacy“ in the subject line.

We may require you to provide an appropriate proof of identity if you make a request in accordance with the aforementioned, e.g. a copy of a government issued ID, such as your passport or driving licence and your signature.

 

MINORS 

 

We do not intentionally collect personal information from minors (children under 13). If a minor has provided us with information, a parent or guardian of the minor should contact us and we will remove the information from our database immediately. 

 

PRIVACY POLICY AMENDMENTS 

 

We may make changes to this Privacy Policy at any time so that it reflects how we process personal information from time to time. Changes, additions or deletions shall be effective immediately after an updated version has been published and be a part of all new website visits and newsletter registrations after publication. The date of the latest revision of this Privacy Policy is set at the bottom of this page.  

 

COMPLAINTS 

 

You have the right to lodge a complaint to the Data Protection Authority (Persónuvernd), Rauðarárstígur 10, 105 Reykjavík, Iceland (www.personuvernd.is) if you disagree with our processing of personal information.

 

15th July 2020