Soma Store Privacy Policy

Expand All

We collect the personal information you provide to us when you purchase our products or visit our website. The categories of information we may collect include:

Website Visitors

Personal Identifiers, including name, email address, and online Identifiers
Internet Activity
Location Information, including general location data
Professional and Education Information, including professional information
Consumer Communications, including direct communications with our consumers

Customers and Prospective Customers

Personal Identifiers, including name, email address, telephone number, and online Identifiers
Internet Activity
Commercial Information, including purchases
Location Information, including general location data
Physical and Audio Data, including audio recordings and video recordings
Professional and Education Information, including professional information
Consumer Communications, including direct communications with our consumers
Inferences from Other Data, including inferences created from other personal information collected

Browser Cookies

We use cookies to create a better experience for you on our site. For example, cookies prevent you from having to login repeatedly, and they help us remember items youve added to your cart. We also use third-party cookies, which are cookies placed by third parties for advertising and analytics purposes. You can control these cookies through your browser settings.

How long we keep your data

We do not retain data for any longer than is necessary for the purposes described in this Policy.

Why we process your information

We process personal information for the following business and commercial purposes:

We may disclose personal information about you for business and commercial purposes when you purchase our products or visit our website:

Personal Information Sharing Categories
Personal Information Category	Categories of Service Providers	Categories of Third Parties
Personal Identifiers	Commerce Software Tools	None
Internet Activity	Commerce Software Tools	None

This section provides additional information for people in the European Economic Area (EEA), United Kingdom (UK), or Switzerland (CH). The terms used in this section have the same meaning as in the General Data Protection Regulation, the UK Data Protection Act, and the Swiss Federal Act on Data Protection (collectively, “European Privacy Laws”). The term “personal information” as used in this notice has the same meaning as “personal data” in the European Privacy Laws.

Collection and Disclosure of Personal Data

The personal data we collect and how we share it is described above in our Privacy Policy.

Lawful Bases and Legitimate Interests

We process personal data on the following lawful bases:

Complying with legal obligations
Fulfilling contracts
Consent
Legitimate interests

International Data Transfers

We may send the personal data of individuals in the EEA/UK/CH to third countries, including the United States, where it may be stored or processed, for example on our service providers’ cloud servers. When we transfer personal data, we endeavor to do so on the basis of Adequacy Decisions as adopted by the European Commission (EC), the UK Information Commissioner's Office (ICO), or the Swiss Federal Data Protection and Information Commissioner (FDPIC), the EU-US Data Privacy Framework, UK-US Data Bridge, and Swiss-U.S. Data Privacy Framework agreements, Standard Contractual Clauses (SCCs) issued by the EC or the FDPIC, International Data Transfer Agreements (IDTAs) approved by the ICO, and as otherwise allowed by law. Data protection authorities have determined that the SCCs and IDTAs provide sufficient safeguards to protect personal data transferred outside the EEA/UK/CH. To request copies of our international data transfer safeguards, please contact us at moc.tfosorcimno.tluaveurt@gnigats-ycavirp. You may read more about international data transfer mechanisms at the following links:

Privacy Rights

Individuals in the EEA/UK/CH have the following rights regarding their personal data.Make a Privacy Request by clicking here. Once you submit a request, we will verify your identity and process your request in most cases within 30 days.

Right to access. You have the right to request a copy of the personal data we hold about you.

Right of portability. You have the right to ask us to transfer your data to another party.

Right to rectification. You have the right to request that we rectify any incorrect information we have about you.

Right of erasure. You have the right to request that we erase (delete) any personal information we hold about you.

Right to withdraw consent. You have the right to withdraw your consent at any time when we rely on your permission to process your personal data.

Right to object. You have the right to object to our use of data about you.

Right to restrict processing. In certain circumstances, you have the right to restrict our processing of your personal data to storage only, subject to some exceptions. This right applies when:

You have contested the accuracy of your personal data and we are still verifying its accuracy.
Your personal data has been unlawfully processed under the GDPR.
You need for us to keep your data in order to establish, exercise, or defend a legal claim.
You have previously objected to our processing of your personal data and the status of that review is still pending.

Right to lodge a complaint with a supervisory authority. You have a right to lodge a complaint with a supervisory authority. For more information, you can visit theInformation Commissioner’s Office website at https://ico.org.uk/, the Federal Data Protection and InformationCommissioner’s website at https://www.edoeb.admin.ch/, or see a list of EU Data Protection Authorities athttps://www.gdprregister.eu/gdpr/dpa-gdpr/.