The Rachael Todd Privacy Policy

Rachael Todd collects data about your activities that does not personally or directly identify you when you visit our website, the website of entities for which we serve advertisements (our “Advertisers”), or the websites and online services where we display advertisements (“Publishers”). This information may include the content you view, the date and time that you view this content, the products you purchase, or your location information associated with your IP address. We use the information we collect to serve you more relevant content and advertisements (referred to as “Retargeting”). We collect information about where you saw the ads we serve you and what ads you clicked on.

You have my express commitment and solemn promise to never sell your information to anyone. That’s just wrong!

We at rptMedia, L.L.C. (“Rachael Todd,” “we,” “us,” or “our”) have created this privacy policy (this “Privacy Policy”) because we know that you care about how information you provide to us is used and shared. This Privacy Policy applies to our information collection and use practices: (i) online when you visit any of our websites, including, without limitation, rachaeltodd.com (the “Websites”); and (ii) offline when you provide information to us.

Capitalized terms not defined in this Privacy Policy shall have the meaning set forth in our Terms of Service.

Acceptance of Terms

By visiting any of our Websites, you are agreeing to the terms of this Privacy Policy and the accompanying Terms of Service, both of which govern your use of the Websites. By providing us information offline, you are also agreeing to the terms of this Privacy Policy.

The Information We Collect

In the course of operating the Websites and/or interacting with you, we will collect (and/or receive) the following types of information.

• Personal Information

When you sign up to receive any of our newsletters, respond to a survey, register for a class, or purchase any product or service, you may be required to provide us with personal information about yourself, such as your name, address, email address, and phone number. We do not collect any personal information from Visitors when they use the Websites unless they provide such information voluntarily, such as by registering or sending us an email or signing up for a newsletter. All information we collect and/or receive under this section is collectively called “Personal Information.”

• Order Information

When you place an Order, you must provide us with certain information about the products and services you are seeking to purchase. Such information is collectively called the “Order Information.”

• Billing Information

When you wish to purchase a product or service, you will be required to provide certain information in addition to the Personal Information and Order Information noted above. Such information may include a debit card number, credit card number, expiration date, billing address, activation codes, and similar information. Such information is collectively called the “Billing Information.” Although we will have access to the Billing Information, it will also be collected and processed by our third-party payment vendors pursuant to the terms and conditions of their privacy policies and terms of use.

• Other Information

In addition to the information noted above, we may collect additional information (collectively, the “Other Information”). Such Other Information may include:

1. From You. Additional information about yourself that you voluntarily provide to us (e.g., via a survey), such as household income range, gender, product and service preferences, and other information that does not identify you personally.
2. From Your Activity. Information that we automatically collect when you use the Websites, including, without limitation:
   1. IP addresses, which may consist of a static or dynamic IP address and will sometimes point to a specific identifiable computer or device; browser type and language; referring and exit pages and URLs; date and time; amount of time spent on particular pages; what sections of the Websites you visit; and similar data; and
   2. Information about your device, including the type of device; universally unique ID (“UUID”); advertising identifier (“IDFA”); MAC address; operating system and version (e.g., iOS, Android or Windows); carrier and country location; hardware and processor information (e.g., storage, chip speed, camera resolution, NFC enabled); network type (WiFi, 3G, 4G, LTE); and
   3. Similar data.
   4. From Cookies. Information that we collect using “cookie” technology. Cookies are small packets of data that a website stores on your computer’s or mobile device’s hard drive so that your computer will “remember” information about your visit. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to help us collect Other Information and to enhance your experience using the Websites. If you do not want us to place a cookie on your hard drive, you may be able to turn that feature off in your browser or on your mobile device. Please consult your Internet browser’s documentation for information on how to do this and how to delete persistent cookies. However, if you decide not to accept cookies from us, the Websites may not function properly.
   5. Third-Party Analytics. We use third-party analytics services (such as Google Analytics) to evaluate your use of the Websites, compile reports on activity, collect demographic data, analyze performance metrics, and collect and evaluate other information relating to the Websites and mobile and Internet usage. These third parties use cookies and other technologies to help analyze and provide us the data. By accessing and using the Websites, you consent to the processing of data about you by these analytics providers in the manner and for the purposes set out in this Privacy Policy.For more information on Google Analytics, including how to opt out from certain data collection, please visit https://www.google.com/analytics. Please be advised that if you opt out of any service, you may not be able to use the full functionality of the Websites.
   6. From Other Sources. We also may collect or receive information from third parties, such as Facebook and/or other third-party social media sites.

Information Collected By or Through Third-Party Advertising Companies

We may share Other Information about your activity on the Websites with third parties for the purpose of tailoring, analyzing, managing, reporting, and optimizing advertising you see on the Websites and elsewhere. These third parties may use cookies, pixel tags (also called web beacons or clear gifs), and/or other technologies to collect such Other Information for such purposes. Pixel tags enable us, and these third-party advertisers, to recognize a browser’s cookie when a browser visits the site on which the pixel tag is located in order to learn which advertisement brings a user to a given site.

Accessing and Modifying Personal Information and Communication Preferences

If you have registered for the Websites, you may access, review, and make changes to your Personal Information, Billing Information, and certain Other Information by following the instructions found on the Websites. In addition, you may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of any rptMedia, L.L.C. marketing email. Customers cannot opt out of receiving transactional emails related to their account or their Orders. We will use commercially reasonable efforts to process such requests in a timely manner. You should be aware, however, that it is not always possible to completely remove or modify information in our subscription databases.

How We Use and Share the Information

We use the Personal Information, the Order Information, the Billing Information, and the Other Information (collectively, the “Information”) to provide our services; to process Orders; to administer our rewards and promotional programs; to maintain and improve our Websites and services to you; to solicit your feedback; and to inform you about our products and services and those of our third-party marketing partners.

We may also use and/or share Information as described below.

• rptMedia, L.L.C. will access, use, and share the Information as required to process your Orders and provide support to you.
• In order to provide our services and administer our rewards and promotional programs, we may share the Information (excluding the Billing Information) with our third-party promotional and marketing partners, including, without limitation, businesses participating in our various programs.
• With your permission, third-party applications or services may access your Personal Information. We use standard OAuth (open authorization) to enable you to give permission to share your Personal Information with other websites and services, such as Facebook and Twitter (e.g., when you agree to a pop-up requesting you to allow another application to access your account information). We also use OAuth to allow us to share information about you that is stored by us without sharing your security credentials.
• We may employ other companies and individuals to perform functions on our behalf. Examples may include providing technical assistance, Order fulfillment, customer service, and marketing assistance. These other companies will have access to the Information only as necessary to perform their functions and to the extent permitted by law.
• In an ongoing effort to better understand our Visitors, customers, and our products and services, we may analyze the Order Information and Other Information in aggregate form in order to operate, maintain, manage, and improve the Websites and/or our products and services. This aggregate information does not identify you personally. We may share this aggregate data with our affiliates, agents, and business partners. We may also disclose aggregated user statistics in order to describe our products and services to current and prospective business partners and to other third parties for other lawful purposes.
• We may share some or all of your Information with any of our parent companies, subsidiaries, joint ventures, or other companies under common control with us.
• As we develop our businesses, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, sale of assets, dissolution, or similar event, the Information may be part of the transferred assets.
• To the extent permitted by law, we may also disclose the Information: (i) when required by law, court order, or other government or law enforcement authority or regulatory agency; or (ii) whenever we believe that disclosing such Information is necessary or advisable, for example, to protect the rights, property, or safety of rptMedia, L.L.C. or others.

Information You Share

Please keep in mind that whenever you voluntarily make your Personal Information available to third parties — for example on message boards or web logs; through email; during webinars, classes, telephone conferences, or coaching calls; or in comment or chat areas — that information can be seen, collected, heard, and/or used by others besides us. We cannot be responsible for any unauthorized third-party use of such information.

How We Protect the Information

We take commercially reasonable steps to protect the Information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that the Information that you supply will not be intercepted while being transmitted to and from us over the Internet. In particular, e-mail sent to or from the Websites may not be secure, and you should therefore take special care in deciding what information you send to us via email.

Important Notice to Non-U.S. Residents

It is important to note that the Websites and their servers are operated in the United States. If you are located outside of the United States, please be aware that any Information you provide to us will be transferred to the United States. By using the Websites and by providing us Information when using our services, you hereby irrevocably consent to this transfer and our use of the Information and data provided by you in accordance with this Privacy Policy.

Children

We do not knowingly collect Personal Information from children under the age of 13 through the Websites. If you are under 13, please do not give us any Personal Information. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children to never provide Personal Information through the Websites without their permission. If you have reason to believe that a child under the age of 13 has provided Personal Information to us, please contact us, and we will endeavor to delete that information from our databases.

California Residents

rptMedia, L.L.C. does not monitor, recognize, or honor any behavioral advertising opt-out or do not track mechanisms, including general web browser “Do Not Track” settings and/or signals.

External Websites

The Websites may contain links to third-party websites. We have no control over the privacy practices or the content of any of our business partners, advertisers, sponsors, or other websites to which we provide links. As such, we are not responsible for the content or the privacy policies of those third-party websites. You should check the applicable third-party privacy policy and terms of use when visiting any other websites.

Changes to This Privacy Policy

This Privacy Policy is effective as of the date stated at the top of this Privacy Policy. We may change this Privacy Policy from time to time. By accessing the Websites and/or using our services after we make any such changes to this Privacy Policy, you are deemed to have accepted such changes. Please be aware that, to the extent permitted by applicable law, our use of the Information is governed by the Privacy Policy in effect at the time we collect the Information. Please refer back to this Privacy Policy on a regular basis.

Additional EU Disclosures

Our Role as Data Controller and Data Processor

rptMedia, L.L.C., generally acts as the data controller of your information submitted through our website.

If you are situated in the EU and have any complaints regarding our privacy practices as data controller, you have the right to make a complaint at any time to your local Supervisory Authority. We would, however, appreciate the chance to deal with your concerns before you approach your Supervisory Authority so please contact us in the first instance. Please see our contact details below in the section titled “Contact Us”. If you are situated in the EU and have a complaint, please contact our privacy manager at support@rachaeltodd.com.

Provision of Personal Data and Failure to Provide Personal Data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we will not be able to provide services to you.

Legal Basis for Our Processing of Your Personal

Below are the types of lawful basis that we will rely on to process your personal data:

• Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us at support@rachaeltodd.com
• Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
• Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject.

Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at support@rachaeltodd.com. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis, which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Collection of Personal Data From Third Party Sources

We also collect personal data about you from various third parties and public sources.

• If you register for our services using Facebook, Twitter or other social media sites, we will import your information from those social media sites.
• As discussed above, we also obtain information through automated technologies (see section titled “Information Collection”)

Withdrawing Your Consent

If we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time. You have the right to withdraw your consent at any time by contacting us at support@rachaeltodd.com.

Use of Your Personal Data for Marketing Purposes

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising:

• Promotional offers from us: We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us if you have requested information from us or used our services and, in each case, you have not opted out of receiving that marketing.
• Third-party marketing: We will get your express opt-in consent before we share your personal data with any company outside our company for marketing purposes.

To see how you can opt out of marketing communications, please see the section titled “Opt-Out” found at the bottom of all of our email communications.

Rights of EU Data Subjects

Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:

• Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request.
• Objecting to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information, which override your rights and freedoms.
• Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
• Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
• Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

To exercise your rights, please contact us at support@rachaeltodd.com.

How to Contact Us

If you have questions about this Privacy Policy, please contact us via email at support@rachaeltodd.com with “Privacy Policy” in the subject line.