Effective: August 22, 2024

Overview

EYM Holdings LLC, 188 Online LLC, Tribeca Design Studio LLC, 38 Main Street EH LLC, Nili Lotan Madison LLC, Nili Lotan Florida LLC, Nili Lotan Sycamore LLC, and their subsidiaries and affiliates (collectively, “Nili Lotan,” “we,” “us,” “our”) respects your privacy and is committed to protecting the Personal Data we hold about you. If you have questions, comments, or concerns about this Privacy Notice or our processing of Personal Data, please see the bottom of this Privacy Notice for information about how to contact us. 

This Privacy Notice explains our practices with respect to Personal Data we collect and process about you. This includes information we collect through, or in association with, our website with located at https://www.nililotan.com/, our apps that we may provide, our products and services that we may offer from time to time via our website and/or related apps, our related social media sites (such as [list]), our retail stores, or otherwise through your interactions with us (the website, apps, products, services, and social media pages, collectively, the “Services”).

Our Services are operated in the United States but can be accessed worldwide.

If you are located in the European Economic Area (“EEA”), Switzerland, or the United Kingdom (“UK”), we are subject to the UK General Data Protection Regulation (“UK GDPR”) and the EU General Data Protection Regulation (“EU GDPR”) and are the “Controller” of your Personal Data as defined by the UK and EU GDPR.

Please review the following to understand how we process and safeguard Personal Data about you. By using any of our Services, whether by visiting our website or otherwise, and/or by voluntarily providing Personal Data to us, you acknowledge that you have read and understand the practices contained in this Privacy Notice. This Privacy Notice may be revised from time to time, so please ensure that you check this Privacy Notice periodically to remain fully informed.

1. Personal Data We Collect 

We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“Personal Data”). In addition, we may collect data that is not identifiable to you or otherwise associated with you, such as aggregated data, and is not Personal Data. To the extent this data is stored or associated with Personal Data, it will be treated as Personal Data; otherwise, the data is not subject to this notice.

1. Categories of Personal Data We Collect 

The types of Personal Data we collect about you depends on your interactions with us and your use of the Services. We collect the below categories of Personal Data from our users:

1. Identifiers, such as a real name, alias, billing and shipping address, unique personal identifier, online identifier, internet protocol address, or email address.
2. Personal Data categories listed in the California Customer Records statute (Cal. Civ. Code 1798.80(e)), such as name, contact information, and last four digits of your credit or debit card.
3. Protected classifications under California or federal law, such as gender.
4. Commercial information, such as products or services purchased, transaction information and transaction history.
5. Internet or other electronic network activity information, including, browsing history, search history, and information regarding a consumer’s interaction with our website.
6. Geolocation data, such as device location.
7. Audio, electronic, visual, or similar information, such as CCTV and video recordings for security purposes in our retail stores.
8. Inferences drawn from any of the information above to create a profile about an individual reflecting an individual’s preferences and characteristics.

We will not collect additional categories of Personal Data other than those categories listed above. If we intend to collect additional categories of Personal Data, we will provide you with a new notice at or before the time of collection.

1. How We Use Your Personal Data

We collect and process your Personal Data for the following business and commercial purposes:

1. Providing, predicting, or performing, including maintaining or servicing accounts, providing customer service, processing, or fulfilling orders and transactions, verifying customer information, and processing payments.
2. Marketing our products and services to you, including sending you messages about the products and services we offer, which may include special offers for products and services.
3. Communicating with you by email, text message (SMS, MMS), telephone, and other methods of communication, about products, services, order status, and information tailored to your requests or inquiries.
4. Auditing related to a current interaction with the consumer and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
5. Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
6. Debugging to identify and repair errors that impair existing intended functionality.
7. Short-term, transient use, including, but not limited to, the contextual customization of ads shown as part of the same interaction.
8. Undertaking internal research for technological development and demonstration.
9. Undertaking activities to verify or maintain the quality or safety of the services or devices owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the services or devices owned, manufactured, manufactured for, or controlled by us.
10. Complying with applicable laws, regulations, rules, and requests of relevant law enforcement and/or other governmental agencies, or for other purposes, as permitted or required by law.
11. As necessary or appropriate to protect the rights, property, and safety of our users, us, and other third parties.

We will not use the Personal Data we collected for materially different, unrelated, or incompatible purposes without providing you with notice.

1. How We Obtain Your Personal Data 

We may collect Personal Data:

·       Directly from you. When you provide it to us directly whether online, by email, phone, or in-person, for example, when you sign-up to receive emails from us or contact us.

• Automatically or indirectly from you. For example, through analytics tools, cookies, pixel tags (such as GA4, Retentionx, Retently, Klaviyo, Black Crow, 42, and Shopify, or through your interactions with us on social media websites (such as Google, Facebook, and TikTok).
• Operating Systems and Platforms. For example, we automatically collect information relating to the device used to access our Services, such as IP address, device identifiers, and browser information.

·       From Third Parties such as Advertising Networks. For example, ad networks (Bing/Microsoft, Criteo, and RTB House) to serve advertisements across the Internet. These advertisers use cookies, pixel tags, and other tracking technologies to collect information about your online activity and provide online behavioral advertising.

• From Third Parties such as Social Networks. For example, from social media networks (such as Facebook, and X), including if you contact us for customer service support through our social media pages.  
• From Third Parties such as Data Analytics Providers. For example, through technology and analytics providers (such as GA4, Retentionx, Retently, Klaviyo, Black Crow, 42, and Shopify). These providers use cookies, pixel tags, and other tracking technologies to collect information about your online activity to allow us to personalize your online experience, including sending you messages about the products and services we offer.
• From our Service Providers For example commercial email providers, security consultants, payment processors and other Service Providers we engage, such as, Shopify, Shop Pay, Amazon Pay, PayPal, Google Pay, Apple Pay, Global-E, Klarna, Loop, UPS, Goods Delivery, Bergen Logistics and ShipStation.

1. Who We Disclose Your Personal Data To 

We disclose your Personal Data with the following categories of third parties:

• Our Service Providers.
• Our affiliated entities.
• Our partners or prospective partners in order to provide us and/or our partners with information about the use of the Services and levels of engagement with the Services, to allow us to enter into new business relationships, and to allow us to market products or services on their behalf.

·       Third-party brands and agencies that may use that information to market their own relevant products or services to you.

• Government agencies or regulations when permitted or required to do so by law; in response to a request from a law enforcement agency or authority or any regulatory authority; and/or to protect the integrity of the Services or our interests, rights, property, or safety, and/or that of our users and others.

1. Your Rights Regarding Personal Data

1. Accessing, Modifying, Rectifying, and Correcting Collected Personal Data

We strive to maintain the accuracy of any Personal Data collected from you and will try to respond promptly to update our records when you tell us the information in our records is not correct. However, we must rely upon you to ensure that the information you provide to us is complete, accurate, and up-to-date, and to inform us of any changes. Please review all of your information carefully before submitting it to us and notify us as soon as possible of any updates or corrections.

Depending on the laws that apply to you, you may obtain from us certain Personal Data in our records. If you wish to access, review, or make any changes to Personal Data you have provided to us through the Services, please contact us at the information provided at the end of this Privacy Notice. We reserve the right to deny access as permitted or required by applicable law.

1. Your California Privacy Rights

California’s “Shine the Light” law permits our users who are California residents to request and obtain from us a list of what Personal Data (if any) we disclosed to third parties for their own direct marketing purposes in the previous calendar year and the names and addresses of those third parties. Requests may be made only once per year per person, must be sent to the email address below, and are free of charge. Requests may be sent through the contact methods listed below.

California residents should refer to our California Privacy Notice for more information about their rights.

1. Your Nevada Privacy Rights 

Nevada law permits our users who are Nevada consumers to request that their Personal Data not be sold (as defined under applicable Nevada law), even if their Personal Data is not currently being sold. Requests may be sent through the contact methods listed below.

d.  Your Virginia, Colorado, Connecticut, Utah, Oregon and Texas Rights

If you are located in Virginia, Colorado, Connecticut, and Utah, you have certain rights regarding your Personal Information. The section describes how we collect, use, and share your Personal Information under the Virginia Consumer Data Protection Act (“VCDPA”), the Colorado Privacy Act (“CPA”), the Connecticut Act Concerning Personal Information Privacy and Online Monitoring (“PDPOM”), the Utah Consumer Privacy Act (“UCPA”), the Oregon Consumer Privacy Act (“OCPA”) and the Texas Data Privacy Act (“TDPA”), and your rights with respect to that Personal Information.

As a Virginia, Colorado, Connecticut, Utah, Oregon or Texas resident, you have some or all of the rights listed below. However, these rights are not absolute, and we may decline your request as permitted by law. You can ask to appeal any denial of your request in the same manner through which you may submit a request.

• Right to Access and Portability: You have right to access your Personal Information and/or receive a copy of the Personal Information that we have collected about you.

• Right to Correct: You have the right to correct inaccurate Personal Information that we have collected about you.
• Right to Delete: You have the right to delete the Personal Information we have obtained about you or that you have provided to us with certain exceptions.
• Right to Opt-out of Tracking for Targeted Advertising Purposes: You have the right to opt-out of certain tracking activities for targeted advertising purposes.
• Right to Opt-out of Profiling: If we process your Personal Information for profiling purposes as defined by the VCDPA, CPA, PDPOM, and/or UCPA you can opt-out of such processing.
• Right to Non-discrimination: You have the right to be free from discrimination as prohibited by the VCDPA, CPA, PDPOM, and/or UCPA.

e.     Your Canadian Privacy Rights

Residents of Canada are permitted to request and obtain from us information respecting the existence, use, and disclosure of their Personal Data as well as access to that information (subject to certain exceptions pursuant to applicable laws). Without limiting the above, residents of Canada will, upon request:

·       Be informed of whether we hold Personal Data about you;

·       Be provided with an account of third parties to which we have disclosed your Personal Data;

·       Be able to challenge the accuracy and completeness of your Personal Data and have it amended as appropriate; and

·       Be provided with information about our policies and practices with respect to the management of Personal Data, including: the name or title, and address, of the person who is accountable for our privacy policies and practices; the means of gaining access to Personal Data; a description of the type of Personal Data held by us, including a general account of its use; a copy of any brochures or other information that explain our policies, standards, or codes; and what Personal Data is made available to related organizations.

f.     Your EU and UK Privacy Rights

If you are located outside the United States, we transfer Personal Data for processing in the United States, including Personal Data sent via e-mails or when you make an order. Under the GDPR, we are considered a “controller” of the Personal Data. By using the Services outside the United States, you acknowledge that we will transfer your data to, and store your Personal Data in, the United States, which may have different data protection rules than in your country, and Personal Data may become accessible as permitted by law in the United States, including law enforcement and/or national security authorities in the United States. For transfers of data into and out of the EEA, Switzerland, and the UK, pursuant to Article 46 of the GDPR, we use standard contractual clauses adopted by the European Commission or applicable regulator.

Rights of Swiss, EEA and UK Residents

Under the GDPR, you may have the following rights with respect to your Personal Data, including to:

• Right to Access and Portability. You have right to access your Personal Data and/or receive a copy of the Personal Data that we have collected about you in a portable format.
• Right to Object to Processing. You have the right to object to the continued processing or use of your Personal Data.
• Right to Correct. Right to update and correct inaccuracies in your Personal Data.
• Right to Object. Right to object to the continued processing or use of your Personal Data in certain situations, including for direct marketing.
• Right to Erasure. Right to have the Personal Data blocked, anonymized, or deleted, as appropriate in certain situations.
• Right to Complain. You have the right to complain to a supervisory authority, and your Personal Data may be blocked, anonymized, or deleted, as appropriate. If you are in the EU, you may find information about your supervisory authority here and if you are in the UK, you may find it here.
• Right to Withdraw Consent. If you have provided us with a consent to use your Personal Data you have a right to withdraw that consent easily at any time. Please contact us to do so.  Withdrawing a consent will not affect the lawfulness of our use of your Personal Data in reliance on that consent before it was withdrawn.

The right to access Personal Data may be limited in some circumstances by local law. If you qualify, in order to exercise these rights, please contact us as set forth below.

Nili Lotan
Attn: Privacy
E-mail:  privacy@nililotan.com

1.888.415.1045

We may ask you to provide additional information for identity verification purposes, or to verify that you are in possession of an applicable email account.

Please understand, however, that we reserve the right to retain an archive of such Personal Data for a commercially reasonable time to ensure that its deletion does not affect the integrity of our data; and we further reserve the right to retain an anonymous version of such Information.

This section of the Privacy Policy is applicable to individuals located in the EEA, Switzerland, and the United Kingdom (“European Data Subjects”).

Our purpose for collecting and processing Personal Data from European Data Subjects is to provide them with the features and functionalities of our Services and information regarding our Services. The legal basis for processing Personal Data is because:

1.      It is necessary for performance of a contract between us to provide you with the Services.

2.      It is related features and functionality and in other circumstances may be necessary for our legitimate interests in making the Services available and secure.

3.      To exercise our rights or comply with legal obligations.

4.      We also rely on your consent to receive information about our Services.

You may withdraw consent from receiving marketing and promotional communications by clicking the “Unsubscribe” link on the communication or sending an e-mail to privacy@nililotan.com  with the subject line “Opt Out.” If European Data Subjects do not provide Personal Data to us or withdraw consent for processing such Personal Data, we may not be able to provide such individuals with certain features or functionalities of the Services or information regarding the Services, including processing orders. Note that we do not collect any sensitive personal information about you.

European Data Subjects may obtain information about the Personal Data that we hold about them by contacting us at privacy@nililotan.com.

1. Your Choices

You have choices about certain information we collect about you, how we communicate with you, and how we process certain Personal Data. When you are asked to provide information, you may decline to do so; but if you choose not to provide information that is necessary to provide some of our Services, you may not be able to use those Services. In addition, it is possible to change your browser settings to block the automatic collection of certain information.

1. Communications Opt-Out. You may opt out of receiving marketing or other communications from us at any time through a given communications channel (such as email or telephone) by following the opt-out link or other unsubscribe instructions provided in any email message received, by contacting us as provided at the end of this Privacy Notice.

Note that if you do business with us in the future, you may not, subject to applicable law, opt out of certain automated notifications, such as order or subscription confirmations, based on business transactions (e.g., e-commerce).

1. Location Information. If you want to limit or prevent our ability to receive location information from you, you can deny or remove the permission for certain Services to access location information or deactivate location services on your device. Please refer to your device manufacturer or operating system instructions for instructions on how to do this.

1. Cookies, Web Tracking, and Advertising. Please consult our Cookie Policy for more information about how to control and/or opt out of certain web tracking technologies and/or advertising providers from collecting information about you.

1. Protecting Personal Data

We use reasonable and appropriate physical, technical, and organizational safeguards designed to promote the security of our systems and protect the confidentiality, integrity, availability, and resilience of Personal Data. Those safeguards include (i) encryption through secure socket layer technology (SSL); (ii) taking steps to ensure Personal Data is backed up and remains available in the event of a security incident; and (iii) periodic testing, assessment, and evaluation of the effectiveness of our safeguards.

However, no method of safeguarding information is completely secure. While we use measures designed to protect Personal Data, we cannot guarantee that our safeguards will be effective or sufficient. In addition, you should be aware that Internet data transmission is not always secure, and we cannot warrant that information you transmit utilizing the Services is or will be secure.

1. Retention of Personal Data.

We retain Personal Data to the extent we deem necessary to carry out the processing activities described above, including but not limited to compliance with applicable laws, regulations, rules, and requests of relevant law enforcement and/or other governmental agencies, and to the extent we reasonably deem necessary to protect our and our partners’ rights, property, or safety, and the rights, property, and safety of our users and other third parties.

1. Other Important Information About Personal Data and The Services.

a.     Collection of Personal Data from Children.  We do not knowingly collect information from children under the age of 18. By using the Services, you represent that you are 18 years of age or older or have valid parental consent to do so.

b.     Third-Party Websites and Services. As a convenience and as part of our Services, we may reference or provide links to third-party websites and services. When you directly access these third-party services, you leave our Services, and we are not responsible for, and do not control, the content, security, or privacy practices employed by any third-party websites and services. You access these third-party services at your own risk. This Privacy Notice does not apply to any third-party services; please refer to the privacy notice or policies for such third-party services for information about how they collect, use, and process Personal Data.

c.      Business Transfer. We may, in the future, sell or otherwise transfer some or all of our business, operations or assets to a third party, whether by merger, acquisition or otherwise. Personal Data we obtain from or about you via the Services may be disclosed to any potential or actual third-party acquirers and may be among those assets transferred.

d.     Do Not Track. We use analytics systems and providers and participate in ad networks that process Personal Data about your online activities over time and across third-party websites or online services, and these systems and providers may provide some of this information to us. We do not currently process or comply with any web browser’s “do not track” signal or similar mechanisms.

e.     Payment Information. Online and in store payments are processed by our third-party payment provider, Shopify, and are subject to their privacy policy and terms.

f.      International Use. We are headquartered and operate in the United States. Therefore, your Personal Data will be stored and processed in the United States. If you are using the Services from outside the United States, by your use of the Services you acknowledge that we will transfer your data to, and store your Personal Data in, the United States, which may have different data protection rules than in your country, and Personal Data may become accessible as permitted by law in the United States, including to law enforcement and/or national security authorities in the United States.

If you are based in the UK or EEA, we will only transfer your Personal Data in accordance with data protection laws and we only transfer your Personal Data to a country outside the UK/EEA where:

·       in the case of transfers subject to UK data protection law, the UK government has decided the particular country ensures an adequate level of protection of Personal Data (known as an “adequacy decision”). A list of countries the UK currently has adequacy regulations in relation to is available here;

·       in the case of transfers subject to EEA data protection laws, the European Commission has decided that the particular country ensures an adequate level of protection of Personal Data (known as an “adequacy decision”). A list of countries the European Commission has currently made adequacy decisions in relation to is available here;

·       there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you. This will most likely be that we have put in place the appropriate standard contractual clauses and carried out a transfer impact assessment; or

·       a specific exception applies under relevant data protection law.

1. Modifications and Updates to this Privacy Notice

This Privacy Notice replaces all previous disclosures we may have provided to you about our information practices with respect to the Services. We reserve the right, at any time, to modify, alter, and/or update this Privacy Notice, and any such modifications, alterations, or updates will be effective upon our posting of the revised Privacy Notice. Your continued use of the Services following our posting of any revised Privacy Notice will constitute your acknowledgement of the amended Privacy Notice.

1. Applicability of this Privacy Notice

This Privacy Notice is subject to the Terms of Service that govern your use of the Services. This Privacy Notice applies regardless of the means used to access or provide information through the Services.

This Privacy Notice applies regardless of the means used to access or provide information through the Services. This Privacy Notice does not apply to information from or about you collected by any third-party services, applications, or advertisements associated with, or websites linked from, the Services. The collection or receipt of your information by such third parties is subject to their own privacy policies, statements, and practices, and under no circumstances are we responsible or liable for any third party’s compliance therewith. 

 Additional Information and Assistance

If you have any questions or concerns about this Privacy Notice and/or how we process Personal Data, please contact us at:

privacy@nililotan.com

1.888.415.1045

If you are located in the United Kingdom, European Union or European Economic Area, and you wish to raise a concern regarding our use of your Personal Data, you have the right to do so with your lead supervisory authority https://edpb.europa.eu/about-edpb/about-edpb/members_en or your local supervisory authority.

9.   For more information about how users with disabilities can access this Privacy Notice in an alternative format, please refer here.