1. What We Do with Your Personal Information?

We do not sell your information to third parties, unless it is part of a business transaction or similar event. Self Esteem is dedicated to preserving your privacy rights and considers your privacy crucial. We do not keep credit card information. Every transaction is securely processed through our portal. As you access Self Esteem or any of its related pages or sub-pages, we gather information transmitted to us by your computer, tablet or mobile device. This information includes your computer’s IP address, device identifiers, your operating system, your location, standard internet logs, or any other data accessible through web analytics. We also accumulate service-related information, such as contact details you submitted on our website, which may include your name, email, home address, phone number and other similar data.

The Order Information that we gather is primarily used to complete any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Furthermore, we utilize this Order Information to:

• Engage in communication with you;

• Examine our orders for potential risk or fraud;

• In accordance with your communicated preferences, provide you with information or advertising relevant to our products or services.

We use the Device Information that we gather to assist us in screening for potential risk and fraud (especially, your IP address), and generally to enhance and optimize our Site (for instance, by generating analytics about how our customers browse and interact with the Site, and to evaluate the effectiveness of our marketing and advertising campaigns).

2. Collection of Personal Information

Our principal objective in collecting personal information is to deliver a secure, smooth, efficient, and personalized experience. We may use your personal information to:

• Execute your order on Self Esteem;

• Send you updates about your transaction or shipment;

• Enhance our customer support;

• Personalize, measure, and improve our services;

• Modify our website based on visitor behavior;

• Deliver targeted marketing, service updates, and promotional offers aligned with your communication preferences;

• Conduct security audits related to our services;

• Contact you through email or the method selected in your preferences;

As you access the Site, we collect specific information about your device, including data about your web browser, IP address, time zone, and some cookies installed on your device. As you navigate the Site, we collect information about the individual web pages or products that you view, websites or search terms that led you to the Site, and information about your interaction with the Site. We refer to this automatically collected information as “Device Information”.

We collect Device Information using technologies such as:

• “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.

• “Log files” track actions occurring on the Site and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.

• “Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site.

Moreover, when you make or attempt to make a purchase through the Site, we collect certain information from you, such as your name, billing address, shipping address, payment information (including credit card and debit card numbers), email address, and phone number. We refer to this information as “Order Information”.

In this Privacy Policy, when we talk about “Personal Information”, we mean both Device Information and Order Information.

3. Do Not Track

Please note that our Site’s data collection and use practices remain unaltered when we see a Do Not Track signal from your browser.

4. Dissemination of Your Information

Your private information might be revealed to any member of our corporation, including our subsidiaries, our parent company, and all of its subsidiaries, when it is reasonably required for the objectives stated in this notice. Such disclosure might be for internal administrative tasks or the provision/distribution of IT, payment or marketing services or data centres within the group.

Your private information may be provided to our insurance carriers and/or professional consultants when it is reasonably necessary for obtaining or preserving insurance coverage, risk management, procuring professional advice, or initiating, executing or defending legal allegations, whether in court proceedings or in an administrative or extrajudicial process.

Your private information may be disclosed to our anti-fraud, risk and compliance service providers as is reasonably necessary to ensure data protection and fulfil our legal responsibilities.

Your private information may be disclosed to our payment service providers. Service data is only shared with our payment service providers to the degree necessary for processing your payments, transferring funds and resolving any complaints and inquiries related to such payments and transfers.

We may disclose your private information to other service providers if it is reasonably necessary to provide specific services (including, providers for servers and their maintenance, email service providers, service providers used for data analysis or marketing, call centres, customer satisfaction surveys or market research). We take all necessary actions to ensure that these subcontractors implement suitable organisational and technical measures to ensure the security and privacy of your private information.

Apart from the specific personal data disclosures outlined in this Section, we may disclose your private information if such disclosure is essential for compliance with a legal obligation we are subjected to, or to protect your vital interests or the vital interests of another person.

The entities mentioned in this Section might be located outside the European Union and European Economic Area. If we are to transfer your private data to these entities, we will adopt all necessary measures as per legal requirements to guarantee the secure handling of your privacy, including signing standard contractual clauses for data transfer when suitable. For more information on appropriate safeguards, you may reach us via email: [email protected]

5. Duration of Your Data Storage

We will not retain your private data beyond the time necessary for the intended purpose. However, under no circumstances will it be retained beyond:

• account data will be kept for a maximum of 5 (five) years following your most recent update on the account;

• service data will be kept for a maximum of 5 (five) years after the cessation of service provision;

• messaging data will be kept for a maximum of 2 (two) years after obtaining consent, or if the messaging data is sent to existing clients for maintaining and enhancing customer relationships, for no longer than 2 (two) years following the end of the relevant service provision, unless you retract your consent earlier or object to such processing;

• correspondence data will be kept for a maximum of 6 (six) months after the end of the communication.

In some instances, we cannot predetermine the retention period of your private data. For example, device data will be retained as long as necessary for the relevant processing purposes.

Regardless of the other provisions of this Section, we may retain your private data if such retention is required for compliance with a legal obligation we are subject to, or to protect your vital interests or the vital interests of another person.

6. Targeted Advertising

As mentioned previously, we use your Personal Information to offer you targeted advertisements or marketing communications that we believe may interest you. To gain more understanding of how targeted advertising functions, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt out of targeted advertising by utilising the links below:

• Facebook: https://www.facebook.com/settings/?tab=ads

• Google: https://www.google.com/settings/ads/anonymous

• Bing: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads

7. Your Entitlements

If you reside in Europe, you are entitled to access the personal information we hold about you and request that your personal information be rectified, updated, or erased. If you wish to exercise this right, please reach us through the contact information provided below.

Moreover, if you are a European resident, we note that we process your information to fulfil any contracts we may have with you (for instance, if you place an order through the Site), or to advance our legitimate business interests mentioned above. Please be aware that your information will be transferred outside of Europe, including to Canada and the United States.

8. Modifications

We may occasionally modify this Privacy Policy to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.

9. Usage by Minors

This Site is not designed for individuals under the age of 18.

10. Reach Out To Us

For additional information regarding our privacy practices, if you have inquiries, or if you wish to lodge a complaint, please reach us via e-mail at [email protected] or by postal mail using the details provided below:

Self Esteem, Privacy Compliance Officer, 1700 Van Ness Ave San Francisco, CA 94109