Privacy Policy

SUMA, LLC

Effective Date: 05/01/2020

This Privacy Policy describes the policies and procedures of SUMA, LLC and We are Suma (“we”, “our” or “us”) on the collection, use and disclosure of your information on our website and mobile application and the services, features, content, products or applications we offer (collectively, the “Services”). We receive information about you from various sources, including: (i) if you register on our website for the Services, through your user account on the Services (your “Account”); (ii) your use of the Services generally; and (iii) from third party websites and services. When you use the Services, you are consenting to the collection, transfer, manipulation, storage, disclosure and other uses of your information as described in this Privacy Policy. Our privacy practices may vary among the countries in which we operate to reflect local practices and legal requirements.

Note to Residents of the European Union and California: In order to comply with the requirements of the European General Data Protection Regulation (GDPR) for our European users, and California Consumer Privacy Act (CCPA), this Privacy Policy outlines the legal basis on which we process your Personal Data and provides other information required by the GDPR & CCPA.

By using the Services, you consent to the collection, use, retention, and disclosure of your Personal Data for processing as described in, and subject to the limitations set out in this Privacy Statement.

Personal Data

Personal Data is any information that would identify a person directly, or indirectly in combination with data from other sources. For example, a full name, home or work address, phone number, national identification number (SSN, SIN, etc.), email address, banking details, IP address, biometric data, usage data, or any information that may individually identify a person.

SUMA, LLC may collect Personal Data including without limitation your name, shipping and billing addresses, phone number, email address, payment information, IP address, and device identifiers and/or geolocation information, in the course of its Services, and may use or disclose that Personal Data as described in this Privacy Policy.

SUMA, LLC may also create de-identified or anonymized data from Personal Data by excluding data components (such as your name, email address, etc.) that makes the data able to personally identify you, through obfuscation, or through other means. In addition, SUMA, LLC may collect and use aggregated, anonymous information to provide data about the Services to advertisers, potential business partners and other unaffiliated entities. As this information does not identify a person, and is therefore not Personal Data, SUMA’s use of such aggregated, anonymized and/or de-identified data is not subject to this Privacy Policy.

#Consent and Collection of Personal Data If you use a SUMA, LLC website, or conduct a transaction through We are Suma  where Personal Data is essential, your consent is implied to collect and use your Personal Data to facilitate that use or complete that transaction requested or initiated by you only. Examples of instances in which Personal Data may be collected by SUMA are, without limitation:

  • When you Register for a SUMA Newsletter,
  • If you make or return a purchase through a We are Suma,
  • When you access and navigate a SUMA website, or engage in communication and/or business transactions with SUMA Professional Services, Managed Services, Client Success, or any other SUMA entity,
  • If you knowingly submit Personal Data through a SUMA website for the purpose of registering for a service, a contest, or authentication.

During these instances, we may collect data such as, but not restricted to: areas of the Services or SUMA websites you visit, transaction type(s) you engage in or request (and amounts thereof), content you view, your IP address, data downloaded or submitted by you, payment information provided by you, shipping and billing information entered by you, as well as the nature, quantity and price of the goods or services you exchange and the individuals or entities with whom you communicate or transact business using the Services.

In the event SUMA requests Personal Data for scenarios independent of the above, such as marketing-related questions via questionnaires, surveys, and profile data, it will include a specific consent request. The consent request will include a clear purpose and goal for the collection of Personal Data, along with a means of withdrawing consent. In these scenarios, we may ask for data such as, but not limited to: your contact information (name, telephone numbers, email address, mailing address), date of birth, product and/or cosmetic concerns, which brands and products you use, user authentication and security information (e.g. username and password).

If at any point you wish to withdraw consent to Personal Data collection, please contact SUMA via the email at hello@wearesuma.com with the Subject matter “Privacy & Data.”  Please note that certain Services may only be able to be offered or provided to you if you disclose the Personal Data necessary to facilitate those Services, and therefore SUMA  may not be able to provide you with certain Services in the event that you choose not to disclose that Personal Data to SUMA.

Age of Consent

The Services offered by SUMA are directed towards and designed for the use of persons above the age of majority in your province, state, or country. Persons under the age of majority are not permitted to use the Services on their own, and SUMA will not approve applications of, or establish, or maintain accounts or memberships for, any persons below their respective region’s age of majority.

SUMA does not solicit or knowingly collect Personal Data from persons below the age of majority of their region. If we discover we have received Personal Data of a person below the age of majority, we will delete such information from our systems. Additionally, if a parent or legal guardian believes that Personal Data regarding a minor in their care has been provided to SUMA, they may request the minor’s information be corrected or deleted by contacting SUMA Privacy Officer via email at hello@wearesuma.com with the Subject matter “Privacy & Data.”

Anonymous Information

When you interact with a SUMA Service, similar to most other websites, apps, and online services, certain anonymous technical information about your visit is automatically logged and collected by SUMA. This may include information about the type of browser you use, operating system, the date and time you access the Service, the links you accessed while using the Service, and the internet address of the website, if any, which linked directly to the SUMA Service. This information is used for system administration purposes such as diagnosing problems with SUMA’s Services, servers and websites, compiling aggregated and statistical information, and to improve the operation and content of SUMA’s websites and Services. It is not personally identifiable, and is not considered Personal Data and subject to this Privacy Policy.

Personal Data Use

SUMA may use collected Personal Data for such purposes as:

  • Helping to establish and verify the identity of users, and to keep user accounts secure,
  • Opening, maintaining, administering and servicing users’ accounts or memberships,
  • Providing Services and support to users,
  • Improving SUMA’s websites, including tailoring its websites to users’ preferences,
  • Providing users with product or Service updates, promotional notices and offers, and other information about SUMA and its affiliates,
  • Corresponding with you, and responding to your questions inquiries, comments, and instructions,
  • Maintaining the security and integrity of SUMA systems, and,
  • Complying with applicable laws.

Once collected, SUMA will store and process your Personal Data in secure locations. Where this transmission occurs, the security measures outlined in this Privacy Policy will continue to apply.

Personal Data will only be retained by SUMA for the length of time required to fulfill the purpose or complete the transaction for which it was collected, or as may be required by law. Beyond that point, Personal Data in the possession or control of SUMA will be anonymized or securely destroyed.

Information We Collect

In connection with your use of the Services, you may submit information directly to us or we may collect information by using cookies, web beacons, and other automated means.  We may combine information we receive from you with information we receive from other sources for the purposes described in this Privacy Policy.

The types of information we may collect include:

  • Contact information, such as your name, email address, mailing address, and phone number;
  • Account information, such as your username and password;
  • Billing information, such as credit card details, billing address, and proof of identification; and
  • If you access the Services through Facebook credentials – the information Facebook makes available to us based on your Facebook privacy settings, such as your name, picture, and email address.

The information that may be collected by automated means includes:

  • Details about the devices that are used to access the Services (such as IP address, browser information, device information, and operating system information);
  • Details about your interaction with the Services (such as the date, time, length of stay, and specific pages accessed during your visits to our website, and which emails you may have opened);
  • Usage information in aggregate form (such as the number and frequency of visitors to the Site); and
  • Geolocation data (which determines your current locations) from some of our Services, such as mobile applications.

We may associate the information we collect by automated means with your Account if you have one, the device you use to connect to the Services, or email or social media accounts that you use to share our content. Please see our Cookies Policy for more detail about the information we may collect automatically and your choices.

When you visit our Site or use our mobile applications or other Services, ad networks and other parties may collect information about your online activities over time and across different websites. Because there is not yet a consensus on how companies should respond to web browser-based or other do-not-track (“DNT”) mechanisms, we do not respond to web browser-based DNT signals at this time.

Information Related to Advertising

To support and enhance the Services, we may serve advertisements and also allow third parties advertisements, through the Services. These advertisements are sometimes targeted and served to particular users and may come from third party companies called “ad networks.” Ad networks include third party ad servers, ad agencies, ad technology vendors and research firms. We are not responsible for the privacy practices of these ad networks and other parties.

Advertisements served through the Services may be targeted to users who fit a certain general profile category, which may be inferred from information provided to us by a user, may be based on the Services usage patterns of particular users, or may be based on your activity on Third Party Services (as defined in this Privacy Policy). We do not provide Personal Information to any ad networks for use other than in connection with the Services.

How we Use the Information we Collect

The information we gather enables us to personalize, improve and continue to operate the Services. We may use the information we collect to:

  • Fulfill, manage, and send you information about your orders;
  • Communicate with you about the products and services we offer, including our websites and mobile applications, and respond to your requests, inquiries, comments, and suggestions;
  • Establish and maintain your Account;
  • Offer promotions, sweepstakes, or other contests;
  • Invite you to participate in surveys and other market research;
  • Operate, evaluate and improve our business, our websites and mobile applications, and other products and services we offer (including to develop new products and services);
  • Tailor the content we display to you in our communications and in connection with your use of our websites or mobile applications;
  • Analyze and enhance our communications and strategies (including by identifying when emails sent to you have been received and read);
  • Provide you with important administrative information regarding the Service such as changes to this Privacy Policy and our Terms of Use and other policies
  • Comply with legal requirements, judicial process, and our company policies (including to verify users’ identity in connection with access or correction requests); and
  • Protect against, identity, investigate, and respond to fraud, illegal activity (such as incidents of hacking or misuse of our websites and mobile applications), and claims and other liabilities, including by enforcing the terms and conditions that govern the use of our websites and mobile applications.

Any information provided through Facebook, Instagram or any other social media platforms  will be used in accordance with the platform’s policies and your preferences selected through the platform.

How we Share the Information we Collect

SUMA, LLC and We are Suma does not sell or otherwise disclose the information we collect about you except as described in this Privacy Policy, with your consent, or as we notify you at the time we collect the information. We may share information that we obtain about you with:

  • Our affiliates and subsidiaries, for the purposes, described in this Privacy Policy; and
  • Our service providers that perform services on our behalf, such as fulfilling orders, delivering packages, sending postal mail and e-mail, serving ads, providing search results and links, and processing credit card payments; only to the extent necessary to provide the services. We do not authorize our service providers to use or share your information for their own purposes.

We may share aggregate information with our partners, service providers and other persons with whom we conduct business. We share this type of statistical data so that our partners can understand how and how often people use our Services and their services or websites, which facilitates improving both their services and how our Services interface with them. We may also provide aggregate information to third parties when describing the Service to prospective partners, advertisers, and other third parties, and for all other lawful purposes. As communicated to third parties, the aggregate information does not include any information that would permit the recipient to identify, locate or contact you.

We may share limited IP address information with our partners, service providers and other entities with whom we conduct business, and as otherwise specified in this Privacy Policy for the purposes described in this Privacy Policy.

In some cases, we may choose to buy or sell assets. In these types of transactions, user information, including personal information, is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that are transferred or acquired by a third party. You acknowledge that such transfers may occur as permitted by law. Following the transfer of user information in the circumstances described in this paragraph, all inquiries concerning the processing of user information should be directed to the entity to which the information is transferred.

User Content

Some features of the Services allow you to provide content to the Services, such as product reviews. The Services are designed to help you share such content with others. As a result, some of the provided content is shared publicly or with third parties. Therefore, all content submitted by you to the Services may be retained by us for as long as we require it in relation to the purposes set out in this Privacy Policy, subject to state law, even after you terminate your Account. We may continue to disclose such content to third parties, as described in this Privacy Policy.

Links to Websites and Third-Party Content

We may provide links to third-party websites, services, and applications, such as Facebook that we do not own or control (“Third Party Services”). While we attempt to facilitate access only to those Third Party Services that share our respect for your privacy, we cannot take responsibility for the content, privacy policies, or practices of those Third Party Services. We encourage you to review and understand the privacy practices of any Third Party Services before providing any information to or through them.

The Service also may include an activity feed, social media buttons, and widgets, such as the Facebook “Like” button or the “Share This” button. Your interactions with these features are governed by the privacy policy of the Third Party Service that provides the feature.

Your Rights and Choices

You can use many of the features of the Services without registering, thereby limiting the types of information that we collect. You have certain rights and choices regarding We are Suma’s  processing of your information:

  • You may choose not to receive our marketing emails by clicking on the unsubscribe link in the emails you receive from us, or by updating your preferences in your Account settings. Please note that even if you opt out, we may continue sending you purchase and order related information, and other non-marketing information as we deem necessary.
  • To the extent permitted by applicable law, you may withdraw any consent you previously provided to us, or object at any time on legitimate grounds, to the processing of your Personal Information by contacting us at hello@wearesuma.com. We will apply your preferences going forward. In some circumstances, withdrawing your consent to We are Suma’s use or disclosure of your Personal Information will mean that you will no longer be able to use We are Suma’s products or services.
  • You may stop sharing your location data by adjusting your mobile device’s location services settings. For instructions on changing the relevant settings, please contact your service provider or device manufacturer.
  • You may review, update, or modify your Account information, including profile and contact information, by logging into your We are Suma Account.
  • You may delete your Account by emailing hello@wearesuma.com. Please note that we will need to verify that you have the authority to delete the Account, and activity generated prior to deletion may remain stored by us and may be publicly accessible (for example, with respect to product reviews).

In certain jurisdictions in which we operate, you may have the right under applicable law to: obtain confirmation that we hold personal information about you, request access to and receive information about the personal information we maintain about you, receive copies of the personal information we maintain about you, update and correct inaccuracies in your personal information, object to the processing of your personal information, provide instructions for the use of your personal information after death, request to be deleted any personal information collected at the time you qualified as a minor under applicable law, and have your information blocked, anonymized or deleted, as appropriate. The right to access personal information may be limited. To exercise these rights, please contact us as set forth below.

How We Protect and Retain Information

Your Account will be protected by a password for your privacy and security. You need to help prevent unauthorized access to your Account by selecting and protecting your password appropriately and limiting access to your computer and browser by signing off after you have finished accessing your Account.

We seek to protect Account information to ensure that it is kept private; however, we cannot guarantee the security of any Account information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

We otherwise store all of our information, including your IP address information, using techniques reasonably designed to secure the information. We do not guarantee or warrant that such techniques will prevent unauthorized access to information about you that we store.

In certain jurisdictions, we will retain your information only for as long as necessary to fulfill the purpose for which the information was collected, depending on the purposes for which the information was collected, the nature of the information, any contractual relationship we may have with you, and our legal or regulatory obligations.  We will then destroy your information or anonymize the information for statistical and analytical purposes in accordance with applicable law.

International Data Transfers

We may transfer your information to countries other than the country in which the data was originally collected. These countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your information to other countries, we will protect that information as described in this Privacy Policy.

Updates to our Privacy Notice

We may amend this Privacy Policy from time to time and without prior notice to you. If we make changes in the way we collect or use information, we will notify you by posting an announcement on the Services and, in certain circumstances, seeking your consent.

California Privacy Rights

This section provides additional details about California consumers and the rights afforded to them under the California Consumer Privacy Act or (“CCPA”). If you need to access this notice in an alternative format, please contact us via the method in Contact & Questions section below.

Under CCPA “Personal Information” is defined as anything that identifies, relates to, describes or is capable of being associated with or could reasonably be linked, directly or indirectly, with a particular California consumer of household. For more details about the Personal Information we have collected over the last 12 months, including the categories of sources, please see the Personal Data and Consent and Collection of Personal Data section above. We collect this information for the business and commercial purposes described in the Personal Data Use section above. We share this information with the categories of third parties described in there. SUMA, LLC does not sell (as such term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt out). Please note that we may use third-party cookies for our advertising purposes as further described in our Cookies and Advertising section above.

The CCPA requires opt-in consent to information use for minors under the age of 16 and verified parental consent for children under the age of 13. We do not knowingly collect or process the information of children.

Subject to certain limitations, the CCPA provides California consumers the right to request, free of charge, to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.

California consumers may make a request pursuant to their rights under the CCPA by contacting us at hello@wearesuma.com. We will verify your request using the information associated with your account, including email address. Government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf.

Changes to this Privacy Policy

SUMA, LLC reserves the right to modify or supplement this Privacy Policy in its discretion, at any time. If a material change to the terms of this Privacy Policy is made, we will post a notice to our website and a link to the new or amended Privacy Policy. The collection, use and disclosure of your Personal Data by SUMA, LLC will be governed by the version of this Privacy Policy in effect at that time. Your continued use of SUMA’s websites and/or Services subsequent to any changes to this Privacy Policy will indicate your consent to the collection, use and disclosure of your Personal Data in accordance with the amended Privacy Policy.

Contact & Questions

If you have any questions or comments regarding this Privacy Policy or any aspects of SUMA, LLC or We are Suma, please contact us at hello@wearesuma.com.