Privacy and Cookie Policy

We respect your concerns about privacy and value the relationship we have with you. This privacy policy ("Policy") describes Mountain Valley Springs India Private Limited's ("MVSIPL" or "we" or "us" or "our") and its affiliates' and subsidiaries' commitment to respecting your privacy and recognises your need for appropriate protection and management of any personal information you share with us. The words "you" or "your" or "Customer" as used herein, refer to all individuals and/or entities browsing, accessing, or using the Platform or Services (both, as defined hereinafter) for any reason.

We also describe the measures we take to protect the security of the information, how long we retain it and how our Customers can contact us about our privacy practices and how to exercise their rights. By using or accessing the Services through our Platform or otherwise, whether through a mobile device, mobile application, computer or any other device and/or at retail stores, you agree to be bound by the terms of use more particularly provided on the Platform (the "Terms") and the provisions of this Policy. You further consent to MVSIPL's collection, retention, processing, use, disclosure, and protection of Personal Data (as defined hereinafter), when you create an account / login credentials or make a purchase in our retail stores, to avail the Services.

This Policy (together with the Terms and any other document(s) referred to in the Terms) sets out to inform the Customer the following:

(a) The kinds of Personal Data we may gather during your use of our Services;
(b) Why we gather your information;
(c) What we use your Personal Data for;
(d) When we might disclose your Personal Data; and
(e) How you can manage your Personal Data.

By signing up on our Platform, you further represent that you are 18 (eighteen) years of age or older than the age prescribed in your country of residence for a child.

YOU AGREE TO PROVIDE YOUR CONSENT TO THE TERMS OF THIS PRIVACY POLICYBY TICKING THE BOX NEXT TO THE WORDS "I AGREE WITH THIS PRIVACY POLICY". IF YOU DO NOT AGREE TO THIS POLICY, PLEASE DO NOT PROCEED FURTHER TO USE OR ACCESS THE PLATFORM AND/OR OUR SERVICES. YOU WILL HAVE THE OPTION TO NOT PROVIDE YOUR CONSENT, OR WITHDRAW ANY CONSENT GIVEN EARLIER, PROVIDED THAT THE DECISION TO NOT PROVIDE CONSENT/WITHDRAWAL OF THE CONSENT IS INTIMATED TO US IN WRITING. IF YOU DO NOT PROVIDE US PERSONAL DATA OR WITHDRAW THE CONSENT TO PROVIDE US WITH ANY OF YOUR PERSONAL DATA AT ANY POINT IN TIME, WE SHALL HAVE THE OPTION TO NOT PROVIDE THE SERVICES FOR THE PURPOSE OF WHICH THE SAID PERSONAL DATA WAS SOUGHT.

This Policy DOES NOT apply to information that you provide to, or that is collected by, any Third Party (as defined hereinafter), such as social networks that you use which are not in connection with our Services. MVSIPL encourages you to consult directly with such Third Parties about their privacy practices.

This Policy is incorporated into and subject to the provisions of the Terms and the terms not defined here, have the meanings ascribed to them in the Terms. This Policy and the Terms are effective upon your accessing or using the Platform and/or use of our Services. We encourage you to read the terms of the Policy and the Terms in their entirety before you visit the Platform or use our Services.

1. Your Privacy - Our Commitment

1.1 We are extremely proud of our commitment to protect your privacy. We value your trust in us. We will work hard to earn your confidence so that you can use our Services unhesitatingly and recommend us to friends and family. Please read the following policy to understand how your Personal Data will be treated as you make full use of our Platform.

1.2 For the purposes of this Policy, the following terms shall have the meaning set forth below:

"Applicable Laws" shall mean any and all: (a) laws, statutes, constitutions, treaties, rules, regulations, ordinances, codes, guidance, and common law; and (b) all judicial, executive, legislative, administrative or military orders, directives, decrees, injunctions, judgments, permits, agreements, and other legal requirements, in each case, of, with, or adopted or imposed by any Governmental Authority (as defined hereinafter), now or hereafter in effect and, in each case, as amended from time to time.

"Application", singular or plural, refers to any of our html-based/internet-based computer programs, smart phone, tablet or personal computer applications and all other software programs made available to the Customers (either via Apple iOS or Android) by us.

"Data Protection Law" shall mean any data protection, data security or privacy law, including, without limitation, the Information Technology Act, 2000 including the rules thereunder ("IT Act and Rules"), the EU General Data Protection Regulation 2016/679 (the "GDPR"), and any laws governing Personal Data or information from outbound telephone calls, transmission of electronic mail, transmission of facsimile messages and any other communication-related data protection, data security or privacy laws.

"Governmental Authority" means any government authority, statutory authority, regulatory authority, government department, agency, commission, board, tribunal or court or other law, rule or regulation making entity/ authority having or purporting to have jurisdiction on behalf of the Republic of India or any state or other subdivision thereof or any municipality, district, or other subdivision thereof.

"Intellectual Property" or "IP" includes ideas, concepts, creations, discoveries, inventions, improvements, know how, trade or business secrets; trademarks, service marks, designs, utility models, tools, devices, models, methods, procedures, processes, systems, principles, synthesis protocol, algorithms, works of authorship, flowcharts, drawings, books, papers, models, sketches, formulas, proprietary techniques, research projects, copyright, designs, and other confidential and proprietary information, databases, data, documents, instruction manuals, records, memoranda, notes, user guides, in either printed or machine-readable form, whether or not copyrightable or patentable or protectable under any other intellectual property law, or any written or verbal instructions or comments.

"Intellectual Property Rights" or "IPR" include: (a) all rights, title, and interest under any statute or under Applicable Laws including patent rights; copyrights including moral rights; and any similar rights in respect of the Intellectual Property, anywhere in the world, whether negotiable or not; (b) any licenses, permissions and grants in connection therewith; (c) applications for any of the foregoing and the right to apply for them in any part of the world; (d) right to obtain and hold appropriate registrations in Intellectual Property anywhere in the world; (e) all extensions and renewals thereof; and (f) causes of action in the past, present or future, related thereto including the rights to damages and profits, due or accrued, arising out of past, present or future infringements or violations thereof and the right to sue for and recover the same.

"MVSIPL Account" means the account created and registered on the Platform by the Customer and which may comprise details pertaining to the Personal Data.

"Opt-Out" means (as the case may be) a link for you to indicate your refusal to our use of your Personal Data and the mechanism explained in Clause 9 of this Policy.

"Party" refers individually to each of you and MVSIPL.

"Parties" refer to both you and MVSIPL jointly.

"Personal Data" shall mean any personally identifiable information relating to an identified or identifiable individual, including data that identifies an individual or that could be used to identify, locate, track, or contact an individual. Personal Data includes both directly identifiable information, such as a name, identification number or unique job title, and indirectly identifiable information such as date of birth, unique mobile or wearable device identifier, information that could be used to identify a household, telephone number, key-coded data or online identifiers, such as IP addresses, and includes any data that constitutes "personal data" or "sensitive personal data or information" under the GDPR or similar terms under other Data Protection Law.

"Personal Identification Information" means your name, address, identification number, phone number, and includes any other information by which you may be personally identified.

"Platform" means the MVSIPL website located at www.forestessentialsindia.com or such website or any other Application powered by MVSIPL to provide the Services, but does not include any website or Application owned or operated by a Third Party that may be accessed from any page on www.forestessentialsindia.com or Application powered by MVSIPL.

"Sensitive Personal Data or Information" with respect to a person shall mean such personal information which consists of information relating to:  

 

(a) password;
(b) financial information such as bank account or credit card or debit card or other payment instrument details;
(c) physical, physiological and mental health condition;
(d) sexual orientation;
(e) medical records and history;
(f) biometric information;
(g) any detail relating to the above clauses as provided to body corporate for providing service; and
(h) any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise.

"Services" means any and all products, features, and other related services made available by us to the Customer, either through the Platform, any retail stores of MVSIPL, the loyalty program available at our retail stores and online, including 'Soundarya Loyalty Club' available at www.forestessentialsindia.com or at one of our events.

"Third Party" shall mean a party which is not a signatory to the Terms and this Privacy Policy.

 

1.3 We understand that you entrust us with certain Personal Data and in exchange for your trust, you expect and deserve our commitment to treat your information with respect and in accordance with the terms of this Policy.

 

2. Information We May Collect and How We Collect It

We may obtain your Personal Data from various sources. When you visit or use our Platform or avail the Services, we may collect, use, or disclose the following data about you:

2.1 Information You Provide to Us:

You may be required to provide us with your Personal Data while: (i) making a purchase at a MVSIPL retail store; (ii) signing up for the Soundarya Loyalty Club; (iii) creating a MVSIPL Account on the Platform; or (iv) availing our Services. You hereby agree to provide us with accurate information and ensure that you update such information as required. We may receive the following information directly from you, thereby enabling you to make use of the Platform:

(a) Identification details: name, date of birth, gender, photograph, etc. which are used for the purpose of creating a MVSIPL Account, singing up for the Soundarya Loyalty Club or making a purchase from a MVSIPL retail store.
(b) Correspondence details: email address, letters, telephone number, postal address, postal code, shipping and billing formation (such as delivery address, and billing address), etc. which are used for the purpose of communication with you, resolving your queries, and provision of other support Services;
(c) Financial data: bank account details, payment account number, credit or debit card or debit card number, etc. which are used for the purpose of enabling and effecting transactions on the Platform;
(d) Other information: Information about purchase history, product preferences, your skin type/skin condition, your hair type, your physical characteristics and your skincare concerns which you provide to use while availing our Services which are used to provide our Services to you;
(e) Information you provide to us through social media networks or Application (such as your name, profile picture, likes, location, friend list and other information described on the social media network or Application sign-up page); and
(f) Information or content which you may provide to us (such as photographs, videos, reviews, articles, questions, survey responses and comments) when you leave us a message, during customer support conversations survey, or in connection with a promotion, or for assistance in case of matters related to law enforcement, or investigations.

Please note that we also may collect and store your Personal Data we receive from Third Party sources. Please be advised that Third Parties have their own privacy policies, and you should refer to them for any questions you may have about the information they may collect about you and when you create a MVSIPL Account and/or use the Platform.

 

2.2 Information We Collect Automatically

We may collect certain Personal Data from you automatically through our servers that keep an activity log tracing all Customers of the Platform. The information we collect may include but is not limited to your Internet Protocol (IP) address, home address, time of access, date of access, web page(s) visited, number of clicks, software crash reports, browser/app details, session identification number, search terms, search results, referring website's addresses, information about things near your device, such as wi-fi access points, cell towers, operating system, mobile network information including carrier name and phone number, and application version number, and bluetooth-enabled devices subject to your settings and device permissions. Additionally, when you visit our retail stores and / or attend our event(s), we may collect your video surveillance footage which can be used to directly or indirectly identify you.

We may include functionality for the customer's convenience in our Applications that allows you to remain logged-in to the Application so that you do not have to re-enter a password each time you want to access the Application. IF YOU CHOOSE TO REMAIN LOGGED-IN, YOU SHOULD BE AWARE THAT ANYONE WITH ACCESS TO YOUR DEVICE WILL BE ABLE TO ACCESS AND MAKE CHANGES TO YOUR ACCOUNT AND MAY BE ABLE TO MAKE PURCHASES THROUGH YOUR ACCOUNT. For this reason, if you choose to remain logged-in to the Application, we strongly recommend you enable the security features on your smartphone, tablet or personal computer to protect against unauthorized access to and use of your device and your MVSIPL Account in the Application.

2.3 Information We Receive from Third Parties

We may receive information about you from a Third Party if you have provided your consent for such information to be shared with us. We may combine and process such data internally towards our Services. We also work closely with select third parties (including, for example, subcontractors such as advertising networks, analytics providers, search information providers, infrastructural services, including cloud service providers) and may receive information about you from such sources. We may also collect and receive information in an aggregated form such as statistical or demographic data from different browser types for analysis.

 

3. Use of Your Data

3.1 We only have access to and/or collect Personal Data that you give us or that is collected while accessing or making purchases from our Platform, using our Services or via e-mail or other direct contact from you. By using our Services, creating a MVSIPL Account, accessing the Platform or making a purchase from a MVSIPL retail store, you grant us the permission to collect, use, copy, transmit, store and back-up your Personal Data for purposes of the Services and/or for any other purpose(s) as contemplated by the Policy and the Terms. This is subject to the restrictions in Clause 16 of this Policy.

3.2 The purposes for which Personal Data may be used by us include:

(a) to enable you to access and use our Platform and interact with Third Party service providers engaged by MVSIPL on the Platform;
(b) ensuring that the content of the Platform is presented in the most effective manner for you and for your computers and other devices;
(c) providing you with alerts, newsletters, materials or information that you have requested or signed up to;
(d) carrying out our obligations arising from any contracts entered into between you and us;
(e) allowing you to participate in interactive features of our Platform, including access to your online and in-store purchase history, when you choose to do so;
(f) complying with the Applicable Laws and regulations;
(g) for legal proceedings, including collecting overdue amounts and seeking professional advice;
(h) improving and furthering our Services, subject to your exercise of the Opt-Out;
(i) informing you about our latest deals, products, Services, updates and special offers and for promotion and marketing purposes;
(j) resolving disputes; troubleshooting problems; measuring your interest in the Services provided by us;
(k) customizing your experience; detecting and protecting us against error, fraud and other criminal activity;
(l) enforcing the Terms;
(m) providing customer service or respond to your inquiries;
(n) sending service or support messages, security alerts, MVSIPL Account notifications, updates etc.;
(o) optimizing the Platform and improve our business (including developing new products and services);
(p) communicating with you about, and administer your participation in, special events, contests, sweepstakes, loyalty programs, surveys and other offers;
(q) improving Customer experience and customizing your experience;
(r) improving our marketing and promotional efforts, to analyze site usage, create a profile about you based on the information you provide to us in order to tailor our advertisements to your interests, improve our Services, content and Service offerings, and customize the Platform's content, layout, and Services; and
(s) purposes directly related or incidental to any of the above.

4. Disclosure of Your Personal Data

4.1 Personal Data will also be used to facilitate communication, and processing of internal administrative and record keeping. We do not rent lists, sell or otherwise disclose Personal Data we collected from you, except as described herein. We will keep the Personal Data we hold confidential and take steps to prevent unauthorized disclosures of the same to the best of our ability. However, you agree we may disclose such information to:

(a) our personnel, employees, agents, advisers, auditors, contractors, financial institutions, and service providers to the extent reasonably necessary for the provision and maintenance of the Services or in connection with any of our operations. Please note that we do not authorize such agents, advisors, auditors, contractors, financial institutions, and service providers to use or disclose the information except as necessary to perform Services on our behalf or to comply with legal requirements;
(b) our overseas offices, affiliates, business partners and counterparts (if any);
(c) the requisite persons in order to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violation of the Terms or the Policy;
(d) persons under a duty of confidentiality to us;
(e) persons to whom we are required to make disclosure to comply with Applicable Laws, a court order, a request from law enforcement or other legal process;
(f) transfer Personal Data about you if we are acquired by or merged with another company.
(g) from time to time, to reveal general statistical information about our Platform and visitors, such as number of visitors, number and type of products and Services purchased, etc; or
(h) actual or proposed transferees or participants of our Services.

4.2 All your activity from the time you logon until you logoff is encrypted with an SSL certificate to ensure it remains private. We neither capture nor store your credit/debit card information. To make payment for purchases via our online store, you enter your credit/debit card/remittance information on the secure payment sites of PayU, PayPal, Innoviti, PineLabs, PayTM, or any other payment gateway that we may use in the future.

4.3 Further, you agree that we may share your Personal Data for the following activities with from time-to-time:

(a) Advertisements
When you access the Platform, use our Services or enter Personal Data on the Platform, such Personal Data is used by us in accordance with the terms of this Policy. We may also aggregate (gather up data of all Customers) information and disclose such information in a non-personally identifiable manner to advertisers and other Third Parties for other marketing and promotional purposes. We don’t share Personal Data that personally identifies you with advertisers, such as your name or email, unless you ask us to.
(b) Posting to Public Forums
Please remember that if you post any of your Personal Data in public forums of the Platform, such information may be collected and used by others over whom we have no control. You are to please note that these posts may be made available in the public domain

4.4 Provided that we may share your Personal Data without obtaining your prior consent with: (i) Government Authorities mandated under the Applicable Laws to obtain information including Personal Data or information for the purpose of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution and punishment of offences; and (ii) any Third Party by an order under the Applicable Laws for the time being in force.

5. Change of Purpose

5.1 We will only use your Personal Data for the purposes for which we collect it as specified above, unless we reasonably consider that we need to use it for another purpose and that purpose is compatible with the original purpose. If you wish to get an explanation on as to how the processing for the new purpose is compatible with the original purpose, please contact us at service@forestessentialsindia.com.

5.2 If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

6. Use of Cookies and Similar Technology

6.1 We may automatically track certain information about you based upon your behaviour on our Platform or while accessing our Services. You agree that we may use such information to do internal research on our Customers' demographics, interests, and behaviour to better understand, protect and serve our Customers. This information is compiled and analysed on an aggregated basis.

6.2 Cookies are small text files of letters and numbers that record your preferences to uniquely identify your browser and are stored on your browser or the hard drive of your computer or other device if you agree ("Cookies").

6.3 The Platform uses Cookies to distinguish you from other Customers using the Platform. This helps us to provide you with a good experience when you browse the Platform and also allows us to improve the Platform. By continuing to browse the Platform, you are agreeing to our use of Cookies. Usage of a Cookie is in no way linked to any personally identifiable information on our Platform.

6.4 We use the following Cookies:

(a) Strictly necessary Cookies. These are Cookies that are required for the operation of the Platform. They include, for example, Cookies that enable you to log into secure areas of the Platform or make use of e-billing services. Please note that without these cookies, your user experience on the Platform may be impacted.
(b) Analytical/performance Cookies. They allow us to recognize and count the number of visitors and to see how visitors move around the Platform when they are using it. This helps us to improve the way the Platform works (for example, by ensuring that Customers are finding what they are looking for easily).
(c) Functionality cookies. These are used to recognize you when you return to the Platform. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
(d) Commercial Cookies. These are used to display personalized advertisements on our websites as well as other Third Party websites. This is based on browsing activities and enables us to understand what destinations you are searching for or the accommodations you have viewed.

6.5 Please note that Third Parties (including, for example, advertising networks and providers of external services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

6.6 We may use certain Third Party web analytics services on the Platform such as Google Analytics. The service providers that administer these services use technologies such as cookies, web server logs and web beacons to help us analyse how visitors use the Platform. The information collected through these means (including IP address) is disclosed to these service providers, who use the information to evaluate use of the Platform. These analytic services may use the data collected to contextualize and personalize the marketing materials of their own advertising network.

6.7 You can find more information about the individual cookies we use and the purpose for which we use them in the table below

Standard cookies:

Cookie Name

Cookies Description

FORM_KEY

Stores randomly generated key used to prevent forged requests.

PHPSESSID

Your session ID on the server.

GUEST-VIEW

Allows guests to view and edit their orders.

PERSISTENT_SHOPPING_CART

A link to information about your cart and viewing history, if you have asked for this.

STF

Information on products you have emailed to friends.

STORE

The store view or language you have selected.

USER_ALLOWED_SAVE_COOKIE

Indicates whether a customer allowed to use cookies.

MAGE-CACHE-SESSID

Facilitates caching of content on the browser to make pages load faster.

MAGE-CACHE-STORAGE

Facilitates caching of content on the browser to make pages load faster.

MAGE-CACHE-STORAGE-SECTION-INVALIDATION

Facilitates caching of content on the browser to make pages load faster.

MAGE-CACHE-TIMEOUT

Facilitates caching of content on the browser to make pages load faster.

PRIVATE_CONTENT_VERSION

Facilitates caching of content on the browser to make pages load faster.

X-MAGENTO-VARY

Facilitates caching of content on the server to make pages load faster.

MAGE-TRANSLATION-FILE-VERSION

Facilitates translation of content to other languages.

MAGE-TRANSLATION-STORAGE

Facilitates translation of content to other languages.

EXTERNAL_NO_CACHE

A flag that, indicates whether caching is on or off.

FRONTEND

Your session ID on the server.

LOGIN_REDIRECT

Preserves the destination page the customer was loading before being directed to log in.

MAGE-MESSAGES

Tracks error messages and other notifications that are shown to the user, such as the cookie consent message, and various error messages. The message is deleted from the cookie after it is shown to the shopper.

SECTION_DATA_IDS

Stores customer-specific information related to shopper-initiated actions such as display wish list, checkout information, etc.

RECENTLY_COMPARED_PRODUCT

Stores product IDs of recently compared products.

RECENTLY_COMPARED_PRODUCT_PREVIOUS

Stores product IDs of previously compared products for easy navigation.

RECENTLY_VIEWED_PRODUCT

Stores product IDs of recently viewed products for easy navigation.

RECENTLY_VIEWED_PRODUCT_PREVI US

Stores product IDs of recently previously viewed products for easy navigation.

PRODUCT_DATA_STORAGE

Stores configuration for product data related to Recently Viewed / Compared Products.

 

Additional Cookies to improve the user experience:

Cookie Name

Cookie Description

CART

The association with your shopping cart.

CATEGORY_INFO

Allows pages to be displayed more quickly.

COMPARE

The items that you have in the Compare Products list.

CUSTOMER

An encrypted version of your customer id.

CUSTOMER_AUTH

An indicator if you are signed into the store.

CUSTOMER_INFO

An encrypted version of the customer group you belong to.

CUSTOMER_SEGMENT_IDS

Stores your Customer Segment ID

LAST_CATEGORY

The last category you visited.

LAST_PRODUCT

The last product you looked at.

NEWMESSAGE

Indicates whether a new message has been received.

NO_CACHE

Indicates whether it is allowed to use cache.

VIEWED_PRODUCT_IDS

The products that you recently looked at.

WISHLIST

An encrypted list of products added to your wish list.

WISHLIST_CNT

The number of items in your wish list.

UTM_SOURCE

Stores the value of marketing campaign source passed through utm_source query parameter

UTM_MEDIUM

Stores the value of marketing campaign medium passed through utm_medium query parameter

UTM_CAMPAIGN

Stores the value of marketing campaign name passed through utm_campaign query parameter

UTM_REFERRER

Stores the value of the referrer website from which the user came to Forest Essentials website.

 

Google Analytics Cookies - Non-Exempt:

Cookie Name

Cookie Description

UTMA

Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics.

UTMT

Used to throttle request rate.

UTMB

Used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing __utmb cookies exists. The cookie is updated every time data is sent to Google Analytics.

UTMZ

Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics.

UTMV

Used to store visitor-level custom variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor level custom variable. This cookie was also used for the deprecated _setVar method. The cookie is updated every time data is sent to Google Analytics.

UTMC

Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit.

GA

Used to distinguish users.

GID

Used to distinguish users.

GAT

Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.

AMP_TOKEN

Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.

GAC_<PROPERTY-ID>

Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out.

 

Cloudflare Cookies – Exempt:

Cookie Name

Cookie Description

CFDUID

The cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per­client basis. For example, if the visitor is in a coffee shop where there are a bunch of infected machines, but the specific visitor's machine is trusted (e.g. because they've completed a challenge within your Challenge Passage period), the cookie allows us to identify that client and not challenge them again. It does not correspond to any user ID in your web application, and does not store any personally identifiable information.

 

Amazon Webservices Cookies – Exempt:

Cookie Name

Cookie Description

AWSELB

These cookies enable us to allocate server traffic to make the user experience as smooth as possible. A so-called load balancer is used to determine which server currently has the best availability. The information generated cannot identify you as an individual.

AWSALBCORS

With CORS (cross-origin resource sharing) requests, some browsers require SameSite=None; Secure to enable stickiness. In this case, Elastic Load Balancing generates a second stickiness cookie, AWSALBCORS, which includes the same information as the original stickiness cookie plus this SameSite attribute. Clients receive both cookies.

 

Wigzo Cookies - Non-Exempt:

Cookie Name

Cookie Description

WIGZO_DAILYACTIVE

Used to check the frequency of user’s visit on the website.

WIGZO_LEARNER_ID

Used to distinguish users.

IS_MAPPED

Used to check if the users details are mapped into the system.

 

Adyen Cookies – Exempt:

Cookie Name

Cookie Description

GDPR

This cookie is used to keep track of your consent to cookies.

LASTUPDATEDGDPR

This cookie is used to keep track of your consent to cookies.

 

Adyen Cookies - Non-Exempt:

Cookie Name

Cookie Description

CFDUID

This cookie is used to identify individual clients behind a shared IP-address.

 

Except for essential cookies, all cookies will expire after 28 days. Please note that in addition to the Cookies specified above, me may use any additional Cookies as may be required to provide a better customer experience for you and improve our Platform. Any change in this Clause 6.7 will be notified to you in accordance with Clause 13 of this Policy.

 

6.8 Google Analytics

(a) Google Analytics is a web analysis service provided by Google Inc. ("Google"). Google's ability to use and share information collected by Google Analytics is in accordance with its policies (http://www.google.com/policies/privacy/partners/). Google Analytics uses Cookies to collect anonymous traffic data to help us analyse how you use the Platform. The information generated by Cookies (including your IP address) will be transmitted to and stored by Google on servers. Google will use this information for the purpose of evaluating your use of the Platform, compiling user activity reports, and providing other Services. Google may also transfer this information to Third Parties where required to do so by Applicable Law, or where such Third Parties process the information on Google's behalf. By using the Platform, you consent to the processing of data about you by Google in the manner and for the purposes described in this Policy.
(b) You can prevent Google’s collection and processing of data by using the Google Ads Settings page or by downloading and installing its browser plug-in (https://tools.google.com/dlpage/gaoptout).

6.9 You have the ability to accept or decline Cookies. Most web browsers automatically accept Cookies. However, Customers may block all Cookies (including essential Cookies) by activating the setting on your browser that allows you to refuse the setting of all or some Cookies. However, if you use your browser settings to block all cookies (including essential Cookies), you may not be able to access all or parts of the Platform. You further agree that if you send us personal correspondence, such as emails or letters, or if other Customers or Third Parties send us correspondence about your activities or postings on the Platform, we may collect and/or store such information.

7. Security

7.1 What we do

(a) We are committed to the safety and security of your Personal Data. We use our internal servers and a cloud infrastructure provider for storing all information and for hosting the Platform. We place your Personal Data in an encrypted database. Some of the safeguards we use to protect your information are firewalls, data encryption, disaster recovery plans and information access controls. However, no security system is perfect and we cannot promise that your Personal Data will remain secure in all circumstances, including the security of your data during transmission to us or the security of data on your Application.
(b) We subject ourselves to regular checks by Third Party security evaluation specialists and restrict access to your Personal Data by our personnel on a need-to-know basis only. Once we have received your Personal Data, we will use strict procedures and security features to try to prevent, as far as is reasonably possible, unauthorized access to your Personal Data.
(c) You shall accordingly agree that we shall not be held liable for any accidental dissemination of Personal Data that has occurred in spite of our best efforts and procedures to maintain confidentiality.

7.2 What you should and should not do

You should keep your username and password strictly confidential at all times and should not share these details with anyone. In public areas, you should exercise caution and not leave your computer/device unattended especially whilst logged into your MVSIPL Account. The use of established malware and virus protection software and apps for your device is recommended. You should also avoid using public computer terminals to access your MVSIPL Account, unless you can adequately verify that the terminal is free from spyware and that you can erase all of your information upon exiting the terminal. We will not be liable for any loss or damage arising from unauthorized access to your MVSIPL Account due to any failure to comply with these precautions.

7.3 Please remember that if you post any of your Personal Data in public areas of the Platform, such information may be collected and used by others over whom we have no control.

7.4 If you suspect any misuse or loss or unauthorized access to your Personal Data, please let us know immediately. Please raise your concern with service@forestessentials.com, in the first instance, and we will investigate the matter and update you as soon as possible on the next steps.

8. Data Retention

8.1 We will only retain your Personal Data for as long as it is necessary to fulfil the purposes we collected it for, including for the purposes of complying with any legal, regulatory, tax, accounting or reporting obligations. It may be archived as long as we believe that the purpose for which it was used still exists or as necessary for our legitimate business interests or for complying with legal obligations.

8.2 To determine the appropriate retention period, we consider the categories, amount, nature and sensitivity of Personal Data, the potential risk of harm from unauthorized use or disclosure of the Personal Data, the purposes for which we process the Personal Data, if we can achieve the purpose through other means, and the applicable legal requirements.

8.3 In most cases, we keep the information you provide for the duration of our relationships, plus a reasonable period in order to be able to run regular deletion routines or to take into account the applicable statute of limitation period or if required under Applicable Laws. If you wish to receive marketing communications, we will keep the information necessary to send you these communications following the end of our customer relationship or following their collection, if you are a prospective customer.

8.4 If you decide to delete your MVSIPL Account, we will delete all such data within a reasonable time after the termination of your MVSIPL Account or after cessation of the subject matter to which such Personal Data relates, subject to retention for purposes of complying with Applicable Laws, resolving disputes, enforcing the terms of our Privacy Policy and protecting our Intellectual Property Rights. Please note that some of your Personal Data may still exist within our systems, for example, if it is waiting to be overwritten. For our purposes, this data has been put beyond use, meaning that, while it still exists in the electronic ether, our personnel will not have any access to it or use it again.

8.5 Your Personal Data may be transferred to and stored in locations outside of India by us or our affiliates where necessary to fulfil the purposes described in this Policy. Please note that those countries may not have the same data protection laws as your country of residence and your Personal Data will be subject to applicable foreign laws. When we transfer your Personal Data to other countries, we will protect that information in the manner described in this Policy and comply with the applicable Data Protection Laws for such transfer.

9. Your Consent and Rights

9.1 Request Correction: You have the right to request correction of the Personal Data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of any new data you provide to us.

9.2 Request Erasure: You have the right to request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You may also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (as per Clause 10), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with Applicable Laws. However, please note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

9.3 Object to Processing: You have the right to object to processing of your Personal Data where we are relying on a legitimate interest (or those of a Third Party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. We shall not process your Personal Data for marketing purposes or other specific purpose after you communicate your objection to us. However, please note that, in some cases, we may demonstrate that we have compelling legitimate grounds to process your Personal Data which override your rights and freedoms.

9.4 Request Restriction of Processing: You have the right to request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal data in the following scenarios:
• If you want us to establish the accuracy of your Personal Data.
• Where our use of your Personal Data is unlawful but you do not want us to erase it.
• Where you need us to hold your Personal Data even if we no longer require it as you need it to establish, exercise or defend legal claims.
• You have objected to our use of your Personal Data but we need to verify whether we have overriding legitimate grounds to use it.

9.5 You further have the following rights:

(a) to check whether we hold Personal Data about you and to access such data;
(b) to ascertain our policies and practices in relation to Personal Data and the kind of Personal Data held by us;

9.6 Please send requests for such objections, access to data, correction of data, information regarding policies and practices and kinds of data held, questions or complaints to service@forestessentialsindia.com. We reserve the right to charge a reasonable fee for processing any data access request(s). We try to respond to all legitimate requests received from residents of the European Union countries within 1 (one) month. Occasionally, it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

10. Right to Opt-Out

10.1 You have provided us your Personal Data in connection with the use, browsing, and access of the Platform, to purchase our products and to process any application for Services from us, where failure to supply such Personal Data may result in the application for Services being rejected.

10.2 We cannot use your Personal Data without your consent and request that you provide the same. You have the right to opt-out or withdraw consent to the use of such Personal Data by writing to us at service@forestessentialsindia.com. Please note that we try to respond to all legitimate Opt-Out requests received from residents of the European Union countries within 1 (one) month. Occasionally, it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. Customers must also note that such Opt-Out will not apply to any co-branding partner to whom you have consent or shall consent to the provision of your Personal Data separately.

10.3 Please note that if you DO NOT wish MVSIPL to use your Personal Data in direct marketing and DO NOT wish to receive direct marketing materials by phone, SMS, mail, email, fax or any other communication channels and DO NOT wish MVSIPL to provide your Personal Data to any other persons for their use in advertising and marketing, whether or not such persons are members of MVSIPL, except where you have applied for or will apply for any service that is provided by MVSIPL jointly with a co-branding partner, you may avail the ‘Opt-Out’ option given in such marketing emails/messages. Such Opt-out will not apply to such co- branding partner to whom you have consented or shall consent to the provision of your Personal Data separately.

11. Children’s Personal Data

Unless otherwise indicated, you are only allowed to use our Platform if you are over the age of 18 (eighteen) years. We will only process information about children with the express consent of the parents or legal guardian or when the information is provided to use by the parents or legal guardian. The information we collect will only be used by us to provide Services.

12. Other Applications/Platforms

Our Services and Platform may contain links to Third Party applications/websites. Please note that when you click on one of these links, you are entering another application/website over which we have no control and will bear no responsibility. We do not own or control these Third Party applications and when you interact with them you may be providing information directly to them or us or both. Such information provided by you is only processed for the purposes of the legitimate interests pursued by the Third Party. Often these Third Party applications/websites require you to enter your Personal Identification Information and further, use and collect your Personal Data. The Third Party in accordance with its privacy policy and the terms of the offer utilizes this information. Since we do not control the privacy practices of these Third Parties, we encourage you to read the privacy statements/policies on all such applications/websites before deciding to use their services as their policies may differ from our Policy and Terms. You agree that we shall not be liable for any breach of your privacy of Personal Data or loss incurred by your use of these applications/websites. This Policy DOES NOT apply to information that you provide to, or that is collected by, any Third Party, such as social networks that you use which are not in connection with our Services. MVSIPL encourages you to consult directly with such Third Parties about their privacy practices.

13. Changes to this Privacy Policy

We reserve the right to update, change or modify this Policy at any time to comply with Applicable Law or to meet our changing business requirements. The amendment to this Policy shall come to effect from the time of such update, change or modification. We will provide you notice of any changes to the Policy. You are encouraged to check and read this Policy from time to time to familiarize yourself with such updates, as they will be binding on you. Continued use of the Platform or availing our Services constitutes agreement of the Customer to the terms contained herein and any amendments thereto.

14. Service Providers

14.1 We may use a variety of Third Party service providers to help us provide the Services relating to our Platform. Service providers may be used for the following purposes:

(a) to authenticate your identification information and documents;
(b) to process your payments;
(c) to check information against public databases;
(d) for fraud prevention and risk assessment;
(e) to allow the provision of Services through Third Party platforms and software tools;
(f) to provide customer service and for marketing; and
(g) to process and handle claims.

14.2 The Third Party service providers shall have limited access to your Personal Data for performance of the above tasks and in accordance with our strict directions and policies. Such service providers shall be bound by the same standards of data protection as we are under this Policy. Please note that we do not authorize these Third Party service providers to use or disclose Personal Data except as necessary to perform the above mentioned purposes on our behalf or comply with legal requirements.

15. Non-Personal Information Collected by Us

15.1 Non-personal data or information is the information that does not personally identify you. When you visit and interact with the Platform or a Third Party with whom we have contracted to provide services, non-personal information, like a list of website pages visited by you, could be collected.

15.2 We may collect data by using web beacons, clear GIFS, pixel tags or similar means, which will inform us when you visit the Platform, non-personal information like the areas of the Platform you visit, your operating system, your browser version, and your URL, can be identified, which can be used to enhance your online experience by understanding your web usage patterns.

15.3 We may use or disclose non-personal information for any purpose from time to time, for instance, we may embed e-mail addresses with images. In such cases where we combine non-personal information with Personal Data, the combined information will be treated by us as Personal Data as per this Policy.

16. Direct Marketing

16.1 We intend to use your Personal Data in advertising and marketing of our Services. We may also provide your Personal Data to social media platforms/other persons for their use in direct marketing, whether or not such persons belong to MVSIPL.

16.2 The following classes of services and subjects may be marketed in direct marketing:

(a) our Services related to the Platform and/or our affiliates; and
(b) invitations to events such as webinars.

16.3 We may conduct direct marketing via fax, email, direct mail, telephone and other means of communication or send e-newsletters to you. However, please note you will receive direct marketing communications from us if you have requested information from us or purchases goods or Services from us and you have not opted out of receiving such direct marketing.

17. Text Messaging

17.1 If you so elect, you may provide your mobile phone number in order to receive text message alerts containing product and event information, cosmetics tips or promotion (including WhatsApp messages for Indian Customers) ("Text Messages"). We do not charge a fee for you to receive Text Messages from us, however, your mobile service provider may charge you for sending and/or receiving text messages and air time, as well as any other standard applicable rates charged by a mobile service provider. If you elect to receive them and later decide that you would no longer like to receive these Text Messages, see the "Right to Opt-Out" as per Clause 10 above.

17.2     Text Messages are distributed via a Third Party mobile network providers and, therefore, we cannot control certain factors relating to message delivery or guarantee availability or performance of this service, including liability for transmission delays or message failures. To receive help with Text Messages, you can contact us at service@forestessentialsindia.com.

17.3     We may also obtain the date, time and content of your messages in the course of your use of Text Messages. We will use the information we obtain in connect with out Text Messages in accordance with this Policy.

18.       Push Notifications and In-App Alerts and Updates

When you access our Platform, we may provide you with the option to opt in to receive push notifications from us on your smartphone, tablet, or personal computer. These push notifications may include promotional communications regarding our products and/or Services. Please note that you may after downloading the Application, opt out of receiving push notifications by adjusting the settings on your smartphone, tablet, or personal computer. Opting out of push notifications will not affect other communications you receive from us such as email communications. You may receive alters and updates within our Application regarding our products and Services or your MVSIPL Account. To opt out of receiving these alters and updates, you may uninstall the Application from your smartphone, tablet, or personal computer.

19.       Data Protection

19.1     We will: (i) comply with all applicable Data Protection Laws and privacy laws; (ii) comply with all standards that relate to Data Protection Law and privacy laws and the privacy and security of your Personal Data; (iii) refrain from any action or inaction that could cause breach of any data protection and privacy laws; (iv) do and execute, or arrange to be done and execute, each act, document and thing we deem necessary in our business judgment to keep us compliant with the Data Protection Laws and privacy laws; and (v) immediately report theft or loss of Personal Data.

19.2     Any Personal Data collected or accessed by us shall be limited to that which is strictly necessary to perform our obligations in relation to the Services offered through our Platform or to fulfil any legal requirements. We shall use such Personal Data only as necessary in this regard and not for any other purpose. We shall maintain such Personal Data in strict confidence in accordance with the provisions of this Clause. We shall not share any Personal Data that is collected or possessed by us with any Third Party for any reason except as expressly stated in the Terms and this Policy.

19.3     You agree that other than as stated in this Policy, we shall have the right to collect and/or use or analyse the Personal Data on an anonymised basis and in no way shall the Personal Data be used in a way that can lead to or reveals your identity.

 

19.4     We advise you not to include Sensitive Personal Data in any emails you may send to us. Please do not send credit/debit card numbers or any other Sensitive Personal Data to us via email.

20.       Indemnity and Limitation of Liability

20.1     For any breach of the provisions of this Policy, MVSIPL shall indemnify you in accordance with the indemnification and limitation of liability provisions set forth in the Terms.

20.2     Please note that we endeavor to safeguard Customer’s Personal Data to ensure that the same is kept private. However, we cannot guarantee the security of Customer’s Personal Data. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of the Customer’s Personal Information at any time.

20.3     We shall not be liable for any loss or damage sustained by reason of any disclosure (inadvertent or otherwise) of any Personal Data concerning the Customer’s MVSIPL Account and/or information relating to or regarding online transactions using credit cards/debit cards and/or their verification process and particulars nor for any error, omission, or inaccuracy with respect to any information so disclosed and used.    

21.       Grievance Officer

In the event you have any grievances or questions about the Policy or if you wish to make a complaint regarding any violation of the provisions of the Policy and the way your Personal Data is processed, you may contact us at the details as set out below, pursuant to which your grievance shall be acknowledged within 48 (forty eight hours) and redressed within 1 (one) month from the date of receipt of grievance/complaint.

21.1     Our Grievance Officer, for Customers located in India:
Name: Mr. Ashwini Dinker  
Email ID: ashwini.dinker@forestessentalsindia.com  
Contact No: (0120-4696969)

21.2     Our Data Protection Officer (DPO), for Customers who are residents of the European Union:
Name of Controller: Mountain Valley Springs India Private Limited (Mr. Ashwini Dinker)
Email: ashwini.dinker@forestessentalsindia.com

22.       Dispute Resolution, Governing Law and Jurisdiction

22.1     Any complaint or dispute can be raised in writing to our compliance team at service@forestessentialsindia.com.

22.2     This Policy shall be governed by and construed in accordance with the laws, rules and regulations of India, and the courts of New Delhi shall have exclusive jurisdiction over any disputes arising between the Parties.

22.3     If any disputes or claims arising under or out of or in connection with the execution, interpretation, performance, or non-performance of this Policy or in respect of the scope, validity or application of this Policy, or the subject matter hereof ("Dispute"), representatives of the Parties shall cooperate, in good faith, to attempt to amicably resolve the Dispute.

22.4     Any disputes between the Parties regarding this Policy shall be referred to arbitration in accordance with the Arbitration and Conciliation Act, 1996. The arbitral tribunal shall consist of 3 (three) arbitrators with 1 (one) arbitrator to be appointed by each Party and the 3rd (third) arbitrator to be appointed by the 2 (two) appointed arbitrators. The place of the arbitration shall be New Delhi and the language of the arbitration shall be English. The decision of the arbitrators shall be final and binding. The Parties waive any right of appeal to any court, insofar as such waiver can validly be made.

22.5     Each Party to the arbitration shall cooperate with each other Party to the arbitration in making full disclosure of and providing complete access to all information and documents requested by such other Party in connection with such arbitration proceedings, subject only to any confidentiality obligations binding on such Party or any legal privilege applicable to any such information and/or documents.

23.       Assignment

We may assign any of our responsibilities/obligations to any other person without notice to the Customer, at our sole discretion. However, you shall not assign, sub-license or otherwise transfer any of your rights or obligations under this Policy to any other Party, unless a written consent is taken from us.

24.       Severability

If any term or provision of this Policy is held by a court of competent jurisdiction to be invalid, void or unenforceable, the remainder of the terms and provisions of this Policy shall remain in full force and effect and shall in no way be affected, impaired or invalidated.

25.       Notices

Any notice given by either Party to the other must be in writing, by email, and will be deemed to have been given on transmission, unless the recipient can satisfactorily establish that the email on was not received by the recipient’s email or web server. Notices to MVSIPL must be sent by email to service@forestessentialsindia.com. or to any other email address notified by email to the Customer by MVSIPL from time to time for such purpose.

26.       Third Parties

No Third Party shall have any right, benefit, or entitlement to enforce any terms of this Policy.