Privacy Policy

Effective Date: August 2022

1. General Information

House of Leading Brands LLC is referred to in this Privacy Policy as "House of Leading Brands," or by "we," "us," and "our."

This Privacy Policy applies to all users of Internet websites published by House of Leading Brands and to other individuals whose personal data (as defined below) is processed by House of Leading Brands and its authorized processors. All such individuals are referred to in this Privacy as "you" and "your."  This Privacy Policy describes the types of personal data we may collect from you, how we collect it, how we use it, how we share or disclose it, how we store it, and your choices regarding the use and processing of your personal data.

As used in this policy, “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation).

2. Contact Information

House of Leading Brands will control the use of personal data described in this Data Policy.  You may contact House of Leading Brands at:

House of Leading Brands LLC
2600 E Southlake Blvd
Suite 120 - 327
Southlake, TX 76092
info@houseofleadingbrands.com

Our representative in the European Union is:

House of Leading Brands GDPR Representative

PL Mardyks
Paris, France

info@houseofleadingbrands.com

3. Personal Data We Collect and Purposes for which it is Used

A.     To provide you with information about our products and services, we collect and process:

• Your first and last names

• Your company name

• Your job title

• your email address

This information is processed by us or by one or more service platform providers, with whom we maintain a data processing agreement that complies with GDPR Article 28.

Our legal bases under GDPR for processing this data include:

• you have given your consent to the processing for the specific purposes described (GDPR Article 6, Section 1(a))

B.    To protect against and prevent fraud, legal claims, and liabilities; to manage risk exposure; to comply with applicable laws, regulations, and codes; to respond to subpoenas or to orders of a court or government agency; and to establish, exercise, or defend legal claims, including, without limitation, to protect our rights and/or property, we may collect and process required personal information.

Our legal bases under the GDPR for processing this data include:

• the processing is necessary for compliance with a legal obligation to which we are subject (GDPR Article 6, Section 1(c))

• the processing is necessary in order to protect your vital interests or those of another natural person (GDPR Article 6, Section 1(d))

• the processing is necessary for legitimate interests we pursue in operating our business and protecting the legal interests of ourselves and others we may be required to protect (GDPR Article 6, Section 1(f))

C.  To respond to your inquiries and requests, process and manage opt-out or unsubscribe request, and create and send non-marketing communications to you, we may collect and process your name, email address and other contact information.

Our legal bases for processing this data include:

• you have given your consent to the processing for the specific purposes described (GDPR Article 6, Section 1(a))

• the processing is necessary for the performance of a contract to provide you with our goods or services (GDPR Article 6, Section 1(b))

• the processing is necessary for legitimate interests we pursue in operating and improving our business, goods and services (GDPR Article 6, Section 1(f))

D. Cookies are small text files that may be placed on your device in order to measure traffic patterns, personalize content, control security and help make websites more useful.  Our service platform provider, Squarespace, does set and use.  Specifically, Squarespace sets the following cookies:

Name

Purpose, type, and duration

_acloggedin

• Supports login by Scheduling client if the client has an account

• Cookie

• January 1, 2025

_client_acloggedin

• Supports login by Scheduling client if the client has an account

• Cookie

• January 1, 2025

algoliasearch-client-js

• Adds auto-populated suggestions to address fields in Scheduling to help clients complete forms faster

• localstorage

• Persistent

CART

• Shows when a visitor adds a product to their cart

• Cookie

• Two weeks

CHECKOUT_WEBSITE

• Identifies the correct site for checkout when checkout on your domain is disabled

• Cookie

• Session

client_username

• Remembers a logged in Scheduling client's username between visits

• Cookie

• One year

Commerce-checkout-state

• Stores state of checkout while the visitor is completing their order in PayPal

• sessionstorage

• Session

Crumb

• Prevents cross-site request forgery (CSRF)

• Cookie

• Session

hasCart

• Tells Squarespace that the visitor has a cart

• Cookie

• Two weeks

Locked

• Prevents the password-protected screen from displaying if a visitor enters the correct site-wide password.

• Cookie

• Session

PHPSESSID

• Securely authenticates a visitor during their checkout in Scheduling

• Cookie

• One month

RecentRedirect

• Prevents redirect loops if a site has custom URL redirects. Redirect loops are bad for SEO.

• Cookie

• 30 minutes

remember_client

• Remembers Scheduling client’s login details if they have an account

• Cookie

• 365 days

siteUserCrumb

• Prevents cross-site request forgery (CSRF) for logged in site users

• Cookie

• Three years

SiteUserInfo

• Identifies a visitor who logs into a customer account

• Cookie

• Three years

SiteUserSecureAuthToken

• Authenticates a visitor who logs into a customer account

• Cookie

• Three years

squarespace-announcement-bar

• Prevents the announcement bar from displaying if a visitor dismisses it

• localstorage

• Persistent

squarespace-likes

• Shows when you've already "liked" a blog post

• localstorage

• Persistent

squarespace-popup-overlay

• Prevents the promotional pop-up from displaying if a visitor dismisses it

• localstorage

• Persistent

squarespace-video-player-options

• Remembers video player selected preferences ( volume, playback speed, and quality) for videos uploaded directly to Squarespace

• localstorage

• Persistent

ss_cookieAllowed

• Remembers if a visitor agreed to placing analytics cookies on their browser if a site is restricting the placement of cookies

• Cookie

• 30 days

ss_sd

• Ensures that visitors on the Squarespace 5 platform remain authenticated during their sessions

• Cookie

• Session

Test

• Investigates if the browser supports cookies and prevents errors

• Cookie

• Session

TZ

• Enables a Scheduling client’s appointments to display correctly based on their time zone preferences.

• localstorage

• Persistent

Cookie Name

Duration

Purpose

ss_cid

Two years

Identifies unique visitors and tracks a visitor’s sessions on a site

ss_cpvisit

Two years

Identifies unique visitors and tracks a visitor’s sessions on a site

ss_cvisit

30 minutes

Identifies unique visitors and tracks a visitor’s sessions on a site

ss_cvr

Two years

Identifies unique visitors and tracks a visitor’s sessions on a site

ss_cvt

30 minutes

Identifies unique visitors and tracks a visitor’s sessions on a site

For more information on these cookies and how you may manage them, you may click this link.

You are not required to provide us with any personal data we may request. However, if the requested information is necessary for us to provide any product, service or information requested by you, we will be unable to fulfill your request.

4. How We Share Personal Data

Your personal data will be accessible by our employees who require access for the purposes described above.

We do not share, sell, rent, or trade any personal data with third parties for any promotional purposes unrelated to our business or to our own products and services.

Contracted service providers are authorized to use and disclose personal data only as necessary to perform and provide the services for which they were engaged by us for the purposes described in this Privacy Policy.

Other parties we may share your personal data with include:

• governmental authorities pursuant to applicable laws or court process, or as we reasonably deem necessary to prevent harm, financial loss, fraud or illegal activity;

• the successor in interest to all or a portion of our business or assets; provided that should such a transfer occur, we will require such successor to agree in writing to use, protect, and maintain the security, integrity, and confidentiality of the transferred personal data in accordance with this Privacy Policy, as amended from time to time; and

• others pursuant to consent obtained from you.

5. Transfers of Personal Data to "Third Countries"

We or our contracted processors may transfer personal data that we or they collect from you to countries other than the one where you live.  Such countries may not have been determined by the European Commission to ensure an adequate level of protection for such data.  In those cases, we or our contracted processors will transfer personal data to the country only if appropriate safeguards are in place to protect the data. 

We rely on a number of means to transfer personal information in accordance with Chapter V of GDPR.  These include:

• Privacy Shield. We or our contracted processors may transfer, in accordance with GDPR Article 45, personal data to companies that have certified their compliance with the EU-U.S. or Swiss-U.S. Privacy Shield Frameworks.

• Standard data protection clauses. We or our contracted processors may, in accordance with GDPR Article 46, transfer personal data to recipients that have entered into the European Commission approved contract clauses for the transfer of personal data outside the European Economic Area.

• Other means. We may, in accordance with GDPR Articles 45 and 46, transfer personal data to recipients that are in a country the European Commission or a European data protection supervisory authority has confirmed, by decision, offers an adequate level of data protection, pursuant to an approved certification mechanism or code of conduct, together with binding enforcement commitments from the recipient to apply the appropriate safeguards, including as regards data subjects’ rights, or to processors which have committed to comply with binding corporate rules.

You can learn more information about these transfer mechanisms here.

6. Criteria and Time Period for Retaining Personal Data

We will retain your personal data for a period of time consistent with the original purpose of its collection and no longer than reasonably necessary. We also may retain your personal data during the period of time needed for us to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes and enforce our agreements.

7. Rights Available to You

GDPR

If GDPR pertains to our processing of your personal data, you have several rights regarding our processing of the data. These rights include the right to request access to personal data (GDPR Article 15) to rectification of personal data (GDPR Article 16), to erasure of personal data / right to be forgotten (GDPR Article 17), to restrict processing of personal data (GDPR Article 18), to object to processing of personal data (GDPR Article 21), to data portability (GDPR Article 20), and the right to lodge a complaint with a supervisory authority. In cases where you have given us your consent to collect and use your personal data, you have the right to withdraw that consent at any time (without affecting the lawfulness of processing based on your consent before its withdrawal).

You may direct such requests to:

House of Leading Brands LLC
2600 E Southlake Blvd
Suite 120 - 327
Southlake, TX 76092
info@houseofleadingbrands.com

In cases where we process your data pursuant to your consent given via a web page form, you may withdraw that consent at any time by sending an email request to info@houseofleadingbrands.com.

The following paragraphs provide more specific information about these rights:

         The right to request access to personal data (GDPR Article 15)

You have the right to obtain confirmation from us to whether we process personal data about you, and access to the personal data and certain information about how and why we process your personal data.

         The right to rectification of personal data (GDPR Article 16)

You have the right to rectification and/or completion if the personal data concerning you is incorrect or incomplete.

         The right to be forgotten / Right to erasure (GDPR Article 17)

You have the right to obtain the erasure of your personal data where one of the following grounds applies:

• your personal data is no longer necessary in relation to the purpose for which they were collected or otherwise processed

• you withdraw consent and we have no other legal ground for the processing

• your personal data have been unlawfully processed

• your personal data has to be erased for compliance with a legal obligation

• your personal data is collected in the in relation to the offer of information society services referred to in GDPR Article 8 Section 1.

         The right to restrict processing of your personal data (GDPR Article 18)

You have the right to restrict processing of your data under the following conditions:

• the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data

• your personal data have been unlawfully processed and you request the restriction of processing instead of deletion

• we no longer need the personal data for the purpose of the processing, but the personal data is required by you for the establishment, exercise or defense of legal claims

• if you have objected to processing pursuant to GDPR Article 21(1) and it has not been determined whether the legitimate grounds of us override those of you.

         The right to object to processing of your personal data (GDPR Article 18)

You have the right to object to our processing of your personal data based on legitimate interests (GDPR Article 6 Section 1(f)) or for direct marketing purposes.

         The right to data portability (GDPR Article 20)

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. Furthermore you have the right to transmit those data to another controller without hindrance from us, as far as:

• the processing is based on consent or on a contract pursuant to GDPR Article 6(1)(b)

• the processing is carried out by automated means.

         The right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with the supervisory authority in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

8. How We Store Personal Data

Personal data is stored on servers and systems that are owned by us or by contractors engaged by us under written agreements which comply with this Privacy Policy.

We maintain appropriate technical, administrative and physical safeguards to protect personal data received or collected by us. We review, monitor and evaluate our privacy practices and protection systems on a regular basis.  

Notwithstanding the foregoing measures, transmissions over the Internet or a mobile network are not 100% secure and we do not guarantee the security of transmissions. We are not responsible for any errors by individuals in submitting personal data to us.

9. Anonymized Data

We may use, transfer, sell, and share aggregated, anonymous data, which does not include any personal data about you for any legal business purpose, such as analyzing usage trends, generating reports and insights on the relationships within the data as well as with other data sets, providing services on the basis of the data, or seeking compatible advertisers, sponsors, clients, and customers.

10. Children

We do not knowingly market our products or services to, and do not solicit or collect information from, children under the age provided by applicable law for giving consent. We may ask users for their age to ensure that we are not collecting information from unintended persons or to identify when additional steps may be necessary in connection with information collected from persons who have not reached the age of consent in the jurisdiction in which they reside. If you believe that we might have any personal data from or about a child who is not eligible to provide the necessary consent, please contact us at: info@houseofleadingbrands.com

11. Changes to this Privacy Policy

This policy may be amended from time to time, consistent with the requirements of any applicable laws. We will post the revised version on our website and update the "Effective" date above to reflect the date of the changes.