Effective date:  December 6, 2021

INTRODUCTION AND OVERVIEW   Crystalline Health & Beauty Inc., its parent, Crystalline Health & Beauty From the Dead Sea Ltd. (together with their affiliates, collectively, “Crystalline”, “we”, “us” or “our”) a family-owned and -operated specialty cosmetics company offering two prestigious product lines of therapeutic skin care, bath, body and hair care products: our signature Dead Sea Collection, which utilizes Dead Sea minerals, salts and mud, to create a therapeutic experience, and our newest innovation in wholesome self-care: Natural Therapy, a line of Hemp and other essential oil- and extract-enriched formulas. Please note that we do not provide professional medical advice, diagnosis, or treatment, and we are not a healthcare provider. Crystalline respects the privacy of the visitors to our digital properties and the users of our products and services, and we are committed to protecting it through our compliance with this privacy policy (this “Privacy Policy”). This Privacy Policy describes how Crystalline collects, stores, uses, and safeguards your information when you use our various websites, including www.biz.deadseacollection.com (the “B2B Site”) www.deadseacollection.com, www.naturaltherapycosmetics.com, www.crystalline.co.il, www.Deadseacollection.com.ua, our Social Media (as defined below) (together with the B2B Site, collectively, the “Sites” and each, a “Site”), any mobile applications that hyperlink to this Privacy Policy (the “Apps”), and through any other websites, mobile applications, pages, features, or content owned and operated by Crystalline that direct to this Privacy Policy (collectively, including the B2B Site, the Sites and the Apps, the “Services”). By using the Services, you understand and acknowledge that collection and use of your personal information will be made in accordance with this Privacy Policy and our Terms of Use.  If you do not feel comfortable with any part of this Privacy Policy or our Terms of Use, please discontinue use of the Services or engaging with Crystalline immediately. CONTENTS
    1. UPDATES TO THIS PRIVACY POLICY
    2. INFORMATION WE COLLECT ABOUT YOU AND HOW WE COLLECT IT
    3. HOW WE USE YOUR INFORMATION
    4. SHARING AND DISCLOSURE OF PERSONAL INFORMATION
    5. COOKIES AND OTHER TRACKING TECHNOLOGIES
    6. RETENTION
    7. COMMUNICATIONS PREFERENCES
    8. ACCESS, CORRECTION, AND DELETION OF YOUR PERSONAL INFORMATION
    9. IMPORTANT NOTICE FOR NON-U.S. RESIDENTS
    10. ADDITIONAL DISCLOSURES FOR DATA SUBJECTS FROM THE EEA, THE U.K. AND SWITZERLAND
    11. DATA SECURITY
    12. INTEGRATION OF THIRD-PARTY PLATFORMS AND SERVICES
    13. CHILDREN’S PRIVACY
    14. CONTACT US
  1. UPDATES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time as we update or expand the Services. If we make material changes, we will post the updated Privacy Policy on this page with a “Last Updated” effective date of the revisions. We encourage you to look for updates and changes to this Privacy Policy by checking this page when you access the Services. If you have any questions about this Privacy Policy, please reach out to us anytime at privacy@crystalline.co.il or as described in the contact information included within the “Contact Us” section below.
  1. INFORMATION WE COLLECT ABOUT YOU AND HOW WE  COLLECT IT
Crystalline collects personal information when you interact with the Services. Personal information is any information that identifies or makes an individual identifiable. The definition of personal information (used interchangeably in this Privacy Policy with the term “personal data”) depends on the applicable law based on your physical location. Only the definition that applies to your physical location will apply to you under this Privacy Policy. The types of personal information that we may collect about you include, but are not limited to: information you provide to us, information collected automatically about your use of the Services, and information from third parties. a. Information You Voluntarily Provide to Us: The personal information we collect on or through the Services may include:
  • Account Registration: information relating to the creation of an account on one of the Sites, including the B2B Site, such as first and last name, email address, postal address, telephone number, and/or a unique individual password;
  • Form Submissions: information that you provide by filling in forms that we make available. This includes when making purchases from the B2B Site or requesting information or assistance, and may include information that users of the Sites optionally provide regarding their skin or other physiological conditions, in order to receive information about our products;
  • Newsletter Sign-ups: information relating to any Crystalline newsletter as may be available for registered users, including name and email address;
  • Technical Support and Customer Service: information you provide when you report a problem with the Services or otherwise communicate with us by email, the Sites, by telephone, in writing or through other means, including records and copies of your correspondence;
  • Promotions and Feedback: information relating to your participation in any promotion;
  • Payment Information:  payment card, transaction or financial account information, in the event you make a direct purchase via Crystalline;
  • Job Applications:  employment- and background-related information provided to us as a part of the job application process; or
  • Device Permissions: information relating to your use of features of the Services that may ask you to grant us access to location information, photos, microphone, or media on your computer or mobile device.
  Please note:  When communicating with us by email or through forms on the Sites, we ask that you please do not send us any sensitive information pertaining to yourself, medical prescriptions, or any other information relating to diagnosis or medical treatment of any health problems.  Crystalline does not collect or store sensitive information or special categories of information, as further described below.  Instead, always consult with a licensed medical healthcare professional regarding any medical concerns or treatment. Never disregard professional medical advice or delay seeking medical treatment because of something you have read on or accessed through the Services. b. Information Collected Automatically: As you navigate through and interact with the Sites or Apps, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions and patterns, including:
  • Information About Your Use of the Services: when you browse the Sites, our systems automatically collect information such as your web request, Internet Protocol (“IP”) address, browser type, browser language, domain names, referring and exit pages and URLs, platform type, pages viewed and the order of these page views, the amount of time spent on particular pages, and the date and time of your request.
 
  • Device Information: if you access the Services through a mobile device (e.g., a smart phone or tablet), we may be able to identify the general location of your mobile device, your mobile device’s brand, model, operating system, resolution, screen size, system version, mobile network information, and your mobile device’s advertising ID.
 
  • Performance Data:  information about your preferences to make your use of the Services more productive, via the use of Cookies or similar tracking technologies. For more information, please see Section 5.
  1. Information from Third Parties: When you interact with the Services, including without limitation the B2B Site, hosted by Shopify, or Crystalline’s accounts on Facebook, Instagram, YouTube and any of our other social media platform accounts (collectively, our “Social Media”), we may collect the personal information that you or the platform make available to us on that page or account, including your social media account ID and/or user name associated with that social media service, your profile picture, email address, friends list or information about the people and groups you are connected to and how you interact with them, and any information you have made public in connection with that social media service.
  The information we obtain depends on your privacy settings on the applicable social media service; we will comply with the privacy policies of the respective social media platform and we will only collect and store such personal information that we are permitted to collect by those social media platforms. When you access the Services through social media channels or when you connect the Services to social media services, you are authorizing us to collect, store, and use such information and content in accordance with this Privacy Policy.
  1. HOW WE USE YOUR INFORMATION
Crystalline will only use your personal information as described in this Privacy Policy or as disclosed to you prior to such processing taking place. The purposes for which we may use your personal information include:  
  1. To Provide You The Services: providing any Services or products that you request or purchase in connection with the Services;
  2. To Provide You with Service-Related Communications: contacting you regarding the administration of any features or functions of the Services you have registered to use, and notifying you about changes to the Services, our policies, terms, or any products or services we offer or provide though the Services;
  3. To Provide Customer Support or to Respond to You: providing you with notices about any  account you may have and responding to your questions or other requests;
  4. To Send You Marketing and Promotional Emails: contacting you with newsletters, marketing or promotional materials and other information that may be of interest to you based on the Services that you already use or the offerings that you have already purchased or inquired about, unless you have opted not to receive such information;
  5. For Internal Research and Services Improvement: using information for internal research and development of Crystalline products and offerings, as well as accumulating and reporting aggregate, statistical information in connection with the Services user activity, including determining which features and services users like best to help us operate, enhance, and improve our products and Services;
  6. To Enforce Compliance with Our Agreements or Policies: keeping you secure and safe while using the Services, which requires us to process your personal information in accordance with this Privacy Policy to combat spam, malware, malicious activities, fraud, or security risks as part of our ongoing maintenance and enforcement of our security measures, and carrying out our obligations and enforcing our rights arising from any contracts entered into between you and us, including for billing and collection;
  7. To Maintain Legal and Regulatory Compliance: processing personal information to pay our taxes, fulfill our business obligations, for compliance with employment and recruitment laws, or as necessary to manage risk under applicable law;
  8. For Customization: saving your user account, registration and profile data or other personal information (so you do not have to re-enter it each time you visit or use the Services); tracking your return visits to and use of the services; tailoring your experience on the Services; and/or otherwise customizing what you see when you visit and use the Services;
  9. With Your Consent: for any other purpose disclosed to you prior to you providing us your personal information or which is reasonably necessary to provide the Services or other related products and/or services requested, with your permission or upon your direction;
  10. For Employment Purposes: processing job applications, including to communicate with you and to conduct applicant and employment-related statistical evaluation and record-keeping.
  4. SHARING AND DISCLOSURE OF PERSONAL INFORMATION We may share or disclose your personal information in the following circumstances:
  1. Within Our Corporate Organization. We may share your personal information with any Crystalline subsidiaries and affiliates in order to provide you with the Services and take actions based on your request, as well as for the purpose of management and analysis.
  2. Service Providers. We may employ other companies and individuals to facilitate the Services, provide services on our behalf, perform service-related business activities, or assist us in analyzing how the Services are used. These service providers provide us support services such as credit card processing, payment gateways, subscription processing, website hosting, the B2B Site, customer relationship management, order fulfillment and shipping, email and postal delivery, analytics, surveys, and marketing and advertising services. The service providers have access to your personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
  3. Corporate Transactions. We may disclose personal information to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about the Services users is among the assets transferred. You agree to and do hereby consent to our assignment or transfer of rights to your personal information.
  4. As Required by Law and to Protect Lawful Interests. We may disclose your information if we believe that the disclosure is required by law, if we believe that the disclosure is necessary to enforce our agreements or policies, in response to valid requests by public authorities (e.g., a court or a government agency), or if we believe that the disclosure will help us protect the rights, property, or safety of Crystalline or our customers.
  5. With Your Consent. We may disclose your personal information for any purpose with your consent.
Please note that we may disclose, without restriction, aggregated or anonymized information about the users of the Services, which is information that does not identify any specific individual.
  1. COOKIES AND OTHER TRACKING TECHNOLOGIES
We may use cookies, embedded scripts and other similar technologies (collectively, “Tracking Technologies”) to collect additional personal information automatically as you interact with the Services and to personalize your experience with the Services. We also may use these technologies to collect information about your online activities over time and across third party websites or other online services. a. Cookies Cookies are small web files that a site or its provider transfers to your device’s hard drive through your web browser that enables the site’s or provider’s system to recognize your browser and remember certain information. We use first-party and third-party cookies for the following purposes:
  • to make the Services function properly;
  • to improve the Services;
  • to make login to the Services easier (such as by remembering your user ID);
  • to recognize you when you return to the Services and to remember information you have already provided;
  • to track your interaction with the Services;
  • to collect information about your activities over time and across third party websites or other online services in order to deliver content and advertising tailored to your interests;
  • and to provide a secure browsing experience during your use of the Services.
We may place cookies from third-party service providers, including without limitation Shopify, who may use information about your visits to other websites to target advertisements for products and services available from us. We do not control the types of information collected and stored by these third-party cookies. You should check the third-party’s website for more information on how they use cookies. b. Your Choices Your browser may provide you with the option to refuse some or all browser cookies. You may also be able to remove cookies from your browser. You can exercise your preferences in relation to cookies served on the Sites by taking the steps outlined below.
  • First-Party Cookies. You can use the browser with which you are viewing the Sites to enable, disable or delete cookies. To do this, follow the instructions provided by your browser (usually located within the “Help”, “Tools” or “Edit” settings). Please note, if you set your browser to disable cookies, you may not be able to access secure areas of the Sites. Also, if you disable cookies other parts of the Sites may not work properly. You can find more information about how to change your browser cookie settings at http://www.allaboutcookies.org.
  • Third-Party Cookies. Many advertising companies that collect information for interest-based advertising are members of the Digital Advertising Alliance (DAA) or the Network Advertising Initiative (NAI), both of which maintain websites where people can opt out of interest-based advertising from their members. To opt-out of website interest-based advertising provided by each organization’s respective participating companies, visit the DAA’s opt-out portal available at http://optout.aboutads.info/, or visit the NAI’s opt-out portal available at http://optout.networkadvertising.org/?c=1.Residents of the European Union may opt-out of online behavioral advertising served by the European Interactive Digital Advertising Alliance’s participating member organizations by visiting https://www.youronlinechoices.eu/.To opt-out of data collection for interest-based advertising across mobile applications by participating companies, download the DAA’s AppChoices mobile application opt-out offering here:  https://youradchoices.com/appchoices.
We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. In addition, most web browsers provide help pages relating to setting cookie preferences. More information may be found for the following browsers here: In addition, you can opt out of targeted advertising at any of the links below: Lastly, you can opt out of direct mail services by visiting the Direct Marketing Association at: https://dmachoice.thedma.org/. c. Analytics We may use third-party service providers to monitor and analyze the use of the Sites. Presently, we use Google Analytics. Google Analytics is a web analytics service offered by Google LLC (“Google”) that tracks and reports Site traffic. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics, available at: https://tools.google.com/dlpage/gaoptout.   We also use Shopify to power our online store — you can read more about how Shopify uses your personal information here: https://www.shopify.com/legal/privacy. d. Other Tracking Technologies To see how the Sites are performing we sometimes use conversion beacons, tags, scripts and pixels, which fire a short line of code to tell us when you have clicked on a particular button or reached a particular page.  We also use these tracking technologies to analyze usage patterns of the Services.  The use of these technologies allows us to record that a particular device, browser, or application has visited a particular webpage. e. Do Not Track Some Internet browsers, such as Internet Explorer, Firefox, and Safari, include the ability to transmit “Do Not Track” or “DNT” signals. Since uniform standards for “DNT” signals have not been adopted, the Sites do not currently process or respond to “DNT” signals.
  1. RETENTION
Crystalline will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your personal information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data or the information you provided to us to comply with applicable laws), resolve disputes and enforce our legal agreements and policies. We will retain your marketing contact information until you unsubscribe from our marketing communications. We will also retain Services usage data for internal analysis purposes. Usage data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of the Services, or we are legally obligated to retain this data for longer periods.
  1. COMMUNICATIONS PREFERENCES
In order to provide service to you, we may send you communications related to your transactions, security, or the administration of the Sites. From time to time, we may also send you other messages or updates about Crystalline, the Sites, and our other products and offerings. If you do not wish to receive non-transaction or security-related communications from us, you may opt-out by clicking the “unsubscribe” link in the communication or by contacting us as specified in the “Contact Us” section below. Please note that if you opt out of receiving communications from us, we may still send you service communications such as emails about your account. Please note as well that “opt-out” and “unsubscribe” requests may not take effect immediately and may take a reasonable amount of time to receive, process and apply, during which time your information shall remain subject to the prior privacy settings.
  1. ACCESS, CORRECTION, AND DELETION OF YOUR PERSONAL INFORMATION
You have the right to access, correct, and delete your personal information that you shared with us on the v or Services or through other written or oral means.  We are committed to allowing you to ensure that your personal information is kept accurate and up to date. However, it is up to you to update it with any changes. To the extent you have provided such information via an account registration, you can review and submit changes to your personal information by logging into the respective Site and visiting your account profile page. You may also notify us via the information in the “Contact Us” section below to request access to, or to correct any personal information that you have provided to us. We may not accommodate a request to delete or change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. If you no longer wish to have your personal information processed, you may request to delete your account (username and password), subject to certain limitations, by contacting us as described below.
  1. IMPORTANT NOTICE FOR NON-U.S. RESIDENTS
Crystalline Health & Beauty Inc. is a United States-based company, and its parent, Crystalline Health & Beauty From the Dead Sea Ltd., is an Israel-based company. Please be aware that your information, including your personal information, may be transferred to, processed, maintained, and used on computers, servers, and systems located in the United States, Israel, Ukraine or other locations where the privacy laws may not be as protective as those in your jurisdiction. If you choose to use the Sites while located outside the United States, Israel and the Ukraine, you hereby irrevocably and unconditionally consent to such transfer, processing, and use of your information in the United States, Israel and the Ukraine and elsewhere. If you do not wish for your information to be transferred to, processed, or maintained outside of the country or jurisdiction where you are located, you should immediately cease accessing the Services.
  1. ADDITIONAL DISCLOSURES FOR DATA SUBJECTS IN THE EEA, THE U.K. AND SWITZERLAND
This section provides general information about how Crystalline collects, stores, uses, transfers and otherwise processes personal data in or from certain countries in the European Economic Area, the United Kingdom, and Switzerland (together, for purposes of this section of this Privacy Policy, the “EEA”), in accordance with the General Data Protection Regulation (“GDPR”) and its local implementations. (a)  Lawful Bases of Processing – Where Crystalline is acting as a data controller that determines the purposes and means of processing your personal data, such as when we collect, use, and share personal data as described in Sections 2 through 4 above, we must have a lawful processing basis for doing so.  Our lawful bases for processing personal data include:
  • to conclude or perform a contract with you, for example to:
    • process your purchases of or requests for products and services;
    • communicate with you about purchases, professional services, accounts, and programs;
  • for our legitimate business purposes, including to:
    • respond to your customer service inquiries and requests for information;
    • maintain, improve, and analyze the Services, advertisements, and the products and services we offer;
    • detect, prevent, or investigate security breaches or fraud; and
    • facilitate the functionality of the Services;
  • to comply with our legal obligations, for example to maintain appropriate records for internal administrative purposes and as required by applicable law; and
  • on the basis of your consent, for example to send you via email and other electronic means personalized promotions and special offers or informing you about our products, offerings, events, or other promotional purposes.
You can withdraw your consent at any time by contacting us as described in the “Contact Us” section below. Please note that we do not collect any special categories of personal information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. (b) Your EEA Data Subject Rights – Under certain circumstances, by law you have the right to:
  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you.
  • Request correction of the personal information that we hold about you.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it.
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party), or where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you.
  • Request the transfer of your personal information to another party, when possible.
  • Not be subject to automated decision-making producing legal or significant effects on an individual, which we do not engage in.
To exercise any of these rights, please contact us as set forth in the “Contact Us” section below and specify which GDPR privacy right(s) you wish to exercise.  We must verify your identity in order to honor your request, which we will respond to within 30 days of receipt.       (c) Transfers – When we transfer or receive personal data from the EEA, we do so pursuant to appropriate safeguards or your explicit consent under GDPR Article 49.       (d) Retention – As described in the “Retention” section above, as a general rule, we keep your data for only as long as it is needed to complete the purpose for which it was collected or as required by law. We may need to keep your data for longer than our specified retention periods to honor your requests, including to continue keeping you opted out of marketing emails, or to comply with legal, regulatory, accounting or other obligations.        (e) Complaints – If you have any issues with our compliance, you have the right to lodge a complaint with an EEA supervisory authority (link). We would, however, appreciate the opportunity to first address your concerns and would welcome you directing an inquiry first to us per the “Contact Us” section below.
  1. DATA SECURITY
We have implemented reasonable measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. Any payment transactions will be encrypted using SSL or other encryption technology, or will use our third party payment processors, who will use appropriate security procedures. The safety and security of your information also depends on you. Where you have chosen a password for access to certain parts of the Services, you are responsible for keeping this password confidential. You should not share your password with anyone. Unfortunately, the transmission of information via the Internet is not completely secure. Although we strive to protect your personal information, we cannot guarantee the security of your personal information transmitted to the Services. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services.  If you believe that any of your personal information held by Crystalline has possibly been compromised, please contact us immediately as described in the “Contact Us” section below.
  1. INTEGRATION OF THIRD-PARTY PLATFORMS AND SERVICES
The Services may be linked to, rely on and be integrated with websites, applications, interfaces, services and platforms operated by other companies, including third-party services. The Sites or Apps may also feature advertisements from these companies. We are not responsible for the privacy practices of such websites, applications, interfaces, services and platforms operated by third parties that are linked to, rely on and/or integrated with the Services or for the privacy practices of third party advertising companies. Once you leave the Services via a link, access a third-party service or click on an advertisement, you should check the applicable privacy policies to determine, among other things, how related companies process personal information they may collect about you. This Privacy Policy applies solely to information collected by Crystalline.
  1. CHILDREN’S PRIVACY
Crystalline Services are not directed toward children under the age of 16, and we do not knowingly collect any personal information from children under the age of 16. If a child under 16 provided the Sites or Apps with personal information, we ask that a parent or guardian contact us as described below so that we may promptly delete the child’s information from our records.
  1. CONTACT US
We welcome your questions, comments, and concerns about privacy. You can contact us anytime via email at privacy@crystalline.co.il, or as follows: Crystalline Health & Beauty, Inc., 401 Bordentown Hedding Rd., Suite #2, Bordentown, NJ 08505, Attn: Legal Department, Telephone: (609) 622-4626