HOLISTIC ALL PRIVACY POLICY

Last Updated: January 2025

​

1. Introduction

1.1 About Us
This Privacy Policy (“Policy”) outlines how Holistic All (owned and operated by XXX) and its related entities (collectively “we,” “us,” or “our”) collect, use, disclose, retain, and protect personal information in connection with:

• Our website, www.holisticall.com, subdomains, mobile versions, or other online or offline Services (collectively, the “Site” or “Services”);

• The Holistic All Marketplace (“Marketplace”), including potential and existing marketplace sellers (collectively, “sellers”), or any individuals involved with or acting on behalf of a corporate seller;

• Associated operational processes such as onboarding, compliance checks, transaction facilitation, and marketing.

1.2 Who This Policy Covers

• Buyers & Site Visitors: Individuals using or browsing our Site to make or inquire about purchases.

• Sellers & Prospective Sellers: Sole traders, individuals engaged by corporate sellers, or prospective sellers applying to join our Marketplace.

• Others Who Interact With Us: Anyone contacting us for service, support, or further information regarding Holistic All.

1.3 What This Policy Does Not Cover

• Specialized Services: Separate services, websites, or applications with their own distinct privacy notices (e.g., health operations, financial products, or other specialized business lines).

• Links to Third Parties: External websites, apps, or social platforms not owned or controlled by us. Their privacy policies govern how they handle your data.

1.4 Acceptance & Updates
By using our Site or Marketplace or otherwise providing personal information to us, you acknowledge that you have read, understood, and agree to the terms of this Policy. We may modify this Policy at any time, with changes taking effect upon posting. The “Last Updated” date above indicates the latest revision.

1.5 Global Data Privacy Regulations
We recognize and endeavor to respect and comply with various global data protection regulations, including but not limited to the EU/UK General Data Protection Regulation (GDPR), U.S. state privacy laws, International Privacy Principles, and other relevant international frameworks. Where extraterritorial laws apply, we will strive to uphold applicable compliance obligations. However, we disclaim liability for any damages arising from factors beyond our reasonable control, such as third-party breaches, user negligence, changes in local laws, or unforeseen regulatory actions.

​

2. What Personal Information Do We Collect?

We collect or receive personal information in various ways, depending on the nature of your interactions with us (e.g., as a buyer, seller, or visitor). Not all categories will apply to every individual. Below are the categories of personal information that may be collected:

1. Basic Personal Identifiers

   • Name, phone number, physical address, email address, government-issued identifiers (e.g., driver’s license, passport), signatures, and usernames.

2. Device & Online Identifiers

   • IP addresses, MAC addresses, cookie IDs, mobile ad IDs, login credentials, browser details, operating system, and other technical data about devices used to access our Services.

3. Internet & Network Activity Information

   • Browsing/search activity, keystroke patterns, and interactions with our Site, emails, mobile apps, or ads (to distinguish human users from bots).

4. Communications

   • Content of emails, texts, or other messages exchanged with us (including call recordings or chat logs where permitted by law).

5. Commercial Information

   • Purchase, rental, or return history; product preferences; transaction details; product reviews; entries for contests or sweepstakes.

6. Demographic Information

   • Age, gender, citizenship, marital status, household income, education, and related data (where relevant or provided voluntarily).

7. Financial Information

   • Bank account data, credit/debit card numbers, or credit scores (where necessary for transactions, onboarding checks, or compliance).

8. Biometric Information

   • Face geometry (e.g., for virtual try-on), voice prints, or other biometric identifiers, collected only if you opt into relevant features.

9. Geolocation Data

   • Approximate or precise location (e.g., IP-based location or GPS data), subject to device settings and user consent.

10. Sensory Information

    • Audio, video, photographic recordings (e.g., in-store cameras or user-uploaded images).

11. Inferences

    • Insights about preferences, behaviors, or aptitudes, which may be derived from your marketplace selling or buying patterns.

12. Background & Onboarding Information

    • Checks against sanctions lists (e.g., OFAC), criminal convictions, or details from press releases or public sources regarding prospective sellers.

 

3. How Do We Use Your Personal Information?

We may use the personal information we collect for the following purposes and under various legal bases (including, where applicable, legitimate interests, consent, or legal obligations):

1. Onboarding & Application Evaluation

   • Purpose: Process and decide upon potential sellers’ Marketplace applications (including risk checks, background checks, press releases).

   • Legal Basis: Legitimate interests (ensuring risk control, safeguarding buyers, preventing criminal activity) or legal obligations (e.g., checking sanctions lists).

2. Account Creation & Maintenance

   • Purpose: Set up and maintain seller or buyer accounts; authenticate access to the Marketplace.

   • Legal Basis: Legitimate interests (fulfilling Marketplace contracts, operational integrity).

3. Transaction Facilitation

   • Purpose: Handle orders, returns, or customer services and inquiries for both buyers and sellers.

   • Legal Basis: Legitimate interests (supporting Marketplace transactions), contractual obligations (fulfilling purchases).

4. Handling Seller & Customer Communications

   • Purpose: Manage complaints, claims, refunds, or general queries.

   • Legal Basis: Legitimate interests (complying with seller/buyer contract terms, protecting commercial reputation).

5. Payments & Settlements

   • Purpose: Settle seller payouts, process buyer payments, manage financial records.

   • Legal Basis: Legitimate interests (fulfilling contracts, operational continuity).

6. Seller Training & Support

   • Purpose: Provide training resources or services to enhance seller performance on our Marketplace.

   • Legal Basis: Legitimate interests (improving Marketplace experience).

7. IT & Administrative Services

   • Purpose: Provide technical support, maintain Site performance, debug or fix errors.

   • Legal Basis: Legitimate interests (security, anti-fraud, operational efficiency).

8. Auditing, Analytics & Business Analysis

   • Purpose: Conduct audits, risk assessments, analytics, and financial or operational reporting to improve services.

   • Legal Basis: Legitimate interests (operational enhancement, detecting fraud).

9. Legal Compliance & Enforcement

   • Purpose: Fulfill obligations under laws (tax, consumer protection, AML/KYC), respond to legal requests, defend or enforce legal rights.

   • Legal Basis: Legal obligations or legitimate interests (protecting the business).

10. Marketing, Personalization & Service Notifications

    • Purpose: Send optional marketing communications (with consent), personalize seller/buyer experiences, provide service-related notifications.

    • Legal Basis: Consent for marketing; legitimate interests for essential communications.

11. Preventing & Detecting Fraud or Deception

    • Purpose: Identify suspicious behavior, protect data integrity, investigate unauthorized activity, or ensure platform security.

    • Legal Basis: Legitimate interests (protecting commercial interests), compliance with law.

12. Tax & Regulatory Requirements

    • Purpose: Process data for tax calculations, credit checks, or compliance with local/federal regulations (e.g., consumer financial laws).

    • Legal Basis: Legal obligations or legitimate interests.

 

4. How Do We Collect Personal Information?

1. Provided Directly by You (or a Marketplace Seller)

   • Application or onboarding forms, account creation, purchase details, direct inquiries, or during training sessions.

2. Collected Through Automated Means

   • Cookies, web beacons, device logs, and interaction data with our Site, including usage metrics and ad interactions. These may capture, for example, your device ID, IP address, and browsing data.

3. Obtained from Other Entities Within Our Corporate Family

   • We may receive relevant personal data from related entities for operational continuity, marketing, or risk management.

4. Obtained from External Third Parties

   • Onboarding and risk-check organizations, credit check providers, or data enrichment partners.

   • Legal or government bodies for sanctions checks or law enforcement requests.

 

5. Disclosures of Personal Information

We may share or disclose personal information to the following categories of recipients, but always in line with the uses described in Section 3:

1. Corporate Affiliates & Family

   • For aligned business operations, risk management, and compliance across related entities.

2. Service Providers

   • Examples: Cloud hosting, payment processors, marketing platforms, data analytics, security specialists.

   • We require these providers to protect your data and only use it for the contracted purpose.

3. Banks & Credit Reference Agencies

   • For onboarding verifications, payment processing, credit checks, or merchant cash advance eligibility.

4. Auditors & Professional Advisors

   • For legal, financial, compliance, or audit reviews.

5. Research Consultants

   • To conduct interviews, surveys, or user tests that help improve seller and buyer experiences.

6. Law Enforcement, Courts & Government Authorities

   • When legally compelled (e.g., court orders, subpoenas) or to protect the safety and rights of individuals, Holistic All, or third parties.

7. Potential Buyers of Our Business

   • If we reorganize, merge, sell, or transfer ownership; any entity acquiring us will handle your data per this Policy (or provide notice if the terms change).

8. Public or Deidentified Data

   • We may share deidentified or aggregated data that cannot reasonably identify you, for analytics or industry research purposes.

 

6. Where Do We Store & Process Personal Information?

Your personal data may be processed or stored in International or other jurisdictions where we or our service providers operate. We endeavor to comply with relevant local and international data transfer laws, including the GDPR’s requirements regarding cross-border transfers (e.g., using Standard Contractual Clauses or other recognized transfer mechanisms). However, we cannot guarantee that every local regulation globally is fulfilled if local laws conflict or if extraterritorial requirements exceed our operational scope. We take reasonable steps to protect your data consistent with this Policy.

 

7. How Long Do We Retain Your Personal Information?

We retain personal information only as long as necessary for the purposes outlined in this Policy, and to fulfill legal, regulatory, tax, accounting, or reporting requirements. If we are involved in a dispute, complaint, or legal proceeding, we may keep data longer until it is resolved. We follow internal retention guidelines to securely dispose of data when no longer needed.

 

8. Security Measures

We employ physical, administrative, and technical safeguards (e.g., encryption, restricted access, secure servers) to protect personal information against unauthorized access, destruction, alteration, or disclosure. However, no security system is foolproof, and we cannot guarantee absolute security. Users are encouraged to take steps to protect their credentials and devices.

 

9. Third-Party Links & Features

The Marketplace or our Site may include links to third-party websites, plug-ins, or apps. By clicking those links, you may enable third parties to collect data about you. We do not control these external entities, and their privacy practices are governed by their own policies. We recommend reviewing their privacy statements. We disclaim liability for any unauthorized or unlawful use of data by these third parties or any persons not under our direct control.

 

10. International & Multi-Jurisdiction Privacy Rights

Depending on your location, you may have specific privacy rights under various laws (e.g., GDPR in the EU/UK, U.S. state laws, PIPEDA in Canada, etc.). These rights vary by jurisdiction but may include:

• Access & Correction: Obtain a copy of personal data we hold about you or request corrections of inaccuracies.

• Deletion/Erasure: Request deletion or erasure of certain data (subject to legal exceptions).

• Data Portability: Request transfer of data to another entity in a structured, commonly used format.

• Objection & Restriction: Object to certain processing activities or request that we limit the processing of your data.

• Withdraw Consent: Where processing is based on consent, withdraw that consent at any time (without affecting prior lawful processing).

• Not Be Subject to Automated Decision Making: In certain regions (e.g., UK, EU), object to decisions solely based on automated processing that significantly affect you.

We respect these rights where applicable law grants them. To exercise these rights, please see Section 13 on how to contact us. We will respond within the timeframe required by law. If unsatisfied, you may be entitled to lodge a complaint with your local data protection authority.

 

11. Potential Harms from Data Processing

While we implement reasonable safeguards, risks inherent to data processing include:

• Unauthorized disclosure, theft, or hacking incidents;

• Potential reputational or emotional harm if personal data is misused;

• Financial loss if payment/financial data is compromised.

We work diligently to minimize these risks through security measures, staff training, and robust vendor agreements. However, we disclaim liability for any harm arising from third-party misuse of data where we have implemented reasonable preventive measures.

 

12. Children’s Privacy

Our Site and Marketplace are not directed to children under 13 (or other ages as defined by local laws). We do not knowingly collect or process data from minors without parental consent. If you become aware that a minor’s personal data was submitted improperly, please contact us immediately.

​

13. Your Choices & Exercising Your Rights

Depending on applicable law, you can:

• Access or Correct Your Data: Log into your account or contact us to request changes or a copy of your data.

• Delete or Restrict: Request deletion of specific data or restriction of processing if allowed by law.

• Marketing Preferences: Opt out of marketing emails via unsubscribe links or adjusting your account settings. You may still receive necessary administrative or transactional notices.

• Authorized Agents: If you choose a representative (e.g., under a power of attorney) to make a request on your behalf, we may require proof of authority.

• Verification: We may require you to verify your identity or account ownership before fulfilling privacy-related requests. If we cannot verify identity, we may deny the request.

Please direct all rights requests or questions to us using the details in Section 14.

 

14. Contact Us

For privacy-related inquiries, requests, or complaints:

Holistic All
(Owned & Operated by YYY)
www.holisticall.com
Contact Form

We typically respond within 30 days or the timeframe required by law. If you have unresolved concerns, you may have the right to file a complaint with your local data protection authority or privacy regulator.

 

15. Limitations of Liability & Indemnification

15.1 Disclaimer of Warranties
We provide the Marketplace and Services “as is” and “as available” without warranties of any kind, except as required by law.

15.2 No Liability for Third Parties or User-Posted Data

• We are not liable for the actions, omissions, or privacy practices of sellers, service providers, or any other third parties, including unauthorized access, harvesting, or misuse of user-posted data.

• You acknowledge that any data you post or share (e.g., on forums, listings, or messages) may be accessed or copied by others, and we disclaim liability for any further distribution or misuse of such data once it is outside our direct control.

15.3 Indemnification
You agree to indemnify, defend, and hold harmless Holistic All, its officers, directors, employees, and affiliates from any claims or damages arising from:

• Your breach of this Policy;

• Misuse of personal information by you;

• Violation of any law or regulation;

• Unauthorized acts or omissions by you, your agents, or third parties under your control.

15.4 Consequential Damages & Limitations
To the fullest extent permissible by law, we disclaim liability for indirect, incidental, consequential, or punitive damages related to your use of the Site or Services. In no event will our total liability exceed the amount paid (if any) by you for using the Site or Services in the six (6) months preceding the claim, except where prohibited by law.

15.5 Legal Protections
Nothing in this Policy is intended to exclude or limit any legal protections available to us, including statutory immunities or defenses. In jurisdictions that limit the enforceability of these disclaimers and limitations, our liability shall be limited to the fullest extent permitted by law.

​

Acknowledgment

By accessing or using our Site or Services, you confirm that you have read and understood this Privacy Policy and agree to its terms (including any future updates). If you do not agree, you must discontinue using our Site and Services immediately.

Thank you for reviewing our updated Privacy Policy. If you have any questions or concerns about how we handle your personal information, please reach out using the contact details in Section 14.