This policy outlines and sets forth the privacy practices of (i) the ILOLA™ website located at https://ilolas.com/ (the “Website”), (ii) the ILOLA™ online social shopping marketplace enabling consumer product owners (each, a “Brand”) to reach persons offering to create promotional online media content for dissemination on such persons’ social media network(s) (each, an “Creator”) in exchange for Brands’ products at no cost to Creators or at a significantly discounted price (the “Services”), and (iii) any and all other services provided by ILOLA™, as described on the Website (collectively, the “Platform”). Products shall include physical products, online/virtual products, services, subscriptions, and software.

The policy shall be implemented and executed by Selah LLC (d/b/a ILOLA™), a limited liability company incorporated pursuant to the laws of Delaware, USA having its principal office at 445 Marine View Ave. Suite 300 Del Mar, California,  92014 (“We”, “ILOLA™”, and the “Company”). The Policy shall cover the use of the Platform and Services by registered Brands and Creators, as well as visitors to the Website and Platform. 

This policy does not apply to the practices of third parties (including Brands and third party service providers of ILOLA™) who may also collect or receive data in connection with users’ use of the Services.

1. Privacy Policy

The Company processes users personal information to run their business and provide their users with the Services. By accepting the Terms of Use (and in some jurisdictions, by acknowledging this policy), users confirm that users have read and understand this policy, including how and why the Company uses users’ information. If users do not want the Company to collect or process their personal information in the ways described in this policy, users shouldn’t use the Services, Website and Platform. The Company is not responsible for the content or the privacy policies or practices of any of its members, websites linked within the Website and Platform, or linked third-party websites.

The Company’s Terms of Use require all users to have reached the age of majority in their jurisdiction of residence and if applicable, if they are under the age of majority in their jurisdiction of residence, they have their parents’ or guardian’s prior permission to access or use the Platform and Website. Children under age 13 are not permitted to use the Services, Website, and Platform. Users are responsible for any and all account activity conducted by a minor on their account. The Company does not knowingly “sell,” as that term is defined under applicable law, including the California Consumer Privacy Act (the “CCPA”), the personal information of minors. 

By using the Services, users acknowledge that the Company will use users’ information in the United States, and any other country where the Company operates. Please be aware that the privacy laws and standards in certain countries, including the rights of authorities to access users’ personal information, may differ from those that apply in the country in which users reside. The Company will transfer personal information only to those countries to which the Company is permitted by law to transfer personal information as more fully described in the “Transfers” Section of this policy.

2. Information Collected or Received

In the course of providing Services, the Company may collect or receive users’ personal information in a few different ways. The Company may obtain the categories of personal information listed below from the following sources: 

1. directly from users, for example, from forms users complete or during registration;
2. indirectly from users based on their activity and interaction with the Company’s Services, or from the device or browser users use to access the Services; 
3. from our vendors and suppliers that help provide the Company services that users may interact with (such as, for example, for payments or customer support), and from our third party advertising and marketing partners. 

The Company uses the personal information it receives and collects in accordance with the purposes described in this policy.

Registration, Account Setup, Service Usage: In order for users to use the Services, users will be required to submit a valid email address. If users register, they will need to submit a name associated with their account. Users may modify that name through their dashboard. Users will need to provide this information to enable the Company to provide users with the Services. Additional information, such as billing and payment information (including billing contact name, address, telephone number, credit card information), a telephone number, and/or a physical postal address, will be necessary in order for the Company to provide Services. 

Profile: Users may provide their name, brand name (if a Brand) and other personal information. Users can update certain information through their account settings (such as email address, telephone number, address details, social media links, and profile picture). The name associated with their account is publicly displayed and connected to their activity. 

Automated Information: The Company automatically receives and records information from users’ browser or users’ mobile devices when they visit the Website, the Platform or use certain features of the Services, such as IP address or unique device identifier, cookies, and data about which pages users visit and how they interact with those pages in order to allow the Company to operate and provide the Services. This information is stored in log files and is collected automatically. 

Data from Advertising and Marketing Partners: As described below, the Company receives information from its advertising and marketing partners about users. This information can include attribution information via cookies and UTM tags in URLs to determine where a visit to the Website and Platform comes from, responses to marketing emails and advertisements, responses to offers, and audience information from partners whose users have given consent to share that information with the Company.

Location Information: The Company obtains location information users provide in their profile or their IP address. The Company may use and store information about users’ location to provide features and to improve and customize the Services. 

Non-user Information: The Website receives or obtains information (for example, an email address or IP address) about a person who is not yet a registered user (a “non-user”) in connection with certain Website and Platform features. Non-user information is used only for the purposes disclosed when it was submitted to the Company, for purposes necessary to the functioning of the Company’s Services or where the Company has a legitimate interest, as disclosed in the “Information Uses, Sharing, & Disclosure” Section below, or to facilitate action authorized by a non-user.

3. Messages from the Company

On occasion, the Company will need to contact users. Primarily, these messages are delivered by email including marketing, transactions, advocacy, and service update purposes. Users can opt out of receiving marketing communications via email by following the unsubscribe link in any marketing email users receive. Every account is required to keep a valid email address on file to receive messages. 

Users understand and agree that the Company can send users non-marketing emails. Examples of service-related messages include an email address confirmation/welcome email, notification of an order, service availability, modification of key features or functions, relaying messages with Brands or Creators, and correspondence with the Company’s support team.

4. Information Uses, Sharing, & Disclosure

The Company will not disclose users name, email address, or other personal information to third parties without users’ consent, except as specified in this policy.

Users can control their privacy settings by contacting the Company in accordance with the “Contact” section below. Notably, certain personal information is required in order for the Company to provide users with the Services. As such, if users request the Company not to collect, use, share, process, and/or disclose required personal information in the manner required by the Company, such users will no longer be able to use the Services, Website, and Platform. In such instances, the Company will respond to such users’ requests informing them to cease using the Company’s Services, Platform, and Website. 

1. Legal Bases:
   
   1. When users access or use the Services, the Company collects, uses, shares, and otherwise processes users’ personal information for the purposes described in this policy. The Company relies on a number of legal bases to use users’ information in these ways. These legal bases include where:
      1. necessary to perform the contractual obligations in the Company’s Terms of Use and in order to provide the Services to users;
      2. users have consented to the processing, which they can revoke at any time;
      3. necessary to comply with a legal or regulatory obligation, a court order, or to exercise or defend any impending or asserted legal claims;
      4. necessary for the purposes of the Company’s or a third party’s legitimate interests;
      5. users have expressly made the information public;
      6. necessary in the public interest, such as to prevent crime; and
      7. occasionally necessary to protect users’ vital interests or those of others (in rare cases where the Company  may need to share information to prevent loss of life or personal injury).
   2. The Company principally relies on consent (which can be withdrawn at any time) (i) to send marketing messages, (ii) for third-party data sharing related to advertising, and, to the extent applicable, (iii) for the use of location data for advertising purposes.
   3. The Company relies on consent for targeted online and offline marketing including through tools like Facebook Custom Audience and Google Customer Match. The Company may advertise its Services through a variety of different mediums and rely on users’ consent to do so off-site. As part of this, the Company may work with advertising partners such as Facebook, Google, and other partners. These partners have their own privacy policies and consent mechanisms for their customers, in addition to the Company’s controls. 
   4. The Company may also use first party data (e.g. users prior activity and browsing patterns on our Site), and may combine it with other data collected from users or received from advertising and marketing partners, such as publicly available information, to permit the Company to create targeted audiences based on users known or inferred demographic and/or interests to provide users with more relevant and useful advertising on the Company’s Website and Platform, in direct marketing channels (like email), or with our off site marketing partners, like Google and Facebook, subject to their terms and privacy notice users agreed to with such partners. 
2. The Company’s Legitimate Interests
   
   1. Where the Company processes users information on the basis of legitimate interests, the Company will do so as follows:
      
      1. Providing and Improving the Company’s Services: The Company uses users’ information to improve and customize Services, including sharing users’ information for such purposes, and the Company does so as it is necessary to pursue the Company’s legitimate interests of improving its Services for their users. This is also necessary to enable the Company to pursue its legitimate interests in understanding how their Services are being used, and to explore and unlock ways to develop and grow their business. It is also necessary to allow the Company to pursue their legitimate interests in improving their Services, efficiency, interest in Services for users, and obtaining insights into usage patterns of their Services. 
3. Providing Marketing Communications:
   
   1. The Company may rely on the Company’s legitimate interest to send users marketing messages (where permitted independent of consent) and for the Company’s advertising programs (including the Company’s  on-site advertising and marketing).
4. Keeping the Company’s Services Safe and Secure:
   
   1. The Company uses users’ information for safety and security purposes, which can include sharing users’ information for such purposes, and the Company does so because it is necessary to pursue the Company’s legitimate interests or those of a third party in ensuring the security of the Company’s Services, preventing harm to individuals or property, or crime, enforcing or defending legal rights, or preventing damage to the Company’s systems, or those of the Company’s users or their partners. This includes enhancing protection of the Company’s community against spam, harassment, intellectual property infringement, crime, fraud and security risks of all kinds. The Company uses users’ information to provide and improve the Services, for billing and payments, for identification, and for general research and aggregate reporting. 
5. Legal and Safety:
   
   1. The Company may also retain, preserve, or release users’ personal information to a third party in the following limited circumstances: in response to lawful requests by public authorities, including to meet legitimate national security or law enforcement requirements; to protect, establish, or exercise the Company’s legal rights or defend against impending or asserted legal claims, including to collect a debt, or a material violation of the Company’s terms and policies; to comply with a subpoena, court order, legal process, regulation, or other legal requirement; or when the Company believes in good faith that such disclosure is reasonably necessary to comply with the law, prevent imminent physical harm or financial loss, or investigate, prevent, or take action regarding illegal activities, suspected fraud, threats to the Company’s rights or property, or violations of the Company’s Terms of Use. 
   2. If the Company receives a lawful, verified request for a user’s records or information in one of the limited circumstances described in the previous paragraph, the Company may disclose personal information, which may include, but may not be limited to, a user’s name, address, phone number, email address, company/trading name, and, where appropriate, bank account and transaction details. 
6. Service Providers:
   
   1. The Company also needs to engage third-party companies and individuals (such as research companies, and analytics and security providers) to help the Company operate, provide, and market the Services. These third parties have only limited access to users’ information, may use users; information only to perform these tasks on the Company’s behalf, and are obligated to the Company not to disclose or use users’ information for other purposes. The Company’s engagement of service providers is often necessary for the Company to provide the Services to users, particularly where such companies play important roles like helping the Company keep its Service operating and secure. 
7. Third Parties:
   
   1. Third-party plug-ins also collect information about users’ use of the Website and Platform. In addition, certain cookies and other similar technologies on the Website and Platform are used by third parties for targeted online marketing and other purposes. These technologies allow a partner to recognize users’ computers or mobile devices each time users use the Services. When users use third-party sites or services, their terms and privacy policies will govern users’ use of those sites or services. The Company chooses and manages these third-party technologies placed on its Website and Platform. 
   2. This policy does not apply to the practices of third parties that the Company does not own or control or individuals that the Company does not employ or manage, except as otherwise provided for in the Terms of Use or as required by law. If users provide their information to such third parties in connection with their use of the Services, different practices may apply to the use or disclosure of the information that users provide to them. While the Company requires these third parties to follow the Company’s privacy and security requirements, the Company does not control the privacy or security policies of such third parties. For the purposes of European law, these third parties are independent controllers of data, which means that they are responsible for providing and complying with their own policies relating to any personal information they obtain in connection with the Services.

5. Transfers

The Company operates a global service. The United States (“U.S.”, European Economic Area (“EEA”) Member States, and other countries all have different laws. When users’ information is moved from their home country to another country, the laws and rules that protect their personal information in the country to which their  information is transferred may be different from those in the country in which they live. To the extent that the Company is deemed to transfer personal information outside of the EEA, the Company relies separately, alternatively, and independently on the following legal bases to transfer users’ information:

1. Necessary for the performance of the contract between the Company and its users – The Company provides a voluntary service; users can choose whether or not to use the Services. As the Company operates in countries worldwide and uses technical infrastructure in the U.S. to deliver the Services to users, in accordance with the contract between the Company (the Terms of Use), the Company will need to transfer users personal information to the U.S. and to other jurisdictions as necessary to provide the Services.

6. Security

The security of users’ personal information is important to the Company. The Company utilizes generally accepted industry standards to protect the personal information submitted to the Company, both during transmission and after it is received. Unfortunately, no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, while the Company strives to protect users’ personal information, the Company cannot guarantee its absolute security.

Users account information is protected by a password. It is important that users protect against unauthorized access to their account and information by choosing their password carefully and by keeping their password and computer secure, such as by signing out after using the Services. 

7. Retention

The Company will retain users’ information only for as long as is necessary for the purposes set out in this policy, for as long as users’ account is active, or as needed to provide the Services to users. If users no longer want the Company to use their information to provide the Services to them, they should inform the Company by contacting the Company in accordance with the “Contact” section below. The Company will retain and use users’ information to the extent necessary to comply with the Company’s legal obligations (for example, if the Company is required to retain users information to comply with applicable tax/revenue laws), resolve disputes, enforce the Company’s agreements, and as otherwise described in this policy. The Company also retains log files for internal analysis purposes.  

8. Users Rights & Choices

Certain privacy laws around the world, including the European General Data Protection Regulation (“GDPR”) and the CCPA, provide users with rights related to their personal information. Consistent with those laws, the Company gives users the choice of accessing, editing, or removing certain information, as well as choices about how the Company contacts users. Users may change or correct certain account information through their account settings. Users can also request to permanently close their account and delete their personal information, which is not required to be retained for the continued operation of the Service, Website, and/or Platform. Depending on their location, they may also benefit from a number of rights with respect to their information. While some of these rights apply generally, certain rights apply in limited cases.

1. Right to Access & Portability: Users can access certain personal information associated with their account by visiting their account settings. Users can request a copy of their personal information in an easily accessible format and information explaining how that information is used by contacting the Company in accordance with the “Contact” section below.
2. Right to Correction: Users have the right to request that the Company rectify inaccurate information about users. By visiting their account settings, they can correct and change certain personal information associated with their account. Alternatively, users can correct and change personal information associated with their account by contacting the Company in accordance with the “Contact” section below.
3. Right to Restrict Processing: In certain limited cases where the Company processes users information, users may also have the right to restrict or limit the ways in which the Company uses their personal information by contacting the Company in accordance with the “Contact” section below.
4. Right to Deletion: In certain circumstances, users have the right to request the deletion of their personal information, except information the Company is required to retain by law, regulation, or to protect the safety, security, and integrity of the Company. 
5. Right to Object: If the Company processes users’ information based on the Company’s legitimate interests as explained above, or in the public interest, users can object to this processing in certain circumstances. In such cases, the Company will cease processing users’ information unless the Company has compelling legitimate grounds to continue processing or where it is needed for legal reasons. Where the Company uses users’ personal data for direct marketing purposes, users can object using the unsubscribe link in such communications or by contacting the Company in accordance with the “Contact” section below.
6. Right to Withdraw Consent: Where the Company relies on consent, users can choose to withdraw their consent to the Company’s processing of their information using specific features provided to enable users to withdraw consent, like an email unsubscribe link or by contacting the Company in accordance with the “Contact” section below. 
7. The CCPA provides California residents with the following additional rights:
   
   1. Right to Know: California residents may request disclosure of the specific pieces and/or categories of personal information that the Company has collected about them, the categories of sources for that personal information, the business or commercial purposes for collecting the information, the categories of personal information that the Company has disclosed, and the categories of third parties with which the information was shared.
   2. Right to Opt Out of the “Sale” of Personal Information: The Company does not “sell” personal information as that term is traditionally understood; however, the Company’s use of third-party tracking technologies for interest-based advertising may be considered a “sale” of personal data under California law. Users can opt out of being tracked by these third parties by contacting the Company in accordance with the “Contact” section below.

If users would like to manage, change, limit, or delete their personal information, they can do so by contacting the Company in accordance with the “Contact” section below.

Certain personal information is required in order for the Company to provide users with the Services, Website, and Platform. As such, if users request the Company delete or not collect, use, share, process, and/or disclose required personal information in the manner required by the Company, such users will no longer be able to use the Services, Website, and Platform. In such instances, the Company will respond to such users’ requests informing them to cease using the Company’s Services, Platform, and Website. 

Please note that the Company may verify users identity before they are able to process any of the requests described in this Section, and in the Company’s discretion, deny users’ requests if they Company is unable to verify users’ identity. As a part of this process, government or other identification may be required. 

Users can find information about consumer requests the Company received and processed under the CCPA, GDPR, and similar laws, during the previous calendar year by contacting the Company in accordance with the “Contact” section below.

9. Email & Messages

The Company may send Users messages about the Services or their activity. Some of these messages are required, service-related messages for users (such as transactional messages or legal notices). Other messages are not required, such as newsletters. Users can control which optional messages they  choose to receive by contacting the Company in accordance with the “Contact” section below. 

10. Cookies

The Company uses both technically necessary (for the functioning and security of the Services) and non-technically necessary cookies and similar technologies. 

11. Additional Disclosures for California Residents

1. Notice of Collection – In addition to the Rights & Choices described above, the CCPA requires disclosure of the categories of personal information collected over the past 12 months. While this information is provided in greater detail in the “Information Collected or Received Section above, the categories of personal information that we have collected – as described by the CCPA – are:
   
   1. Identifiers, including name, email address, shop name, IP address, and an ID or number assigned to users’ accounts.
   2. Other individual records such as phone number, billing address, or credit or debit card information. This category includes personal information protected under pre-existing California law (Cal. Civ. Code 1798.80(e)), and overlaps with other categories listed here.
   3. Demographics, such as users’ age or gender, or, where users have provided such information to the Company voluntarily, demographic information about their race, ethnicity, sexual orientation, or gender identity, provided in relation to specific marketing and advocacy projects and campaigns.This category includes data that may qualify as protected classifications under other California or federal laws.
   4. Commercial information, including purchases and engagement with the Services.
   5. Internet activity, including users’ interactions with the Company’s Services and what led users to the Company’s Services.
   6. Sensory visual data, such as pictures posted on the Company’s Website and Platform.
   7. Geolocation data provided through location enabled services such as WiFi and GPS.
   8. Inferences, including information about users’ interests, preferences and favorites.

12. The Sources and Purposes for the Company’s Collection

The Company collects categories of personal information from the sources described above, and uses these categories of personal information for the Company’s business and commercial purposes as described in the “Information Uses, Sharing and Disclosure” section above, including providing and improving the Services, maintaining the safety and security of the Services, processing purchase and sale transactions, and for advertising and marketing services.

Cookies & Similar Technologies Policy – Users can opt out of receiving interest based advertising by contacting the Company in accordance with the “Contact” section below. California residents can also opt out by broadcasting the Global Privacy signal from a supported browser. The right to opt out of interest based advertising is available to all the Company users.

Do Not Track Signals – Users browser settings may allow users to automatically transmit a “Do Not Track” signal to online services they visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, unless and until the law is interpreted to require the Company to do so in a users’ state or country, the Company does not monitor or take action with respect to “Do Not Track” signals. For more information on “Do Not Track,” visit http://www.allaboutdnt.com. For California residents, the Company honors signals from the Global Privacy Control as requests to opt out of “sale” under the CCPA.

Shine the Light – California law entitles residents to ask for a notice describing what categories of personal information the Company shares with third parties for those parties direct marketing purposes. Unless users request the Company to or consent to it, the Company does not share any personal information to third parties for those parties direct marketing purposes. 

Accessibility – If users have a disability and would like to access this policy in an alternative format, they should contact the Company in accordance with the “Contact” section below.

13. Privacy Policy Changes

The Company may amend or update this policy from time to time. If the Company believes that the changes are material, the Company will let users know by doing one (or more) of the following: (i) posting the changes on or through the Services, (ii) sending users an email or message about the changes, or (iii) posting an update in the version notes on the Platform. 

14. Contact

Users should contact the Company by email at info@ilolas.com or call or corporate offics at 760-278-8726, to report any violations of this Policy or to ask any questions regarding this Policy, the Website and/or the Platform.