Date last updated: 12/06/2023
Protecting your privacy. Improving your shopping experience. Your trust is very important to us.
That’s why we want to be clear and transparent about why we collect information, the information we collect, how we use that information, and the choices you have regarding our use of it. We may also collect, use and share aggregate or anonymous data that does not identify you.
We collect information to save you time and money, and to make your shopping experience better.
We are transparent about how and why we collect information.
The information we collect helps us provide value to our customers that include savings and enhancing their shopping experience.
We are also committed to ensuring that our communications are accessible to people with disabilities. To make accessibility-related requests, please email us.
Below are examples of how we collect, use, and share data to help us create a better, safer experience on our website and mobile applications.
Developing new products and services to meet your needs
Better understanding your use of our products, services and websites
Determining your satisfaction with our programs and services
Handling customer service cases
Analyzing the performance of our products, services, and online experience and looking for ways to make them better
Providing personalized content and experiences on our websites, mobile apps and mail
Displaying personalized offers, information and ads from mystiana.com or our marketing partners (as defined in “How We Share Your Information”) on other websites and mobile apps
Sending product recall notifications to help keep you and your family safe
Responding to your comments, requests, questions, and applications for career opportunities
Fulfilling orders correctly
Safeguarding the property or other rights of our customers, associates and the company
To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity; and
Legal compliance for purchase of certain products or where otherwise required by law
Learn More About How We Use Information We Collect
We use the categories of personal information described in “What Personal Information We Collect” to support the following use cases:
Providing product or service functionality that you have requested (such as online payment, fulfilling subscription services, etc.)
To communicate with you about orders, purchases, returns, services, accounts, programs, contests and sweepstakes
Responding to communications you send us
Assisting you with customer service requests and inquiries
Development and distribution of new products and services like mobile applications
Completing e-commerce transactions
Delivering advertisements and promotions to you when you have visited our website, used one of our mobile applications, or otherwise engaged with us online
Displaying interest-based advertising for products, services, promotions, and other business activities you may be interested in
Developing statistics on engagement with our online properties and measuring how well our marketing and promotional activities perform
Identifying and preventing fraud or identity theft
Maintaining appropriate records for internal administrative and other business purposes
Facilitating the functionality of our websites and mobile applications
Providing notice of product recalls
To perform basic applicant, employment and management functions including the collection of information necessary to mitigate public health risks in our facilities, or for the resolution of safety investigations
At times, mystiana.com may provide third parties with certain personal information to provide or improve our products and services, including to deliver products at your request, or to help mystiana.com market or advertise relevant products and services to you; when we do, we require those third parties to handle it in accordance with relevant laws
Other purposes as described to you at the time
How We Collect Your Information
What Personal Information We Collect
Here are the categories of personal information we may collect from you or about you. All categories may not be collected about every individual.
Demographic information like your level of education, type of employment or other demographic information shared with us through third parties, such as social media or publicly available sources
Contact Information such as your email or postal address and phone number
Financial and payment Information such as credit and debit card numbers
Behavioral Information such as your purchase and transaction histories, geolocation data, IP Address collected from your computers and mobile devices, and information about what you do online, including your interactions with our social media posts
Inferences we make about you like demographic interest segments that we believe are relevant to you and your household based on analysis of other information we have collected
Characteristics of protected classifications under state or federal law, such as gender and nationality
Call center recordings or monitoring records from our customer contact centers
Other types of personal information that we may disclose to you prior to the point of first collection
There is also some personal information that you voluntarily share with us. This includes information used to create an account on our website, or where required by law. For example:
Communication and shopping preferences
An encrypted version of your password
If you are an employee or job applicant, we may collect additional information, including employment information, such as occupation, title, licenses, professional memberships and other information to perform basic employment and management functions, including distributing payroll and providing benefits. If you are applying for a job, we may collect contact information about you during the course of your application for employment such as contact information to correspond with you concerning potential employment opportunities and other information such as background information and your employment qualifications and history.
Our websites are for a general audience and are not geared toward children. We do not knowingly collect personal information from children under the age of 16 without prior consent of a parent or guardian. If you believe your child may have disclosed personal information to us, please email us and we will remove it.
Sources of Personal Information
We collect some information when you visit our website or use our mobile app, or when you use our online services or view our online advertisements. The information we may collect falls into three different main categories: (1) information you give us; (2) information we collect from you automatically; and (3) information we collect from other sources. These other sources may be service providers, data brokers, consumer research firms, publicly available sources, or other third parties with whom you interact or do business. For example, when you connect to one of our websites or mobile apps through a third party, we may collect information from their website. For example, if you choose to associate your social media identity with mystiana.com, the site may provide us with certain information from your social media account as permitted by your account settings.
Associating Personal Information from Multiple Sources
We may collect this information and link it to other information we already know about you. For example, we may associate your online shopping activity when you engage with our websites or mobile apps. Additionally, when you are logged in to our websites or use our mobile apps, we may link the device IDs or types to your account to understand your online activity so we can provide a better experience.
This includes pages you visit on our websites, items you add to your online shopping list, coupons you download and redeem from us, and purchase information. In addition, we may collect information when you use our mobile apps, including device location (if you choose to turn this feature on).
Cookies, Web Beacons, and Other Technologies
When you visit our websites, access our mobile apps or open one of our emails, we may automatically collect information about you using device identifiers, cookies and other technologies, including:
Unique device or user ID
System and browser type
Referring website address
Content and pages you access on our websites or mobile apps
Dates, times and locations when actions take place
Like other online advertising providers, we use this technology for system administration and troubleshooting, to identify you so we can enhance your online experience, and to deliver interest-based advertising. Our sites do not respond to browser Do-Not-Track signals. These cookies are often collected by or otherwise shared with service providers as well as third party advertising partners, as described further in our About Advertising section below.
How We Share Your Information
We share the information we collect within mystiana.com, and also with our parent company, affiliates, service providers, marketing partners and other third parties.
We may share data with third parties for the following business purposes:
Service Providers: We may share your information with our service providers who provide us support services such as hosting our websites, postal delivery and electronic mail, mobile messages, product and service delivery, conducting analysis to improve our products, websites, fulfilling orders you place, managing payments and answering your questions. Service providers only use the information they receive from us for the purposes we hired them for, we don’t allow them to retain, use, disclose, or otherwise handle the data for their own purposes.
Marketing Partners: We may share your information to display online, mobile or other advertising based on your purchases, activity on websites and mobile apps, and preferences you share with us so we can provide you with promotions and special offers that may interest you. We may also share information with marketing partners to help us analyze data and provide more relevant, personalized communications to you, sometimes combined with other sources.
We may use your purchase history to help mystiana.com and other third-party brands present advertisements that are more relevant to you on mystiana.com and third-party websites, mobile apps and other digital media channels. We will not increase the number of ads you see, but instead will help deliver more personalized advertisements and offerings to you.
We create a customized and engaging customer experience on our website and mobile applications by displaying advertisements that are personalized. Interest-based ads (also sometimes called “personalized or targeted ads”) are displayed to you based on information collected from your online interactions across multiple websites that you visit, or across multiple devices you may use, in order to predict your preferences and show you ads that are most likely to be of interest to you. In an effort to provide you with relevant content and offers that may be useful to you, we may partner with third-party companies to display content, offers or advertising that is tailored to your interests based on how you browse and shop on both mystiana-owned and operated sites and off our sites. These third-party companies use information and technologies such as browser type, hardware or software information, cookies, session ID, time or date, click-stream information or static IP addresses.
We may provide information to third-party companies that display purchase-based or interest-based ads. In addition, others (advertisers and ad networks, ad serving companies, or other service providers) may infer user interests or purchase history based on interactions with, or clicks on, personalized ads or content. You can learn more about interest-based advertising, and navigate to options that will allow you to exercise your rights to opt-out of online behavioral advertising, by visiting the Network Advertising Initiative’s Learn More Page or the Digital Advertising Alliance.
We implement and maintain reasonable security practices and procedures appropriate to the nature of the information we maintain, including appropriate technical, administrative and physical procedures to prevent loss, misuse or alteration of your information on and offline. For example, we use Transport Layer Security (TLS/SSL) to encrypt certain sensitive personal information we exchange with you. That way, access to data is limited through the use of technological safeguards. We also comply with payment card industry data security standards for the processing of credit and debit card transactions. Only Associates who need the information to perform a specific job are granted permissions to access to our customers’ data. Associates who violate customer privacy safeguards are subject to disciplinary action, including termination.
It is your responsibility to select a strong password, not reuse or share your password, and alert us if you have any concerns about unauthorized use of your account.We encourage you to use complex passwords and to change them regularly.
Retention of Personal Information
We store personal information we’ve collected from or about you:
As long as required by law or as needed to enable us to exercise our rights and perform our obligations under our applicable terms of service, including this privacy notice; and
Long enough to enable us to contact you with recalls and other safety related information that relates to products you have bought from us
While we are confident ordering online is safe and secure as a general practice, it is important for you to protect against unauthorized access to your password and to your computer. If using a shared computer, be sure to log out of your account prior to leaving the computer.
Your Communications Preferences, Privacy Rights and Choices
We value our relationship with you, and communications are an important part of that relationship.
We understand that our customers are individuals, and communication preferences will vary by customer. That is why we offer you the ability to manage what types of communications you receive from us, and the ability to manage or change your preferences. Here’s how you can do so:
Email, Mobile and Online Communications
At any time you can adjust your communication preferences, including opting out of promotional mailings, from within your mystiana.com account. You also have the right to disable your account. To do so, you may email Customer Service.
If you would prefer that your purchase history not be used to personalize advertising you already receive online, on mobile devices or in other digital channels, you can choose and manage your preferences via your Communications Settings or contact us through the methods described in this privacy notice. Please allow a reasonable amount of time for any changes to your settings to take effect.
You can control your exposure to most interest-based advertising through the Digital Advertising Alliance, a group that has developed self-regulatory principles for interest-based advertising. Visit YourAdChoices.com for more information. In addition, some websites (such as Facebook) offer the ability to opt out of interest-based advertising directly on their sites. Please allow a reasonable amount of time for any changes to take effect.
Nevada Privacy Rights
If you live in Nevada, you can opt out of the sale of your personal information by email us.Our customer contact center personnel will take your request and keep you up to date on the progress of your request.
California Privacy Rights
California defines Personal Information as information that identifies, relates to, describes, is capable of being associated with or could reasonably be linked, directly or indirectly, with a particular consumer or household.
If you live in California, you have some additional rights with respect to certain Personal Information we collect about you. This includes:
Get a copy of Personal Information that we have collected from or about you no more than twice every 12 months
Learn about the kinds of third parties with whom we may have shared Personal Information
Obtain the categories of Personal Information that we may have sold or otherwise shared in the past 12 months
Learn about the categories of third parties we may have sold your Personal Information to
Request that your Personal Information be removed from our systems
Opt out from our sales of Personal Information
Lodge complaints about the way we handle your Personal Information
You can make requests to receive copies of Personal Information and to have Personal Information deleted on behalf of members of your household by submitting requests on their behalf along with written authorization from each member of your household.
You can also submit requests through an agent (like a membership organization you belong to, your attorney, or someone else you trust) that you have authorized in writing to act on your behalf. To do so you’ll need to either present a power of attorney for them to act on your behalf or give your agent your written and signed permission to do so.
Either way, we will need to verify your identity if you want copies of your Personal Information, to know about what categories of Personal Information we collect and sell, or have your Personal Information deleted. We will ask you to provide several data points like name, address and email to match against the information we have in our systems. We have this process so we can verify the identity of the consumer making the request to a reasonable degree of certainty as detailed in the California Consumer Privacy Act. We want to be sure that we are returning potentially sensitive information about you or the things that you buy on our site only to you or your agent, authorized to receive it. If we cannot verify your identity, we will have to reject your request. Otherwise, we will notify you when your request has been completed. In accordance with the CCPA regulations, we will not disclose certain sensitive information in response to a request for access to specific pieces of personal information, including account passwords or unique biometric data. If you’re making requests on behalf of your household, we will also need to verify the identities of each member of your household.
In order to exercise these rights, contact us through one of the methods described in “Contacting Our Privacy Program” below. Requests are generally free of charge, and we will generally process your request within 45 days unless we have a specific reason for an extension of time. If for any reason we cannot fulfill your request in whole or in part, we will also let you know.
Sales of Personal Information
We are committed to delivering great products, great experiences and great value. From time to time, we may share your information, which may include personal identifiers, demographic information, behavioral information or inferences to provide the most relevant product recommendations and deliver marketing messages and personalized offers through select companies(e.g. analytics, advertising and technology companies). Under California law, some of these efforts may be considered a “sale” of personal information to those select companies. Those companies help us match your interests with brands who want to send promotions and offers that we believe save you money on products you buy frequently, and help you discover new products or services that you might like. When we work with these companies, your privacy, data integrity and security remain a priority. Our normal practice is to have contractual limits on their current and future use of your personal information by those companies and only provide the minimum data necessary to accomplish the specific goal(e.g. to provide you with personalized offers) and deliver a better experience and value to you. We also facilitate your right to opt out of this data sharing. When requesting to opt out of this type of data sharing, we will need to verify your identity so will ask you to provide information like your name, address and email to match against the information we have in our systems. We will never ask for sensitive information such as passwords or other personal information. We have this process so we can verify the identity of the consumer making the request to a reasonable degree of certainty as detailed in the California Consumer Privacy Act. If we cannot verify your identity, we will have to reject your request. Otherwise, we will notify you when your request has been completed.
In order to exercise the right to opt out of sale, click on our Do Not Sell My Personal Information link below, or contact us through one of the methods described in “Contacting Our Privacy Program” section below.
Our customer support centers are ready to take your requests. If you have any questions, privacy requests, or complaints about how we collect, use, share, or otherwise handle your personal information you can reach us by email or click here to exercise your privacy rights.
EU and Swiss CUSTOMER PRIVACY (GDPR)
mystiana.com is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
In cases of onward transfer to third parties of data of EU or Swiss individuals received pursuant to the EU-US Privacy Shield or the Swiss-US Privacy Shield, mystiana.com is potentially liable.
Any information you provide us is controlled and processed by mystiana.com,
We comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland to the United States, respectively.
Pursuant to the EU-US Privacy Shield and the US-Swiss Privacy Shield, mystiana.com acknowledges that EU and Swiss individuals have the right to access the personal information that we maintain about them. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should contact us directly using one of the following methods:
We will provide an individual opt-out choice before we share their data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To limit the use and disclosure of your personal information, you may submit a written request to [email protected]
Note that we may be required to share personal data of EU and Swiss individuals in response to lawful requests by public authorities including to meet national security and law enforcement requirements.
We have further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles and Swiss-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.