INTRODUCTION

Welcome to Ordinary Co., LLC (the “Company,” “we,” “us,” or “our”). The Company operates the website https://the-ordinary-company.com (the “Service”).

This Privacy Policy governs your access to and use of the Service and explains the methods by which we collect, process, safeguard, and disclose information arising from your interaction with the Service.

By accessing or using the Service, you acknowledge and agree to the collection and use of information in accordance with this Privacy Policy. Terms used herein shall have the meanings ascribed to them in our Terms and Conditions unless otherwise defined.

The Terms and Conditions, together with this Privacy Policy, constitute the entire agreement (the “Agreement”) between you and the Company regarding your use of the Service.

DEFINITIONS

For the purposes of this Privacy Policy, the following definitions shall apply:

• SERVICE refers to the website located at https://the-ordinary-company.com, which is operated by Ordinary Co.
• PERSONAL DATA refers to any information relating to an identified or identifiable natural person.
• USAGE DATA refers to data automatically collected, either generated by the use of the Service or from the Service infrastructure itself (e.g., duration of a page visit).
• COOKIES are small files stored on a user’s device (computer or mobile device) that contain data, including unique anonymous identifiers.
• DATA CONTROLLER refers to the natural or legal person who determines the purposes and means of processing Personal Data. For the purposes of this Privacy Policy, the Company is the Data Controller.
• DATA PROCESSOR (OR SERVICE PROVIDER) refers to any natural or legal person who processes data on behalf of the Data Controller. The Company may engage various Service Providers to facilitate data processing activities.
• DATA SUBJECT refers to any living individual whose Personal Data is collected, stored, or processed.
• USER refers to any individual who accesses or utilizes the Service. The User corresponds to the Data Subject whose Personal Data is subject to processing.

This Privacy Policy is subject to updates, and users will be notified of any modifications on the Privacy Policy page.

INFORMATION COLLECTION AND USE

Ordinary Co. (“Company,” “we,” “us,” or “our”) collects various types of information for multiple purposes in order to provide and enhance the Service.

COOKIES AND USAGE DATA

We may use your Personal Data to communicate with you through newsletters, marketing materials, promotional content, or other information that may be of interest to you. You retain the right to opt out of such communications by following the designated unsubscribe link provided in these communications.

USAGE DATA

We may collect certain information that your browser transmits whenever you access the Service through a desktop or mobile device (“Usage Data”).

Such Usage Data may include, but is not limited to, your Internet Protocol (IP) address, browser type and version, the pages of the Service visited, the date and time of the visit, the duration of time spent on the visited pages, unique device identifiers, and other diagnostic data.

When accessing the Service via a mobile device, Usage Data may include, but is not limited to, the type of mobile device used, unique device identifiers, mobile operating system details, mobile Internet browser type, and IP address.

TRACKING COOKIES DATA

We utilize cookies and similar tracking technologies to monitor and analyze activity on the Service. These technologies may include cookies, beacons, tags, and scripts designed to collect, track, and improve service functionality.

Cookies are small files containing data, including unique anonymous identifiers, sent to your browser from a website and stored on your device. You may configure your browser settings to refuse all cookies or to notify you when a cookie is being transmitted. However, certain features of the Service may become unavailable if cookies are disabled.

Types of cookies used by the Service include, but are not limited to:

• Session Cookies: Necessary for the operation of the Service.
• Preference Cookies: Used to remember user preferences and settings.
• Security Cookies: Used for security purposes.
• Advertising Cookies: Used to display relevant advertisements based on user interests.

USE OF DATA

The Company may use the collected data for the following purposes:

• To provide, maintain, and improve the Service.
• To notify users of modifications to the Service.
• To facilitate interactive features when opted into by users.
• To provide customer support.
• To conduct analytics and gather valuable insights to enhance the Service.
• To monitor usage and detect, prevent, and address technical issues.
• To fulfill contractual obligations and enforce rights arising from agreements.
• To send notifications regarding user accounts and subscriptions, including expiration and renewal alerts.
• To provide information on new services, offers, or events related to previously purchased or inquired-about services, unless opted out.
• To fulfill any other purpose disclosed at the time the information is provided.
• For any other purpose with user consent.

RETENTION OF DATA

Personal Data will be retained only for the duration necessary to fulfill the purposes outlined in this Privacy Policy. Data will also be retained as required by law, to resolve disputes, and to enforce legal agreements and policies.

Usage Data may be retained for internal analysis, security enhancement, and functionality improvement purposes. If legally required, Usage Data may be retained for extended periods.

TRANSFER OF DATA

Personal Data may be transferred and maintained on computers located outside of a user’s jurisdiction where data protection laws may differ. By submitting such information, users consent to its transfer to and processing within the United States.

The Company shall take all necessary measures to ensure that Personal Data is treated securely and in accordance with this Privacy Policy. No transfer of Personal Data shall occur unless adequate security controls are in place.

DISCLOSURE OF DATA

The Company may disclose Personal Data in the following circumstances:

• Law Enforcement Requirements: If legally required, we may disclose Personal Data in response to valid requests by public authorities.
• Business Transactions: In the event of a merger, acquisition, or asset sale, Personal Data may be transferred.
• Other Disclosures: Personal Data may also be disclosed to subsidiaries, affiliates, contractors, service providers, and other third parties in furtherance of business operations, with user consent, or as otherwise permitted by law.

SECURITY OF DATA

The Company employs commercially reasonable measures to safeguard Personal Data. However, no method of transmission or storage is entirely secure. Users acknowledge that absolute data security cannot be guaranteed.

DATA PROTECTION RIGHTS UNDER GDPR

Users residing in the European Union (EU) and European Economic Area (EEA) are entitled to data protection rights under the General Data Protection Regulation (GDPR). Such rights include access, rectification, deletion, restriction, portability, and withdrawal of consent regarding Personal Data. Requests related to these rights may be submitted to hello@ordinaryco.design.

For additional details, refer to: GDPR Information.

DATA PROTECTION RIGHTS UNDER CALOPPA

The Company complies with the California Online Privacy Protection Act (CalOPPA) by maintaining a publicly accessible Privacy Policy and allowing anonymous site visits. Users may modify their Personal Data by contacting hello@ordinaryco.design.

For more information, visit: CalOPPA Information.

DATA PROTECTION RIGHTS UNDER CCPA

California residents possess rights under the California Consumer Privacy Act (CCPA), including the right to:

• Access the categories and specific items of Personal Data collected.
• Request deletion of Personal Data.
• Inquire about the sale of Personal Data (Ordinary Co. does not sell or rent Personal Data).

To exercise these rights, contact us at hello@ordinaryco.design.

Further details on CCPA rights can be found at: CCPA Information.

DO NOT TRACK SIGNALS

The Company honors “Do Not Track” signals, refraining from tracking or using cookies when such mechanisms are activated. Users may enable or disable Do Not Track settings via their browser preferences.

This Privacy Policy is subject to updates, and users will be notified of any modifications on the Privacy Policy page.

Service Providers

The Company may engage third-party entities and individuals (“Service Providers”) to facilitate the provision of the Service, perform Service-related functions on its behalf, or assist in the analysis of Service usage. Such Service Providers are granted access to Personal Data solely for the purpose of executing these functions and are contractually obligated to maintain confidentiality and to refrain from disclosing or utilizing such data for any other purpose.

Analytics

The Company may employ third-party Service Providers to monitor, analyze, and evaluate the use of the Service.

Google Analytics

The Company utilizes Google Analytics, a web analytics service provided by Google LLC, to track and report website traffic. Google collects and processes data to analyze Service usage and may share such data with its affiliated services. Additionally, Google may use the collected data to personalize and contextualize advertisements within its advertising network.

For further details regarding Google’s privacy practices, please visit: Google Privacy Terms.

Users are also encouraged to review Google’s data protection policy at: Google Analytics Data Safeguards.

Behavioral Remarketing

The Company employs remarketing services to advertise to users on third-party websites following their interaction with the Service. These services utilize cookies and other tracking technologies to display tailored advertisements based on a user’s prior engagement with the Service.

Google Ads (AdWords)

The Company utilizes Google Ads (AdWords) remarketing services, provided by Google LLC, to serve targeted advertisements. Users may opt out of Google Analytics for Display Advertising and customize their ad preferences by visiting: Google Ads Settings.

Additionally, users may prevent the collection and use of their data by Google Analytics by installing the Google Analytics Opt-out Browser Add-on: Google Opt-Out Tool.

For more information on Google’s privacy practices, please refer to: Google Privacy Terms.

Facebook Ads

The Company utilizes Facebook remarketing services, provided by Meta Platforms, Inc., to display interest-based advertisements. Users may learn more about Facebook’s interest-based advertising policies at: Facebook Help Center.

To opt out of Facebook’s interest-based ads, users may follow the instructions provided at: Facebook Ad Preferences.

Facebook adheres to the Self-Regulatory Principles for Online Behavioral Advertising established by the Digital Advertising Alliance. Users may opt out via the following platforms:

• United States: Digital Advertising Alliance
• Canada: Digital Advertising Alliance of Canada
• Europe: European Interactive Digital Advertising Alliance
  Alternatively, users may adjust their mobile device settings to opt out of interest-based advertising.

For further details on Facebook’s privacy practices, please refer to: Facebook Data Policy.

Payments

The Company may offer paid products and services within the Service. In such cases, third-party payment processors will be engaged to process payments. The Company does not collect or store users’ payment card details. Instead, payment information is provided directly to third-party payment processors, which operate under their own Privacy Policies.

These payment processors comply with the standards established by the Payment Card Industry Data Security Standard (PCI-DSS), which is administered by the PCI Security Standards Council—a collaborative effort of major payment brands, including Visa, Mastercard, American Express, and Discover. PCI-DSS requirements ensure the secure handling of payment information.

The Company utilizes the following payment processor:

• Stripe: The privacy policy for Stripe can be accessed at: Stripe Privacy Policy.

Links to Third-Party Websites

The Service may include hyperlinks to websites that are not owned, operated, or controlled by the Company. By accessing such third-party websites through links provided on the Service, you acknowledge and agree that you will be directed to an external website that is governed by its own terms, conditions, and privacy policies. The Company makes no representations or warranties regarding, and assumes no responsibility or liability for, the content, privacy practices, or operations of any third-party websites or services. Users are strongly encouraged to review the privacy policies and terms of service of any third-party websites they visit.

Children’s Privacy

The Service is not intended for use by individuals under the age of thirteen (13) (“Children”). The Company does not knowingly collect, use, or disclose personally identifiable information from Children. In the event that the Company becomes aware that it has inadvertently collected Personal Data from a Child without obtaining verifiable parental consent, the Company will take appropriate steps to delete such information from its records. If you have reason to believe that a Child has provided Personal Data to the Company, you are urged to contact us immediately.

Modifications to This Privacy Policy

The Company reserves the right to modify, update, or amend this Privacy Policy at its sole discretion. Any changes to this Privacy Policy shall be posted on this page, and the “Effective Date” at the top of this document will be updated accordingly. Where required by applicable law, users will be notified of material changes via email and/or by a conspicuous notice within the Service prior to the effective date of such changes.

Users are encouraged to review this Privacy Policy periodically to stay informed of any modifications. Continued use of the Service following the posting of any revisions constitutes acceptance of the updated Privacy Policy.

Contact Information

For any inquiries or concerns regarding this Privacy Policy, you may contact the Company via email at hello@ordinaryco.design.