Privacy Policy

www.thesiskiss.com
Privacy Policy
THE SIS KISS, INC.
Effective Date: May 1, 2020
Updated: February 21, 2022

This privacy policy (“Privacy Policy”) applies to all information gathered by THE SIS KISS, INC., an
Ohio corporation (“Sis Kiss,” “we,” “us,” “our,” etc.), from users (“User(s),” “you,” “your,” etc.) of
www.thesiskiss.com and any related website(s), platform(s), and/or application(s), mobile or otherwise, to
the extent applicable (collectively, the “Site”). This Privacy Policy applies only to the Site. It does not
apply to any third-party services linked to the Site, to the extent applicable, or offline activities related to
the Site.
We urge you to read this Privacy Policy in its entirety so you will understand all of the practices and
procedures we follow relating to your online privacy. In this Privacy Policy, we will inform you about the
type of information that is collected about you on the Site, how it is collected, what it will be used for,
and to whom it will be given. This Privacy Policy is incorporated into our Terms of Use and Service
(“Terms”) and certain capitalized terms are defined in the Terms.
We may need to update this Privacy Policy to keep pace with changes in the Site, our business and the
law, however, we always strive to maintain our commitment to respect your privacy. We will post any
revisions to this Privacy Policy, along with their effective date, in an easy to find area on
www.thesiskiss.com, and we recommend that you periodically check back here to stay informed of any
changes.
This Privacy Policy does not apply to the practices of any third-party services, such as Facebook,
Instagram, or Twitter, that you elect to access or monitor through the Site (the “Supported Platforms”) or
to any software or applications developed by third parties that we do not own or control (“Third-Party
Apps”). As an example, the Privacy Policy does not cover any information or other content you can view
via the Site on Supported Platforms (but which was not posted there using the Site) or information you
provide to Third-Party Apps accessed via the Site. While we attempt to facilitate access only to those
Supported Platforms and Third-Party Apps that share our respect for your privacy, we cannot take
responsibility for the content or privacy policies of any Supported Platforms or Third-Party Apps. We
encourage you to carefully review the privacy policies of any Supported Platforms or Third-Party Apps
you access via the Site.
This Privacy Policy does not apply to information collected by us offline or through any other means,
including on any other website operated by us or any third party (including our affiliates and
subsidiaries); or any third party (including our affiliates and subsidiaries), including through any
application or content (including advertising) that may link to or be accessible from or on the Site.
IF YOU DO NOT AGREE WITH ANY OF THE FOLLOWING PRIVACY POLICY TERMS, DO
NOT ACCESS THE SITE.
General
This Privacy Policy applies to your personal information when:

a. you use the Site;
b. you contact us via the Site/email/phone/live chats/etc.;
c. you provide us with your personal information in any other way (e.g. through webinars,
user conferences, feedback sharing, requests to evaluate your assets, etc.); and/or

{01800893 3}

d. we contact you about our new commercial offers, updates to our products, white papers,
newsletters, content, and events.

This Privacy Policy also explains your rights with respect to personal information we collect about you
and how we protect your personal information. The personal information collected by Sis Kiss is
controlled by Sis Kiss. If you have any questions or concerns about how your information is handled,
please direct an inquiry to us at customerservice@thesiskiss.com. By accessing and using the Site,
you signify acceptance to the terms of this Privacy Policy. Where we require your consent to process your
personal information, we will ask for your consent to the collection, use, and disclosure of your personal
information as described further below.
Information You Provide to Us
We collect information from you when you contact our support services or contact us via e-mail,
telephone, post, live chat or contact forms.
When you submit a support request or fill out and submit a contact form, we may ask you for the
following information: your first and last name, your email address, your phone number, and your
address. Also, when you submit the request or fill out the form, we will collect your IP address in order to
identify your location. We may request a copy of your driver’s license or any other form of identification,
including without limitation, your passport, bank statement, utility bill, tax document, or any other
documents that we deem necessary for your identification.
Information We Collect from You
We gather certain information and store it when you interact with our Site. This information includes
internet protocol (IP) addresses and date/time stamp. We may share your information with certain third
parties selected by us to help support our operations. These include, for example, service providers that
help us analyze web traffic, send emails, and track customer support requests.
Payments
We may provide paid products and/or services within the Site. In that case, we use a third-party payment
processor, Shopify, for payment processing. We will not store or collect your payment card details. Your
payment card details are transmitted directly to Shopify whose use of your personal information is
governed by their privacy policy. Shopify adheres to the standards set by PCI-DSS as managed by the
PCI Security Standards Council, and PCI-DSS requirements help ensure the secure handling of payment
information. To learn more about Shopify’s privacy practices, please review Shopify’s privacy policy
located at https://www.shopify.com/legal/privacy.
Cookies and Related Technologies
We use tracking technology (“cookies”) in our Site. By visiting or using the Site you agree to the use of
cookies in your browser and HTML-based emails. Cookies are small text files placed on your device
when you visit a website, in order to track use of the website and to improve your user experience.
Session Cookies
The Site uses “session cookies”, which improve your user experience by storing certain information from
your current visit on your computer or mobile device, such as log-in information. These enable us to
remember your log-in session so you can move easily within the Site. These session cookies have limited

{01800893 3}
functionalities and expirations, and you will be required to re-enter your log-in information after a certain
period of time has elapsed to protect you against others accidentally accessing your account contents and
related personal information.
You may at any time opt-out of the automatic collection of data by setting your browser to refuse all or
some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies,
please note that some parts of the Site may then be inaccessible or not function properly.
Disclosure of Information
Information collected by us may be transferred to our corporate affiliates or our subcontractors. We may
share your personal information in a manner consistent with this Privacy Policy, and if we or our assets
are acquired or transferred in part or whole to another person or entity, your information and any other
information we have collected may be among the items transferred. We may make inquiries, whether
directly or through third parties, that we consider necessary to verify your identity or protect you and/or
us against fraud or other financial crime, and to take action we reasonably deem necessary based on the
results of such inquiries. You hereby acknowledge that we shall have the right to investigate you in such
event. We may also disclose your personal information when we have a good faith belief that (i) we are
required to do so by law, or in response to a subpoena, court order, or other legal requirement, or (ii) it is
necessary to: detect, prevent, and/or address fraud and other illegal activity; to protect ourselves, you, and
others, including as part of investigations.
Data Management and Security
The personal information that you provide to us is stored on servers with restricted access. In addition, we
restrict access to personal information to our employees who need to know this information. However, no
server, computer or communications network or system, or data transmission over the Internet can be
guaranteed to be 100% secure. AS A RESULT, WHILE WE STRIVE TO PROTECT USER
INFORMATION, WE CANNOT ENSURE, GUARANTY, OR WARRANT THE SECURITY OF ANY
INFORMATION YOU TRANSMIT TO US OR THROUGH THE USE OF THE SITE AND YOU
ACKNOWLEDGE AND AGREE THAT YOU PROVIDE SUCH INFORMATION AND ENGAGE IN
SUCH TRANSMISSIONS AT YOUR OWN RISK. ONCE WE RECEIVE A TRANSMISSION FROM
YOU, WE WILL ENDEAVOR TO MAINTAIN ITS SECURITY ON OUR SYSTEMS. YOU MAY
MODIFY YOUR PERSONAL INFORMATION YOU HAVE DISCLOSED TO US BY FOLLOWING
THE APPLICABLE INSTRUCTIONS ON OUR SITE.
As mentioned herein above, this Privacy Policy does not cover the information practices of third-party
websites linked to the site. Although we encourage such third parties to adopt and follow their own
privacy policies, we are not responsible for their collection and use of your personal information. You
should refer to the privacy policies and statements of other websites or contact the respective webmasters
of those websites to obtain information regarding their information collection, use and disclosure policies.
When you have clicked on a third-party logo or URL displayed on our Site which links you to a different
website, our Privacy Policy no longer applies and you must read the privacy policy of the third party to
see how your personal information will be handled on their website.
Some advertisements may be served by third-party advertisers, ad networks and ad servers. These third
parties may use cookies alone or in conjunction with web beacons or other tracking technologies to
collect information about our users. This may include information about users’ behavior on this and other
websites to serve them interested-based (behavioral) advertising. We do not control these third parties’
tracking technologies or how they may be used. If you have any questions about an advertisement, you
should contact the responsible advertiser directly.

{01800893 3}
Children’s Information
The Site is not intended for children under 13 years of age. No one under age 13 may provide any
personal information to or on the Site. We do not knowingly collect personal information from children
under 13. If you are under 13, do not use or provide any information on this Site or on or through any of
its features, register on the Site, make any purchases through the Site, use any of the interactive or public
comment features of this Site or provide any information about yourself to us, including your name,
address, telephone number, e-mail address or any screen name or user name you may use. If we learn we
have collected or received personal information from a child under 13 without verification of parental
consent, we will delete that information.
If you believe that we might have inadvertently collected information from a child under 13 without
parental consent, please contact us at customerservice@thesiskiss.com.
Jurisdiction and Data Storage
Please be aware that content submitted to us will be transferred to a data center in the United States. If
you post information to the Site you are confirming your consent to such information being hosted and
accessed in the United States. Privacy laws or regulations in your country may differ from those in the
United States, where we operate from and whose laws govern this Privacy Policy. BY ASSESSING THE
SITE, YOU HEREBY IRREVOCABLY AND UNCONDITIONALLY SUBMIT, FOR YOURSELF
AND YOUR PROPERTY, TO THE EXCLUSIVE JURISDICTION OF ANY OHIO STATE COURT
OR FEDERAL COURT OF THE UNITED STATES OF AMERICA SITTING IN CUYAHOGA
COUNTY, OHIO, AND ANY APPELLATE COURT FROM ANY THEREOF, IN ANY ACTION OR
PROCEEDING ARISING OUT OF OR RELATING TO YOUR ACCESS AND/OR USE OF THE SITE
OR FOR RECOGNITION OR ENFORCEMENT OF ANY JUDGMENT, AND YOU HEREBY
IRREVOCABLY AND UNCONDITIONALLY AGREE THAT ALL CLAIMS IN RESPECT OF ANY
SUCH ACTION OR PROCEEDING MAY BE HEARD AND DETERMINED IN ANY SUCH OHIO
STATE OR, TO THE EXTENT PERMITTED BY LAW, IN SUCH FEDERAL COURT.
Applicable Law & Legal Effect
This Privacy Policy is subject to all applicable US state and federal law regarding privacy and information
sharing. California Civil Code Section § 1798.83 permits users of our Site that are California residents to
request certain information regarding our disclosure of personal information to third parties for their
direct marketing purposes. To make such a request, please send an e-mail to
customerservice@thesiskiss.com. We use good faith efforts to adhere to the European Union Safe
Harbor principles as set forth by the United States Department of Commerce regarding the collection, use,
and retention of personal information.
Residents of California: You have the right to ask us not to process your personal information for
marketing purposes. You can do this at any time by clicking on the “unsubscribe” link in any email we send
you. You can also opt-out of marketing by emailing customerservice@thesiskiss.com.
Data protection law gives you the right to access your personal information, to object to the use of your
personal information for certain purposes, and the right to erase, restrict or receive a machine-readable
copy of your personal information. You may contact us regarding your personal information, and in
compliance with our obligations under applicable data protection laws, we will treat your personal
information accordingly.

{01800893 3}
You can access, update and delete your information by emailing us at
customerservice@thesiskiss.com or contact us by mail at The Sis Kiss, Inc., 681 Dover Center Road, Westlake Ohio 44145

why we cannot fulfill all requests.

Customers who exercise their rights under state privacy laws will not be discriminated against. This
Privacy Policy constitutes our privacy notice to you under such applicable law. Your access and/or use of
the Site is permitted only on condition of your agreement with this Privacy Policy. This Privacy Policy
does not extend to any website other than our Site, including any website or service you may access by
clicking on our Site’s links, or any other party’s use of your personal information other than us. We
reserve the right, in our sole discretion, to modify, discontinue, or terminate any element of the Site or to
modify this Privacy Policy at any time, without notice to you. Any modifications will be effective as of
the date of its posting to our Site. Your continued use of our Site thereafter constitutes your assent to such
revised privacy policy.
Personal Information Protection and Electronic Documents Act (PIPEDA)
This section shall be expressly limited to Individuals. “Individuals”, subject to and as set forth in
PIPEDA, have several rights under PIPEDA:
We limit the scope of the data we collect to only what is necessary. We collect information for legal and
marketing purposes. We limit the use, disclosure and retention of collected data. We ensure the accuracy
of the data we collect to the best of our knowledge.
We obtain consent for collection, use, or disclosure of personal information.
Individuals hold the right to access, update and delete their personal data. You can access, update and
delete your information or submit additional inquires by emailing our PRIVACY OFFICIAL at
customerservice@thesiskiss.com or contact them by mail at The Sis Kiss, Inc., 681 Dover Center Road, Westlake Ohio 44145, United States

This section shall be expressly limited to Data Subjects. “Data Subjects”, subject to and as set forth in the
GDPR, have several rights under the GDPR:
a. Right of Access. A Data Subject has the right to obtain confirmation if the Data Subject’s
personal information is being processed by us. If that is the case, a Data Subject can access the
Data Subject’s personal information and the following information:
1. the purposes of the processing;
2. the categories of personal information;
3. to whom the personal information has been or will be disclosed; and/or
4. the envisaged period for which the personal information will be stored, or the criteria
used to determine that period.
5. If a Data Subject would like to have a copy of the Data Subject’s personal information
from us, we will provide it if

i. the Data Subject proves the Data Subject’s identity, and

{01800893 3}

ii. it will not adversely affect the rights and freedoms of others. The first
copy will be provided for free, for any further copies we may charge a
reasonable fee based on administrative costs.

b. Right to Rectification. A Data Subject has the right to demand that we correct without undue
delay the Data Subject’s personal information which we have in our systems if it is inaccurate or
incomplete.
c. Right to Erasure/Right to Be Forgotten. A Data Subject has the right to demand that we erase the
Data Subject’s personal information, and we shall erase it without undue delay where one of the
following grounds applies:
1. this personal information is no longer necessary in relation to the purposes for which it
was processed;
2. the Data Subject withdraws consent on which the processing is based, and where there is
no other legal ground for the processing;
3. the Data Subject objects to the processing and there are no overriding legitimate grounds;
4. the Data Subject’s personal information has been unlawfully processed; or
5. the Data Subject’s personal information has to be erased for compliance with a legal
obligation.

d. Right to Restrict Processing. A Data Subject has the right to restrict us in the ability of processing
of the Data Subject’s information where one of the following applies:
1. the Data Subject contests the accuracy of the Data Subject’s personal information and we
verify it;
2. the processing is unlawful and the Data Subject wants to restrict it instead of erasure;
3. we no longer need the Data Subject’s personal information, but the Data Subject needs it
for establishment, exercise or defense of legal claims; or
4. the Data Subject has objected to processing and we verify whether legitimate grounds
override the Data Subject’s request.

e. Right to Data Portability. A Data Subject has the right to receive the Data Subject’s personal
information which the Data Subject provided to us in a structured, commonly used and machine-
readable format and has the right to transmit such data to another company, where:
1. the processing is based on the Data Subject’s consent or on a contract; and
2. the processing is carried out by automated means.
3. Where technically feasible, a Data Subject can demand that we transmit such data
directly to another company.

f. Right to Object. A Data Subject has the right to object to the processing of the Data Subject’s
personal information based on legitimate interests. Upon such objection, we will no longer
process the Data Subject’s personal information unless we demonstrate compelling legitimate
grounds for the processing or for the establishment, exercise or defense of legal claims. Where
personal information is processed for direct marketing purposes, a Data Subject has the right to
object at any time to the processing of the Data Subject’s personal information for such
marketing.
g. Automated Individual Decision-Making, Including Profiling. A Data Subject has the right not to
be subject to a decision based solely on automated processing, including profiling, which
produces legal effects on the Data Subject. Please note that we don’t make any automated
decisions including profiling based on information that we have about a Data Subject.
h. Right to Withdraw Consent. A Data Subject has the right to withdraw the Data Subject’s consent
for the processing of the Data Subject’s personal information at any time. The withdrawal of consent
shall not affect the lawfulness of processing based on consent before its withdrawal.
i. Right to Lodge a Complaint. A Data Subject has the right to lodge a complaint with a supervisory
authority, in particular in the EU Member State of the Data Subject’s residence, place of work, or
place of the alleged infringement if the Data Subject deems that the processing of the Data
The subject’s personal information infringes GDPR.

{01800893 3}
j. Breach Notification. If a breach/unauthorized access of personal information takes place that is
likely to “result in a risk for the rights and freedoms of Data Subjects”, we will notify the
necessary EU supervisory authority within 72 hours of becoming aware of the breach.
CONTACT
If you have any questions about this Privacy Policy, please contact us
at customerservice@thesiskiss.com