Privacy policy

KORRES U.S. PRIVACY POLICY

Version 5.1 — Effective September 1, 2025

KORRES ("KORRES," "we," "us") collects, stores, and processes information from members, visitors to the KORRES website (the "Site"), and users ("you") of our Services. We value your privacy. This Privacy Policy (the "Policy") explains what we collect, how we use and share it, and the choices you have when you interact with our website, the websites of any of our affiliates or subsidiaries (the "Affiliates"), or visit our physical locations (collectively, the "Services").

If you do not want us to collect or use your information as described in this Policy, please do not use the Services.

We may update this Policy periodically. When we do, we will post the revised version on the Site with a new effective date. The updated Policy will apply to all current and past users as of its effective date and will replace prior versions. By accessing the Services on or after the effective date, you consent to the then-current Policy.

This Site is not directed toward or intended for use by children or anyone under the age of 18. We do not knowingly collect information from anyone under the age of 13.

The Services are operated in, and governed by the laws of the United States and are intended for U.S. users. If you access the Services from outside the U.S. (including the European Union), your information will be collected, processed, and stored in the U.S., where data protection laws may differ from those in your country.

Scope. This Policy applies to visitors and customers of our consumer Services. It does not cover job applicants, employees, contractors, or other personnel; those are addressed in separate notices where applicable.

Notice at Collection (California)

We collect the following categories of personal information: identifiers, commercial information, internet/network activity, geolocation (general), user‑generated content, inferences, and sensitive personal information (e.g., account credentials; payment card details processed by our PCI‑DSS–compliant processors; precise geolocation if you enable it). We collect this information to deliver and secure the Services, process orders and payments, provide support, personalize content and ads, measure and improve performance, prevent fraud/security incidents, and comply with law. We retain personal information only as long as reasonably necessary for these purposes (for example, order records typically up to 7 years for tax/accounting; marketing until you opt out or after a period of inactivity; and cookies per our Cookie Policy). We may sell or share certain personal information for targeted advertising as defined by California law—you can opt out anytime via Do Not Sell My Information (site footer). Where required, we honor Global Privacy Control (GPC) signals.

Below, you will find our Policy separated into sections describing all aspects of our data collection practices. The sections are:

1.                      Summary

2.                      Consent to Data Collection

3.                      What Information We Collect

4.                      How We Collect Your Information

5.                      How We Use Your Information

6.                      Cookies & Similar Technologies

7.                      Why We Collect and Use Your Information

8.                      Data Transfers

9.                      Sharing Your Information

10.                 Marketing Communications — Choices & Opt-Out

11.                 Targeted Advertising

12.                 Confidentiality & Security

13.                 Mobile Marketing & Notifications

14.                 Health Information (HIPAA Notice)

15.                 Third-Party Services & Platforms

16.                 Your California Privacy Rights (CCPA/CPRA)

17.                 Contact

1     1.       Summary

This Policy is designed to clearly describe our privacy practices. Below are key points—please read the full Policy for details.

  • We collect personal information directly from you, from your use of the Services (including through cookies and similar technologies), and from third parties.
  • We share personal information with service providers and business partners to operate the Services, fulfill orders (including via TikTok Shop and Shopify), and for analytics, personalization, and advertising.
  • You may request access, deletion, correction, restriction, objection, data portability, or opt out of targeted advertising and the sale/sharing of personal information using Do Not Sell My Information (site footer) or by emailing support@korres.com.
  • We use commercially reasonable safeguards to protect personal information but cannot guarantee absolute security.

      2.       Consent to Data Collection

By using the Services or providing us with any information, you consent to the collection, transfer, processing, and storage of your information in and to the U.S. You are also consenting to the application of U.S. federal law and New York State law in all matters concerning the Services and this Policy.

By accessing and using our Services, you accept all terms and conditions set out in this Policy. Before using our Services, you should read the Policy in its entirety and return to this page periodically to review any changes. We may update this policy from time to time and by continuing to use our Services after such updates you consent to those changes.

     3.       What Information We Collect

We collect information about you in order to operate, secure, and improve the Services; process orders and payments; provide support; personalize content and ads; comply with law; and prevent fraud. We retain personal information only as long as reasonably necessary for these purposes (or longer if required by law or to protect our rights). Retention for cookies and similar technologies is described in our Cookie Policy.

Categories of Personal Information

  • Identifiers & Contact Details — name, email address, telephone number, shipping/billing address, account username/handle.
  • Account Information — information you provide when you create or use an account (e.g., profile details, preferences, survey responses, loyalty status in the “Circle Rewards Program,” product review submissions).
  • Commercial Information — products viewed, placed in cart, purchased, or returned; order numbers, payment status, and fulfillment history.
  • Internet/Network & Technical Data — device identifiers, IP address, browser type, operating system, mobile carrier, crash logs, and interaction data (pages viewed, clicks, referring/exit pages). See the Cookie Policy for details on cookies, pixels, and SDKs we use.
  • Geolocation Data — general location (e.g., country, region, city) inferred from your IP address; precise location if you enable it.
  • User-Generated Content (UGC) & Communications — reviews, ratings, photos, videos, questions/answers, messages you send to us (including customer support).
  • Inferences — insights drawn from the information above to personalize content, offers, and advertising.
  • Platform/ECommerce Data — limited information received from TikTok Shop and Shopify (e.g., order details, shipping and contact data) to fulfill orders, provide support, and prevent fraud.

TikTok Shop & Shopify: Collection and Sharing.  We use TikTok Shop and Shopify to power ecommerce and related services. As a result, information about you is collected by us and by these platforms, and flows between us and them as described below.

Data we receive from TikTok Shop and Shopify (examples):

·       order and transaction details (items purchased, price, taxes, discounts, order ID);

·       contact and shipping details (name, address, email, phone);

·       limited interaction data tied to orders (e.g., returns, fulfillment updates, fraud/abuse signals).

Data we disclose to TikTok Shop and Shopify (examples):

·       order/fulfillment updates, returns/exchanges, and customer service context needed to complete transactions and prevent fraud;

·       identifiers and event data for measurement/attribution, analytics, and to help personalize/measure advertising on or through those platforms (e.g., via pixels/SDKs or integrations).

See our Cookie Policy.

How TikTok Shop and Shopify use data:

Each platform also collects and uses information independently under its own privacy policy (for example, account management, marketplace features, and platform analytics/advertising). When you interact with TikTok Shop or Shopify, your information is additionally governed by the privacy policy of that platform.

Role & legal notes: Depending on the activity, TikTok Shop and Shopify may act as our service providers/processors or independent businesses/controllers. Sharing certain identifiers and internet activity with these partners for measurement/attribution and crosscontext behavioral advertising may be deemed a “sale” or “sharing” under applicable U.S. state privacy laws. You can opt out via Do Not Sell My Information (site footer). Where required, we honor Global Privacy Control (GPC) signals.

Payment Information Payment card data is collected and processed directly by our payment processor, Shopify Payments. We do not store full card numbers. Shopify handles your data under its own privacy policy and complies with PCI‑DSS security standards.

Social Media If you link or interact with social media through the Services, we may receive limited profile information (e.g., name, handle, profile image) and content you make available based on your settings with that platform. Your use of any social media service is governed by that service’s privacy policy; adjust settings there if you do not wish to share certain data.

Location Information We may collect approximate location (e.g., from IP) for security, fraud prevention, compliance, and performance, and precise location if you enable it in your device settings or provide it to us during purchase. If you purchase at a physical location, we may keep a record of that store/location for the transaction.

Sensitive Personal Information (as defined by U.S. state privacy laws) Includes account login credentials; payment card details in combination with security code or password (handled by our processors); precise geolocation (if you enable it); and other items defined by law. We do not use sensitive personal information to infer characteristics and only use or disclose it for permitted purposes.

      4.       How We Collect Your Information

·       Directly from you when you create an account, make a purchase, contact support, subscribe to emails/SMS, participate in promotions, or otherwise interact with us.

·       Automatically through cookies, web beacons, pixels (including TikTok, Meta, Google), SDKs, and similar technologies when you use the Services.

·       From third parties such as payment processors, e‑commerce platforms (e.g., TikTok Shop, Shopify), marketing/analytics providers (e.g., Google Analytics, Hotjar, Microsoft Clarity), and social media if you link accounts.

      5.       How We Use Information

Service communications. We use your information to communicate about your account and orders (e.g., confirmations, shipping updates, returns/exchanges, and important service or policy notices) by email, phone, SMS, or postal mail.

Marketing & promotions. We use your contact details (e.g., email, SMS number, postal address) to send promotional messages about our products, services, offers, and events. You can opt out at any time by clicking Unsubscribe in an email, replying STOP to an SMS, adjusting Cookie Settings, or emailing support@korres.com. Opting out of marketing does not affect service communications.

Personalization, measurement & targeted advertising. We use identifiers, device/technical data, interaction data, and inferences to personalize content and offers, measure performance, and deliver/limit ads on our Services and on thirdparty platforms. This may involve sharing certain identifiers and event data with advertising/measurement partners—including integrations with TikTok and Shopify—and may be considered a sale or sharing of personal information, or targeted advertising, under applicable U.S. state laws. You can opt out via Do Not Sell My Information (site footer). Where required, we honor Global Privacy Control (GPC) signals. See our Cookie Policy for details.

Analytics & improvements. We analyze usage to maintain, troubleshoot, and improve the Services; conduct research and A/B testing; enhance speed, reliability, and user experience; and develop new features and products.

Security, fraud prevention & compliance. We use information to protect the Services and our users; detect, investigate, and prevent fraud, abuse, and security incidents; comply with legal obligations; and enforce our Terms and other policies.

Social commerce (TikTok Shop & Shopify). We use personal information exchanged with TikTok Shop and Shopify to process and fulfill orders, provide customer service, manage returns/exchanges, enable marketplace features, and perform measurement/attribution and analytics related to those transactions (including via pixels/SDKs, as described in our Cookie Policy). We do not receive or store full payment card details; payment data is handled by our processors (e.g., Shopify Payments) in accordance with PCIDSS.

Aggregated/deidentified data. We may create and use aggregated or deidentified information for research, analytics, and business purposes. We will not attempt to reidentify such information.

      6.       Cookies & Similar Technologies

We use cookies, pixels, SDKs, and similar technologies to operate the Site, remember your preferences, analyze performance, and personalize/measure advertising. Where required by law, non‑essential cookies are not set unless you consent.

In addition to cookies from Google, TikTok, and Shopify, we also deploy Triple Whale’s server-side pixel to improve ad measurement accuracy and reduce reliance on browser cookies. This pixel captures event data such as page views, cart actions, and purchases and transmits pseudonymized identifiers to our analytics environment.
Triple Whale tracking will not activate until you provide consent through our Pandectes CMP. You can withdraw or adjust that consent at any time through Cookie Settings. Where required, we also honor Global Privacy Control (GPC) signals to disable Triple Whale tracking automatically.For the complete list of cookies/partners we use, their purposes, and typical retention periods—and to learn how to change your choices—please see our Cookie Policy. You can update your preferences at any time via Cookie Settings in the site footer. We also honor Global Privacy Control (GPC) signals as a request to opt out of sale/sharing and targeted advertising for the browser that sends the signal (where required by law). Industry opt‑out tools are also available (e.g., DAA and NAI).

Our consent management platform (CMP) records your choices and places a functional consent cookie to remember them. If you clear cookies or use a different browser/device, you may need to re‑apply preferences. Some cookies are set by third parties that provide features on our Site; those parties’ use of cookies is governed by their own privacy policies. You can also manage advertising settings directly with platforms (e.g., Google, TikTok, Pinterest, Microsoft/Bing).

      7.       Why We Collect and Use Your Information

We collect and use information to:

·       Deliver and fulfill the Services (contract performance): create and manage accounts; process payments and deliver orders (including via TikTok Shop and Shopify); provide customer support; handle returns/exchanges; and communicate about your transactions.

·       Personalize, measure, and improve: tailor content and product recommendations; run analytics and A/B tests; measure performance; and develop new features and offerings.

·       Marketing (with your choices): send emails, SMS, and other promotional messages about products, services, offers, and events. You can opt out at any time.

·       Security, fraud prevention, and enforcement: protect our users and Services; detect, investigate, and prevent fraud, abuse, and security incidents; and enforce our Terms.

·       Compliance and recordkeeping: meet tax, accounting, consumerrequest, and other legal obligations.

·       Legal bases (where a legal basis is required by your jurisdiction):

·       Contract (to provide the Services you request);

·       Consent (e.g., nonessential cookies/trackers, targeted advertising where required, and marketing communications);

·       Legitimate interests (e.g., to secure and improve the Services and prevent fraud), balanced against your rights; and

·       Legal obligations (e.g., tax, accounting, responding to legally required requests).

You may withdraw consent at any time using the controls above or by contacting support@korres.com.

      8.       Data Transfers

We and our service providers (including Shopify and TikTok Shop) may transfer your personal information to, and process it in, countries other than your own (including the United States). Those countries may have different—and in some cases less protective—data protection laws.

Where a crossborder transfer is subject to legal restrictions (e.g., EU/EEA, UK), we implement appropriate safeguards, such as:

·       contract terms requiring recipients to protect the information and use it only as instructed (including, where applicable, Standard Contractual Clauses and the UK Addendum);

·       technical and organizational measures (e.g., encryption in transit/at rest, access controls, audit logging); and

·       vendor due diligence and ongoing oversight.

Copies or a description of the relevant transfer safeguards can be requested via support@korres.com, subject to reasonable redactions to protect confidentiality. Note that Shopify and TikTok also act under their own privacy policies and may conduct separate international transfers.

      9.       Sharing Your Information

We disclose personal information to the categories of recipients below, for the purposes described in this Policy or as otherwise disclosed at the time of collection.

With your consent. We disclose information when you ask us or clearly consent to a specific disclosure.

Legal, safety, and compliance. We disclose information to courts, lawenforcement, regulators, and other third parties when we believe disclosure is necessary to: (i) comply with law or legal process; (ii) detect, investigate, and help prevent fraud, abuse, or security incidents; (iii) protect the rights, property, and safety of KORRES, our users, or others; or (iv) enforce our Terms and policies. Where legally permitted, we will require valid legal process.

Service providers (contracted processors). We provide information to vendors that perform services for us—e.g., website hosting and maintenance, platform and data storage, order fulfillment and delivery, payment processing, fraud prevention, customer support, email/SMS and directmail distribution, analytics, A/B testing, product customization, and ad delivery/measurement. We require service providers by written contract to: (a) use the information only to perform services for us; (b) protect it with appropriate security; and (c) not sell or share it for their own purposes.

Business partners, affiliates, and thirdparty marketplaces (TikTok Shop & Shopify). We disclose information to business partners and our affiliates for operational purposes and joint activities. We also disclose information to thirdparty marketplace platforms—such as TikTok Shop and Shopify—to fulfill and support your orders, manage returns/exchanges, and ensure delivery and quality control. These platforms may also collect and use information independently under their own privacy policies (including for advertising, analytics, and personalization). Please review their privacy policies for details.

Advertising and measurement partners. We share certain identifiers and event data with ad tech and measurement partners, including Google, Meta, TikTok, Shopify, and Triple Whale) to personalize, deliver, and measure ads improve attribution, and understand the performance of our marketing campaigns. The information shared may include hashed email, IP address, device identifiers, order ID, purchase events, and website interaction data. Triple Whale analyzes aggregated marketing performance and generates attribution insights on our behalf as our service provider, and its use of personal information is restricted to providing contracted analytics services. Under California law, some of this activity may be considered a “sale” or “sharing” of personal information or targeted advertising. You can opt out via Do Not Sell My Information (site footer). We honor Global Privacy Control (GPC) where required.

Affiliates. We disclose information to our corporate affiliates for purposes consistent with this Policy. Our affiliates are required to protect personal information and use it only as instructed.

Sponsors and copromotions. When we run sponsored or cobranded programs, the sponsor/cobranding party may receive information about participants. Their use is governed by their own privacy policies. Please review those policies before you participate.

Corporate transactions. We may disclose or transfer information in connection with a proposed or completed merger, acquisition, asset sale, financing, reorganization, bankruptcy, or similar transaction. We will require any successor entity to use personal information in a manner consistent with this Policy.

Linked sites and social features. Our Services may link to thirdparty websites, social media, or features that are not owned or controlled by KORRES. Any information you provide to those third parties is governed by their privacy policies—not this Policy. Those third parties may use their own cookies and trackers.

Aggregated and deidentified data. We may share aggregated or deidentified information (which cannot reasonably be used to identify you) for research, analytics, and similar purposes. We will not attempt to reidentify such data.

Your choices (California and other U.S. state laws). California residents (and residents of certain other U.S. states) may opt out of the sale or sharing of personal information and targeted advertising via Do Not Sell My Information. We do not knowingly sell or share the personal information of consumers under 16 without appropriate authorization.

Deletion requests—legal exceptions. We may deny or limit deletion where an exception applies (e.g., to complete a transaction you requested, detect security incidents, debug/repair, exercise free speech or comply with law, perform internal uses reasonably aligned with consumer expectations, or for legal claims and recordkeeping). See Your California Rights for details.

10.         Marketing Communications — Choices & Opt-Out

We want to contact you only when you want to hear from us.

How to opt out by channel

  • Email: Click Unsubscribe in any marketing email or adjust preferences in your account settings.
  • SMS/Text: Reply STOP to any message (reply HELP for help). Message frequency varies; message and data rates may apply. Consent is not a condition of purchase. See our Mobile Terms.
  • Targeted advertising/cookies: Use Cookie Settings and Do Not Sell My Information (site footer). Where required by law, we honor Global Privacy Control (GPC) signals.
  • Postal mail: Email support@korres.com to opt out of directmail promotions.

Opting out of marketing does not affect service communications (e.g., order confirmations, shipping updates, returns/exchanges, or policy notices).

Processing your choice. We may take up to 10 business days to process email optouts and a short time for SMS. Unsubscribing from one channel (e.g., email) doesn’t automatically unsubscribe you from others (e.g., SMS).

Preference management & suppression. If you have an account, you can also update your preferences in your profile. We may retain limited contact information in a suppression list to ensure we respect your optout.

Access, correction, deletion. To access or update your account information, sign in and edit your profile, or contact support@korres.com. For U.S. state privacy rights (including access, deletion, correction, portability, and optout of sale/sharing/targeted advertising), see Your California Rights and use Do Not Sell My Information.

11.         Targeted Advertising (CrossContext Behavioral Advertising)

We and our advertising/measurement partners use identifiers (e.g., cookie IDs, mobile/ad IDs, IP address), hashed email (where available), device and network information, and event data (e.g., pages viewed, items added to cart, purchases) to personalize, deliver, and measure ads on our Services and across other sites and apps. This may include crossdevice and crosscontext linking.

Some partners act as our service providers, while others use data independently under their own privacy policies. For details on cookies, pixels, SDKs, and partners, see our Cookie Policy.

TikTok & Shopify. Interactions with KORRES via TikTok Shop and our Shopify storefront (including pixel/SDK events such as views, adds to cart, and purchases) may also be used for interestbased advertising and measurement on those platforms, subject to their privacy policies and your settings with them.

Your choices. Under certain U.S. state laws (including California), sharing identifiers and event data for advertising/measurement may be considered a “sale” or “sharing” of personal information or targeted advertising.

You can opt out at any time via Do Not Sell My Information (site footer).

We also honor Global Privacy Control (GPC) signals where required. You can further manage ad preferences via:

·       Cookie Settings (site footer);

·       platform settings (e.g., Google, TikTok, Pinterest, Microsoft/Bing); and

·       industry tools: DAA (aboutads.info/choices) and NAI (optout.networkadvertising.org).

Optouts are generally browser and device specific. If you clear cookies, switch browsers/devices, or use private browsing, you may need to reapply preferences.

We do not control—and are not responsible for—the independent practices of third‑party advertisers, ad networks, or exchanges. Please review their privacy policies for details.

12.         Confidentiality & Security

We implement administrative, technical, and physical safeguards appropriate to the nature of the information we process and the risks involved. These measures include policies and training, access controls and leastprivilege, multifactor authentication for sensitive systems, encryption in transit (e.g., TLS) and where appropriate at rest, network and application security controls, logging/monitoring, vulnerability management, and regular backups.

We require our service providers (including ecommerce and payment providers) by contract to protect personal information, use it only as instructed, and notify us of security incidents without undue delay. Payment card data is handled by PCIDSS–compliant processors; we do not store full card numbers.

You are responsible for keeping your account credentials confidential and for promptly notifying us at support@korres.com of any suspected unauthorized use.

While we work hard to protect personal information, no method of transmission or storage is 100% secure. If a data incident occurs, we will notify you and/or regulators as required by law. We retain personal information as described in this Policy and delete or deidentify it when no longer needed or required to be kept.

13.         Mobile Marketing & Notifications

The Korres USA text messaging program (the “Service”) is operated by KORRES (“we,” “us”). By opting in, you agree to receive recurring SMS/text messages from or on behalf of KORRES at the mobile number you provide, including promotional messages (offers, cart reminders) and service messages (order/account alerts). Messages may be sent using an automated system. Consent is not a condition of purchase.

What we collect & how we use it. We collect your mobile number, optin/optout status, and messaging preferences to manage the Service and send messages. We may use cookies/pixels to trigger messages based on your actions on our Site (e.g., cart events). See our Cookie Policy and this Privacy Policy for details.

How to opt out. You can opt out at any time by replying STOP to +18557881650 or tapping the unsubscribe link (where available). You’ll receive one confirmation text and then no further marketing texts unless you opt in again. If you subscribe to multiple KORRES text programs, you must opt out of each separately (as required by law).

Help & support. For help, reply HELP or email support@korres.com. Message frequency varies. Message and data rates may apply. Check your plan for details.

Program terms & changes. See our Mobile Terms for full terms (including arbitration/dispute resolution, where applicable). We may modify or cancel the Service or update these terms; continued use after changes means you accept the updated terms.

Carriers & delivery. Wireless carriers are not liable for delayed or undelivered messages. If we change our short code or phone number, we’ll notify you; messages sent to an old number may not be received. Please provide a valid mobile number and update us if it changes.

Privacy & sharing. We use information collected via the Service consistent with this Privacy Policy. We do not sell or share text message optin/consent data with third parties for their own marketing, except to our SMS platform providers and aggregators as needed to deliver the Service.

14.         Health Information (HIPAA Notice)

KORRES is not a HIPAA covered entity or business associate. Our consumer Services are not intended to collect, receive, or store Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA). Information you share with us through the Site, our apps, or SMS is treated as personal information under this Privacy Policy and applicable state laws—not as PHI.

Please do not submit PHI to us. This includes, for example, medical records, diagnoses, treatment information, prescription details, insurance member numbers, or any information from a healthcare provider. If we inadvertently receive PHI, we will delete or deidentify it unless we are legally required to retain it.

If we ever handle PHI under a Business Associate Agreement (BAA). In limited cases where we expressly contract to support a HIPAAcovered entity, those services would be governed by a written BAA. That PHI processing would be separate from the consumerfacing Services covered by this Policy.

No medical advice. Our content and products are for cosmetic and informational purposes only and are not a substitute for professional medical advice, diagnosis, or treatment. Always consult a qualified healthcare professional with questions about a medical condition.

15.         ThirdParty Services & Platforms

We use thirdparty vendors to operate and improve the Services—e.g., hosting/cloud, ecommerce and marketplaces (including Shopify and TikTok Shop), payment processing, customer support, email/SMS delivery, analytics/experience tools (including Hotjar), advertising/measurement, fulfillment/logistics, fraud prevention, and security/IT. For the specific cookies, pixels, SDKs, partners, and retention periods we use, see our Cookie Policy.

We require service providers by contract to use personal information only to perform services for us and to implement appropriate security. Payment card data is processed by Shopify, a PCIDSScompliant processor; we do not store full card numbers.

Shopify and TikTok Shop Integrations

When you interact with KORRES on TikTok Shop or Shopify, those platforms may also collect and use information independently under their own privacy policies. See their privacy policies and our Cookie Policy for details about platform integrations (including pixels/SDKs).

Sharing certain identifiers and event data with advertising/measurement partners (including some TikTok/Shopify integrations) may be considered a “sale” or “sharing” of personal information or targeted advertising under U.S. state laws. You can opt out at any time via Do Not Sell My Information (site footer). Where required, we honor Global Privacy Control (GPC) signals.

Triple Whale Analytics Platform
We also use Triple Whale, a marketing analytics and attribution platform that consolidates data from multiple sources—including Shopify, Meta, Google Ads, and Klaviyo—to help us measure campaign effectiveness and improve customer experiences.
Triple Whale receives pseudonymized identifiers (such as hashed emails, order IDs, IP addresses, and device identifiers) for the purpose of generating aggregated performance insights. Triple Whale acts as our data processor under applicable privacy laws and processes information only under our written instructions.
Triple Whale may use a combination of client-side and server-side tracking technologies (“Triple Pixel”) to record site and purchase events. These technologies are disabled until you provide consent through our Pandectes Consent Management Platform (CMP).
We do not permit Triple Whale to use any personal information for its own independent purposes. However, certain disclosures of identifiers and event-level data for measurement or cross-context advertising may be deemed a “sale” or “sharing” under U.S. state privacy laws. You can opt out at any time via Do Not Sell or Share My Information in the site footer.

You can update nonessential tracking preferences anytime via Cookie Settings (site footer).

16.         Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you specific rights regarding your personal information.

Your rights

·        Right to Know/Access & Portability – Request (a) the categories and specific pieces of personal information we collected about you; (b) the categories of sources; (c) the business/commercial purposes; (d) the categories of third parties to whom we disclosed it; (e) the categories of personal information “sold,” “shared,” or disclosed for a business purpose; and (f) our retention periods or criteria.

·        Right to Correct – Request that we correct inaccurate personal information we maintain about you.

·        Right to Delete – Request deletion of personal information we collected from you (subject to legal exceptions).

·        Right to Opt Out of “Sale”/“Sharing” & Targeted Advertising – Opt out of the sale or sharing of personal information (as defined by California law) and of crosscontext behavioral/targeted advertising.

·        Right to Limit Use of Sensitive Personal Information (SPI) – Limit our use and disclosure of SPI to what is necessary to provide requested services. We do not use SPI for purposes that trigger this right (e.g., to infer characteristics). If that changes, we will provide a mechanism to limit use.

·        Right to NonDiscrimination – We will not discriminate against you for exercising your rights.

How to exercise your rights

  • Use Do Not Sell My Information (site footer) to opt out of sale/sharing and targeted advertising. We honor Global Privacy Control (GPC) signals where required.
  • To submit access, correction, deletion, or portability requests: email support@korres.com. If you have an account, you may also verify and manage certain information in your profile.

Verification & authorized agents

  • We will verify your request by matching information you provide with our records or via account login. If you use an authorized agent, we may require proof of authorization (e.g., signed permission or power of attorney) and may ask you to verify your identity directly with us.

Appeals

  • If we deny your request, you may appeal by emailing support@korres.com with the subject line “Privacy Request Appeal.” We will review and respond within 45 days.

Response timing

  • We aim to respond within 45 days of receiving a verifiable request; we may extend once by up to 45 additional days with notice explaining the reason for the extension.

Minors under 16

  • We do not knowingly sell or share the personal information of consumers under 16. If we become aware that we have such information, we will obtain the required optin authorization (from the minor aged 13–16, or from a parent/guardian if under 13) or cease such activities.

“Shine the Light” (Cal. Civ. Code §1798.83)

  • California residents may request information regarding our disclosure of personal information to third parties for their direct marketing purposes. To submit such a request, email support@korres.com with the subject line “Your California Privacy Rights.”

Financial incentives (California loyalty programs). If you choose to participate in our Circle Rewards Program or similar offers, we may provide discounts, perks, or other benefits in exchange for collecting and using personal information (e.g., identifiers, purchase history, engagement). Participation is optional, and you may withdraw at any time via account settings or by emailing support@korres.com. The value of the program is reasonably related to the value of the personal information collected, as reflected by the good‑faith estimated value of discounts, perks, and increased engagement. Material terms (what data is collected; how to opt in/out; and a non‑discrimination commitment) are presented at sign‑up and may be updated from time to time.

17.         Contact

If you have any questions regarding this Privacy Policy, please contact our Privacy Team by email at support@korres.com or by mail.

KORRES
80 Maiden Lane
New York, NY 10038

Accessibility: If you need this Policy in an alternative format, please contact support@korres.com.

Last reviewed: September 1, 2025.