Privacy Policy

We want you to be familiar with how Colgate and Kolibree collect, use, and disclose information in connection with the hum by Colgate and Colgate Connect E1 Smart Toothbrush and Colgate Whitening LED kit (the “Devices”). The toothbrush and the mobile application that you may choose to pair with the toothbrush (the “App”) are powered by Kolibree SAS. This Privacy Policy explains how Colgate and Kolibree will collect, use, and disclose information collected through the App and through the Colgate Connect website from which you are accessing this Privacy Policy (the “Site”). The terms “we,” “our,” or “us,” when used in this Privacy Policy, refer collectively to Colgate and Kolibree. We refer to the App and Site collectively as the “Services.”

By using the Services you understand that you are sharing information with both Colgate and Kolibree.

PLEASE SEE BELOW FOR OUR POLICY REGARDING OUR COLLECTION OF DATA FROM U.S. CHILDREN UNDER AGE 13 AND CHILDREN OUTSIDE THE U.S. UNDER AGE 16.

PERSONAL DATA

“Personal Data” is data that identifies you as an individual or relates to an identifiable individual, such as:

• First and last name
• Postal address
• Telephone number
• Email address
• Profile picture
• Social media account ID

Collection of Personal Data

We and our service providers collect Personal Data in a variety of ways, including:

• Through the App
  • We collect Personal Data through the App, such as when you provide your email address or a profile photo in connection with account creation.
• Through the Site
  • We collect Personal Data through the Site, such as when you purchase products, contact us via chat or email, or subscribe to our newsletter.
• From Other Sources
  • We may receive Personal Data from other sources, such as your insurance company or dentist, consistent with your choices.
  • If you connect your social media account to your Services account, you will share your email address from your social media account with us.

We need to collect Personal Data in order to provide the requested features of the Services to you. If you do not provide the data requested, we may not be able to provide all of the Services’ features to you. If you disclose any Personal Data relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the data in accordance with this Privacy Policy.

Data the App Uses in Real-Time

The technology used to evaluate your tooth brushing, which includes algorithms that analyze your face and your brushing technique, is run in real time on your device (and thus is not collected or captured by Colgate). Colgate does not collect this information from your device or access it on your device. Nor does Colgate use this technology to identify you.

Use of Personal Data

We and our service providers use Personal Data for legitimate business purposes, including:

• To provide the functionality of the Services and fulfill your requests.
  • To provide the Services’ functionality to you, such as, if you use the App, providing you with a weekly review of your brushing activity and providing you with related customer service.
  • To fulfill your orders for Colgate Connect products and provide you with related customer service.
  • To send administrative information to you, such as changes to our terms, conditions, and policies.
• We will engage in these activities to manage our contractual relationship with you and/or to comply with a legal obligation.
• To provide you with surveys and our newsletter and other marketing materials.
  • To send you marketing related emails and push notifications, with information about our services, new products, and other news about us.
• We will engage in this activity with your consent or where we have a legitimate interest.
• To analyze Personal Data to provide personalized or improved services.
• To better understand you (including, if you use the App, your brushing habits), so that we can personalize our interactions with you and provide you with content, information, and/or offers tailored to your interests.
• To analyze your use of the Services so that we can improve them.
• We will provide personalized services either with your consent or because we have a legitimate interest.
• To aggregate, de-identify, and/or anonymize Personal Data.
  • We may aggregate, de-identify, and/or anonymize Personal Data so that it will no longer be considered Personal Data. We do so to generate other data for our use, which we may use and disclose for any purpose.
• To accomplish our business purposes.
  • For data analysis, such as to improve the efficiency of the Services.
  • For audits, to verify that our internal processes function as intended and are compliant with legal, regulatory, or contractual requirements.
  • For fraud and security monitoring purposes, such as to detect and prevent cyberattacks or attempts to commit identity theft.
  • For research and developing new products and services.
  • For enhancing, improving, or modifying our current products and services.
  • For identifying usage trends, such as understanding which parts of the Services are of most interest to users.
  • For determining the effectiveness of our promotional campaigns, so that we can adapt them to our users’ needs and interests.
  • For operating and expanding our business activities, including understanding which parts of the Services are most used so we can focus our energies on meeting our users’ interests.
• We engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or because we have a legitimate interest.

Disclosure of Personal Data

We disclose Personal Data:

• To our affiliates, for the purposes described in this Privacy Policy.
  • You can consult the list and locations of Colgate’s affiliates here.
  • Kolibree’s affiliates are Kolibree Inc., Baracoda Ltd, Kaertech SAS, Kaertech Ltd., Flaminem Inc., Flaminem Factory SAS, Radioline SAS and CareOS. Kolibree’s affiliates are located in Europe, the U.S., and Hong Kong.
• To our third-party service providers, to facilitate services they provide to us.
  • These can include providers of services such as research and development, marketing, cloud and website hosting, data analysis, information technology, and customer service.
• When you elect to disclose your Personal Data.
• You or we may share your Personal Data when you consent to or request such sharing, or when, in the case of a child, the child’s parent or legal guardian consents to such sharing. For example, you may ask us to share your Personal Data, along with data about your brushing activity, with your dentist or insurance company. You may also choose to share your data in connection with research studies.
• You may choose to share your Personal Data when you post a product review or a comment in response to a blog post on the Site. Please note that any data you post or disclose by doing so will become public information.

Other Uses and Disclosures

We also may use and disclose your Personal Data as necessary or appropriate when we have a legal obligation or legitimate interest to do so:

• To comply with applicable law and regulations.
  • This can include laws outside your country of residence.
• To cooperate with public and government authorities.
  • To respond to a request or to provide information we believe is important.
  • These can include authorities outside your country of residence.
• To cooperate with law enforcement.
  • For example, to respond to law enforcement requests and orders or provide data we believe is important.
• For other legal reasons.
  • To enforce our terms and conditions; and
  • To protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others.
• In connection with a sale or business transaction.
  • We have a legitimate interest in disclosing or transferring your Personal Data to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings). Such third parties may include, for example, an acquiring entity and its advisors.

OTHER DATA

“Other Data” is any data that does not reveal your specific identity or does not directly relate to an identifiable individual. If we are required to treat Other Data as Personal Data under applicable law, then we may use and disclose it for the purposes for which we use and disclose Personal Data as detailed in this Privacy Policy.

Collection of Other Data

We and our service providers may collect Other Data in a variety of ways, including:

• Data you provide
  • We ask you to provide data that does not reveal your specific identity, such as your first name, date of birth, gender, and whether you are left- or right-handed.
• Through your device
  • Certain data is collected automatically through your device or browser, such as a device ID, your screen resolution, operating system, device manufacturer and model, language, default country setting, and Internet browser type and version. We use this data to ensure that the Services function properly. We use the device ID to send you push notifications, subject to your consent (or parental consent) where required by applicable law.
• Through your use of the App
  • When you download and use the App, we will collect your toothbrush serial number, as well as data about your use of the App, such as games and other features used and the dates and times of your interactions with the App. We also collect data about your brushing, such as time spent brushing, frequency of brushing, areas of the mouth brushed, and position of the toothbrush (including but not limited to when you brush in connection with a game). We use this data to understand how the App is used, including which features and interactions help improve brushing technique. We also use the data to improve the App and the toothbrush and to design new features and games.
• Using cookies
  • Cookies are pieces of data stored directly on the computer that you are using. Cookies allow us to collect data such as browser type, time spent on the Site, pages visited, language preferences, and other traffic data. We and our service providers use the data for security purposes, to facilitate navigation, to display information more effectively, and to personalize your experience. We also gather statistical data about use of the Site in order to continually improve its design and functionality, understand how it is used, and assist us with resolving questions about it. We do not currently respond to browser do-not-track signals. If you do not want data collected through the use of cookies, most browsers allow you to automatically decline cookies or be given the choice of declining or accepting a particular cookie (or cookies) from a particular website. You may also wish to refer to http://www.allaboutcookies.org/manage-cookies/index.html. If, however, you do not accept cookies, you may experience some inconvenience in your use of the Site.
• Using tracking technologies
  • We may use tracking technologies to recognize you as you use the Services, so that we can understand how the Services are used and optimize user engagement. We may also use pixel tags (also known as web beacons and clear GIFs) in the emails we send, to track recipients’ actions and response rates.
  • We use Google Analytics, which uses tracking technologies to collect and analyze data about use of the Services and to report on activities and trends. This service may also collect data regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to https://www.google.com/policies/privacy/partners/.
• IP Address
  • We collect your IP address, which is automatically assigned to your device by your Internet service provider. An IP address may be identified and logged when you access the app, along with the time of the visit. We use IP addresses for purposes such as calculating usage levels, diagnosing problems, and administering the app.

Uses and Disclosures of Other Data

We may use and disclose Other Data for any purpose, except where we are prohibited from doing so under applicable law. In some instances, we may combine Other Data with Personal Data. If we do, we will treat the combined data as Personal Data as long as it is combined.

SECURITY

We seek to use reasonable organizational, technical, and administrative measures to protect Personal Data within our respective organizations. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.

CHOICES AND ACCESS

Your choices regarding our use and disclosure of your Personal Data

We give you choices regarding our use and disclosure of your Personal Data for marketing purposes. You may opt-out from:

• Receiving electronic communications from us:
  • If you no longer want to receive marketing-related emails from Colgate on a going-forward basis, you may opt out by following the instructions contained in each Colgate marketing-related email.
  • If you no longer want to receive marketing-related emails from Kolibree on a going-forward basis, you may opt out by following the instructions contained in each Kolibree marketing-related email.
• Receiving push notifications from us: You may stop the receipt of push notifications through your device settings.
• Our sharing of your Personal Data with affiliates for their direct marketing purposes:
  • To ask Colgate to discontinue its sharing of your Personal Data on a going-forward basis with Colgate affiliates for their direct marketing purposes, write to Colgate at teamconnect@colgate.com.
  • To ask Kolibree to discontinue its sharing of your Personal Data on a going-forward basis with Kolibree affiliates for their direct marketing purposes, write to Kolibree at support@kolibree.com.
• We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages, from which you cannot opt-out.

How you can access, change, or delete your Personal Data

You may delete your account and update or correct certain of your Personal Data through your Services account settings.

You may also contact Colgate at teamconnect@colgate.com and Kolibree at support@kolibree.com if you would like to request to review, correct, update, suppress, restrict, or delete Personal Data that you have previously provided to us, or if you would like to request to receive an electronic copy of your Personal Data for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by applicable law). We will each respond to your request consistent with applicable law.

In your request, please make clear what Personal Data you would like to have changed. For your protection, we may only implement requests with respect to the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.

Please note that we may need to retain certain data for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion.

RETENTION PERIOD

We retain Personal Data for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law.

The criteria used to determine our retention periods include:

• The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services);
• Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep transaction records for a certain period of time before we can delete them); or
• Whether retention is advisable in light of Colgate’s or Kolibree’s legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).

THIRD PARTY SERVICES

This Privacy Policy does not address, and we are not responsible for, the privacy, data, or other practices of any third parties, including any third party operating any website or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates.

In addition, we are not responsible for the data collection, use, disclosure, or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, Blackberry, or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider, or device manufacturer, including with respect to any Personal Data you disclose to other organizations through or in connection with the Services.

OUR COLLECTION OF PERSONAL DATA FROM CHILDREN

The Site is not directed to children, and we do not knowingly collect Personal Data from children on the Site.

When an App user who is under the age of 13 (for U.S. users) or 16 (for non-U.S. users) seeks to create an account (a “child accountholder”), we collect his or her first name and the email address of his or her parent or guardian, in order to seek the consent of the parent or guardian to our collection of Personal Data from the child. We and our service providers also collect the data described above, under “Other Data,” from child accountholders. If we receive the consent of the child’s parent or guardian, then we may also collect the child’s email address and profile photo.

We use and disclose a child accountholder’s Personal Data as described above, under “Use of Personal Data” and “Disclosure of Personal Data.”

If you would like to review the Personal Data we have collected from your child, or if you would like to ask us to make no further use of, or delete, the Personal Data we have collected from your child, please contact us as described in the “Contacting Us” section, below. In your request, please include your name and email address, and specify the action you would like us to take. For your child’s protection, we may need to verify your identity before implementing your request.

JURISDICTION AND CROSS-BORDER TRANSFER

Your Personal Data may be stored and processed in any country where we have facilities or in which we engage service providers, and, by using the Services, you understand that your data will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your Personal Data.

Additional Information Regarding the European Economic Area (“EEA”): Some of the non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here. For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission, to protect your Personal Data. You may obtain a copy of these measures here.

SENSITIVE DATA

Unless we specifically request it, we ask that you not send us, and you not disclose, any sensitive Personal Data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) on or through the Services or otherwise to us.

YOUR CALIFORNIA AND OTHER STATE PRIVACY RIGHTS

If you are a resident of California, Colorado, Connecticut, Utah, or Virginia, the law in your state provides you with the following rights with respect to your Personal Data:

Your California, Colorado, Connecticut, Utah, and Virginia Privacy Rights

• The right to know what, if any, Personal Data we have collected, used, disclosed, and sold about you, including the categories of Personal Data, the categories of sources from which the Personal Data is collected, the business or commercial purpose for collecting, selling, or sharing Personal Data, the categories of third parties to whom Colgate discloses Personal Data, and the specific pieces of Personal Data Colgate has collected about you.
• The right to obtain a copy of Personal Data we have about you in a portable and, to the extent technically feasible, readily usable format.
• The right to correct inaccurate personal information about you, taking into account the nature of the Personal Data and the purposes of the processing.
• The right to request that we delete any Personal Data.
• The right to opt-out of the selling your Personal Data, which you can exercise at our website by clicking here
• The right to opt-out of the sharing of your Personal Data for purposes of targeted advertising which you can exercise at our website here or by modifying your privacy preferences (e.g., Global Privacy Control), available through certain internet browsers and extensions, that signal your preference to opt out. Please note that clearing your cookies at any time will remove the signal of your selected privacy preferences.
• The right to limit the use of your Sensitive Personal Data, which you can exercise through the Contact Us form available on our website.
• If we deny your request, the right to appeal our decision.

In addition, and as set forth below, we do not sell or share any of our data subjects’/consumers’ Personal DataInformation, as defined by the CCPA. California law requires us to identify, for the 12-month period prior to the date of this Privacy Policy, what information we may have “sold” or “shared” about you. For the 12-month period prior to the date of this Privacy Policy, we have not sold or shared any personal information about our business contacts. Colgate does not use or disclose Sensitive Personal Data, as defined in applicable laws, for any purposes other than those permitted by applicable law.

This Privacy Policy describes how we may share your information for marketing purposes, as described above. If you are a California resident, the Shine the Light law permits you to request and obtain from us once per calendar year information about any of your Personal Data shared with third parties for their own direct marketing purposes, including the categories of information and the names and addresses of those businesses with which we have shared such information. To request this information and for any other questions about our privacy practices and compliance with California law, please contact us through the Contact Us form on our website.

California Business Contact Information

If you are a California resident and we receive your Personal Data in the form of contact details from business events, for example as part of a business appointment (e.g., by exchanging business cards) or as part of any other form of collaboration, we may use your contact and business details to maintain our business contacts. For this purpose, we may transfer your contact details to our internal database. Pursuant to the CCPA, you have privacy rights with respect to your business contact Personal Information.

The processing activity may include the following categories of Personal Information:

• Your contact information (e.g., name, title, form of address or salutation, address, gender, telephone numbers, email address); and
• Details on your profession (e.g., job title, position, personnel number, place of work, branch office, department, qualifications).

This data processing is based on our legitimate business interests. We have a legitimate economic interest in maintaining contacts beyond the initial context and in using them to establish and develop a business relationship and to remain in contact with the parties concerned.

Such business contacts could also be processed in our email communications with you and then kept in typical business software, either centrally or on the electronic devices of our employees.

California law provides you with the following rights with respect to your Personal Data:

• The right to know what Personal Data we have collected, used, or disclosed about you.
• The right to request that we delete any Personal Data we have about you.
• The right to correct inaccurate Personal Data about you.

We do not sell or share any of our data subjects’/consumers’ Personal Data, as defined by the CCPA. California law requires us to identify, for the 12-month period prior to the date of this Privacy Policy, what information we may have “sold” or “shared” about you. For the 12-month period prior to the date of this Privacy Policy, we have not sold or shared any personal information about our business contacts.

Submitting Requests

If you are a resident of California, Colorado, Connecticut, Utah, or Virginia, you may submit your requests to opt out, correct, delete, and/or to know/obtain Personal Data we have collected about you by accessing our Consumer Affairs page by clicking here or by contacting our Toll-Free Telephone Number at 1-800-468-6502.

We will respond to your request in compliance with the requirements of your state’s applicable laws. Please note that we are only required to honor California requests to know twice in a 12-month period.

Verification of Your Identity

When you exercise these rights and submit a request to us, we will verify your identity by asking you to provide us with additional information such as your email address, order numbers of previous orders of our products and services. We also may use a third-party verification provider to verify your identity.

Appeal

Residents of Colorado, Connecticut, and Virginia may appeal a decision we have made regarding their requests by calling us at 1-800-468-6502 or by using the form available on our website. We will respond to appeals from Virginia and Connecticut residents within 60 days. We will respond to appeals from Colorado residents within 45 days.

Non-Discrimination

If you make a request under the CCPA, we will not discriminate against you in any way. For example, we will not deny you discounts or other benefits or impose penalties on you, or provide you with or suggest that you will receive a different level or quality of benefits or services.

Authorized Agents

You may permit an authorized agent to submit a request to know or to delete your Personal Data. If we receive a request on your behalf, we will ask that person to give us proof that you gave that person written permission to make a request for you. If that person does not provide us with written proof, we will deny their request so that we can protect your Personal Data.

Automated Decision-Making

We generally do not use automated decision-making technology, as that term is defined by State Privacy Laws. If we make use of automated decision-making technology, you will be informed through a separate privacy notice.

UPDATES TO THIS PRIVACY POLICY

The “LAST UPDATED” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on the Services. Your use of the Services following these changes means that you accept the revised Privacy Policy.

CONTACTING COLGATE

Colgate-Palmolive Company, located at 300 Park Avenue, New York, New York 10022, is the company responsible for the collection, use, and disclosure of Personal Data under this Privacy Policy in the U.S.

Colgate-Palmolive S.A.S. is the company responsible for collection, use, and disclosure of your Personal Data under this Privacy Policy in the EEA.

If you have any questions about this Privacy Policy, please contact Colgate at teamconnect@colgate.com or:

Colgate-Palmolive Company

300 Park Avenue

New York, NY 10022

United States of America

Because email communications are not always secure, please do not include credit card or other sensitive data in your emails to us.

CONTACTING KOLIBREE

Kolibree SAS, located at 1 rue Garnier, 92200 Neuilly-sur-Seine, France, is responsible for the collection, use, and disclosure of your Personal Data under this Privacy Policy. If you have questions about this Privacy Policy, please contact Kolibree at support@kolibree.com.

ADDITIONAL INFORMATION FOR THE EEA

You also may:

• Contact Colgate’s data protection officer responsible for Germany, if necessary:

  HEC Harald Eul Consulting GmbH

  Datenschutz + Datensicherheit

  Auf der Hoehe 34

  50321 Bruehl

  Tel.: +49 2232 1885-210

  Fax: +49 2232 200-884

  Internet: https://www.datenschutz-help.de/

  E-mail: petra.eul@he-c.de

• Contact Kolibree’s data protection officer responsible for France, if necessary:

  DPO-Avocats

  Cabinet Dézavelle-Livowsky & Associés

  11 rue Théodule Ribot

  75017 Paris

  Tel.: +33 1 4227 7349

  Internet: https://dezavelle.com/

  E-mail: cil@dezavelle.com

Lodge a complaint with a data protection authority for your country or region or where an alleged infringement of applicable data protection law occurs. A list of data protection authorities is available here.