Privacy & Data Protection Policy

Hello! This page will tell you how we use your data when you use this website, interact with us, or buy our goods & services. It will also let you know about your privacy rights and the law that protects you. This will let you become fully aware of how and why we use your data.

In plain language, data is collected, when you visit and browse my website, when you place an order for a product on my website, when you connect with me via email or social media, when you create a dōTERRA account and select the option to receive my communication, or when you sign up directly to receive communication from me or join one of my email lists. 

I commit to using this data as requested and/or required by law and limit access to your personal information. I will send you what you what you signed up to receive. You can opt-out at anytime. 

I use a variety of third party applications and services to allow me to create and run this website. I am not responsible for their privacy polices. I encourage you to read more about the services I use and seek out their individual privacy policies.

If you are a member of the European Union, with the passing of the GDPR, you have additional rights (see below). 

This page was last updated on May 24, 2018 and can be edited without prior notice. This document is intended to be compliant in the most recent privacy regulations.

If you have questions about the policies on this page, please contact us. 



If you'd like more detailed information, keep reading below:

1. Who is behind this website?

I Heart Oils is a website and other related platforms that is run by Heather Carson, LLC. None of the resources managed and presented are intended for children. We do not knowingly collect any data relating to children. 

I partner with many other platforms and companies to serve you through this website. These other platforms are doTERRA International, Shopify (and Shopify app developers), iContact, Gooten, Printify, Printful, StatCounter, Google Analytics, and social media sites Google+, Facebook, Instagram, Twitter, Pinterest, and Tumblr. 

2. What information do we collect?

Personal data, or personal information means any information about an individual from which, the person could be identified. It doesn't include data where the identity of the person has been removed (which would make it anonymous data).

We collect a variety of personal data from you (our customers, website visitors, and social media connections). 

Depending on how you interact with us, the intake form you fill out, or the order you place, the personal data collected falls into these categories:

-Identity Data: your name if you place an order and/or username if you interact with us on social media. 

-Contact Data: this could include billing address, delivery address, email address, & phone number(s). 

-Profile Data: this would be the purchases or orders you placed, any preferences you selected, feedback, survey responses, contact form submissions, etc. As well as any profile data we have added, for example in using analytics and profiling. 

-Technical Data: this includes internet protocol (IP) address, browser type, operating system, time-zone setting and location, browser plug-in types and versions and other technology you use to access this website.

-Usage Data: this includes info about how you use our website, products, & services. 

-Tracking Data: this is the information we or others collect about you for cookies and similar tracking technologies, such as pixels, mobile identifiers, and web beacons. 

-Marketing & Communications Data: this is your preferences in receiving contact and marketing from us and our third party providers as well as your communication preferences. 

We don't collect any special categories of personal data such as race, ethnicity, religious or political affiliation, etc. 

3. How is all this data collected?

There are a few different ways this data is collected. 

-Direct interaction: this is when you reach out and connect with us via phone call, email, messenger, chat, filling in a form, or social media.

This includes personal data you provide when you sign up to receive newsletters or email classes, create an account with doTERRA, order from my website, enter a giveaway or other competition, leave comments or reviews on our products and services, or engage with us on social media.

-Automated technologies or interactions: as you interact with us and our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We may also collect Tracking Data when you use our website and click on our links. 

-Third Parties and publicly available sources. We may receive personal data about you from various types of third parties, including:

Technical Data and/or Tracking Data from analytics providers, advertising networks and search information providers;

Contact and Transaction Data from providers of payment and fraud protection services;

Identity and Contact Data from data partners or business partners; and

Data from any third parties who are permitted by law or have your permission to share your personal data with us, such as parent companies in which you've opted in to receive communication, via social media, or review sites. We will only use your personal data as the law allows. 

4. How do we use your data for transactions?

Here are the ways we use the information we collect.

-To fulfill a contract we are about to or have entered into with you. For example, shipping you a product you purchased from our store.

-When it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example a fraud screening as part of the check-out process.

-Where we need to comply with legal or regulatory obligations. For example, keeping records of our sales for tax purposes.

-Generally, we do not rely on consent as a legal basis for processing your personal data other than where the law requires it, for example in relation to sending certain direct marketing communications. Where our legal basis is consent, you have the right to withdraw consent at any time. 

5. How do we use your data for advertising & marketing (and your communication preferences). 

-We may use your Identity, Contract, Technical, Tracking, Usage, and Profile Data to help us create what we think you may want or need. Things that might interest you. This helps us decide what is relevant for you and for us to tell you about.

-We send out direct marketing usually by email newsletter or other email blasts. You have full control of the emails you receive from us and can opt-out of lists at any time. I use iContact for my emails and suggest you review their data protection policies as well. 

-Shopify (who I use to run this website & shop) gives you the option to receive further communication from me. You aren't under any obligation to sign up for further communication when you use this site or purchase my products. I will only send out communication to those who request it.

-We may also from time to time send out good old fashioned snail mail in the form of customer appreciation cards and/or gifts.

-I use StatCounter, Google Analytics, and Shopify to help collect Tracking Data. This helps me know what pages and products are popular and how better to create content you'll enjoy.

-This site uses COOKIES to collect anonymous tracking data. This helps your user experience the next time you visit our site. Like retaining things in your cart if you move to another page. There is a cookies disclaimer when you first visit our site. To use the site, you agree to the use of cookies. You can refuse the use of cookies or block all access to cookies via your web preferences in your browser, but you may have trouble accessing information on this site.

6. Disclosure of you Personal Data

We will not share or disclose any of your personal data with any third party except government, regulators and law enforcement should this data be requested through written documents. 

7. Payment Information

I Heart Oils website uses third party payment processors Stripe, PayPal, and to process payments. You credit card details are handled directly by these processors and are encrypted before being communicated to them. I never see the payment information.

If you click over to my doTERRA website, payment processing is handled by doTERRA International. If you click through to Amazon for affiliate purchase, payment is processed through Amazon. 

8. Data Security

We limit access to your personal data. Only those employees, contractors, agents or third parties who have business that need to know will have access. They are subject to confidentiality. Third party partners also have data security in place for additional protection.

9. Third-party Links

This website includes links to third-party websites, plug-ins, & applications. For example integration with Facebook. Clicking on those links and enabling those connections may allow third parties to share data about you. We don't control these third parties and are not responsible for their privacy policies. We encourage you to read the privacy policy of every website or web service you use. 

10. Data Retention

We will only keep your personal data for as long as necessary to fulfill the purpose it was collected. 

11. Your Legal Rights

If the General Data Protection Regulation (GDPR) applies to you because you are in the European Union, you have rights under this data protection law in relation to your personal data:

  • The right to be informed- that's an obligation on the provider to inform you how we use your personal data (that what this page is doing).
  • The right of access- this is a right to make what's known as 'data subject access request' for a copy of the personal data we hold about you;
  • The right to rectification- this the right to correct personal data you feel in in error or incomplete.
  • The right to erasure- this is the right to request to 'be forgotten.' In certain circumstances you can request we delete all the personal data we collect about you (unless for legal reasons we need to keep it).
  • The right to restrict processing- this is a right for you in certain circumstances to ask us to suspend processing your personal data.
  • The right to data portability- this is the right to ask us for a copy of your personal data in a common format (such as .csv file).
  • The right to object- this right lets you object to us processing your personal data. For example if you object to us processing your data for direct marketing and opting out of our communication.
  • The rights in relation to automated decision making and profiling- this is a right you have for us to be transparent about any profiling we do or any automated decision making.

If you wish to exercise any of the above rights, contact us. We might need to request additional information from you to help us confirm your identity and ensure your right to access the personal data. This is a security measure so that your personal data isn't shared with people who have no right to receive it. 

We try to respond to all requests within one month. Occasionally it may take long depending on the request.

Contact us via our contact form if you have any questions about this page, the policies, or would like to exercise any of your rights. 

Reminder that these regulations are new this year and may change. There might be updates from time to time. Be sure to check back in occasionally if you are concerned.