Effective Date: 6/3/2021
Last Revised: 6/3/2021
INFORMATION WE COLLECT
Information You Provide
In registering for email, signing up for any account with us, placing orders via the Site or through other means, and for communicating with us about our products, you provide, and we, in turn, collect some personal information about you, which means information that can directly or indirectly associate or otherwise identify you as a natural person. While, at some times, you may be providing this information or otherwise engaging with us as an employee of another company, the information you provide and that we may collect, may include information including your name, personal or work email, personal or work physical address, personal or work phone number, billing information, information about the products/services you are/have been interested in or otherwise purchased or returned.
Additionally, when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number. We refer to this information as “Order Information.”
We also collect information that you submit via our blog if you write responsive comments or posts. This information may or may not be used with other information collected about you to create a profile about you.
Information We Collect Automatically
When you visit the Site, we automatically collect certain information about the device you are using to access the Site, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information.”
We collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
“Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
When you access our Services, we may collect information (either directly or using third party services) using logging and cookies which can sometimes be correlated with Personal Information. We use this information to monitor and analyze use and interest in the Services.
Information Obtained from our Third-Party Partners
When you engage in certain functions on the Site, our third-party partners who operate those functions on our behalf may collect information that you provide and provide it to us. This includes user submission information that is collected via Bazaarvoice, which is a Shopify application. Bazaarvoice collects information in regards to reviews you may post, which operates our ratings and reviews and collects information associated with those processes. This includes the content of the reviews that you post as they relate to specific products.
We also work with Salesforce and Shopify, which collect information about user profiles and share that information with us.
At this time, we do not collect information from third-party social media sites that you may use to get to our Site or otherwise engage with our Services.
HOW WE USE YOUR PERSONAL INFORMATION
We generally use information that we collect for the purposes of fulfilling our contractual obligations to you, in furtherance of our legitimate interests in operating the Services and our business and/or where you have consented to such usage. More specifically, however, we use your Personal Information in the following ways:
- To fulfill any orders placed through the Site. This includes processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations).
- To provide, update, maintain and protect the Services and our business. This includes to support delivery of the Services, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities or at your request. We may use your email address or phone number to send you notices (including any notices required by law, in lieu of communication by postal mail). If you correspond with us by email, we may retain the content of your email messages, your email address and our responses.
- To personalize your experience and improve customer service. This includes Personal Information to understand your buying/shopping preferences so that we may be able to advertise other products that you might be interests. Your information also helps us to more effectively respond to your customer service requests and support needs
- As required by applicable law, legal process or regulation. We may, in certain instances, be compelled by law to process your Personal Information to comply with a binding order. We will only do so to the extent reasonably required by that order.
- To communicate with you by responding to your transactions, requests, comments and questions. If you contact us, we may use your Personal Information to respond.
- To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our products, and important notices, such as security and fraud notices.
- To share and amplify our reviews. We may share reviews users leave, including for specific products, via our social media channels and in our marketing materials.
- For marketing purposes. We may use your information to market to you about other products or ours or our third-party partners that we think you might be interested.
- For apply discounts. We may offer discounts on purchases or future purchases to users who share codes we may provide with customers or potential customers. We may share or otherwise use information you track the sharing and use of discount codes and provide to us in order to apply a discount to your account. These codes are tracked via tracking links.
- To process transactions, including, billing, account management and other administrative matters. This includes the information needed to process transactions and to process discount codes. We may need to contact you for invoicing, account management and similar reasons, and we use account data to administer accounts and keep track of billing and payments.
- To investigate and help prevent security issues and abuse and to otherwise monitor the Site for violations of our policies or applicable laws. We use the information collect to prevent, detect, mitigate, and investigate fraud, security breaches or other potentially prohibited or illegal activities and/or attempts to harm our users.
- To improve our Site and/or Services. We continually strive to improve our Site offerings and/or our Services based on the information and feedback we received from our users and visitors.
The legal basis for the associated processing of your Personal Information is Art. 6 (1)(f) GDPR (balancing of interests, based on our legitimate interest in constantly and profitably improving the content, functionality and attractiveness of the app by analyzing your usage) as well as Art. 6 (1)(b) GDPR (performance of a contract) and Art. 6 (1) a) GDPR (your consent).
HOW WE SHARE OR OTHERWISE DISCLOSE YOUR PERSONAL INFORMATION
We may share, transfer and/or disclose your Personal Information to or with third parties in order to provide the Services or products requested or purchased by you, and under the following circumstances:
- We share certain Personal Information with our shipping company, credit card processing company, payment service provider(s), email service provider(s), marketing partners, and other third business partners necessary in order to fulfill an order placed through the Services. These third party service providers are contractually or otherwise legally prohibited from using your Personal Information for promotional purposes or from selling your Personal Information. These service providers may have access to information about you if it is needed to perform their functions for us, but they are not authorized by us to use or disclose such information except as necessary to perform services on our behalf or to comply with legal requirements, and they are required to maintain the information in confidence.
- We may share Personal Information and other information we collect with our service providers and other third parties in connection with our marketing and business development efforts.
- We share certain information that is traditionally not considered Personal Information (such as device, analytics, and usage data) for purposes of better understanding the usage of the Services by Users and improving on that experience.
- We may share your Personal Information in response to legal process, for example, in response to a court order or a subpoena, a law enforcement or government agency’s request or similar request.
- We may share your Personal Information with third parties in order to investigate, prevent, or take action (in our sole discretion) regarding potentially illegal activities, suspected fraud, situations involving potential threats to any person, us, or the Services, or violations of our policies or the law.
- We may transfer Personal Information to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about our Users is among the assets transferred.
- We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use Shopify to power our online store--you can read more about how Shopify uses your Personal Information here. We use Google Analytics to help us understand how our customers use the Site--you can read more about how Google uses your Personal Information here. To learn more about the Company’s use of Google Analytics and what Google Analytics does, please see How Google uses information from sites or apps that use our services. You can opt-out of Google Analytics here and to learn more about how to safeguard your information, click here.
All information voluntarily shared by you through forums, comments, or blog posts is publicly available and your username may be visible by other Users. We are not responsible for any information you submit that can be read by other Users and can be used to send you unsolicited information by other Users.
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page.
You can opt out of targeted advertising by:
DO NOT TRACK (INCLUDING CALIFORNIA DO NOT TRACK DISCLOSURE)
Do Not Track is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. At this time, we do not respond to Web browser “do not track” settings or signals. We deploy cookies and other technologies on our Service to collect information about you and your browsing activity, even if you have turned on the Do Not Track signal.
We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.
TRANSFER OF DATA
Your information, including Personal Information, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.
If you are located outside the United States, please note that we transfer data, including Personal Information, to the United States and process it there.
By using the Services, you understand and acknowledge that your Personal Information will be transferred to and processed in the United States, which may have different data protection rules than in your country.
EEA DATA SUBJECT DATA PROTECTION RIGHTS UNDER GENERAL DATA PROTECTION REGULATION (GDPR)
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Information.
If you wish to be informed about what Personal Information we hold about you, have a copy of it, correct or otherwise rectify it, and/or if you want it to be removed from our systems, please contact us using the contact information set out below.
In certain circumstances, you have the following data protection rights:
- Request access to your Personal Information (commonly known as a "data subject access request"). This enables you to receive a copy of the Personal Information we hold about you where we are the data controller and to check that we are lawfully processing it.
- Request correction of the Personal Information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new information you provide to us.
- Request erasure of your Personal Information. This enables you to ask us to delete or remove Personal Information where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your Personal Information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Information to comply with local law. Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons, which will be explained to you, if applicable, at the time of your request.
- Object to processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground, as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request that we restrict the processing of your Personal Information. This enables you to ask us to temporarily stop the processing of your Personal Information in the following scenarios: (a) if you have concerns about the accuracy of your information and want to have it rectified; (b) where you believe our use of your information may be unlawful but you do not want us to erase it; (c) where you need us to hold the information for the purposes of defending or exercising your rights with respect to a legal claim even though we may no longer need it; or (d) you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to keep it.
- Request the transfer of your Personal Information to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your Personal Information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority in the EEA.
If you wish to exercise any of the rights set out above, please contact us using the contact details below.
You will not have to pay a fee to access your Personal Information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure designed to ensure that Personal Information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
CALIFORNIA DATA SUBJECT RIGHTS
Shine the Light Law
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal Information that we share with our affiliates and/or third parties for marketing purposes and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to the following address: 603 Dempster Street, Mount Prospect, IL 60056. We will respond to one request per California customer each year, and we do not respond to requests made by means other than as set forth above.
NEVADA PRIVACY RIGHTS
Nevada law permits our Users who are Nevada consumers to request that their personal information not be sold (as defined under applicable Nevada law), even if their Personal Information is not currently being sold. Requests may be sent to 603 Dempster Street, Mount Prospect, IL 60056.
Neither our Site nor our Services are intended for children under 13 (16 in the EEA). No one under age 13 (16 in the EEA) may provide any information to or on the Online Services. We do not knowingly collect personal information from children under 13 (16 in the EEA). If you are parent or guardian and learn we have collected or received personal information from a child under 13 (16 in the EEA) without verification of parental consent, please contact us and we will delete that information.
PROTECTING YOUR INFORMATION
We implement security measures designed to maintain the security of your Personal Information. These security measures are implemented both during transmission of Personal Information and once received. The security of your Personal Information is important to us. Certain sensitive information submitted, such as credit card information, is encrypted using secure layer technology (SSL). However, no method of safeguarding information is completely secure. While we use measures designed to protect Personal Information, we cannot guarantee that our safeguards will be effective or sufficient. In addition, you should be aware that Internet data transmission is not always secure, and we cannot warrant that information you transmit utilizing the Services is or will be secure.
In some instances, the Site and/or the Services might contain links to other third party sites and services. When you access these other sites or services, you are leaving the Site, and we are not responsible or liable for the activities on, security or privacy practices of, or content on third party sites. We encourage you to read the privacy statements posted on each such third party site or service.
You may opt out of receiving marketing or other communications from us at any time by following the opt-out link or other unsubscribe instructions provided in any email message received, or by contacting us using the contact information provided below. If you wish to opt out by sending us an email to the address provided below, please include “Opt-Out” in the email’s subject line and include your name and the email address you used to sign up for communications in the body of the email. Note that, even if you opt out of receiving marketing communications from us, we will still send you order confirmations and other non-marketing related messages.
EDIT OR DELETE ACCOUNT
If your personally identifiable information changes, you may correct, update, or amend your account by making the desired changes on the account profile page found after you log-in at thehairedit.com/account/login. If you wish to delete/remove or deactivate your account on the Site, please contact us using the information provided below.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail or by mail using the details provided below:
603 Dempster Street Mt. Prospect, IL 60056