Last Updated: 12/31/19
To demonstrate our commitment to your privacy, we want to notify you of:
What personally identifiable information of yours is collected through this Site
- Who is collecting the information
- How the information is used
- With whom the information may be shared
- What choices are available to you regarding collection, use and distribution of the information
- The kind of security procedures that are in place to protect against the loss, misuse or alteration of information under our control
- How you can correct any inaccuracies in the information we collect.
COLLECTION OF INFORMATION
We collect personal information from you when you submit it to us, including by:
(1) registering on the Site;
(2)placing an order;
(3) signing up for our newsletter;
(4) contacting us; or
(5) participating in a Site promotion or survey. This information may include your name, email address, address, telephone number, date of birth and credit card information. We may combine the information we collect from you with information we receive about you from other sources, such as address update services.
Non - Personal Information
When you visit the Site, we may collect certain non-personally- identifiable information from you, including your IP address, browser type, operating system and the domain name from which you accessed the Site. We may also collect information about your browsing behavior, such as the date and time you visit the Site, the areas or pages of the Site that you visit, the amount of time you spend viewing the Site, the number of times you return to the Site and other clickstream data.
(1) allow you to use the Site without having to re-enter your login information;
(2) enhance or personalize your Site usage and shopping experience;
(3) monitor Site usage;
(4) manage the Site; and
(5) improve the Site and our products and services.
You are free to decline cookies (opt out), but doing so may prevent you from using certain features on the Site. Check the “Help” menu of your browser to learn how to change your cookie preferences.
We may also use web beacons on the Site, in our emails and in our advertisements on other websites. Web beacons are tiny graphic images that are used to collect information about your Site visit, such as the pages you view and the features you use, as well as information about whether you open and / or act upon one of our emails or advertisements. We may also collect the URL of the website you visited immediately before coming to the Site. Web beacons help us analyze our Site visitors’ behavior and measure the effectiveness of the Site and our advertising. We may work with service providers that help us track, collect and analyze this information.
We may use third - party advertising companies’ tracking technologies to serve our advertisement across the Internet. These companies may collect anonymous information about your visits to the Site and other websites and your interaction with our advertising and other communications.
We may combine the non - personal information we collect through cookies and web beacons with other information we have collected from you.
USE OF INFORMATION
We may use the information we collect from and about you for any of the following purposes:
(1) to fulfill your requests for products;
(2) to respond to your inquiries;
(3) to contact you with Site updates, newsletters and other informational and promotional material from us and third - party marketing offers from our trusted partners;
(4) to contact you when necessary (please note that if you opt-out of marketing communications, we may still contact your regarding administrative or service-related issues);
(5) to review site usage and operations;
(6) to address problems with the Site, our business or our services; and
(7) to protect the security or integrity of the Site and our business. You may choose not to receive promotional email from us by following the unsubscribe(opt-out) instructions in each message.
For personal data that is subject to General Data Protective Regulation 2016/679 (“GDPR”), we rely on several legal bases to use and process your personal data, which include (i) when you have given consent, which you may withdraw at any time sending email to firstname.lastname@example.org; (ii) when data processing is necessary to perform a contract with you, such as the Terms and Conditions, and (iii) our legitimate business interests, such as improving and personalizing the Services, marketing new features or products that may be of interest to you, and promoting safety and security of the Site and our Customers.
DISCLOSURE OF INFORMATION
We may disclose information collected from and about you as follows:
(1) to our related companies and service providers to perform business, professional or technical support functions for us;
(3) to respond to judicial process and provide information to law enforcement agencies or in connection with an investigation on matters related to public safety as permitted or required by law; and
(4) in the event that our company or substantially all of its assets are acquired, your personal information may be one of the transferred assets. We may also disclose your personal information with your express consent. We may share aggregate, non - personally identifiable information about Site users with third parties.
ACCESS TO YOUR PERSONAL INFORMATION
If you live in the European Economic Area, United Kingdom, and Switzerland (“Designated Region”), you have several legal rights regarding your information as discussed below.
Accessing Data. You may access your personal information by signing into your account. From there you can correct or modify your information.
Exporting Data. If you live in the Designated Region, please send an email to email@example.com to request your personal information.
Deleting Data. If you live in the Designated Region, you can request that your personal data or your account be deleted by sending an email to firstname.lastname@example.org. We will use commercially reasonable efforts to honor your requests for deletion, but certain information will actively persist on the Site even if you close your account, including messages you posted on our Site. In addition, personal information may remain in our archives and information you update or delete, or information within a closed account, may persist internally for our administrative purposes, legal compliance reasons, to the extent permitted by law. In addition, we typically do not remove information you posted publicly through or on our Site. Please note that you or BH Cosmetics cannot delete all copies of information that has been previously shared with others on our Site.
Objecting or Restricting Data Use. If you live in the Designated Region, you can request that we restrict our use of your personal data or emails you receive from us by sending an email to email@example.com. Please note that should you opt-out of receiving notifications or emails from us, you will still receive administrative messages from us. If you are receiving texts sent via the Service and you wish to opt out, reply STOP to any such message, or send an email with your cellphone number and the subject line “Opt-Out” to firstname.lastname@example.org.
We keep your information, such as your name, email address and phone number for as long as you keep your account in existence. In some instances, we will delete the information you provide to us after it is no longer needed. We also keep information about you and your use of the Site for long as it is necessary for our legitimate business interests, for legal reasons, and to prevent harm to you, any third party, or us.
INTERNATIONAL USERS AND DATA TRANSFERS
When we transfer personal information from the Designated Region to our service provides and affiliates in the United States, we rely on approved transfer mechanisms, including standard contract clauses approved by the European Commission. You may request a copy of standard contractual clauses relevant to your personal information, if any, using the contact information below.
We may establish one or more affiliate programs. An affiliate program allows other websites to earn money by linking customers to our Site from their sites. These affiliates can only access data about the number of transactions and their resulting earnings. They cannot access our customers’ personal data.
WEBSITE EVALUATION, MARKETING, AND PROMOTIONS
We may engage third parties to assist in providing website evaluation services, marketing, order processing, fulfillment and shipping services, as well as customer service. We may engage third parties to provide services such as fraud protection and credit risk reduction, product customization, data analysis and data cleansing. These third parties will have access to information on an as-needed basis only, and will be required not to use any personal information for any purpose other than providing such services.
We have taken physical, electronic, contractual, and managerial steps to safeguard and secure the information we collect from Site visitors. We use Secure Sockets Layer (SSL) encryption technology to protect your personal information. The only time you are required to sign in on the website is when you are making a purchase. On the checkout page, you will be asked to access your existing account or create a new one. Existing account holders are prompted for their email address and password. This password is for your protection. If you don’t have your password, there is a link to instructions to retrieve your password.
DO NOT TRACK
Some web browsers incorporate a “Do Not Track” feature. Because there is not yet an accepted standard for how to respond to Do Not Track signals, our website does not currently respond to such signals.
THIRD PARTY WEBSITES
The Site is not intended for persons under 13 years of age, or any higher minimum age in the jurisdiction where that person resides (“Child” or “Children”), and is not intentionally developed for or directed to Children. We do not knowingly solicit or collect any information from Children nor do we knowingly market our products or services to Children. If we learn that we have collected information of a Child, we will take steps to delete such information from our files as soon as possible and, if applicable, terminate that Child’s account.
YOUR CALIFORNIA PRIVACY RIGHTS
The California Consumer Privacy Act (the “CCPA” or “Act”) provides California residents with specific rights regarding their personal information. It should be noted that personal information under the Act does not include publicly available information from governmental records and de-identified or aggregated consumer information. This section describes your rights under the Act and explains how to exercise those rights.
Right to Personal Information.
As required by the Act, we will provide you the following information upon a verifiable consumer request: (1) categories of Personally Identifiable Information that we collect; (2) categories of sources from which the Personally Identifiable Information is collected; (3) the purpose of collecting such Personally Identifiable Information; (4) the categories of third parties with whom we share Personally Identifiable Information; and (5) specific pieces of Personally Identifiable Information collected. If we sold or disclosed your Personally Identifiable Information for a business purpose in the preceding 12 months, we will provide (a) a list of the categories of personal information that was sold, and (b) a list of the categories of personal information that was disclosed for a business purpose.
Right to Request Deletion of Personal Information.
According to the Act, you may request that your Personally Identifiable Information be deleted. We will comply with this request once we are able to confirm that we received a verified consumer request. Please be advised that we may deny your request to delete your Personally Identifiable Information if we need to maintain your Personally Identifiable Information in order to (1) complete a transaction, provide service or goods, or perform a contract for which the Personally Identifiable Information is collected; (2) detect any security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for these activities; (3) debug products and to identify and repair errors that impair functionality of the Service or Website; (4) exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided by law; (5) comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.); (6) engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent; (7) enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us; (8) comply with a legal obligation; or (9) otherwise use your Personally Identifiable Information, for internal use only, that is compatible with the context in you provide the Personally Identifiable Information.
Exercising your CCPA Rights.
To request (a) information about your Personally Identifiable Information collected or (b) deletion of your Personally Identifiable Information, please send a request by email to email@example.com or standard mail to the address found below.
We can only respond to verifiable consumer requests. A verifiable consumer request means a request that is made by consumer, by a consumer on behalf of a consumer’s minor child, or a person registered with the California Secretary of State that is authorized to act on your behalf. Your verifiable consumer request must include (1) sufficient information that allows us to verify your identity or provides sufficient authority to make the request; and (2) describes you request with enough detail to evaluate and respond to your request. We will not respond to any requests if we cannot verify your identity or authority to make the request and confirm that the personal information belongs to you. You are not required to create an account in order to make a verifiable consumer request. We are not required to comply with more than two verifiable requests from the same consumer in a 12-month period of time.
Please allow 45 days to complete your request. We will inform you if more time is required to complete, but it should take no longer than 90 days. If you have an account, we may provide our response to your account. If you do not have an account, we will provide our response according to your requested format, namely, electronically or by mail. Please note that there is no charge for making a request, but we reserve the right to charge a fee if the request is deemed excessive, repetitive, or manifestly unfounded. We will notify you of any fee and reasons for such fee before completing your request.
Right to Opt-out of the Sale of Personal Information.
According to the Act, you have the right to opt-out of the sale of your Personally Identifiable Information. Should you wish to opt-out of such sale, please contact firstname.lastname@example.org.
We will not discriminate against you because you exercised your rights under the CCPA including: (1) denying goods or services; (2) charging different prices or rates for goods or services through discounts, benefits, or imposing penalties; (3) providing different level of quality of goods or services; or (4) suggesting that you will receive a different price, rate, quality, or level of goods or services.
While we hope that you will not need to, if you want to complain about our use of Personal Information please send an email detailing your complaint with the subject line “Personal Information Complaint) to email@example.com.
If you reside in the European Economic Area, you also have the right to lodge a complaint with the relevant supervisory authority. Please see further details below:
Information Commissioner’s Office
Wycliffe House, Water Lane
Tel: 0303 123 1113
Tel: 029 2067 8400 (calls in Welsh)
German Data Protection Regulators
Spanish Data Protection Agency at:
Calle Jorge Juan, 6
Or via https://sedeagpd.gob.es/sede-electronica-web/
Garante per la protezione dei data personali
Piazza di Monte Citorio n. 121
Romawww.gpdp.it – www.garanteprivacy.it
Fax: (+39) 06.69677.3785
Centralino telefonico: (+39) 06.69677.1
Commission for the Protection of Privacy
Rue de la Presse 35
1000 BrusselsTel: +32 (0)2 274 48 00
Fax: +32 (0)2 274 48 35
Commission Nationale de l’Informatique et des Libertés
3 Place de Fontenoy
TSA 80715 – 75334
PARIS CEDEX 07Tél : 01 53 73 22 22(du lundi au jeudi de 9h à 18h30 / le vendredi de 9h à 18h)
Fax : 01 53 73 22 00
Online form for complaints: https://www.cnil.fr/fr/plaintes
2509 AJ DEN HAAGTel: (+31) – (0)70 – 888 85 00
Fax: (+31) – (0)70 – 888 85 01
SE-104 20 StockholmSweden Office address:Drottninggatan 29, 5th floor
Tel: +46 8 657 61 00