Purposes for Collecting Personal Information
As described in more detail in the “How We Use Personal Information” section above, we collect personal information to provide and manage the Platform and the Services, process and fulfill orders, and as otherwise necessary to support or promote our business.Disclosures of Personal Information
As detailed in the “How We Disclose Personal Information” section above, we disclose personal information to fulfill the purposes described. We will also disclose certain categories of personal information to competent governmental and public authorities and other third parties as necessary or appropriate, including when we have a legal or contractual obligation to disclose the information.Sale and Sharing of Personal Information
As detailed in the chart above, we “sell” and “share” (as such terms are defined in the CCPA), certain categories of personal information to and with third parties and have “sold” and “shared” certain categories of personal information in the past twelve (12) months. Please refer to the chart above for additional details.
We do not “sell” or “share” the personal information of individuals we know to be under 16 years of age.Use and Disclosure of Sensitive Personal Information
As detailed in the chart above, we collect certain “sensitive personal information” (as defined in the CCPA). However, we do not use or disclose such information for any purpose outside of the limited permissible purposes set forth in the regulations implementing the CCPA. Such purposes include providing the Services and our products and verifying, maintaining the quality of, and improving the Services.Your Legal Rights
You have the right to request that we:
Disclose to you the following information covering the twelve (12) months preceding your request:
the categories of personal information we have collected about you and the categories of sources from which we collected such information;
the specific pieces of personal information we have collected about you;
the business or commercial purpose for collecting, selling, or sharing personal information about you;
the categories of third parties to whom we disclosed such personal information; and
if we sold, shared, or disclosed your personal information for a business purpose, two separate lists disclosing:
sales and shares, identifying the personal information categories that each category of recipient received; and
disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Correct inaccurate personal information that we maintain about you, taking into account the nature of the personal information and the purposes of the processing.
Delete the personal information that we have collected from you, subject to certain exceptions.
We will not discriminate against you if you decide to exercise your rights under the CCPA. Please note that certain rights are subject to applicable exceptions under the CCPA.
If you are a California resident and interested in exercising any of the above-listed rights, you can do so by:
Sending an email to firstname.lastname@example.org with the subject line “Privacy Rights Request.”
Filling out our California Resident Rights Request Form
Calling us at 1-800-307-1303.
To protect your privacy, we will require the matching of up to three pieces of personal information provided with your request with information we maintain to verify that it is you making the request. Where applicable, we will use the requested information for verification purposes only. Please note that we may decline a request where we are unable to verify your identity and confirm the personal information we maintain relates to you.
Exercising your rights does not require you to create an account with us.Authorized Agents
You may authorize someone to submit a privacy rights request on your behalf (an “authorized agent”). An authorized agent will need to demonstrate that you’ve authorized them to act on your behalf, unless you have provided the agent with power of attorney pursuant to applicable probate law. Depending on the evidence provided, we may also contact you to verify your identity with us or request confirmation from you that the agent is authorized to submit the request on your behalf.Exercising Your Sale and Sharing Opt-Out Right
As detailed in the chart above, we “sell” and “share” certain categories of personal information to and with third parties. If you are 16 years of age or older, in addition to the rights described above, you have the right to direct us to not “sell” or “share” your personal information at any time. To exercise your opt-out right, you may submit a request to us by:
Completing and submitting the form available here.
Sending an email to email@example.com with the subject line “Do Not Sell or Share My Personal Information.”
Alternatively, where available, you may choose to enable a tool that automatically communicates your opt-out preferences, such as the Global Privacy Control (“GPC”). When detected, we will process such signals as a request to opt out.
Upon receipt of your request, we will endeavor to honor it based on the information that we collect and maintain.
An authorized agent may also use the methods described above to submit a request to opt out on your behalf if you provide the agent with signed permission to do so. Please note that we may request from the agent documentation demonstrating that they have your authority to act on your behalf.Notice of Financial Incentive
We may provide discounts or promotions when you agree to receive marketing and promotional communications from us or claim a specific offer when you interact with us and/or the Platform (each, an “Offer”). The terms of each Offer will be provided to you when it is made available.
You may opt out of marketing and promotional communications from us at any time as described in our messages to you and as described in the “Your Choices and Legal Rights” section above.
We collect and retain personal information to support and fulfill certain Offers, which may include information in the following categories:
Personal information categories listed in the California Customer Records statute
Internet or other electronic network activity information
The personal information we collect and retain may also be used to make or to supplement your account information (where applicable). Additional details regarding our use of personal information can be found in the “How We Use Personal Information” section above.
Because we collect and retain personal information in connection with our administration of certain Offers, they may be considered “financial incentives” or “price or service differences” under California law. The value of the personal information we collect will vary based on the Offer and is calculated based on expenses related to offering the Offer, which may include the costs associated with providing discounts or promotions, IP or marketing-related costs, and other related expenses.
You have the right to opt out of any Offer at any time in accordance with the terms of the Offer or by contacting us at firstname.lastname@example.org.Information Security
We employ and maintain reasonable administrative, physical, and technical measures designed to safeguard and protect the personal information under our control from loss, misuse, unauthorized access, disclosure, alteration, and destruction.
However, the Internet is not 100% secure. As a result, like all businesses, we cannot guarantee the security of the personal information you provide to us via the Platform. We encourage you to use caution when using the Internet. A username and a password are needed to access certain areas of the Platform. It is your responsibility to protect your username and password.Cross-Border Transfers
Our Platform is directed only to U.S. consumers. Our Platform is not directed to consumers outside of the U.S. We will transfer and/or store personal information under our control in the United States and/or other countries where we have facilities or in which we engage service providers. As a result, your personal information may be transferred to other countries or regions.
If you live outside of the United States, you understand and agree that we may transfer your personal information to the United States. When we transfer your personal information outside of your country of residence, we do so in accordance with applicable law and take appropriate steps to ensure your information is protected. However, please note that while outside of the jurisdiction in which you reside, your personal information will be subject to applicable local laws (including those of the United States), which may not provide the same level of protections for personal information as those in your own country.Information Retention
We will retain your personal information as long as necessary to fulfill the purposes outlined in this Notice, unless a longer retention period is required or allowed under law.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information; the potential risk of harm from unauthorized use or disclosure of the personal information; the purposes for which we use the personal information; whether we can achieve the purposes through other means; and the applicable legal requirements.
If we de-identify information, we will maintain and use the information in de-identified form and not attempt to re-identify the information except as required or permitted by law.Links to Third-Party Services
The Platform may contain links to third-party sites, plug-ins, applications, or other online services. If you click on a link to a third-party service, you will be taken to a service we do not control and that is not governed by this Notice. We are not responsible for third parties’ privacy practices. We suggest that you read the privacy notices of every service with which you interact carefully.Changes to this Privacy Notice
From time to time, we may update this Notice to reflect changes in our practices with respect to the collection, use, and disclosure of personal information and/or changes in applicable law.
The “Last Updated” date at the top of this page indicates when this Notice was last revised. If we make changes, we will revise the date at the top of this page and, in the case of material changes, we will provide you with additional notice (in accordance with applicable law).
Unless otherwise stated, the current version of this Notice applies to all personal information under our control. We encourage you to review this Notice periodically to remain informed about our information handling and privacy practices.Contact Us
If you have any questions, comments, or concerns with respect to our information handling or privacy practices or this Notice, or wish to update your information, please feel free to contact us at email@example.com or by telephone at 1-800-307-1303 (Monday through Friday, 8:30 AM – 9:00 PM Eastern).
You may also write to us at the following address:
Attention: Privacy Notice
2121 Park Place, 1st Floor
El Segundo, CA 90245
We pride ourselves in helping our customers find the right solutions for their skin. In furtherance of this goal, we offer our customers a Custom Serum tool designed to provide a personal skin assessment to help each customer discover a serum that targets their most prominent skin concerns.
To use this free Custom Serum tool, we ask customers to provide us with a real-time selfie image of their face or to upload a selfie image of their face. We use a combination of machine learning tools and statistical algorithms to perform facial analysis to generate a detailed report of the customer’s facial geometry and skin-related characteristics. In connection with this facial analysis, we disclose customer information, including the customer’s selfie image, to our trusted third-party service providers who process this data strictly in accordance with our contractual agreements.
We analyze these detailed facial reports to provide each customer a customized serum recommendation designed to target their most prominent skin concerns. We also use and process the information to further develop future product and skincare recommendations as well as to improve the face and skin mapping tools, technologies and services. For clarity, we do not use this face-related data for purposes of recognizing or identifying an individual customer. Additionally, we do not use, disclose, sell, or retain our customers’ facial geometry reports for any purpose other than those described in this Custom Serum Privacy Statement.
We automatically delete and permanently destroy the facial geometry data we receive from our third-party service providers and any other information used to represent a customer’s detailed facial geometry promptly after it is used for the purposes of providing that customer their custom serum, generally within a short period of time after it is collected.
Because we do not retain the facial geometry data after it is used for the purposes of providing each customer with their personalized skincare recommendations, we will repeat the facial analysis described above each time a customer requests to view their previously provided skincare recommendations.