Last Revised: September 21, 2021
- Telephone number
- Date of birth
- Email address
- Other data collected that could directly or indirectly identify you.
If at any time you have questions about our practices or any of your rights described below, you may reach our Data Protection Officer (“DPO”) and our dedicated team that supports this office by contacting us at [email protected]. This inbox is actively monitored and managed so that we can deliver an experience that you can confidently trust.
What information do we collect?
We collect information so that we can provide the best possible experience when you utilize our Services. Much of what you likely consider personal data is collected directly from you when you:
(1) create an account or purchase any of our Services (ex: billing information, including name, address, credit card number, government identification);
(2) request assistance from our award-winning customer support team (ex: phone number);
(3) complete contact forms or request newsletters or other information from us (ex: email); or
(4) participate in contests and surveys, apply for a job, or otherwise participate in activities we promote that might require information about you.
However, we also collect additional information when delivering our Services to you to ensure necessary and optimal performance. These methods of collection may not be as obvious to you, so we wanted to highlight and explain below a bit more about what these might be (as they vary from time to time) and how they work:
Account related information is collected in association with your use of our Services, such as account number, purchases, when products renew or expire, information requests, and customer service requests and notes or details explaining what you asked for and how we responded.
Cookies and similar technologies on our websites and our mobile applications allow us to track your browsing behavior, links clicked, items purchased, your device type, and to collect various data, including analytics, about how you use and interact with our Services. This allows us to provide you with more relevant product offerings, a better experience on our sites and mobile applications, and to collect, analyze and improve the performance of our Services. We may also collect your location (IP address) so that we can personalize our Services.
Data about Usage of Services is automatically collected when you use and interact with our Services, including metadata, log files, cookie/device IDs and location information. This information includes specific data about your interactions with the features, content and links (including those of third-parties, such as social media plugins) contained within the Services, Internet Protocol (IP) address, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data, information about devices accessing the Services, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and error data, and some of this data collected might be capable of and be used to approximate your location.
Supplemented Data may be received about you from other sources, including publicly available databases or third parties from whom we have purchased data, in which case we may combine this data with information we already have about you so that we can update, expand and analyze the accuracy of our records, identify new customers, and provide products and services that may be of interest to you. If you provide us personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.
How we utilize information.
We strongly believe in both minimizing the data we collect and limiting its use and purpose to only that (1) for which we have been given permission, (2) as necessary to deliver the Services you purchase or interact with, or (3) as we might be required or permitted for legal compliance or other lawful purposes. These uses include:
Delivering, improving, updating and enhancing the Services we provide to you. We collect various information relating to your purchase, use and/or interactions with our Services. We utilize this information to:
- Improve and optimize the operation and performance of our Services (again, including our websites and mobile applications)
- Diagnose problems with and identify any security risks, errors, or needed enhancements to the Services
- Detect and prevent fraud and abuse of our Services and systems
- Collecting aggregate statistics about use of the Services
- Understand and analyze how you use our Services and what products and services are most relevant to you.
Often, much of the data collected is aggregated or statistical data about how individuals use our Services, and is not linked to any personal data, but to the extent it is itself personal data, or is linked or linkable to personal data, we treat it accordingly.
Sharing with trusted third parties. We may share your personal data with affiliated companies within our corporate family, with third parties with which we have partnered to allow you to integrate their services into our own Services, and with trusted third party service providers as necessary for them to perform services on our behalf, such as:
- Processing credit card payments
- Serving advertisements
- Conducting contests or surveys
- Performing analysis of our Services and customers demographics
- Communicating with you, such as by way email or survey delivery
- Customer relationship management.
We only share your personal data as necessary for any third party to provide the services as requested or as needed on our behalf. These third parties (and any subcontractors) are subject to strict data processing terms and conditions and are prohibited from utilizing, sharing or retaining your personal data for any purpose other than as they have been specifically contracted for (or without your consent).
Communicating with you. We may contact you directly or through a third party service provider regarding products or services you have signed up or purchased from us, such as necessary to deliver transactional or service related communications. We may also contact you with offers for additional services we think you’ll find valuable if you give us consent, or where allowed based upon legitimate interests. You don’t need to provide consent as a condition to purchase our goods or services. These contacts may include:
- Text (SMS) messages
- Telephone calls
- Automated phone calls or text messages.
If you make use of a service that allows you to import contacts (ex. using email marketing services to send emails on your behalf), we will only use the contacts and any other personal information for the requested service. If you believe that anyone has provided us with your personal information and you would like to request that it be removed from our database, please contact us at [email protected].
Compliance with legal, regulatory and law enforcement requests. We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (such as subpoena requests), to protect our property and rights or the property and rights of a third party, to protect the safety of the public or any person, or to prevent or stop activity we consider to be illegal or unethical.
To the extent we are legally permitted to do so, we will take reasonable steps to notify you in the event that we are required to provide your personal information to third parties as part of legal process. We will also share your information to the extent necessary to comply with ICANN or any ccTLD rules, regulations and policies when you register a domain name with us.
Website analytics. We use multiple web analytics tools provided by service partners such as Google Analytics, MixPanel and Singular to collect information about how you interact with our website or mobile applications, including what pages you visit, what site you visited prior to visiting our website, how much time you spend on each page, what operating system and web browser you use and network and IP information. We use the information provided by these tools to improve our Services. These tools place persistent cookies in your browser to identify you as a unique user the next time you visit our website. Each cookie cannot be used by anyone other than the service provider (ex: Google for Google Analytics). The information collected from the cookie may be transmitted to and stored by these service partners on servers in a country other than the country in which you reside. Though information collected does not include personal data such as name, address, billing information, etc., the information collected is used and shared by these service providers in accordance with their individual privacy policies.
Targeted advertisements. Targeted ads or interest-based offers may be presented to you based on your activities on our webpages, and other websites, and based on the products you currently own. These offers will display as varying product banners presented to you while browsing. We also partner with third parties to manage our advertising on our webpages and other websites. Our third party partners may use technologies such as cookies to gather information about such activities in order to provide you with advertising based upon your browsing activities and interests, and to measure advertising effectiveness.
How you can access, update or delete your data.
To easily access, view, update, delete or port your personal data (where available), or to update your subscription preferences, please sign into your Account and visit “Account Settings.”
If you make a request to delete your personal data and that data is necessary for the products or services you have purchased, the request will be honored only to the extent it is no longer necessary for any Services purchased or required for our legitimate business purposes or legal or contractual record keeping requirements.
How we secure, store and retain your data.
We follow generally accepted standards to store and protect the personal data we collect, both during transmission and once received and stored, including utilization of encryption where appropriate.
We retain personal data only for as long as necessary to provide the Services you have requested and thereafter for a variety of legitimate legal or business purposes. These might include retention periods:
- mandated by law, contract or similar obligations applicable to our business operations;
- for preserving, resolving, defending or enforcing our legal/contractual rights; or
- needed to maintain adequate and accurate business and financial records.
If you have any questions about the security or retention of your personal data, you can contact us at [email protected].
Notice for California Residents
These additional disclosures apply only to individuals who reside in California. The California Consumer Privacy Act of 2018 (“ CCPA ”) provides certain rights to California residents. The words used in this section have the meanings given to them in the CCPA, which may be broader than their common meaning.
A. Notice of Collection.
As described above in the “What information do we collect” section, we collect and use several categories of personal information about you for our business purposes. Some of this information is shared with our trusted service providers in order to improve your shopping experience and to complete your order.
B. Request to Know / Request to Delete.
You have the right to request that we disclose certain information to you about our collection, use, disclosure, and sale of your personal information over the past 12 months.
In the “What information do we collect” and “How we utilize information” sections above, we disclose
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting that personal information.
- The categories of third parties with whom we share that personal information.
You also have the right to request that we disclose the specific pieces of personal information we collected about you. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The specific pieces of personal information CurlsQueen have retained about you.
You also have the right to request that we delete any of your personal information that we collected from you and retained, with certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We reserve the right to retain and will not delete information that is necessary for us or our service providers to retain in order to:
- Complete the transaction for which we collected the personal information, provide a product or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Debug products to identify and repair errors that impair existing intended functionality.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context which you provided it.
How to Request to Know or Request to Delete
If you are a California resident, you have rights in relation to your personal information; however, your rights are subject to certain exceptions. For instance, CurlsQueen cannot disclose specific pieces of personal information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of the personal information, your account with us, or the security of our network systems. To assert your right to know or your right to delete your personal information, please contact us by email at [email protected] . To confirm your identity, we may ask you to verify personal information we already have on file for you. If we cannot verify your identity based on the information we have on file, we may request additional information from you, which we will only use to verify your identity, and for security or fraud prevention purposes.
C. Right to Opt-Out.
You have a right to opt-out of any sale of your personal information. CurlsQueen does not sell your personal information to any other retailers. However, our website integrates technologies of trusted advertising partners (third-party companies) that allow the recognition of your device and the collection of information about your browsing activity in order to provide advertisements about goods and services likely to be of greater interest to you. In particular, these partners collect information about your activity on CurlsQueen to enable us to show advertisements for our products and/or services to you on third-party websites and apps. If and to the extent “sale” under the CCPA is interpreted to include advertising technology activities such as those implemented specifically for interest-based advertising, we will comply with applicable law as to such activity. See the section on “How we utilize information” above for information about how to opt-out of interest-based advertising.
D. Authorized Agent.
You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly.
E. Right to Non-Discrimination.
You have the right not to receive discriminatory treatment by us for the exercise of your privacy rights. We will never discriminate against you for exercising your privacy rights. However, there are certain functions of our website and app that are only available to account holders, such as wishlists, “CurlsQueen Rewards Points,” CurlsQueen VIP Membership, and certain promotions.
F. Financial Incentives.
Financial incentives are programs, benefits, or other offerings, including payments to consumers as compensation, for the disclosure, deletion, or sale of personal information about them. There are no penalties for requesting disclosure or opting out of the sharing of your personal info. However, if you request to delete your data (delete your account) we can no longer offer you certain discounts and promotions that are tied to your account. The value we obtain from collecting and analyzing data about account holders’ use of the website and purchases is less than or equal to the value of the promotions and discounts we offer exclusively to those account holders. We also from time to time offer discounts connected to consumer’s submission of their email address or other personal information. The value of these discounts is greater than or equal to the value we obtain by being able to reach you about promotional offers. You can always opt-out of our marketing emails or SMS messaging at any time.
G. Shine the Light.
California Civil Code Section 1798.83 permits customers of CurlsQueen who are California residents to request certain information regarding its disclosure of personally identifiable information to third parties for their direct marketing purposes. However, at this time we do not share any of your personally identifiable information with third parties for their direct marketing purposes.
‘Do Not Track’ notifications.
Some browsers allow you to automatically notify websites you visit not to track you using a “Do Not Track” signal. There is no consensus among industry participants as to what “Do Not Track” means in this context. Like many websites and online services, we currently do not alter our practices when we receive a “Do Not Track” signal from a visitor’s browser.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Sharing your information:
We do not, and will not, sell any of your personal data to any third party – including your name, address, email address or credit card information. We want to earn and maintain your trust, and we believe this is absolutely essential in order do that.
However, we share your data with the following categories of companies as an essential part of being able to provide our services to you:
Companies that do things to get your purchases to you, such as payment service providers, warehouses, order packers, and delivery companies Professional service providers, such as marketing agencies, advertising partners and website hosts, who help us run our business Affiliates who help us reach out to potential new customers or promote our products on their websites You may choose to take advantage of some of our additional services, in which case, depending on your choices we may share your data with the following categories of companies to fulfil the services you have asked for:
Social Media sites (for example if you choose to link your accounts to us) and other companies approved by you Product size and fit advisors to help you choose the right products Marketplace sellers where you place a Marketplace order; and Other third party payment providers, when you choose to use their payment services If you would like to know more about the 3rd parties we may share personal data with, or how to find out more on how they will use your data, please contact us.
We may also provide third parties with aggregated and anonymised information and analytics about our customers. Before we do so, we will make sure that it does not identify you.