Last Updated: November 9, 2024
SkinSpirit Essential, LLC, a Washington Limited Liability Company (together with its affiliates and subsidiaries, “SkinSpirit,” “Company,” “we,” “us,” or “our”) respects your privacy and is committed to protecting it through its compliance with this Privacy Policy for California Residents (this “Policy”). This Policy supplements the information contained in our Privacy Policy and applies solely to all website visitors, users, and others who reside in the State of California ("consumers" or "you"). We adopt this Policy, and the Company’s Notice at Collection, to comply with the California Consumer Privacy Act of 2018, as amended (the “CCPA”), and any terms defined in the CCPA have the same meaning when used in this Policy.
Topics Covered in this Policy:
INFORMATION WE COLLECT
Personal Information: Information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device constitutes personal information ("Personal Information"). Personal Information does not include publicly available information from government records or deidentified or aggregated consumer information. In the last twelve (12) months, we have collected the following categories of personal information:
Category
Examples
Collected
A. Identifiers.
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.
YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some personal information included in this category may overlap with other categories.
YES
C. Protected classification characteristics under California or federal law.
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
YES
D. Commercial information.
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
YES
E. Biometric information.
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
NO
F. Internet or other similar network activity.
Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
YES
G. Geolocation data.
Physical location or movements.
YES
H. Sensory data.
Audio, electronic, visual, thermal, olfactory, or similar information (including video surveillance data collected for safety and security purposes).
YES
I. Professional or employment-related information.
Current or past job history or performance evaluations.
YES
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
YES
K. Inferences drawn from other personal information.
Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
YES
Sensitive Personal Information: Personal Information that reveals any of the information listed in the table categories below constitutes sensitive personal information (“Sensitive Personal Information”). In the past 12 months, we have collected the following categories of Sensitive Personal Information:
Category
Collected
A. Social security, driver's license, state identification card, or passport number.
YES
B. Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
NO
C. Precise geolocation.
YES
D. Racial or ethnic origin, religious or philosophical beliefs, or union membership.
YES
E. Contents of a consumer's mail, email, and text messages unless the business is the intended recipient of the communication.
NO
F. Genetic data.
NO
G. The processing of biometric information for the purpose of uniquely identifying a consumer.
NO
H. Personal Information collected and analyzed concerning a consumer's health.
YES
I. Personal Information collected and analyzed concerning a consumer's sex life or sexual orientation.
NO
Sources of Personal Information
We obtain the categories of Personal Information and Sensitive Personal Information listed above from the following categories of sources:
- Directly from you. For example, when you contact us, complete forms, purchase products, or inquire about our services.
- Indirectly from you. For example, from observing your actions on our website or collecting video surveillance data for security purposes.
- Automatically as you navigate through our website. Information collected automatically may include IP addresses, device identifiers, and information collected through cookies (e.g., page clicks, time spent on webpage), and other tracking technologies.
- Business and marketing partners, service providers and other third parties. For example, we may receive your email address from someone who purchases a gift card for you.
- Other publicly available sources.
PERSONAL INFORMATION USE
We may use, sell or disclose the personal information we collect for one or more of the following purposes:
- To fulfill or meet the reason you provided the Personal Information.
- To provide, support, personalize, and develop our website, products, and services.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To personalize your website experience and deliver content and service offerings relevant to your interests, including targeted ads on third-party sites.
- To help maintain the safety, security, and integrity of our website, services, databases and other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improve our website and services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our website users and/or consumers is among the assets transferred.
- To evaluate job applicants.
- To conduct employee onboarding.
- To maintain and administer payroll and employee benefit plans, including enrollment and claims handling.
- To maintain personnel records and comply with record retention requirements.
- To provide employees with human resources management services and employee data maintenance and support services.
- To communicate with employees and their emergency contacts and plan beneficiaries.
- To comply with applicable state and federal labor, employment, tax benefits, workers' compensation, disability, equal employment opportunity, workplace safety, and related laws.
- To design, implement, and promote the Company's diversity and inclusion programs.
- To perform workforce analytics, data analytics, and benchmarking.
- To comply with applicable state and federal laws, including on workplace health and safety.
- To prevent unauthorized access, use, or loss of the Company property.
- To exercise or defend the legal rights of the Company and its employees, affiliates, customers, contractors, and agents.
PERSONAL INFORMATION SHARING
We may (i) share your Personal Information with a third party for purposes of cross-context behavioral advertising, (ii) or disclose your Personal Information to a third party for a business purpose. As discussed below, you have the right to opt-out of any such third party disclosures. In the preceding twelve (12) months, the Company has shared or disclosed for a business purpose the following categories of Personal Information to the categories of third-party recipients indicated below. We do not knowingly sell or share Personal Information about consumers under age 16.
We may also share your Personal Information by selling it to third parties, subject to your right to opt-out of those sales. Our Personal Information sales do not include information about individuals we know are under age 16. In the preceding twelve (12) months, Company has sold the following categories of Personal Information to the categories of third parties indicated in the chart below. For more on your Personal Information sale rights, please see Exercising Your Rights.
Personal Information Category
Category of Third-Party Recipients
Business Purpose Disclosures
Sold or Shared for Marketing Purposes
A. Identifiers.
1. Order fulfillment service providers
2. Payment processors
3. Advertising partners
4. Audit, security and research service providers
5. Affiliates and subsidiaries
6. Service providers
1. Advertising networks
2. Data brokers and aggregators
3. Service providers
4. Partners
5. Internet cookie data recipients
B: California Customer Records personal information categories.
1. Service providers
2. Payment processors
3. Advertising partners
4. Affiliates and subsidiaries
5. Data Analytic Providers
1. Advertising networks
2. Data brokers and aggregators
3. Service providers
4. Partners
5. Internet cookie data recipients
C: Protected classification characteristics under California or federal law.
1. Service providers
2. Affiliates and subsidiaries
1. Advertising networks
2. Data brokers and aggregators
3. Service providers
4. Partners
5. Internet cookie data recipients
D. Commercial information.
1. Service providers
2. Advertising partners
4. Affiliates and subsidiaries
1. Advertising networks
2. Service providers
3. Partners
4. Internet cookie data recipients
E. Biometric information.
None
None
F. Internet or other similar network activity.
1. Service providers
2. Advertising partners
3. Affiliates and subsidiaries
1. Advertising networks
2. Service providers
3. Partners
4. Internet cookie data recipients
G. Geolocation data.
Advertising partners
None
H. Sensory data.
Video surveillance data may be shared with security service providers and law enforcement.
None
I. Professional or employment-related information.
1. Service providers
2. Affiliates and subsidiaries
None
J. Non-public education information
1. Service providers
2. Affiliates and subsidiaries
None
K. Inferences drawn from other personal information.
1. Service providers
2. Affiliates and subsidiaries
None
Reselling Personal Information
The CCPA prohibits a third party from reselling Personal Information unless you have received explicit notice and an opportunity to opt-out of further sales. We sell Personal Information to businesses that may then resell the information, subject to your right to opt-out of those sales. For instructions on how to opt-out of those sales, please see Exercising Your Rights.
We do not use or disclose Sensitive Personal Information for purposes other than the Permitted Sensitive Personal Information Purposes, as that term is defined in the CCPA (see “Right to Limit Sensitive Personal Information” in Your Rights Under the CCPA).
RETENTION OF PERSONAL INFORMATION
We will retain your personal information for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you and provide our services to you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).
YOUR RIGHTS UNDER THE CCPA
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Right to Know: You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive your request and confirm your identity (see Exercising Your Rights), we will disclose to you:
- The categories of Personal Information we collected about you.
- The categories of sources for the Personal Information we collected about you.
- The Personal Information categories sold or shared, if any, and the categories of third parties purchasing or receiving that Personal Information.
- The Personal Information categories disclosed for a business purpose, if any, and the categories of persons receiving the Personal Information.
- Our business or commercial purpose for collecting, selling, or sharing that Personal Information.
- The specific pieces of Personal Information we collected about you (also called a data portability request).
Right to Delete: You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive your request and confirm your identity (see Exercising Your Rights), we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Fulfill the purpose for which the Personal Information was collected, provide a service requested by you, or reasonably anticipated by you within the context of our ongoing business relationship with you, or otherwise perform a contract you have entered into with us.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Help ensure security and integrity to the extent the use of your Personal Information is reasonably necessary and proportionate for those purposes.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
Right to Correct: You have the right to request that we correct any inaccuracies in your Personal Information we hold about you, considering both the Personal Information’s nature and processing purposes. Upon receiving your request (see Exercising Your Rights), we will use commercially reasonable efforts to correct the Personal Information on our existing systems or alternatively, delete the contested Personal Information if the deletion does not negatively impact you or if you consent to such deletion.
Right to Opt-Out: You have the right to prevent the sharing of your Personal Information with third parties at any time by requesting that we stop doing so (see Exercising Your Rights).
Right to Limit Sensitive Personal Information: You have the right to limit how we use and disclose your Sensitive Personal Information by requesting that we restrict our use and disclosure of such Sensitive Personal Information to the “Permitted Sensitive Personal Information Purposes,” which allow us to collect, use, and disclose Sensitive Personal Information for the following purposes, even after you exercise your limitation rights:
- To perform services or provide goods that an average consumer requesting those goods or services would reasonably expect.
- To prevent, detect, and investigate security incidents compromising Personal Information.
- To resist malicious, deceptive, fraudulent, or illegal actions directed our business and to prosecute those responsible for those actions.
- To ensure individuals' physical safety.
- For short-term, transient use, including, but not limited to, non-personalized advertising shown as part of your current interaction with that us, so long as we do not: (i) disclose your Sensitive Personal Information to another third party; or (ii) use it to build a profile about you or otherwise alter your experience outside your current interaction with us.
- To perform services for the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing, storage, or providing similar services for the business.
- For products, services, or devices that we own, manufactures (directly or indirectly), or control, to: (i) verify or maintain the quality or safety of the product, service, or device; or (ii) improve, upgrade, or enhance the service or device.
- For purposes that do not infer characteristics about you.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
EXERCISING YOUR RIGHTS
Right to Know, Delete, or Correct: Please use one of the following methods to exercise your right to know, delete, or correct, as described above:
- Calling us at 855-383-7546
- Emailing us at privacy@skinspirit.com.
Right to Opt-Out: To exercise your right to opt-out, please submit a request by either:
- Calling us at 855-383-7546
- Visiting Your California Privacy Choices.
Right to Limit Use of Sensitive Personal Information: To exercise your right to limit use of your Sensitive Personal Information, please submit a request by either:
- Calling us at 855-3837546
- Visiting Your California Privacy Choices.
Submission and Response
Once you have submitted a request, we will acknowledge receipt of your request and advise you how long we expect it will take to respond if we are able to verify your identity. Also, we may ask you to describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. Only you or a person that you authorize to act on your behalf, may make a Verifiable Consumer Request, as defined in the CCPA, related to your Personal Information. You may also make a Verifiable Consumer Request on behalf of your minor child.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Additionally, we will not honor your request where an exception applies, such as where the disclosure of Personal Information would adversely affect the rights and freedoms of another consumer or where the Personal Information that we maintain about you is not subject to the CCPA’s access or deletion rights. We will advise you in our response if we are not able to honor your request. We will not provide social security numbers, driver’s license numbers or government issued identification numbers, financial account numbers, account passwords or security questions and answers, or any specific pieces of information if the disclosure presents the possibility of unauthorized access that could result in identity theft or fraud or unreasonable risk to data or systems and network security.
Making a Verifiable Consumer Request does not require you to create an account with us. We will only use Personal Information provided in a Verifiable Consumer Request to verify the requestor's identity or authority to make the request.
We commit to respond to a Verifiable Consumer Request within forty-five (45) days of its receipt. If we require more time (up to a total of ninety (90) days), we will inform you of the reason and extension period in writing.
Authorized Agent
You may authorize an agent to exercise your rights on your behalf. When a request is submitted by an authorized agent, the Company will require the requestor to: (i) provide the authorized agent’s written permission to do so; and (ii) will require the requestor to verify their own identity directly with the Company. If the Company is unable to verify the identity of the requestor or does not receive proof from the authorized agent that the requestor authorized the agent to act on the requestor’s behalf, the request will be denied.
CHANGES TO OUR PRIVACY POLICY
We reserve the right to amend this Policy at our discretion and at any time. When we make changes to this Policy, we will post the updated notice on the website and update the “Last Updated” date accordingly. When appropriate, we may notify you through other means. Your continued use of our website or services following the posting of changes constitutes your acceptance of such changes.
CONTACT INFORMATION
If you have any questions or concerns regarding the policies and practices described in this Policy, please contact us at privacy@skinspirit.com.