GLOBAL PRIVACY POLICY

Last Updated: July 1, 2023

At Anastasia Beverly Hills, LLC (“Anastasia Beverly Hills”, “we”, “us”) we are committed to protecting your personal data and respecting your privacy. Personal data is data that identifies, relates to, describes or can be associated with you.  To view our Eyebrow Shade Finder Privacy Notice, please see here.

In this Privacy Policy (the “Policy”), we describe the personal data we process, how we keep it secure, and your rights. This Notice covers the personal data that we obtain in various contexts (the “Services”), both online and offline, including when you:

  • access or use our website at https://www.anastasiabeverlyhills.com (“Site”) or any other website, application or online service that we operate which includes a link to this Privacy Policy;
  • visit our stores;
  • sign up for our online services, loyalty programs, or listservs; or
  • contact us for customer service.

By using our Services, you agree to our Terms and Conditions, and you acknowledge that we shall collect and use of your personal data in accordance with this Policy. If you do not feel comfortable with any part of this Policy or our Terms and Conditions, you should not use or access our Services.

We may update this Privacy Policy from time to time to reflect changes in the law, our new service offerings, or for other reasons. When we make a change, we will provide you with notice of such updates as required by applicable law, and will revise the date at the top of this Notice. We encourage you to look for updates to this Policy by checking this page when you access our Services.

TABLE OF CONTENTS

  1. Personal Data We Collect
  2. How We Collect Personal Data
  3. Cookies and Other Tracking Technologies
  4. How We Use Your Data
  5. Legal Bases for Processing Your Personal Data
  6. How We Share Your Personal Data
  7. Security
  8. Retention of Personal Data
  9. Managing Communication Preferences
  10. Privacy Rights
  11. Children
  12. Notice to Individuals in the European Economic Area, United Kingdom and Switzerland
  13. International Transfers
  14. Third Party Links
  15. California Notice at Collection
  16. Loyalty & Financial Incentive Program
  17. Contact Us
  1. 1. Personal Data We Collect

We collect the following categories of personal data:

  • Identifiers, including your name, postal address, Internet Protocol (IP) address, email address, telephone number, date of birth, and ABH Pro membership number.
  • Commercial information, including the products and services you purchased or considered and your order history.
  • Characteristics of protected classifications, specifically age (as indicated by your date of birth), national origin, and your sex or gender.
  • Internet activity information, including IP address, internet service provider, operating system, browser information, device information, browsing history, your interactions with the Services.
  • Audio, electronic, visual, thermal, olfactory, or similar information, including audio recordings of your voice for quality assurance purposes in the event you call us and surveillance and other security systems information collected at our stores.
  • Geolocation data, based on your IP address.
  • Inferences about your preferences, characteristics, behavior, and attitudes.
  1. 2. How We Collect Personal Data

We collect your personal data in the following ways:

  • When you provide it directly. We collect personal data directly from you when you: buy our products online; register for an online account with us; book an appointment in one of the stores that carry our products; sign up for updates and marketing communications from us; participate in our sweepstakes, surveys, programs or events; request specific product customizations from us; submit a product review on our website; contact us for customer service; communicate with us on social media; or otherwise interact with us via our online services. We also collect personal data directly from you when you contact us on behalf of a current, former, or prospective service provider, vendor, or other business partner.
  • When we collect it automatically. We automatically collect your personal data when you use our online services. For example, we may collect information from or about the computer, phone or other device on which you have installed, or from which you access, our online services, and information about your usage of our online services. For more information, please see the Cookies and Tracking Technologies Section below.
  • When we receive it from third parties. We may receive information about you from third parties, such as companies with whom we run competitions and events, organizations we work with, publicly available sources, or information which is published in the media. Depending on your settings or the privacy policies of social media or messaging services that we partner with, such as Facebook, Instagram, Twitter or WhatsApp, we may collect information about you from these sources as well, with your permission.
  1. 3. Cookies and Other Tracking Technologies

We and our third party partners and service providers (such as advertisers and analytics providers) use cookies and similar digital tracking technologies (such as pixels, web beacons, and tags) (collectively “cookies”) on our Site and other online services to gather information when you interact with our Site and Services.

Cookies can be placed on our website by us or by third-party partners we engage for our purposes. Third-party cookies may also be deployed on our behalf on third-party websites (e.g. to measure the effectiveness of ads). In any case, you may opt-out from cookies at any time here, or by changing your browser settings accordingly. However, as a consequence of your opt-out, certain functions, portions or features of our Site may cease working or may prevent you from fully benefiting of our online services.

Why We Use Cookies. We use cookies for the following purposes:

  • to enable basic functioning of our Site or to fix any technical issue through gathering relevant technical data;
  • for web analytics to improve our Site (structure, features, accessibility and usability, content) or to fix any technical issue through gathering relevant technical data;
  • to enable certain basic functions of online browsing and shopping with us (for example, save information you generated or provided on our website such as preferred items, items placed in the cart, billing address to save time and effort when you next return to our Site or shop with us);
  • to monitor the effectiveness of our online ads and marketing (by recording your interactions with our ads on third-party websites, our social media platforms or our marketing emails);
  • to learn more about your preferences and Internet browsing tastes to provide you with tailored advertising (you certainly don't want to hear from us about something you are not interested in); and
  • to collect information around abandoned shopping carts. A cart is considered abandoned within one hour of inactivity/lack of purchase. Once the cart is considered abandoned, an SMS message will be sent as a reminder. 

How to Manage Your Cookies.  To manage your cookie preferences, you can click on “Manage Cookie Preferences” in the footer, and the cookie dashboard will appear providing information on the cookies used on the Site and allowing you to change your preferences.

In addition, the browsers of most computers, smartphones and other web-enabled devices are typically set up to accept cookies. If you wish to amend your cookie preferences for this Site or any other websites, you can do this through your browser settings. Your browser’s ‘help’ function will tell you how to do this. If you do not want the benefit of cookies, there is a simple procedure to manually delete your cookies at https://www.allaboutcookies.org/manage-cookies/stop-cookies-installed.html, but please visit the links below to opt-out of marketing cookies from over 50+ major third party behavioral advertising providers:

Please remember that cookies are often used to enable and improve certain functions on our Site. If you choose to switch certain cookies off, it may affect the user experience.

Analytics. We use Google Analytics, which uses cookies and other similar tracking technologies, to perform website analytics. Learn more about how Google collects and uses data here. To opt out of Google Analytics Advertising Features please use Google Ad Settings. To opt out of Google Analytics entirely please use this link.

Mobile App Advertising: When you use our mobile application, we or our Third Party Marketing Partners may use one or more of several different identifiers for your mobile device, including Apple Identifier For Advertising (IDFA) or Android Advertising ID (AAID), to target and deliver ads to you in our app or other apps. This means that your device identifier may be accessed by third-party ad networks and used to (a) help manage the number and types of ads you see; (b) track the source of installs related to ads seen in other apps; and (c) identify your interests and behavior and target advertising to you based on those interests and behavior.

Apple requires app developers to ask for permission before they can track your activity across apps or websites they do not own in order to target advertising to you, measure your actions due to advertising, or to share your information with data brokers.  If you previously gave our mobile app permission to track, you can tell our app to stop tracking your activity.  On iOS or IPadOS, go to Settings, tap on our app, then tap to turn off Allow Tracking.  You can also reset your IDFA from your mobile device’s settings page, which will prevent continued use of existing behavioral data tied to your previous IDFA.

If you have an Android device, and are running Android 12 or above, you can delete your AAID permanently by opening Settings, navigating to Privacy > Ads, tapping “Delete advertising ID,” then tapping it again on the next page to confirm. This will prevent any app on your phone from accessing it in the future. Please note that if you do so, you will still see advertisements, but they will not be tailored to your inferred interests.

You may also access industry-provided opt-out tools, although they are not tailored to our mobile applications.  For instance, to opt-out of data collection by the Digital Advertising Alliance’s participating member companies for interest-based advertising across mobile applications, download the DAA’s App Choices mobile application opt-out offering at https://youradchoices.com/appchoices.

  1. 4.  How We Use Your Data

We will only use your personal data as described in this Policy or as disclosed to you prior to such processing taking place. We use your personal data for the following commercial and business purposes:

    1. To personalize your experience
    1. To facilitate purchases and transactions
    1. To improve our Services
    1. To communicate with you about our Services
    1. To verify your identity
    1. For commercial research and development, including to perform research and undertake analyses to understand preferences or interests about our products and customer experience, to improve products, develop new products, and for product testing.
    1. To conduct or administer surveys
    1. To provide customer support
    1. To enable our targeted advertising to you through the use of cookies and similar technologies, as discussed below in the Cookies and Other Tracking Technologies Section
    1. To run our sweepstakes and giveaways
    1. To respond to requests, questions, and comments
    1. To administer the ABH Pro membership program
    1. To share your personal data with third parties, as discussed below in our How We Share Your Personal Data Section
    1. To provide you with special offers, articles, announcements, invitations, and other information about our Services
    1. To detect and protect against malicious, deceptive, fraudulent, or illegal activity, including violation of our policies and terms and conditions, security incidents, and harm to the rights, property, or safety of us and our users, employees, or others
    1. To comply with legal requirements, judicial process, and our policies (e.g., to verify users’ identity in connection with access or correction requests)
    1. To protect the safety and security of you, personnel, and our locations
      1. To protect our legal interests, such as in the event of a complaint or dispute.

    1. When it is necessary for other legitimate purposes, such as protecting our confidential and proprietary information
    1. For any other purpose to which you consent

We may also aggregate or deidentify any personal data that we collect in connection with our Services, such that the information is no longer personally identifiable or attributable to you. We may use such aggregated or de-identified information for our own legitimate business purposes without restriction.

  1. 5. Legal Bases for Processing Your Personal Data

For individuals who are located in the European Economic Area, the United Kingdom or Switzerland (collectively “EEA Residents'”) at the time their personal data is collected, our legal bases for processing your information under the General Data Protection Regulation (“GDPR”) will depend on the specific context in the which the personal data is collected and the purposes for which it is used. When we process your personal data, depending on the context, we may rely on a variety of different legal bases to process, including: (i) to perform a contract with you (or to take steps at your request prior to entering into a contract with you); (ii) necessity for our legitimate interests; (iii) to comply with our legal obligations and/or (iv) your consent. Below is a list of how we use your personal data, as described above in Section 3, with the corresponding legal bases for processing.

Purpose of Processing

Legal Bases for Processing

b. To facilitate purchases and transactions

d. To communicate with you about our Services

e. To verify your identity

h. To provide customer support

k. To respond to requests, questions, and comments

l. To administer the ABH Pro membership program

m. To share your personal data with third parties

Contract. Based on our contract with you or to take steps at your request prior to entering into a contract.

a. To personalize your experience

c. To improve our Services

f. For commercial research and development

i. To enable our targeted advertising

m. To share your personal data with third parties

n. To provide you with special offers, articles, announcements, invitations, and other information about our Services

o. To detect and protect against malicious, deceptive, fraudulent, or illegal activity

q. To protect the safety and security of you, personnel, and our locations

r. To protect our legal interests

s. When it is necessary for other legitimate purposes

Legitimate Interests.  Based on our legitimate interests. When we process your personal data for our legitimate interests we always ensure that we consider and balance any potential impact on you and your rights under data protection laws.

p. To comply with legal requirements, judicial process, and our policies

Legal Obligations.  Based on our legal obligations, the public interest, or in your vital interests.

g. To conduct or administer surveys

n. To provide you with special offers, articles, announcements, invitations, and other information about our Services

t. For any other purpose to which you consent

Consent.  Based on your consent.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us using the contact details provided under the Contact Us Section below.

  1. 6. How We Share Your Personal Data

We will not sell, share, or otherwise disclose your personal data for purposes unrelated to those detailed in this Policy. To that end, we will take reasonable precautions to allow access to your personal data to only our employees, agents, contractors, or similar entities to the extent necessary for the purposes set out in this Notice. We may share your personal data in the following ways:

  • Between Affiliated Entities. Your personal data may be disclosed among our various affiliated entities for the purposes set out in this Policy.
  • To Service Providers. We may share your personal data with service provider that perform services for us or on our behalf, including:
    • Online payment and fraud prevention service providers when you make a purchase, for example PayPal and CyberSource;
    • Security and IT infrastructure service providers to keep our online services safe and protected;
    • Delivery / logistics service providers, to deliver products you have purchased, for example DHL, FedEx, USPS, and Narvar;
    • Customer care services;
    • Infrastructure and IT service providers, including cloud service providers to administer our website and your account if you register with us;
    • Marketing, advertising and communications agencies to send you information about products and services that may be of interest to you, for example ExactTarget and Social Annex;
    • Social media or web platforms to show you products that might interest you while you are browsing the internet, such as on Facebook, Instagram, or Twitter;
    • Advertising companies who help us understand the effectiveness of our ads and traffic on our online services;
    • Providers of services related to some enhanced online features such as customer reviews;
    • Providers of website testing and analytics services.
    • External auditors and advisers.
  • With Our Third-Party Marketing Partners. We will only share your personal data with third parties for their own marketing purposes as permitted under the applicable law.
  • With Your Consent. When you provide your consent to share your personal data, we will share it in the way(s) you specific, including when you request it be shared with others.
  • As Necessary to Comply with Our Legal Obligations. We may also disclose personal data in order to assist with or otherwise enable our compliance with a legal or regulatory obligation, protect and defend our rights or property, protect the safety of our users or the public, and to exercise establish or defend our legal rights.
  • As Part of a Corporate Transaction. We reserve the right to transfer the information we maintain in the event we sell or transfer all or a portion of our business or assets. If we engage in such a sale or transfer, we will make reasonable efforts to direct the recipient to use your personal data in a manner that is consistent with this Notice. After such a sale or transfer, you may contact the recipient with any inquiries concerning the recipient’s privacy practices.
  • With Outside Professional Advisors. We may share or disclose your personal data with any of our professional advisors such as attorneys or accountants (“Outside Professionals”) to facilitate the professional advice from those Outside Professionals.
  1. 7. Security

We have implemented technical and organizational security measures intended to safeguard the personal data in our custody and control. For example, when you place an order on our website, we use Secure Socket Layer (SSL) technology, an encryption tool that provides security while transmitting information over the Internet.

While we endeavor to protect our systems, sites, operations and information against unauthorized access, use, modification and disclosure, due to the inherent nature of the Internet and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others.

Please recognize that protecting your personal data is also your responsibility. We ask you to be responsible for safeguarding your password, and other authentication information you use to access our Services. You should not disclose your authentication information to any third party and should immediately notify us of any unauthorized use of your password.

  1. 8. Retention of Personal Data

We will retain your personal data only for as long as is necessary for the purposes set out in this Notice, unless we are otherwise required to retain it to: (i) comply with our own legal obligations; (ii) resolve a dispute; or (iii) enforce our legal agreements and policies. We may also retain de-identified, aggregate Services usage data for internal analysis purposes. Our typical retention periods for different aspects of your personal data are described below:

  • Contact Information such as your name, email address and telephone number for marketing purposes is retained on an ongoing basis until you unsubscribe. Thereafter we will add your details to our suppression list to ensure we do not inadvertently market to you.
  • Recording of our telephone calls with you may be kept for a period of up to six years.
  • Information collected via technical means such as cookies, webpage counters and other analytics tools is kept for a period of up to one year from expiry of the cookie.
  1. 9. Managing Communication Preferences

Marketing Emails. You can opt-out of receiving marketing communications from us. Direct marketing includes any communications to you that are only based on advertising or promoting our products and services. We will only contact you by electronic means based on our legitimate interests, as permitted by applicable law, or your consent.

You may unsubscribe from our marketing emails. Please note that if you have already requested products or services when you decide to unsubscribe, there may be a short period of time for us to update your preferences and ensure that we honor your request. You can unsubscribe by emailing us at privacy@anastasiabeverlyhills.com or click on the unsubscribe button on the in the marketing email we send you, or if you have an account with us, you can also unsubscribe by going to the Account Information page on the Anastasia Beverly Hills Site, clicking on Newsletters, and unsubscribing to general subscription.

For users in the European Economic Area, the United Kingdom and Switzerland, to the extent we can rely on legitimate interest under the applicable law, we will only send you information about our Services that are similar to those which were the subject of a previous sale or negotiations of a sale to you. We will contact you by electronic means for marketing purposes only if you have consented to such communication. You may raise such objections with regard to initial or further processing for purposes of direct marketing, at any time and free of charge.

Text Messages. We offer you the option to receive mobile alerts about their orders via text messages. To do so, you will have to provide us with your phone number. Standard message and data rates will apply. SMS updates are unavailable for international phone numbers and for orders shipped via USPS (including domestic PO boxes and Puerto Rico). At any time, you can reply STOP to opt out. You must be 18 years old or older to participate or have parent/guardian permission. To unsubscribe from SMS communications, follow the instructions in the message.

We shall only send you marketing text messages if you provide us your phone number and your prior written consent. Standard message and data rates will apply. At any time, you can reply STOP to opt out. You must be 18 years old or older to participate or have parent/guardian permission. To unsubscribe from these marketing text messages, follow the instructions in the message.

  1. 10. Privacy Rights

Depending on applicable law where you reside or are located, you may be able to assert certain rights identified below with respect to your personal data. If any of the rights listed below are not provided to you under the law that governs the processing of your personal data, we have absolute discretion in providing you with those rights. Please refer to the table below to determine the rights you have in your jurisdiction.

Your rights in relation to your personal data are not absolute. Depending upon the applicable law, access to your rights under the applicable law may be denied: (a) when denial of access is required or authorized by law; (b) when granting access would have a negative impact on another's privacy; (c) to protect our rights and properties; or (d) where the request is frivolous or vexatious, or for other reasons.

Privacy Rights may include the following:

  1. Right to Know/Access. You may have the right to obtain a copy, or a list of categories of the personal data that we hold about you, as well as other supplementary information, such as the purposes of processing, and the entities to whom we disclose your personal data.
  2. Right to Correct. You may have the right to correct any of your personal data in our records and systems. You may request us to rectify, correct or update any of your personal data held by us that is inaccurate. In addition to the methods described below, you can correct your personal data through your account settings.
  3. Right to Delete. Under certain circumstance, you may have the right to request that we delete the Personal data that we hold about you. This right is not absolute, and we may refuse such a request if there are compelling legitimate grounds for keeping your personal data, for legitimate purposes, or as required by law. In addition, in the event your deletion request is honored, we may retain a record of your deletion request as required under applicable law.
  4. Right to Portability. You may have the right to receive a copy of the personal data we have collected about you in a structured, commonly used and machine-readable format.
  5. Right to Opt-Out Sale / Right to Opt-Out of Sharing for Targeted Advertising. You may have the right to opt-out of: (i) the sale of your personal data; and (ii) the sharing of your personal data for targeted advertising. While we do not sell your personal data for money, like many websites, we use cookies, pixels, and similar technology, and we share certain information, such as your IP address or device identifiers, to certain third-party advertisers in order to improve your user experience and to optimize our marketing activities. Under some state privacy laws’ broad definition of “sell”, this could be considered a sale, and it would be considered sharing of your personal data for targeted, behavioral advertising purposes. You have the right to direct us not to sell your personal data, and to direct us not to share or use your personal data for targeted advertising purposes.
  6. Right to Limit Use and Disclosure of Sensitive Personal Data. If you are a California resident, to the extent your sensitive personal data, as that terms is defined under California privacy law, is used to infer characteristic about you, you have the right to object to our processing of your sensitive personal data. We do not process any sensitive personal data to infer characteristics about you without your consent.
  7. Right to Opt-Out of Automated Decision-making or Profiling. You may have the right not to be subject to a decision which significantly impact your rights that is based solely on automated processing (where a decision is taken about you using an electronic system without human involvement). No decision will be made by us about you solely on the basis of automated decision making which has a significant impact on you.
  8. Right Against Discrimination. You may have the right not to be discriminated against for exercising any of the rights described in this section. We will not discriminate against you for exercising your rights.
  9. Right to Appeal. In certain jurisdictions, you may have the right to appeal if we refuse to take action on your rights request. Instructions on how to appeal will be provided to you upon such a denial, but in any event, such instructions will be substantially similar to those provided below for submitting requests.
  10. Right to Object. You may have the right to object to processing of your personal data for direct marketing purposes or if we are processing your personal data on the basis of our legitimate interest.
  11. Right to Restrict. In some jurisdictions, applicable law may give you the right to restrict or object to us processing or transferring your personal data under certain circumstances. We may continue to process your personal data if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
  12. Right to Withdraw Consent. In certain jurisdictions, to the extent the processing of your personal data is based on your consent, you may withdraw your consent at any time. Your withdrawal will not affect the lawfulness of our processing based on consent before your withdrawal.
  13. Right to Lodge a Complaint. You may have the right to lodge a complaint with your local data protection authority about our processing of your Personal data. Contact details for data protection authorities in the European Economic Area are available here, and contact details for the United Kingdom’s ICO are available here.       

As mentioned above, depending on where you reside or are located, you may be able to assert certain rights with respect to your personal data. To determine which rights you have, please refer to the table below that references the rights as described above in the Privacy Rights Section.  To the extent your location is not listed, please go to our Privacy Request Form and select your jurisdiction to determine the rights offered under the applicable law.

Location

Applicable Rights

European Economic Area, United Kingdom, or Switzerland (if located in these jurisdictions at the time your personal data is collected)

(a) Right to Know/Access; (b) Right to Correct; (c) Right to Delete; (d) Right to Portability; (e) Right to Opt-Out of Sale / Right to Opt-Out of Sharing for Targeted Advertising; (g) Right to Opt-Out of Automated Decision-making or Profiling; (h) Right Against Discrimination; (j) Right to Object; (k) Right to Restrict; (l) Right to Withdraw Consent; and (m) Right to Lodge a Complaint.

California (if you are a resident)

(a) Right to Know/Access; (b) Right to Correct; (c) Right to Delete; (d) Right to Portability; (e) Right to Opt-Out of Sale / Right to Opt-Out of Sharing for Targeted Advertising; (f) Right to Limit Use and Disclosure of Sensitive Personal data; (g) Right to Opt-Out of Automated Decision-making or Profiling (upon issuance of regulations by the California Privacy Protection Agency); and (h) Right Against Discrimination.

Virginia, Colorado & Connecticut (if you are a resident)

 (a) Right to Know/Access; (b) Right to Correct; (c) Right to Delete; (d) Right to Portability; (e) Right to Opt-Out of Sale / Right to Opt-Out of Sharing for Targeted Advertising; (g) Right to Opt-Out of Automated Decision-making or Profiling; (h) Right Against Discrimination; and (i) Right to Appeal.

Utah (if you are a resident)

Starting December 31, 2023: (a) Right to Know/Access; (c) Right to Delete; (d) Right to Portability; (e) Right to Opt-Out of Sale / Right to Opt-Out of Sharing for Targeted Advertising; and (h) Right Against Discrimination.

Submitting a Request to Exercise Your Rights

Right to Opt-out of Sharing/Sales. California and Colorado residents may opt out by broadcasting an Opt-Out preference signal, such as the Global Privacy Control (GPC) (on the browsers and/or browser extensions that support such a signal). To download and use a browser supporting the GPC browser signal, go to: https://globalprivacycontrol.org/orgs.  You will need to submit a separate opt-out of sharing request on each device and browser you use to visit our Site.  Please note that you may still receive generalized ads after opting out of targeted advertising.

If you would like us to make the connection between your browser and your account when you send the opt-out of “sale” / “sharing” of your request or GPC signal, and you have not yet opted out of “sale” / “sharing” your personal data, we recommend you submit the Opt-Out Form that is available here, which you may also access by clicking on the “Your Privacy Choices” link available at the bottom of the Site and selecting the appropriate preferences.

For information about how to opt-out of sharing or selling on our mobile application, please see refer to the “Mobile App Advertising” subsection within the Cookies and Other Tracking Technologies Section of this Policy.

Other Rights.  You may exercise your rights by: (i) going to our Privacy Request Form; (ii) emailing us at privacy@anastasiabeverlyhills.com with the subject line “Privacy Rights Request”, or (iii) calling us toll-free at 1(844)-569-0376.  Once you have submitted your request, we will respond within the time frame permitted by the applicable law. Please note that we may charge a reasonable fee for multiple requests in the same 12-month period, as permitted by law.

Identify Verification.  Before fulfilling your request, we are required by law to have you to verify the personal data we already have on file to confirm your identity. If we cannot verify your identity based on the information we have on file, we may request additional information from you, which we will only use to verify your identity, and for security or fraud-prevention purposes.

Authorized Agent.  Residents of California, Colorado and Connecticut may use an authorized agent to submit a rights request on your behalf.  If you use an authorized agent to submit requests on your behalf, we will require you to directly verify your identity with us, or have you directly confirm with us that the authorized agent has been authorized to act on your behalf.

Appealing Requests. If you are a Colorado, Connecticut, or Virginia resident, you may appeal our decision to your request regarding your personal data. To do so, please go to our Privacy Request Form.  We respond to all appeal requests as soon as we reasonably can, and no later than legally required.

  1. 11. Children

Our Services are not directed to, and we do not knowingly collect personal data from, children under the age of 18. If you are under 18, please do not attempt to fill out our forms or send any personal data about yourself to us. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such information from our files.

  1. 12. Notice to Individuals in the European Economic Area, United Kingdom and Switzerland

This section only applies to individuals using or accessing our Service while located in the European Economic Area, the United Kingdom, or Switzerland (collectively, the “European Countries”) at the time of data collection. We may ask you to identify or select which country you are located in when you use or access some of the Services, or we may rely on your IP address to identify which country you are located in. When we rely on your IP address, we cannot apply the terms of this section to any individual that masks or otherwise hides their location information from us so as not to appear located in European Countries. If any terms in this section conflict with other terms contained in this Notice, the terms in this section shall apply to individuals in a European Country.

Anastasia Beverly Hills is a data controller with regard to any personal information collected from individuals accessing or using its Services. A data controller is an entity that determines the purposes for which and the manner in which any personal information is processed.

For more information on the privacy policies of our partners who act as independent data controllers, please direct your inquiries to:

DHL International N.V. / S.A.
Woluwelaan 151
1831 Diegem Belgium
BE 0406 796 224
http://www.dhl.com/en/legal.html#privacy
 

Ingenico eCommerce Solutions SPRL (a Contracted Controller for the Fraud Expert tool)
Boulevard de la Woluwe, 102
1200 Brussels Belgium
BE 0459.360.623
https://payment-services.ingenico.com/be/en/cookie-policy
 

European Merchant Services B.V.
Diemen
The Netherlands
NL 34226533
https://emspay.eu/privacy-information-notice
 

Paypal Europe SARL & Cie, SCA
5th Floor, 22-24 Boulevard Royal
2449 Luxemburg
R.C.S Luxemburg B 118 349
https://www.paypal.com/be/webapps/mpp/ua/privacy-full?locale.x=en_BE

  1. 13. International Transfers

When you access or use our Services, your personal data may be processed in the United States or any other country in which Anastasia Beverly Hills, its affiliates, or service providers maintain facilities. Such countries or jurisdictions may have data protection laws that are less protective than the laws of the jurisdiction in which you reside.

We will take all the steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Policy and no transfer of your personal data will take place to an organization or a country unless there are appropriate safeguards in place as required under the applicable data protection laws, and ensuring the security of your personal data maintained. If you do not want your information transferred to or processed or maintained outside of the country or jurisdiction where you are located, you should not use the Site or Services.

To the extent we transfer any EEA, United Kingdom or Swiss personal data to another business, we transfer such data subject to appropriate safeguards as permitted under the data protection laws, including:  (i) through the use of standard contractual clauses approved by an appropriate regulatory authority, such as the European Commission or the U.K. Information Commissioner’s Office; (ii) an Article 49 derogations in specific situations; or (iii) any other compliant transfer mechanism.  We may also rely on an adequacy decision of the appropriate regulatory authority confirming an adequate level of data protection in the jurisdiction of the party receiving the information.

  1. 14. Third Party Links

Our Site may include links to third party websites and/or applications of our partners or affiliates that are not owned or operated by us. If you follow a link to any of these websites, please review the privacy policies of third-party websites before you submit any personal data to them. We do not control the privacy practices of these third-party websites or applications.

  1. 15. California Notice at Collection

If you are a California resident, then this Notice at Collection applies to you in accordance with requirements under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively “CCPA”).

  1. Categories of Personal Data Collected
  • Identifiers, including your name, postal address, Internet Protocol (IP) address, email address, telephone number, date of birth, and ABH Pro membership number.
  • Commercial information, including the products and services you purchased or considered and your order history.
  • Characteristics of protected classifications, specifically age (as indicated by your date of birth), national origin, and your sex or gender.
  • Internet activity information, including IP address, internet service provider, operating system, browser information, device information, browsing history, your interactions with the Services.
  • Audio, electronic, visual, thermal, olfactory, or similar information, including audio recordings of your voice for quality assurance purposes in the event you call us and surveillance and other security systems information collected at our stores.
  • Geolocation data, based on your IP address.
  • Inferences about your preferences, characteristics, behavior, and attitudes.

The categories of personal data that may be disclosed to a third party in a way that is considered a “sale”  and “sharing” under California law include:  identifiers, internet activity information, geolocation data, and commercial information.   For more information on your right to opt-out of sharing and sales, please see Section 9 – Privacy Rights.

You may also opt out by broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (GPC) (on the browsers and/or browser extensions that support such a signal). To download and use a browser supporting the GPC browser signal, go to: https://globalprivacycontrol.org/orgs.  You will need to submit a separate opt-out of sharing request on each device and browser you use to visit our Site.  Please note that you may still receive generalized ads after opting out of targeted advertising. If you would like us to make the connection between your browser and your account when you send the opt-out of “sale” / “sharing” of your request or GPC signal, and you have not yet opted out of “sale” / “sharing” your personal data, we recommend you submit the Opt-Out Form that is available here,

ABH does not have actual knowledge that it sells or shares (for cross-contextual advertising purposes) the personal data of minors under the age of 16.

  1. Purposes for Collecting Personal Data (Customers)
  • To undertake activities to verify or maintain the quality or safety of a service or to improve, upgrade, or enhance the service.
  • To personalize your experience, facilitate purchases and transactions, and provide you with special offers, articles, announcements, invitations, and other information about our Services.
  • To improve our Services, communicate with you about our Services, provide customer support.
  • For commercial research and development, including to perform research and undertake analyses to understand preferences or interests about our products and customer experience, to provide advertising and marketing services, to improve products, develop new products, and for product testing.
  • To conduct or administer surveys, run our sweepstakes and giveaways.
  • To administer the ABH Pro membership program.
  • To detect and protect against malicious, deceptive, fraudulent, or illegal activity, including violation of our policies and terms and conditions, security incidents, and harm to the rights, property, or safety of us and our users, employees, or others.
  • To comply with legal requirements, judicial process, and our policies (e.g., to verify users’ identity in connection with access or correction requests).
  • To protect the safety and security of you, personnel, and our locations.
  • To protect our legal interests, such as in the event of a complaint or dispute.

 

  1. Purposes for Collecting Personal Data (Business Contacts)
  • Establish, manage, terminate or otherwise administer the business relationship
  • Establish a business point of contact to facilitate communications
  • Comply with legal requirements
  • Ensure compliance with ABH’s requirements, policies, and procedures
  • Detect or prevent theft or fraud, including the security of company-held information
  • Conduct investigations
  • Assist law enforcement and respond to legal/regulatory inquiries

We do not process sensitive personal information with the purpose of inferring characteristics about Business Contacts.

Retention of Personal Data.   We will retain your personal data for the time period required or permitted by law or for the time reasonably necessary to achieve the purposes described in this Notice or any other notice provided at the time of collection. Retention is based on several factors, including legal requirements, statutes of limitation, and business needs.

Shine the Light. If you are a California resident, you have the right to ask us for a notice describing what categories of personal data we share with third parties or corporate affiliates for those third parties’ or corporate affiliates’ direct marketing purposes. That notice will identify the categories of personal data shared with third parties and used for direct marketing purposes and the name and address of the third parties that received such personal data.

Do Not Track Signals. Currently, we do not monitor or take any action with respect to Do Not Track signals or other mechanisms, which means that we collect information about your online activity both while you are using the Services and after you leave our Services.

To review ABH’s Global Privacy Policy, go here.

  1. 16. Notice of Financial Incentive Program / Bona Fide Loyalty Program Disclosure

We may offer loyalty program that provides certain perks, such as rewards and exclusive offers. We may also provide other programs, such as sweepstakes, contest, or other similar promotional campaigns (collectively, the “Programs”). We offer these Programs to better serve you and to provide products and services that meet your needs.  The material aspects of these Programs will be explained to you when you sign up.  

When you sign up for one of these Programs, we typically ask you to provide your name and contact information (such as email address and/or telephone number). Because our Programs involve the collection of personal data in exchange for offering certain benefits, they might be interpreted as a “financial incentive” program under California law or a “bona fide loyalty program” under Colorado law. Under the California law, the value of your personal data to us is related to the value of the free or discounted products or services, or other benefits that you obtain or that are provided as part of the applicable Program, less the expense related to offering those products, services, and benefits to Program participants.

Your participation in these Programs is voluntary. You may withdraw from participating in a Program at any time by contacting us using the designated method set forth in the applicable Program rules.

17. Contact Us

If you have questions about this policy or our privacy practices, please contact us by post at Consumer Relations, Anastasia Beverly Hills, LLC, 1438 North Bedford Drive, Beverly Hills California 90210, or by email at privacy@anastasiabeverlyhills.com.