GLOBAL PRIVACY POLICY

Last Updated: July 25, 2024

At Anastasia Beverly Hills, LLC (“Anastasia Beverly Hills”, “we”, “us”) we are committed to protecting your personal data and respecting your privacy. Personal data is data that identifies, relates to, describes or can be associated with you.  

In this Privacy Policy (the “Policy”), we describe the personal data we process, how we keep it secure, and your rights. This Policy covers the personal data that we obtain in various contexts (the “Services”), both online and offline, including when you:

  • access or use our website at https://www.anastasiabeverlyhills.com (“Site”) or any other website, application or online service that we operate which includes a link to this Privacy Policy;
  • visit our stores;
  • sign up for our online services, loyalty programs, or listservs; or
  • contact us for customer service.

By using our Services, you agree to our Terms and Conditions, and you acknowledge that we shall collect and use of your personal data in accordance with this Policy. If you do not feel comfortable with any part of this Policy or our Terms and Conditions, you should not use or access our Services.

We may update this Privacy Policy from time to time to reflect changes in the law, our new service offerings, or for other reasons. When we make a change, we will provide you with notice of such updates as required by applicable law and will revise the date at the top of this Policy. We encourage you to look for updates to this Policy by checking this page when you access our Services.

TABLE OF CONTENTS

  1. Personal Data We Collect
  2. How We Collect Personal Data
  3. Cookies and Other Tracking Technologies
  4. How We Use Your Data
  5. How We Share Your Personal Data
  6. Security
  7. Retention of Personal Data
  8. Managing Communication Preferences
  9. Privacy Rights
  10. Children
  11. Notice to Individuals in the European Economic Area, United Kingdom and Switzerland
  12. International Transfers
  13. Third Party Links
  14. California Notice at Collection
  15. Notice of Financial Incentive Program / Bona Fide Loyalty Program Disclosure
  16. Notice to Québec Residents
  17. Contact Us
  1. 1. Personal Data We Collect

Personal data is any information that relates to you, identifies you personally, or could be used to identify you. The definition of personal data (used interchangeably with “personal information”) depends on the applicable law based on your physical location. Only the definition that applies to your physical location will apply to you under this Global Privacy Policy.

We may collect the following categories of personal data:

  • Identifiers, including your name, postal address, Internet Protocol (IP) address, email address, telephone number, date of birth, and ABH Pro membership number.
  • Commercial information, including the products and services you purchased or considered and your order history.
  • Characteristics of protected classifications, specifically age (as indicated by your date of birth), national origin, and your sex or gender.
  • Internet activity information, including IP address, internet service provider, operating system, browser information, device information, browsing history, your interactions with the Services.
  • Audio, electronic, visual, thermal, olfactory, or similar information, including audio recordings of your voice for quality assurance purposes in the event you call us and surveillance and other security systems information collected at our stores.
  • Geolocation data, based on your IP address.
  • Inferences about your preferences, characteristics, behavior, and attitudes.
    1. 2. How We Collect Personal Data

    We collect your personal data in the following ways:

    • When you provide it directly. We collect personal data directly from you when you: buy our products online; register for an online account with us; book an appointment in one of the stores that carry our products; sign up for updates and marketing communications from us; participate in our sweepstakes, surveys, programs or events; request specific product customizations from us; submit a product review on our website; contact us for customer service; communicate with us on social media; or otherwise interact with us via our online services. We also collect personal data directly from you when you contact us on behalf of a current, former, or prospective service provider, vendor, or other business partner.
    • When we collect it automatically. We automatically collect your personal data when you use our online services. For example, we may collect information from or about the computer, phone or other device on which you have installed, or from which you access, our online services, and information about your usage of our online services. For more information, please see the Cookies and Tracking Technologies Section below.
    • When we receive it from third parties. We may receive information about you from third parties, such as companies with whom we run competitions and events, organizations we work with, publicly available sources, or information which is published in the media. Depending on your settings or the privacy policies of social media or messaging services that we partner with, such as Facebook, Instagram, Twitter or WhatsApp, we may collect information about you from these sources as well, with your permission.
      1. 3. Cookies and Other Tracking Technologies

      We and our third party partners and service providers (such as advertisers and analytics providers) may use cookies and similar digital tracking technologies (such as pixels, web beacons, and tags) (collectively “cookies”) on our Site and other online services to gather information when you interact with our Site and Services.

      Cookies can be placed on our Site by us or by third-party partners we engage for our purposes. Third-party cookies may also be deployed on our behalf on third-party websites (e.g. to measure the effectiveness of ads). Collection of data by use of cookies is carried out based on your consent, unless they are strictly necessary in order for you to be able to use our Sites in an appropriate manner. You may withdraw your consent to data collection via cookies at any time by changing your cookie preferences by clicking the “Manage Cookie Preferences” link in the Site’ footer. Please note that, without your consent to cookie usages, certain functions, portions or features of our Site may cease working or may affect your user experience.

      Why We Use Cookies. We may use cookies for the following purposes:

      • to enable basic functioning of our Site or to fix any technical issue through gathering relevant technical data;
      • for web analytics to improve our Site (structure, features, accessibility and usability, content) or to fix any technical issue through gathering relevant technical data;
      • to enable certain basic functions of online browsing and shopping with us (for example, save information you generated or provided on our website such as preferred items, items placed in the cart, billing address to save time and effort when you next return to our Site or shop with us);
      • to monitor the effectiveness of our online ads and marketing (by recording your interactions with our ads on third-party websites, our social media platforms or our marketing emails);
      • to learn more about your preferences and Internet browsing tastes to provide you with tailored advertising (you certainly don't want to hear from us about something you are not interested in); and
      • to collect information around abandoned shopping carts. A cart is considered abandoned within one hour of inactivity/lack of purchase. Once the cart is considered abandoned, an SMS message will be sent as a reminder. 

      How to Manage Your Cookies.  To manage your cookie preferences, you can click on “Manage Cookie Preferences” in the footer, and the cookie dashboard will appear providing information on the cookies used on the Site and allowing you to change your preferences.

      Analytics. We use Google Analytics, which uses cookies and other similar tracking technologies, to perform website analytics. Learn more about how Google collects and uses data here. Learn more how to generally opt out of Google Analytics Advertising Features here at Google Ad Settings, and how to generally opt out of Google Analytics entirely here at this link.

      Mobile App Advertising: When you use our mobile application, we or our Third-Party Marketing Partners may use one or more of several different identifiers for your mobile device, including Apple Identifier For Advertising (IDFA) or Android Advertising ID (AAID), to target and deliver ads to you in our app or other apps. This means that your device identifier may be accessed by third-party ad networks and used to (a) help manage the number and types of ads you see; (b) track the source of installs related to ads seen in other apps; and (c) identify your interests and behavior and target advertising to you based on those interests and behavior.

      Apple requires app developers to ask for permission before they can track your activity across apps or websites they do not own in order to target advertising to you, measure your actions due to advertising, or to share your information with data brokers.  If you previously gave our mobile app permission to track, you can tell our app to stop tracking your activity.  On iOS or IPadOS, go to Settings, tap on our app, then tap to turn off Allow Tracking.  You can also reset your IDFA from your mobile device’s settings page, which will prevent continued use of existing behavioral data tied to your previous IDFA.

      If you have an Android device, and are running Android 12 or above, you can delete your AAID permanently by opening Settings, navigating to Privacy > Ads, tapping “Delete advertising ID,” then tapping it again on the next page to confirm. This will prevent any app on your phone from accessing it in the future. Please note that if you do so, you will still see advertisements, but they will not be tailored to your inferred interests.

      1. 4.  How We Use Your Data

      We will only use your personal data as described in this Policy or as disclosed to you prior to such processing taking place. We use your personal data for the following commercial and business purposes:

      • To personalize your experience
      • To facilitate purchases and transactions
      • To improve our Services
      • To communicate with you about our Services
      • To verify your identity
      • For commercial research and development, including to perform research and undertake analyses to understand preferences or interests about our products and customer experience, to improve products, develop new products, and for product testing.
      • To conduct or administer surveys
      • To provide customer support
      • To enable our targeted advertising to you through the use of cookies and similar technologies, as discussed below in the Cookies and Other Tracking Technologies Section
      • To run our sweepstakes and giveaways
      • To respond to requests, questions, and comments
      • To administer the ABH Pro membership program
      • To share your personal data with third parties, as discussed below in our How We Share Your Personal Data Section
      • To provide you with special offers, articles, announcements, invitations, and other information about our Services
      • To detect and protect against malicious, deceptive, fraudulent, or illegal activity, including violation of our policies and terms and conditions, security incidents, and harm to the rights, property, or safety of us and our users, employees, or others
      • To comply with legal requirements, judicial process, and our policies (e.g., to verify users’ identity in connection with access or correction requests)
      • To protect the safety and security of you, personnel, and our locations
      • To protect our legal interests, such as in the event of a complaint or dispute.
      • When it is necessary for other legitimate purposes, such as protecting our confidential and proprietary information
      • For any other purpose to which you consent

      We may also aggregate or deidentify any personal data that we collect in connection with our Services, such that the information is no longer personally identifiable or attributable to you. We may use such aggregated or de-identified information for our own legitimate business purposes without restriction.

      1. 5. How We Share Your Personal Data

      We will not sell, share, or otherwise disclose your personal data for purposes unrelated to those detailed in this Policy. To that end, we will take reasonable precautions to allow access to your personal data to only our employees, agents, contractors, or similar entities to the extent necessary for the purposes set out in this Policy. We may share your personal data as described in categories under Section 1, in the following ways:

      • Between Affiliated Entities. You Identifier, Commercial Information, Protected Classification, Internet Activity Information, Geolocation Data and Inference Data may be disclosed among our various affiliated entities for the purposes set out in this Policy.
      • To Service Providers. We may share your Identifier, Commercial Information, Protected Classification, Internet Activity Information, Geolocation Data, Audio/Visual Data and Inference Data with service provider that perform services for us or on our behalf, including:
        • Online payment and fraud prevention service providers when you make a purchase, for example PayPal and CyberSource;
        • Security and IT infrastructure service providers to keep our online services safe and protected;
        • Delivery / logistics service providers, to deliver products you have purchased, for example DHL, FedEx, USPS, and Narvar;
        • Customer care services;
        • Infrastructure and IT service providers, including cloud service providers to administer our website and your account if you register with us;
        • Marketing, advertising and communications agencies to send you information about products and services that may be of interest to you, for example ExactTarget and Social Annex;
        • Social media or web platforms to show you products that might interest you while you are browsing the internet, such as on Facebook, Instagram, or Twitter;
        • Advertising companies who help us understand the effectiveness of our ads and traffic on our online services;
        • Providers of services related to some enhanced online features such as customer reviews;
        • Providers of website testing and analytics services.
        • External auditors and advisers.
      • With Our Third-Party Marketing Partners. We will only disclose your Identifier, Internet Activity Information, and Geolocation Data with third parties for their own marketing purposes as permitted under the applicable law.
      • With Your Consent. When you provide your consent to share your personal data, we will share it in the way(s) you specific, including when you request it be shared with others.
      • As Necessary to Comply with Our Legal Obligations. We may also disclose personal data in order to assist with or otherwise enable our compliance with a legal or regulatory obligation, protect and defend our rights or property, protect the safety of our users or the public, and to exercise establish or defend our legal rights.
      • As Part of a Corporate Transaction. We reserve the right to transfer the information we maintain in the event we sell or transfer all or a portion of our business or assets. If we engage in such a sale or transfer, we will make reasonable efforts to direct the recipient to use your personal data in a manner that is consistent with this Policy. After such a sale or transfer, you may contact the recipient with any inquiries concerning the recipient’s privacy practices.
      • With Outside Professional Advisors. We may share or disclose your personal data with any of our professional advisors such as attorneys or accountants (“Outside Professionals”) to facilitate the professional advice from those Outside Professionals.
      1. 6. Security

      We have implemented technical and organizational security measures intended to safeguard the personal data in our custody and control. For example, when you place an order on our website, we use Secure Socket Layer (SSL) technology, an encryption tool that provides security while transmitting information over the Internet.

      While we endeavor to protect our systems, sites, operations and information against unauthorized access, use, modification and disclosure, due to the inherent nature of the Internet and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others.

      Please recognize that protecting your personal data is also your responsibility. We ask you to be responsible for safeguarding your password, and other authentication information you use to access our Services. You should not disclose your authentication information to any third party and should immediately notify us of any unauthorized use of your password.

        1. 7. Retention of Personal Data

        We will retain your personal data only for as long as is necessary for the purposes set out in this Policy, unless we are otherwise required to retain it to: (i) comply with our own legal obligations; (ii) resolve a dispute; or (iii) enforce our legal agreements and policies. We may also retain de-identified, aggregate Services usage data for internal analysis purposes. Our typical retention periods for different aspects of your personal data are described below:

        • Contact Information such as your name, email address and telephone number for marketing purposes is retained on an ongoing basis until you unsubscribe. Thereafter we will add your details to our suppression list to ensure we do not inadvertently market to you.
        • Recording of our telephone calls with you may be kept for a period of up to six years.
        • Information collected via technical means such as cookies, webpage counters and other analytics tools is kept for a period of up to one year from expiry of the cookie.
        1. 8. Managing Communication Preferences

        Marketing Emails. You can opt-out of receiving marketing communications from us. Direct marketing includes any communications to you that are only based on advertising or promoting our products and services. We will only contact you by electronic means based on our legitimate interests, as permitted by applicable law, or your consent.

        You may unsubscribe from our marketing emails. Please note that if you have already requested products or services when you decide to unsubscribe, there may be a short period of time for us to update your preferences and ensure that we honor your request. You can unsubscribe by emailing us at privacy@anastasiabeverlyhills.com or click on the unsubscribe button on the in the marketing email we send you, or if you have an account with us, you can also unsubscribe by going to the Account Information page on the Anastasia Beverly Hills Site, clicking on Newsletters, and unsubscribing to general subscription.

        For users in the European Economic Area, the United Kingdom and Switzerland, to the extent we can rely on legitimate interest under the applicable law, we will only send you information about our Services that are similar to those which were the subject of a previous sale or negotiations of a sale to you. We will contact you by electronic means for marketing purposes only if you have consented to such communication. You may raise such objections with regard to initial or further processing for purposes of direct marketing, at any time and free of charge.

        Text Messages. We offer you the option to receive mobile alerts about their orders via text messages. To do so, you will have to provide us with your phone number. Standard message and data rates will apply. SMS updates are unavailable for international phone numbers and for orders shipped via USPS (including domestic PO boxes and Puerto Rico). At any time, you can reply STOP to opt out. You must be 18 years old or older to participate or have parent/guardian permission. To unsubscribe from SMS communications, follow the instructions in the message.

        We shall only send you marketing text messages if you provide us your phone number and your prior written consent. Standard message and data rates will apply. At any time, you can reply STOP to opt out. You must be 18 years old or older to participate or have parent/guardian permission. To unsubscribe from these marketing text messages, follow the instructions in the message.

          1. 9. Privacy Rights

          Depending on applicable law where you reside or are located, you may be able to assert certain rights identified below with respect to your personal data. If any of the rights listed below are not provided to you under the law that governs the processing of your personal data, we have absolute discretion in providing you with those rights. Please refer to the table below to determine the rights you have in your jurisdiction.

          Your rights in relation to your personal data are not absolute. Depending upon the applicable law, access to your rights under the applicable law may be denied: (a) when denial of access is required or authorized by law; (b) when granting access would have a negative impact on another's privacy; (c) to protect our rights and properties; or (d) where the request is frivolous or vexatious, or for other reasons.

          Privacy Rights may include the following:

          Right to Know/Access. You may have the right to obtain a copy, or a list of categories of the personal data that we hold about you, as well as other supplementary information, such as the purposes of processing, and the entities to whom we disclose your personal data.

          Right to Correct. You may have the right to correct any of your personal data in our records and systems. You may request us to rectify, correct or update any of your personal data held by us that is inaccurate. In addition to the methods described below, you can correct your personal data through your account settings.

          Right to Delete. Under certain circumstance, you may have the right to request that we delete the personal data that we hold about you. This right is not absolute, and we may refuse such a request if there are compelling legitimate grounds for keeping your personal data, for legitimate purposes, or as required by law. In addition, in the event your deletion request is honored, we may retain a record of your deletion request as required under applicable law.

          Right to Portability. You may have the right to receive a copy of the personal data we have collected about you in a structured, commonly used and machine-readable format.

          Right to Opt-Out Sale / Right to Opt-Out of Sharing for Targeted Advertising. You may have the right to opt-out of: (i) the sale of your personal data; and (ii) the sharing of your personal data for targeted advertising.  We do not sell your personal data and we do not share your personal data for targeted advertising without obtaining your consent. You may revoke your consent at any time to data collection via cookies and similar tracking technologies by changing your cookie preferences by clicking the “Manage Cookie Preferences” link in the Site’s footer.

          Right to Limit Use and Disclosure of Sensitive Personal Data. If you are a California resident, to the extent your sensitive personal data, as that term is defined under California privacy law, is used to infer characteristic about you, you have the right to object to our processing of your sensitive personal data. We do not process any sensitive personal data to infer characteristics about you without your consent.

          Right to Opt-Out of Automated Decision-making or Profiling. You may have the right not to be subject to a decision which significantly impact your rights that is based solely on automated processing (where a decision is taken about you using an electronic system without human involvement). No decision will be made by us about you solely on the basis of automated decision making which has a significant impact on you.

          Right Against Discrimination. You may have the right not to be discriminated against for exercising any of the rights described in this section. We will not discriminate against you for exercising your rights.

          Right to Appeal. In certain jurisdictions, you may have the right to appeal if we refuse to take action on your rights request. Instructions on how to appeal will be provided to you upon such a denial, but in any event, such instructions will be substantially similar to those provided below for submitting requests.

          As mentioned above, depending on where you reside or are located, you may be able to assert certain rights with respect to your personal data. To determine which rights you have, please refer to the table below that references the rights as described above in the Privacy Rights Section.  To the extent your location is not listed, please go to our Privacy Request Form and select your jurisdiction to determine the rights offered under the applicable law.

          Location

          Applicable Rights

          California Residents

          (a) Right to Know/Access; (b) Right to Correct; (c) Right to Delete; (d) Right to Portability; (e) Right to Opt-Out of Sale / Right to Opt-Out of Sharing for Targeted Advertising; (f) Right to Limit Use and Disclosure of Sensitive Personal data; (g) Right to Opt-Out of Automated Decision-making or Profiling (upon issuance of regulations by the California Privacy Protection Agency); and (h) Right Against Discrimination.

          Virginia, Colorado, Connecticut 

          Oregon and Texas Residents

          Montana Residents (as of 10.1.24)

           (a) Right to Know/Access; (b) Right to Correct; (c) Right to Delete; (d) Right to Portability; (e) Right to Opt-Out of Sale / Right to Opt-Out of Sharing for Targeted Advertising; (g) Right to Opt-Out of Automated Decision-making or Profiling; (h) Right Against Discrimination; and (i) Right to Appeal.

          Utah Residents 

           (a) Right to Know/Access; (c) Right to Delete; (d) Right to Portability; (e) Right to Opt-Out of Sale / Right to Opt-Out of Sharing for Targeted Advertising; and (h) Right Against Discrimination.

          Submitting a Request to Exercise Your Rights

          Right to Opt-out of Sharing/Sales. Collection of personal data by use of cookies and similar tracking technologies is carried out based on your consent, unless they are strictly necessary in order for you to be able to use our Services.

          Other Rights.  You may exercise your rights by: (i) going to our Privacy Request Form; (ii) emailing us at privacy@anastasiabeverlyhills.com with the subject line “Privacy Rights Request”, or (iii) calling us toll-free at 1(844)-569-0376.  Once you have submitted your request, we will respond within the time frame permitted by the applicable law. Please note that we may charge a reasonable fee for multiple requests in the same 12-month period, as permitted by law.

          Identify Verification.  Before fulfilling your request, we are required by law to have you to verify the personal data we already have on file to confirm your identity. If we cannot verify your identity based on the information we have on file, we may request additional information from you, which we will only use to verify your identity, and for security or fraud-prevention purposes.

          Authorized Agent.  Residents of California, Colorado and Connecticut may use an authorized agent to submit a rights request on your behalf.  If you use an authorized agent to submit requests on your behalf, we will require you to directly verify your identity with us, or have you directly confirm with us that the authorized agent has been authorized to act on your behalf.

          Appealing Requests. If you are a Colorado, Connecticut, or Virginia resident, you may appeal our decision to your request regarding your personal data. To do so, please go to our Privacy Request Form.  We respond to all appeal requests as soon as we reasonably can, and no later than legally required.

          1. 10. Children

          Our Services are not directed to, and we do not knowingly collect personal data from, children under the age of 18. If you are under 18, please do not attempt to fill out our forms or send any personal data about yourself to us. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such information from our files. 

          1. 11. Notice to Individuals in the European Economic Area, United Kingdom and Switzerland

          This section only applies to individuals using or accessing our Service while located in the European Economic Area, the United Kingdom, or Switzerland (collectively, the “European Countries”) at the time of data collection. We may ask you to identify or select which country you are located in when you use or access some of the Services, or we may rely on your IP address to identify which country you are located in. When we rely on your IP address, we cannot apply the terms of this section to any individual that masks or otherwise hides their location information from us so as not to appear located in European Countries. If any terms in this section conflict with other terms contained in this Policy, the terms in this section shall apply to individuals in a European Country.

          Our Relationship to You

          Anastasia Beverly Hills is a data controller with regard to any personal information collected from individuals accessing or using its Services. A data controller is an entity that determines the purposes for which and the manner in which any personal information is processed.

          Other Independent Data Controllers

          For more information on the privacy policies of our partners who act as independent data controllers, please direct your inquiries to:

          DHL International N.V. / S.A.
          Woluwelaan 151
          1831 Diegem Belgium
          BE 0406 796 224
          http://www.dhl.com/en/legal.html#privacy

          Ingenico eCommerce Solutions SPRL (a Contracted Controller for the Fraud Expert tool)
          Boulevard de la Woluwe, 102
          1200 Brussels Belgium
          BE 0459.360.623
          https://payment-services.ingenico.com/be/en/cookie-policy

          European Merchant Services B.V.
          Diemen
          The Netherlands
          NL 34226533
          https://emspay.eu/privacy-information-notice

          Paypal Europe SARL & Cie, SCA
          5th Floor, 22-24 Boulevard Royal
          2449 Luxemburg
          R.C.S Luxemburg B 118 349
          https://www.paypal.com/be/webapps/mpp/ua/privacy-full?locale.x=en_BE

          Your Privacy Rights

          • Right to Access. You may have the right to obtain a copy of your personal data that we hold about you, as well as other supplementary information, such as the purposes of processing, the categories of personal data that we process, the entities to whom we disclose your personal data, etc.
          • Right to Rectification. You may have the right to request us correct any of your personal data in our files.
          • Right to Erasure. Under certain circumstances, you may have the right to request erasure of your personal data that we hold about you. To note, this right is not absolute, and we may refuse your right to erasure if there are compelling legitimate grounds for keeping your information.
          • Right to Restriction. You have the right to request that we restrict our processing of your personal data in certain circumstance. For instance, this right is available if you contest the accuracy of the personal data, or if you objected to our processing.
          • Right to Object to Processing. You have the right to object to our processing of your personal data at any time and as permitted by applicable law if we process your personal data on the legal bases of consent or legitimate interests. However, we may continue to process your personal data if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
          • Right to Portability. Under circumstances, you may have the right to receive personal data we hold about you in a structured, commonly used, and machine-readable format so that you can provide that personal data to another controller.
          • Right to Withdraw Consent.To the extent the processing of your personal data is based on your consent, you may withdraw your consent at any time. Your withdrawal will not affect the lawfulness of our processing based on consent before your withdrawal.
          • Right to Lodge a Complaint. You may have the right to lodge a complaint with your local data protection authority about our processing of your Personal data. Contact details for data protection authorities in the European Economic Area are available here, and contact details for the United Kingdom’s ICO are available here.

          Legal Bases for Processing Your Personal Data

          For individuals who are located in the European Economic Area, the United Kingdom or Switzerland (collectively “EEA Residents'”) at the time their personal data is collected, our legal bases for processing your information under the General Data Protection Regulation (“GDPR”) will depend on the specific context in the which the personal data is collected and the purposes for which it is used. When we process your personal data, depending on the context, we may rely on a variety of different legal bases to process, including: (i) to perform a contract with you (or to take steps at your request prior to entering into a contract with you); (ii) necessity for our legitimate interests; (iii) to comply with our legal obligations and/or (iv) your consent. Below is a list of how we use your personal data, as described above in Section 3, with the corresponding legal bases for processing.

          Purpose of Processing

          Legal Bases for Processing

          To facilitate purchases and transactions

          To communicate with you about our Services

          To verify your identity

          To provide customer support

          To respond to requests, questions, and comments

          To administer the ABH Pro membership program

          To share your personal data with third parties

          Contract. Based on our contract with you or to take steps at your request prior to entering into a contract.

          To personalize your experience

          To improve our Services

          For commercial research and development

          To enable our targeted advertising

          To share your personal data with third parties

          To provide you with special offers, articles, announcements, invitations, and other information about our Services

          To detect and protect against malicious, deceptive, fraudulent, or illegal activity

          To protect the safety and security of you, personnel, and our locations

          To protect our legal interests

          When it is necessary for other legitimate purposes

          Legitimate Interests.  Based on our legitimate interests. When we process your personal data for our legitimate interests we always ensure that we consider and balance any potential impact on you and your rights under data protection laws.

          To comply with legal requirements, judicial process, and our policies

          Legal Obligations.  Based on our legal obligations, the public interest, or in your vital interests.

          To conduct or administer surveys

          To provide you with special offers, articles, announcements, invitations, and other information about our Services

          For any other purpose to which you consent

          Consent.  Based on your consent.

          If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us using the contact details provided under the Contact Us Section below. 

          12. International Transfers

          When you access or use our Services, your personal data may be processed in the United States or any other country in which Anastasia Beverly Hills, its affiliates, or service providers maintain facilities. Such countries or jurisdictions may have data protection laws that are less protective than the laws of the jurisdiction in which you reside.

          We will take all the steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Policy and no transfer of your personal data will take place to an organization or a country unless there are appropriate safeguards in place as required under the applicable data protection laws, and ensuring the security of your personal data maintained. If you do not want your information transferred to or processed or maintained outside of the country or jurisdiction where you are located, you should not use the Site or Services.

          To the extent we transfer any EEA, United Kingdom or Swiss personal data to another business, we transfer such data subject to appropriate safeguards as permitted under the data protection laws, including:  (i) through the use of standard contractual clauses approved by an appropriate regulatory authority, such as the European Commission or the U.K. Information Commissioner’s Office; (ii) an Article 49 derogations in specific situations; or (iii) any other compliant transfer mechanism.  We may also rely on an adequacy decision of the appropriate regulatory authority confirming an adequate level of data protection in the jurisdiction of the party receiving the information.

          13. Third Party Links
          Our Site may include links to third party websites and/or applications of our partners or affiliates that are not owned or operated by us. If you follow a link to any of these websites, please review the privacy policies of third-party websites before you submit any personal data to them. We do not control the privacy practices of these third-party websites or applications.

           

          1. 14. California Notice at Collection

          If you are a California resident, then this Notice at Collection applies to you in accordance with requirements under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively “CCPA”).

          Categories of Personal Information Collected, Disclosed and Categories of Recipient

          • Identifiers, including your name, postal address, Internet Protocol (IP) address, email address, telephone number, date of birth, and ABH Pro membership number.
          • Commercial information, including the products and services you purchased or considered and your order history.
          • Characteristics of protected classifications, specifically age (as indicated by your date of birth), national origin, and your sex or gender.
          • Internet activity information, including IP address, internet service provider, operating system, browser information, device information, browsing history, your interactions with the Services.
          • Audio, electronic, visual, thermal, olfactory, or similar information, including audio recordings of your voice for quality assurance purposes in the event you call us and surveillance and other security systems information collected at our stores.
          • Geolocation data, based on your IP address.
          • Inferences about your preferences, characteristics, behavior, and attitudes.

          Purposes for Collecting Personal Information (Customers)

          • To undertake activities to verify or maintain the quality or safety of a service or to improve, upgrade, or enhance the service.
          • To personalize your experience, facilitate purchases and transactions, and provide you with special offers, articles, announcements, invitations, and other information about our Services.
          • To improve our Services, communicate with you about our Services, provide customer support.
          • For commercial research and development, including to perform research and undertake analyses to understand preferences or interests about our products and customer experience, to provide advertising and marketing services, to improve products, develop new products, and for product testing.
          • To conduct or administer surveys, run our sweepstakes and giveaways.
          • To administer the ABH Pro membership program.
          • To detect and protect against malicious, deceptive, fraudulent, or illegal activity, including violation of our policies and terms and conditions, security incidents, and harm to the rights, property, or safety of us and our users, employees, or others.
          • To comply with legal requirements, judicial process, and our policies (e.g., to verify users’ identity in connection with access or correction requests).
          • To protect the safety and security of you, personnel, and our locations.
          • To protect our legal interests, such as in the event of a complaint or dispute.

           Purposes for Collecting Personal Information (Business Contacts)

          • Establish, manage, terminate or otherwise administer the business relationship
          • Establish a business point of contact to facilitate communications
          • Comply with legal requirements
          • Ensure compliance with ABH’s requirements, policies, and procedures
          • Detect or prevent theft or fraud, including the security of company-held information
          • Conduct investigations
          • Assist law enforcement and respond to legal/regulatory inquiries

          We do not process sensitive personal information with the purpose of inferring characteristics about Customers or Business Contacts.

          For more information on categories of personal information disclose and categories of recipient for such personal information, please see Section 5 – How We Share Your Personal Data.

          Your CCPA Privacy Rights. For more information on your privacy rights under the CCPA, please see Section 9 – Privacy Rights. ABH does not sell, or share for cross-contextual advertising purposes the personal information of minors under the age of 16.

          We do not sell or share your personal information without obtaining your consent. You may provide or revoke your consent at any time by clicking the “Manage Cookies Preferences” link in the Site’s footer. Please note that you may still receive generalized ads without consenting to targeted advertising.

          Retention of Personal Information.   We will retain your personal information for the time period required or permitted by law or for the time reasonably necessary to achieve the purposes described in this Policy or any other notice provided at the time of collection. Retention is based on several factors, including legal requirements, statutes of limitation, and business needs.

          Shine the Light. If you are a California resident, you have the right to ask us for a notice describing what categories of personal information we share with third parties or corporate affiliates for those third parties’ or corporate affiliates’ direct marketing purposes. That notice will identify the categories of personal information shared with third parties and used for direct marketing purposes and the name and address of the third parties that received such personal information.

          Do Not Track Signals. Currently, we do not monitor or take any action with respect to Do Not Track signals or other mechanisms, which means that we collect information about your online activity both while you are using the Services and after you leave our Services.

          To review ABH’s Global Privacy Policy, go here.

          1. 15. Notice of Financial Incentive Program / Bona Fide Loyalty Program Disclosure

          We may offer loyalty program that provides certain perks, such as rewards and exclusive offers. We may also provide other programs, such as sweepstakes, contest, or other similar promotional campaigns (collectively, the “Programs”). We offer these Programs to better serve you and to provide products and services that meet your needs.  The material aspects of these Programs will be explained to you when you sign up.  

          When you sign up for one of these Programs, we typically ask you to provide your name and contact information (such as email address and/or telephone number). Because our Programs involve the collection of personal data in exchange for offering certain benefits, they might be interpreted as a “financial incentive” program under California law or a “bona fide loyalty program” under Colorado law. Under the California law, the value of your personal data to us is related to the value of the free or discounted products or services, or other benefits that you obtain or that are provided as part of the applicable Program, less the expense related to offering those products, services, and benefits to Program participants.

          Your participation in these Programs is voluntary. You may withdraw from participating in a Program at any time by contacting us using the designated method set forth in the applicable Program rules.

          1. 16. Notice to Québec Residents

          If you a resident of Québec in Canada, this section applies to you in addition to the rest of the Privacy Policy.  If have questions or concerns about our privacy practices, you may contact our representative at: privacy@anastasiabeverlyhills.com. We may, at our sole discretion, ask you for information to verify you are a resident of Québec province in Canada prior to responding.

          Personal Information Collection Means. We may collect the categories of personal data identified in Section 1 via electronic tracking and monitoring, video, in person interactions, interactive forms, and phone calls.

           

          Governance Policies. While we use reasonable efforts to protect your personal information from unauthorized access, use, or disclosure, including reasonable physical, administrative, and technical measures, we cannot guarantee the security of your personal information. Additionally, we maintain internal governance policies designed to protect your information. These governance policies include, but are not limited to, written information security protocols, incident response plans, data subject request protocols, and record destruction policies.  

          Your Privacy Rights

          • Right to Access. You may have the right to obtain a copy of your personal information that we hold about you, as well as other supplementary information, such as the purposes of processing, the categories of personal information that we process, the third parties who may receive your personal information, etc.
          • Right to Correct. You may have the right to request us correct any of your personal information in our files.
          • Right to Rectification. Under certain circumstances, you may have the right to request erasure of your personal information that we hold about you. To note, this right is not absolute, and we may refuse your right to erasure if there are compelling legitimate grounds for keeping your information.
          • Right to Portability. Under circumstances, you may have the right to receive personal information we hold about you in a structured, commonly used, and machine-readable format.
          • Right to Withdraw Consent.To the extent the processing of your personal information is based on your consent, you may withdraw your consent at any time. Your withdrawal will not affect the lawfulness of our processing based on consent before your withdrawal.
          17. Contact Us

          If you have questions about this policy or our privacy practices, please contact us by post at Consumer Relations, Anastasia Beverly Hills, LLC, 1438 North Bedford Drive, Beverly Hills California 90210, or by email at privacy@anastasiabeverlyhills.com.