HIAS PRIVACY POLICY
Account Information:This privacy policy (“Privacy Policy”) describes the policies and procedures of Hair Is A Secret. (“we”, “our” or “us”) regarding the collection, use and disclosure of your information in connection with your use of www.hairisasecret.com (the “Site”), our mobile applications, and the services, features, or content we offer (collectively with the Site, our “Services”). We receive information about you from various sources, including: (i) if you register for an account on our Services, through your user account (your “Account”); (ii) your use of our Services generally; and (iii) from third-party websites and services. When you use our Services, you are consenting to the collection, transfer, manipulation, storage, disclosure, and other uses of your information as described in this Privacy Policy.
What Does This Privacy Policy Cover?
This Privacy Policy covers our treatment of your personally identifiable information (“Personal Data”) gathered when you are using or accessing our Services. This Privacy Policy also covers our treatment of any Personal Data that our business partners disclose to us or that we disclose to our business partners.
This Privacy Policy does not apply to the practices of third parties that we do not own or control, including but not limited to any third-party websites, services and applications (each a “Third-Party Service”) that you elect to access through our Services or to individuals that we do not manage or employ. While we attempt to facilitate access only to those Third-Party Services that share our respect for your privacy, we cannot take responsibility for the content or privacy policies of those Third-Party Services. We encourage you to carefully review the privacy policies of any Third-Party Services you access.
What Personal Data Do We Collect About You?
We collect Personal Data about you when you provide it directly to us, when third parties, such as our business partners or service providers, provide us with Personal Data about you, or when Personal Data about you is automatically collected in connection with your use of our Services. The Personal Data we gather enables us to improve, understand, and continue to operate our Services. In connection with certain aspects of our Services, we may request, collect and/or display some of your Personal Data. Below explains in greater detail the types of Personal Data that we collect about our users.
Personal Data You Provide to UsIf you create an Account, register for a brand or artist channel, register for a verified user profile, or have registered for Electric Objects, you will provide information that could be Personal Data, such as: your email address, username, password, and art preferences (for Electric Objects). You may also choose to provide additional Personal Data, including an avatar/profile picture, display name, contact name, information about yourself (including basic demographic information), a description of your channel, a brand parent company (brand or artist channel), location (brand or artist channel), attachments to your application (for verified user profile), and links to your website or social media profiles.
Additionally, if you register for or access our Services using a Third-Party Service (such as your social media account login credentials), we may receive Personal Data that you have made available to share through such Third-Party Service, such as your name and your email address. You acknowledge that this information may be personal to you, and by creating an Account and providing Personal Data to us, you allow others, including us, to identify you and therefore may not be anonymous. We may use your Account information to provide you with our Services and to send you communications about our Services.
User Content:
Some features of our Services allow you to provide content to our Services and related Personal Data if you so choose (together, “User Content”). User Content includes gift cards, written comments, links, and pictures. After you terminate your Account or your access to our Services is terminated, we may retain and continue to use and disclose certain User Content (e.g., an email you provided that was subsequently shared by another user) and related data (e.g., technical specifications of a product) in a manner that does not reveal Personal Data, as described in this Privacy Policy.
Personal Data From Others
As mentioned above, you may be able to register for or access our Services using a Third-Party Service, such as your social media account (e.g., Facebook, Twitter, etc.). Occasionally, you can also use your Account on our Services to interact with your accounts on these other Third-Party Services. For example, you may be able to access posting and sharing tools on our Services that allow you to post information to your social networks outside of our Services. By using these tools or Third-Party Services, you acknowledge that some Personal Data and other information (such as your IP address, language preferences, timestamp, and identifiers related to your request) may be transmitted to us, and that such information and content is covered by this Privacy Policy. Furthermore, if a tool is operated by a Third-Party Service, the Third-Party Service that operates the tool may collect information about your browser or online activity, which would be subject to the Third-Party Service’s privacy policy and your account settings selected through that Third-Party Service. When you use these tools, some of your information from our Services may be shared with the Third-Party Service and others, including selected products. Therefore, we encourage you to read the privacy policies and other policies of any Third-Party Services, including without limitation any applicable social networks, that you use in connection with our Services.
Personal Data Collected Automatically
We automatically receive and record Personal Data from your web browser or device when you interact with our Services, including when you search for, select, view, or receive a product. Information that we collect automatically includes your IP address, device ID, user query information, and cookie information. This information is used to enable us to deliver products to you, to fight spam/malware, to improve the service, and to facilitate collection of Personal Data concerning your interaction with our Services (e.g., what links you have clicked on).
Generally, our Services automatically collect usage information, such as the number and frequency of visitors to the Site and our Services. We may use this data in aggregate form, for example, as a statistical measure or in other anonymous forms, but not in a manner that would identify you personally. This type of aggregate data enables both us and third parties authorized by us to determine how often individuals use parts of our Services so that we can analyze and improve them.
Information Collected Using Cookies
Cookies are pieces of text that may be provided to your computer or device through your web browser when you access a website. Your browser stores cookies in a manner associated with each website you visit. We may use cookies to enable our servers to recognize your web browser and tell us how and when you visit the Site and otherwise use our Services.
Our cookies do not, by themselves, contain Personal Data. However, we may match cookies with your Personal Data to identify you, and we may use cookies to identify that your web browser has accessed aspects of our Services and may associate that information with your Account if you have one.
Most browsers have an option for turning off the cookie feature, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allowing you to decide on acceptance of each new cookie in a variety of ways. Leaving cookies active will enable us to improve your user experience and analyze website traffic. If you choose not to accept these cookies, some of the features of the Services may not work.
This Privacy Policy covers our use of cookies only and does not cover the use of cookies by third parties. We do not control when or how third parties place cookies on your computer or device. For example, third-party websites to which a link points may set cookies on your computer or device. We encourage you to review the privacy policies of any Third-Party Services that you access to better understand how they use cookies or other tracking technologies.
Aggregate Information
We collect statistical information about how both unregistered and registered users, collectively, use our Services (“Aggregate Information”). While some of this information is derived from Personal Data, the Aggregate Information itself is not Personal Data and cannot be tied back to you, your Account, or your web browser.
Personal Data of Children
As noted in the Terms of Service, we do not knowingly collect or solicit Personal Data from anyone under the age of 13. If you are under 13, please do not attempt to register for our Services or send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under age 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us Personal Data, please contact us at customersuspport@hairisasecret.com.
How, and With Whom, Is My Personal Data Disclosed?
Our Services are designed to help you share information with others. As a result, some of the Personal Data generated through our Services is displayed publicly or disclosed to Third-Party Services. What Personal Data is disclosed depends on your privacy settings. Below further describes the ways in which we may disclose your information. We do not sell your Personal Data.
Publicly Displayed Data About You, and Your Activity on the Services
User profile and channel information that you choose to provide, including your username, contact name, products you save, information about yourself, your avatar/profile picture, a description of your channel, and links to your website or social media profiles, may be displayed to other users to facilitate user interaction within our Services. This information will be displayed to other users depending on your privacy settings. We will not directly reveal user email addresses to other users.
Some of your activity on and through our Services is publicly displayed by default. This includes User Content you have posted publicly on the Site or otherwise through our Services. For registered users, all User Content you post publicly (or privately) will be associated with your account. Unregistered users will not have this association, but Personal Data concerning their use of the Services (such as what pages they have visited) may be tracked through the use of cookies and stored by us.
Please remember that if you choose to provide Personal Data using certain public features of our Services, then that information is governed by the privacy settings of those particular features and may be publicly available. Individuals reading such information may use or disclose it to other individuals or entities without our control and without your knowledge, and search engines may index that information. We therefore urge you to think carefully about including any specific information you may deem private in User Content that you create or information that you submit through our Services.
Personal Data Disclosed Through Third-Party Services
You may access other Third-Party Services through our Services, for example by clicking on links to those Third-Party Services from within our Services. We are not responsible for the privacy policies and/or practices of these Third-Party Services, and you are responsible for reading and understanding those Third-Party Services’ privacy policies. This Privacy Policy only governs Personal Data collected on our Services.
Personal Data Disclosed In Connection with Related Services
While we collect and store IP address and device ID information, that information is not made public. We do at times, however, disclose this information to our service providers and as otherwise specified in this Privacy Policy.
We also share Aggregate Information with our partners, service providers, and other persons with whom we conduct business. We share this data so that our partners can understand how and how often people use our Services and their services or websites, which facilitates improving both their services and how our Services interface with them. In addition, these third parties may share with us non-private, aggregated, or otherwise non-Personal Information about you that they have independently developed or acquired.
Personal Data Disclosed to Our Service Providers
We employ and contract with people and other entities that perform certain tasks on our behalf and whose processing is under our control (our “service providers”). We may need to share Personal Data with our service providers in order to provide products or services to you. Unless we tell you differently, our service providers do not have any right to use Personal Data or other information we disclose to them beyond what is necessary to assist us. You acknowledge we may share Personal Data with our service providers as described in this Privacy Policy.
Personal Data Disclosed Pursuant to a Change in Control or Sale
In some cases, we may choose to buy or sell assets. In these types of transactions, Personal Data is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, Personal Data would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your Personal Data as set forth in this Privacy Policy.
Personal Data Disclosed for Our Protection and the Protection of Others
We also reserve the right to access, read, preserve, and disclose any Personal Data as we reasonably believe is necessary to: (i) satisfy any applicable law, regulation, legal process or governmental request, (ii) enforce this Privacy Policy, our Terms of Service and other relevant terms, including investigation of potential violations hereof, (iii) detect, prevent, or otherwise address fraud, security or technical issues, (iv) respond to user support requests, or (v) protect our rights, property or safety, our users, and the public. This includes exchanging Personal Data with other companies and organizations for fraud protection and spam/malware prevention.
What Choices Do I Have Regarding My Personal Data?
Access and Control Your Personal Data
• If you are a registered user, you can access Personal Data associated with your Account by logging into our Services. Registered and unregistered users can access and delete cookies through their web browser settings.
• You can use many of the features of our Services without registering, thereby limiting the type of Personal Data that we collect.
• You can always opt not to provide certain Personal Data to us, but please note that such information may be needed to take advantage of some of our features.
• You can opt-out of certain cookies and tracking technologies by following the steps set forth in the section titled “Information Collected Using Cookies” above.
• Your browser may offer you a “Do Not Track” or “DNT” option, which allows you to signal to operators of websites, web applications, and services that you do not wish such operators to track certain of your online activities over time and across different websites. We do not acknowledge this signal.
Delete Your Account
Should you ever decide to delete your Account, you may do so by following the instructions here. If you have trouble deleting your Account, please reach out to us at customersupport@hairisasecret.com. If you terminate your Account, any association between your Account and Personal Data we store will no longer be accessible through your Account. However, given the nature of public display used on our Services, any public activity on your Account prior to deletion will remain stored on our servers and may remain accessible to the public.
How Long Do We Retain Your Personal Data?
We retain Personal Data about you for as long as you have an open Account with us or as otherwise necessary to provide you Services. In some cases, we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule, or regulation. Afterwards, we retain some information in a depersonalized or aggregated form, but not in a way that would identify you personally.
Is the Information About Me Secure?
Your Account information will be protected by a password for your privacy and security. You need to prevent unauthorized access to your Account and Personal Data by selecting and protecting your password appropriately and limiting access to your computer and browser by signing off after you have finished accessing your Account.
We seek to protect Account information to ensure that it is kept private; however, we cannot guarantee the security of any Account information. We store all of our Personal Data, including your IP address information, using industry-standard techniques. We do not guarantee or warrant that such techniques will prevent unauthorized access to information about you that we store, Personal Data or otherwise. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of Personal Data at any time.
What Happens When There Are Changes to this Privacy Policy?
We may amend this Privacy Policy from time to time. If we make changes in the way we collect or use information, we will notify you by posting an announcement on our Services or by sending you an email. A user is bound by any changes to the Privacy Policy when he or she uses our Services after such changes have been first posted.
What If I Have Questions or Concerns?
If you have any questions or concerns regarding privacy using our Services, please send us a detailed message to customersupport@hairisasecret.com. We will make every effort to resolve your concerns.
We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity, and our “legitimate interests” or the legitimate interest of others, as further described below. The legal bases depend on the Services you use and how you use them.
Contractual Necessity: We process the following categories of Personal Data as a matter of “contractual necessity”, meaning that we need to process the data to perform under our Terms of Service with you, which enables us to provide you with our Services.
• IP Address
• Profile Data
• Device ID
• Cookie Data
When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of our Services that require such data.
• Legitimate Interest: We process the following categories of Personal Data when we believe it furthers the legitimate interest of us or third parties (which is not overridden by your data protection interests):
• IP Address
• Profile Data
• Device ID
• Cookie Data
Examples of these legitimate interests include:
• Operation and improvement of our business, products, and services
• Marketing of our products and services
• Provision of user support
• Protection from fraud or security threats
• Compliance with legal obligations
• Completion of transactions / purchases
• Consent: In some cases, including facial scans, we may process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection.
• Other Processing Grounds: From time to time, we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.
• Personal Data of Children: We do not knowingly collect or solicit Personal Data from anyone under the age of 16. If you are under 16, please do not attempt to register for our Services or send any Personal Data about yourself to us. If we learn that we have collected unauthroized Personal Data from a child under age 16, we will delete that information as quickly as possible. If you believe that a child under 16 may have provided us Personal Data, please contact us at customersupport@hairisasecret.com.
What Rights Do You Have Regarding Your Personal Data? You have certain rights with respect to your Personal Data, including those set forth below. note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary, to verify your identity and the nature of your request.
• Access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data.
Rectification: If you believe that any Personal Data we hold about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by updating any of the information contained in your user profile.
• Erasure: You can request that we erase some or all of your Personal Data from our systems.
• Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
• Portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
• Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes.
• Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
• Right to File Complaint: You have the right to lodge a complaint about HIAS practices with respect to your Personal Data with the supervisory authority of your country.
• Transfers of Personal Data: Our Services are hosted and operated in Canada through HIAS and our service providers, and if you do not reside in the Canada laws in the Canada may differ from the laws where you reside. By using our Services, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to Hair Is A Secret in Canada and will be hosted on Canadian servers, and you authorize us to transfer, store, and process your Personal Data to and in Canada.
What If You Have Questions Regarding Your Personal Data?
If you have any questions about this section or our data practices generally, please contact us using the customer service forum on the website.