PRIVACY POLICY

Last Updated and Effective as of: June 1, 2024

At Pretty Smart Cosmetics (“we”, “us” or “Pretty Smart”), we are committed to safeguarding your privacy and protecting your information against unauthorized use. This privacy policy (the “Privacy Policy”) explains our practices regarding the collection, use, and sharing of your personal data on our site https://pretty-smartcosmetics.com/ (“Website”) or through our other interactions with you, including over the phone or by email or text (“Other Interactions”).  The Privacy Policy also explains our information security and privacy standards. However, this Privacy Policy does not apply to any other website, including social media outlets that we may use, such as Instagram, Facebook, TikTok, Pinterest or Twitter. PrettySmart is not the data controller for data collected on other web sites.

BY USING OR ACCESSING THIS WEB SITE, YOU SIGNIFY YOUR AGREEMENT TO BE BOUND BY TO OUR PRIVACY POLICY. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, YOU MAY NOT ACCESS OR OTHERWISE USE THE WEB SITE.

For more information about how users with disabilities can access this Privacy Policy in an alternative format, please see our Accessibility Statement.  

Please note that our privacy practices are subject to the applicable laws of the regions in which we operate. Accordingly, some additional region-specific terms will only apply to individuals in those locations, or as required by applicable laws.

The following links will take you directly to the corresponding sections of this Privacy Policy.

 

OVERVIEW

  • We collect Personal Information (as defined below) from users of our Website and through Other Interactions when it is voluntarily provided to us and use it for the purposes for which it was provided (see Personal Information We Collect and How We Collect It).
  • Additionally, we automatically collect information that in some cases is Personal Information and in some cases is Non-Personal Information, from users of our Website including for advertising and analytical purposes (see Personal Information We Collect and How We Collect It).
  • If you are a resident of California, or a resident of Virginia, Colorado, Connecticut, Utah, or another state with an applicable privacy law, please see below in the sections for additional privacy disclosures.
  • If you are a resident of the EU, the UK, or Switzerland, please see below in the European Privacy Rights section for additional privacy disclosures.

 

Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, you should not use the Website. By accessing or using this Website, you agree to this Privacy Policy.  If you have questions, you can always contact us using the information in the section below titled Contact.

PERSONAL INFORMATION WE COLLECT AND HOW WE COLLECT IT

We use the term “Personal Information” – also called “personal data” or “personally identifiable information” in the laws of some jurisdictions – to refer to information that reasonably identifies, relates to, describes, or can be associated with you. Data that has been deidentified, aggregated  or that otherwise cannot reasonably be related back to a specific person is not considered Personal Information. The precise definition of Personal Information may vary depending on your place of residence.

Your provision of certain Personal Information to us is voluntary when it is provided by you directly to us, such as when you choose to participate in our offers and programs, including when you register an account with us or purchase products, or when you choose to provide such information to participate in certain interactive features or through Other Interactions. Categories of Personal Information we collect include:

  • Identity Data,which includes name or other similar identifiers.
  • Contact Data,which includes address, email address and telephone numbers.
  • Financial Data,which includes payment card details.

 

Additionally, we may also collect certain other types of information that, along with the categories described above may be considered Personal Information in some jurisdictions. Some of these additional categories of information may be collected when you provide them to us directly, while other categories of information may be collected automatically. These additional categories of information include:

  • Transaction Data,which includes details about payments.
  • Technical Data,which includes internet protocol (IP) address, your login data.
  • Profile Data,which includes your username and password, information about your past purchases, loyalty rewards account information.
  • Usage Data,which includes information about how you use our Website and services.
  • Marketing and Communications Data,which includes your preferences in receiving marketing from us.

 

We also collect the following information, which is protected under the laws of certain states, and have collected such information from visitors within the most recent twelve (12) month period:

  • Personal identifiers, such as name, telephone number, email address, physical address and internet protocol (IP) address.
  • Personal information covered by the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as name, physical address, telephone number and payment card details. Some Personal Information included in this category may overlap with other categories.
  • Commercial information, such as products or services purchased by you or which you considered purchasing or other purchasing or consuming tendencies.
  • Internet or other similar network activity, such as browsing history, search history, information on your interaction with a website (including the Website), application, or advertisement.
  • Location data, such as the region where a device used to access the Website is located and location data derived from your IP address.
  • Visual information, in the form of photos, if you use certain Social Functions (as defined under Other Websites and Social Networking Services).
  • Inferences drawn from other Personal Information for profiling purposes, such as information used to create a profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

 

Note - Some information we collect (like a device ID or cookie ID) does not enable us to directly identify you or other users (e.g., we do not know your name or contact information). However, that information may be protected under applicable privacy laws. In such cases, we will protect that information in the same manner described herein regarding Personal Information.

Such information may include data collected by the following methods:

Cookies and Similar Technology:

We or our vendors may store some information on your device or device hard drive as a cookie or similar type of file (such as clear gifs, web beacons, tags, and similar technologies that work on mobile devices) to collect data related to usage of the Website. "Cookies" are pieces of information that may be placed on your computer by a web site for the purpose of collecting data to facilitate and enhance your communication and interaction with that web site.   Such data may include, without limitation, the address of the websites you visited before and after you visited the Website, the type of browser you are using, your Internet Protocol (IP) address, what pages in the Website you visit and what links you clicked on, the region where your device is located, and geo-IP data. We may use cookies to customize your visit to the Website and for other purposes to make your visit more convenient or to enable us to enhance our service.   In addition to the tracking technologies described below under “Site Analytics”, you can learn more about the cookies we use by clicking here.

Clickstream:

As you use the Internet, a trail of electronic information is left at each web site you visit.  This information, which is sometimes referred to as "clickstream data," can be collected and stored by a web site's server. Clickstream data can tell us the type of computer and browsing software you use and the address of the web site from which you linked to the Website.  We may collect and use clickstream data as a form of Aggregate Information to anonymously determine how much time visitors spend on each page of our Website, how visitors navigate throughout the Website and how we may tailor our web pages to better meet the needs of visitors.  This information will be used to improve our Website and our services. Any collection or use of clickstream data is intended to be anonymous and/or aggregate. “Aggregate Information” means the use of information in a form (often combined with other data), such that the aggregated information does not personally identify you or anyone else.

Site Analytics:

We may work with third-party service providers who use the technologies described in this section to conduct website analytics to help us track and understand how visitors use our Website.  One such provider is Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help analyze how users use the Website. The information generated by the cookie about your use (including your IP address) will be transmitted to and stored by Google on servers in the United States of America. Google will use this information for the purpose of evaluating your use of the Website, compiling reports on activity for its staff and providing other services relating to web page activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. You may refuse the use of cookies by selecting the appropriate settings in your browser. By using the Website and accepting cookies, you consent to the processing of data about you by Google in the manner and for the purposes set out above. Please refer to the Google Analytics’ currently available opt-outs for the web, found at https://tools.google.com/dlpage/gaoptout/. You may obtain additional information about Google Analytics by visiting the section titled "How Google uses information from sites or apps that use our services,” located at www.google.com/policies/privacy/partners/.

From Other Sources:

We may obtain information about you from other sources, such as data analytics providers, marketing or advertising vendors, fraud prevention vendors, vendors that provide other services on our behalf, or publicly available sources.

NON-PERSONAL INFORMATION

As noted above, we may collect information that is not Personal Information (“Non-Personal Information”).  For example, we may use information that is Aggregate Information to calculate the percentage of our customers who live in a particular area.  Because Non-Personal Information does not personally identify you, we may collect, use and disclose Non-Personal Information for any purpose permitted by applicable law.  In some instances, we may combine Non-Personal Information with Personal Information.  If we combine any Non-Personal Information with Personal Information, the combined information will be treated by us as Personal Information.

INFORMATION USAGE AND DISCLOSURE

Besides using your Personal Information ourselves, we may send your Personal Information to other companies, affiliates and third parties to help us process your Personal Information for the purposes set out in this Privacy Policy.

We use Personal Information and other information as described herein, including as follows:

  • to process and fulfill any orders that you have placed and to carry out core business functions,
  • to contact you about our products and services, provide you with our products and services and to otherwise maintain and service your account,
  • to personalize your experience with us including by presenting products or offers tailored to you, including by means of Interest-Based Advertising (as described below),
  • to allow you to use, communicate and interact with others on our Website and through Other Interactions,
  • to administer our loyalty rewards program and similar programs,
  • to respond to your direct inquiries,
  • to add you to our mailing lists and send you emails and other communications from time to time.  
  • For marking and promotional purposes, including to show you advertisements tailored to your interests on social media and other digital media.
  • to carry out our obligations and enforce our rights arising from any contracts entered into between you and us (including our Terms and Conditions), including for billing and fulfillment.
  • As described to you when collecting your Personal Information or as otherwise set forth and allowed under applicable law.
  • to help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets.
  • for fraud prevention, which may include detecting security incidents; protecting against malicious, deceptive, fraudulent, or illegal activity; prosecuting those responsible for that activity; investigating suspected fraud, harassment, or other violations of any law, rule, or regulation, or the policies for our Website or business.
  • to support core business functions, such as maintaining records related to business process management, loss and fraud prevention, and to collect amounts owning to us.
  • for internal research for technological development and demonstration and to improve, upgrade or enhance our products, services or Website, or to perform analytics and reporting.
  • to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of PrettySmart's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by PrettySmart about our Website users is among the assets transferred.

 

Our uses of your Personal Information require us to disclose such information in certain cases. For example, we may disclose or share your information with third parties such as website hosting, data analysis, advertising networks, payment processing, order fulfillment, infrastructure provision, information technology services, customer service, e-mail delivery services, credit card processing, auditing, training, and other similar services. These third parties may have access to Personal Information necessary to perform their functions. One such third party is Shopify, provider of our online storefront platform. To see how Shopify will use your Personal Information, please review their privacy policy here. To view their Terms of Use, click here.

Additionally, we may disclose Personal Information and other information as we believe necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; (g) to allow us to pursue available remedies or limit the damages that we may sustain; and (h) for legitimate business interests. 

We may use Aggregate Information and Non-Personal Information for any purpose permitted by applicable law, including to improve and enhance your experience on the Website and for our market research activities. For example, and subject to any legal limitations in certain jurisdictions, we may disclose Aggregate Information and Non-Personal Information to unaffiliated third parties, such as business partners, manufacturers, distributors and retailers, in a form in which case the disclosed information will not contain nor be linked to any Personal Information.   

Please note that if you specifically consent to additional uses of your Personal Information, we may use your Personal Information in a manner consistent with that consent. Finally, we reserve the right to supplement your Personal Information with information we gather from other sources which may include information we gather from online and offline sources.

INTEREST-BASED ADVERTISING

  • Targeted Advertising / Behavioral Advertising

We may ourselves, or with third party vendors, use information we collect when you visit the Website and use or interact with our services through cookies and other tracking technologies, to deliver targeted advertising to you when you visit other websites or our Website. Cookies, clickstream data, and other similar technologies described above may be used in this process. For example, if you are searching for information on a particular product, we or our vendor may cause an advertisement to appear on other websites you view with information on that product. This form of advertising, sometimes called “behavioral advertising” or “cross-context behavioral advertising,” enables us and our vendors to know your interests in connection with the delivery of that specific ad. We believe that such advertising is helpful because you will see advertisements that are relevant to your interests. However, if you would like to opt out of these interest-based advertisements, please follow the opt-out process described below under YOUR CHOICES.

  • Cross-Device Matching

We may use your information to help us, or our third-party vendors, determine if you have interacted with our Website across multiple devices and to match such devices. To accomplish this, we may rely on information (including demographic, geographic and interest-based data) from third parties such as data vendors, pursuant to their own privacy policies, or we may use information we collect in conjunction with such third-party data. Based on this data, we may then display targeted advertisements across devices that we believe are associated with each other, and may further provide services to our advertisers to better enable cross-device targeting and analysis. To opt-out of or restrict our use of certain cross-device data, please see the section titled Your Choices below.

INTERACTIVE TOOLS ON OUR WEBSITE

Certain features on our Website may give you an opportunity to interact with us and others. These may include review boards, blogs, message boards, messaging functionality, chat functionality, and creating community profiles. When you use these features, you should be aware that any information you submit, including your name and e-mail address, may be publicly available to others. We are not responsible for any information you choose to submit through these interactive features, and we request that you not disclose any sensitive Personal Information (such as health or financial information) through these features. If you use these features, your Personal Information may remain on the Website even after you cease use of the Website.

HOW WE PROTECT YOUR PERSONAL INFORMATION

The security of your Personal Information is very important to us. Personal information is maintained on our servers or those of our vendors, and is accessible by authorized employees, independent contractors, representatives, and agents as necessary for the purposes described in this Privacy Policy. We attempt to provide for the secure transmission of your information from your computer to our servers by utilizing, among other things, encryption software. However, due to the inherent open nature of the Internet, we cannot guarantee that communications between you and PrettySmart, or information stored on the Website or our servers, will be free from unauthorized access by third parties such as hackers and your use of the Website demonstrates your assumption of this risk. We have put in place reasonable physical, electronic, and managerial procedures to safeguard the information we collect. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the CONTACT section below.

DATA RETENTION

We will retain your information only for as long as your account or inquiry is active or as needed to provide you with the Website and other services and for a reasonable time thereafter in accordance with our standard procedures or as necessary to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Even if we delete some or all of your information, we may continue to retain and use anonymous or aggregated data previously collected. Please note that we will not be liable for disclosures of your data due to errors or unauthorized acts of third parties.

PROTECTION FOR CHILDREN

Our Website is intended for users ages 18 and over, and we do not knowingly collect Personal Information from children under the age of 16. When we become aware that Personal Information (or other information that is protected under applicable law) from a child under 16 has been collected, we will use all reasonable efforts to delete such information from our databases. If you believe we might have any Personal Information from or about a child under 16, please contact us by using the information the section below titled CONTACT.

OTHER WEBSITES AND SOCIAL NETWORKING SERVICES

Our Website may contain links to other web sites not maintained by PrettySmart. Other web sites may also reference or link to our Website.  The inclusion of a link on the Website does not imply endorsement of the linked site by us.  We are not responsible for the privacy practices of websites operated by third parties that are linked to or integrated with our Website, or for the privacy practices of third party Internet advertising companies.  We encourage you to be aware when you leave our Website, or surf the Internet, and to read the privacy statements of each and every web site that you visit.

Our Website may allow you to engage with social media services, such as Facebook, Twitter, Pinterest and Instagram (“Social Networks”), and widgets such as the social media icon buttons, or interactive mini-programs that run on our Website or which link from Social Networks to our Website (“Social Functions”). These Social Functions may access, collect and integrate with your Social Network accounts and information. For example, these Social Functions may collect your IP address, identify which page you are visiting on our Website, or set a cookie. Social Functions may also be used to register you as a Website user.  For example, if you are not currently registered as a Website user and you use certain Social Functions, you will be asked to enter your Social Network credentials and then be given the option to register and join the Website. If you choose to use these Social Functions, you may be sharing certain Social Network profile elements with us, including your name, birthday (month/day), comments, contacts, email address, photos or other personal details. This sharing is subject to each Social Network’s own privacy policy and terms of use. We do not control those Social Networks or your profiles on those services. Nor do we modify your privacy settings on those services or establish rules about how your Personal Information on those services will be used. Social Functions are either hosted by a third party or hosted directly on our Website. Your interactions with them are governed by the privacy policy of the company providing them. Please refer to the privacy settings in your Social Network account to manage the data that is disclosed to us through your account. Information you include and transmit online in a publicly accessible blog, chat room or Social Network, or that you share in an open forum such as an in-person panel or survey, may be viewed and used by others without any restrictions. We do not control such uses of your Personal Information, and by using such services you assume the risk and acknowledge that the Personal Information provided by you may be viewed and used by us and/or third parties for any number of purposes and that the usage restrictions set forth in this Privacy Policy do not apply to such services. To request removal of your Personal Information from a blog, community forum or other publicly-accessible part of the Website, contact us at privacy@pretty-smartcosmetics.com. In some cases, we may not be able to remove your Personal Information, in which case we will let you know if we are unable to do so.

YOUR CHOICES

Consistent with applicable law, you may exercise the choices described in this section regarding your Personal Information and communications from us. You may also have certain additional rights available depending on laws in your state or country of residence, as described further below in the Privacy Policy.

  • Opting Out of Messages or Services

We may send you marketing messages via email. If you receive a marketing message from us, you may unsubscribe from future marketing messages in accordance with our standard unsubscribe process (such as by using the unsubscribe link included in an email), or by sending an unsubscribe request to us at info@pretty-smartcosmetics.com. We will process your request within a reasonable time after receipt.

By providing your mobile number during checkout when making a purchase, or by providing your mobile number if you wish to receive text messages, you agree that we may send you transactional text notifications. Consent is not a condition for making a purchase.

If you wish to unsubscribe from receiving marketing text messages and notifications, reply with STOP to any mobile message sent from us or use the unsubscribe link we provided you with in any of our messages. Message and data rates may apply.

  • Cookies and Tracking Technologies

If you would like to stop or restrict the placement of cookies or flush any cookies that may already be on your computer or device, please refer to and adjust your web browser preferences. Further information on cookies is available at www.allaboutcookies.org. Residents of the European Union who have provided their consent to our use of cookies and similar technologies can also use the European Interactive Digital Advertising Alliance (“EDAA”) opt out tool which can be found at http://www.youronlinechoices.eu/. By deleting our cookies or disabling future cookies, you may not be able to access certain areas or features of our Website or some of its functionality may be affected.

Note that cookie-based opt-outs must be performed on each device and browser that you wish to have opted out. For example, if you have opted out on your device browser, that opt-out will not be effective on your mobile device. Additionally, if you opt out on one of your devices, that opt out may not be effective on all of your devices. However, please be advised that cookie-based opt-outs are not effective on some mobile services.

Some browsers have a Do Not Track (“DNT”) feature that lets users signal to websites that they do not want to have their online activities tracked. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers. However, if you are a resident of California or to the extent required by the law of a state with privacy laws governing such signals, we treat opt-out preference signals as a means of opting out of the sale or sharing of Personal Information, or of opting out of the processing of Personal Information for targeted advertising, as applicable and to the extent that your opt-out signal is readable. Please see the sections titled California Privacy Rights and Other U.S. State Privacy Rights below for more information.

  • Interest-Based Advertising

You may opt out of receiving targeted ads from certain data and advertising partners that participate in certain industry self-regulatory programs. The DAA provides a website at www.aboutads.info/consumers with information about how to opt out of targeted advertising from some or all of the DAA’s participating companies. Additionally, the Network Advertising Initiative (“NAI”) offers a website at http://optout.networkadvertising.org/ where you can opt out of interest-based advertising from some or all of the NAI’s members. Residents of the European Union who have provided their consent to our use of cookies and similar technologies can also use the European Interactive Digital Advertising Alliance (“EDAA”) opt out tool which can be found at http://www.youronlinechoices.eu/. Please note that by opting out, you will continue to see generic advertising that is not tailored to your specific interests and activities. In the event that we perform cross-device matching (as described above), once you have opted out on one device (“Opted-Out Device”), we will not use any new data from the Opted-Out Device to identify you on another device for interest-based advertising purposes, and we will not use data from another device for interest-based advertising purposes on the Opted-Out Device.

For targeted advertisements delivered through mobile apps, users may opt out of certain ads or reset advertising identifiers via their device settings. To learn how to limit ad tracking or to reset the advertising identifier on your iOS and Android device, visit the following links:

 

You can also install the DAA’s AppChoices app on your device to opt out of targeted advertising by certain providers, and to select system-level advertising preferences on your device (such as “Limit Ad Tracking” on Apple devices, or “Opt-out of Interest-based ads” on Android devices).

Finally, to learn more from the NAI about how to opt out of targeted advertising on mobile devices, you can also visit the following link: https://thenai.org/opt-out/mobile-opt-out/.

If you are a resident of California or a state that provides additional rights under its applicable privacy laws, you may have additional opt-out rights as set forth in the sections below entitled California Privacy Rights and Other U.S. State Privacy Rights.

CHANGES TO POLICY

We reserve the right, at our discretion, to change, modify, add, or remove portions from this policy at any time, provided that any such modifications will only be applied prospectively. We encourage you to periodically review the Website for the latest information on our privacy practices. Your continued use of the Website following the posting of any changes to this policy means you accept such changes.

CONTACT

For questions or concerns relating to privacy, we can be contacted by email at privacy@pretty-smartcosmetics.com or by telephone at 1-866-I-OPT-OUT (1-866-467-8688) using service code 731.

SITE MAINTENANCE

Our Website is maintained in the United States of America. Subject to the subsection “Data Transfer” in the section titled EUROPEAN PRIVACY RIGHTS, by using the Website or engaging in Other Interactions, you authorize the export of your information to the USA and its storage and use as specified in this policy.

CALIFORNIA PRIVACY RIGHTS

The California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act of 2020, provides you with specific rights regarding your Personal Information. This section describes the rights that California consumers have and explains how to exercise those rights. For the purposes of this section, Personal Information does not include: (i) information that is lawfully made available from federal, state or local government records; (ii) de-identified or aggregated data; or (iii) information excluded from the scope of the CCPA. To be clear, these rights are granted only to the extent that you are a California consumer, and we are acting as a “business” under the CCPA with respect to your Personal Information. The rights in this section are not intended to grant you additional rights, but only your rights under the CCPA.

Information We Collect; How We Collect It; How We Use It

General information regarding our collection, use, and disclosure of Personal Information is set forth in the Privacy Policy above. To help consumers make informed privacy decisions, the CCPA defines Personal Information by discrete categories. Information about the categories of Personal Information we process, our purposes for processing your Personal Information, the categories of Personal Information that we disclose to third parties, and the categories of third parties to whom we disclose it are set forth in the terms of our Privacy Policy above, as well as in the Personal Information Processing Chart at the end of the Privacy Policy below.  

Rights to Your Information

  1. Right to Know

As a California consumer, you have the right to request that we disclose certain information to you about our collection, use, or disclosure of your Personal Information. Once we receive and confirm your verifiable consumer request (see Exercising Your Rights, below), and subject to certain limitations that we describe below, we will disclose such information. You have the right to request any or all of the following:

  • The categories of Personal Information we collected about you.
  • The categories of sources from which the Personal Information is collected.
  • Our business or commercial purpose for collecting, selling, or sharing that Personal Information.
  • The categories of third parties with whom we disclose Personal Information.
  • The specific pieces of Personal Information we collected about you (see Data Portability Rights below).

 

  1. Right to Delete

You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Your Rights, below), we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies. However, we may retain Personal Information that has been de-identified or aggregated. Furthermore, we may deny your deletion request if retaining the information is necessary for us or our service provider(s) in order to perform certain actions set forth under CCPA, such as detecting security incidents and protecting against fraudulent or illegal activity.

  1. Right to Data Portability

You have the right to request a copy of Personal Information we have collected and maintained about you. The CCPA allows you to request your information from us up to twice during a 12-month period. We will provide our response in a readily usable (and usually electronic) format.

  1. Right to Correct

You have the right to request the correction of any Personal Information we maintain about you.

  1. Right to Opt Out of Selling or Sharing Your Personal Information

You have the right to opt out of the sale or sharing of your Personal Information, along with the right to opt in to the sale of such information.  We do not sell or share the Personal Information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the "right to opt-in") from either the consumer who is less than 16 (but greater than 13) years of age, or the parent or guardian of a consumer less than 13 years of age. To our knowledge, we do not sell or share the Personal Information of minors under 16 years of age.

To exercise the right to opt out, you (or your authorized representative) may submit a request to us by clicking the "Do Not Sell/Share My Personal Information" link at the bottom of our Website’s homepage or by clicking here.

We will also treat Global Privacy Control browser signals as valid opt-out requests, when such signals remain present and readable.

You may change your mind and opt back in to Personal Information sales at any time by emailing us at privacy@Pretty-smartcosmetics.com.

  1. Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights, including but not limited to, by:

  • Denying you goods or services.
  • Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Providing you a different level or quality of goods or services.
  • Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

 

  1. Exercising Your Rights

To exercise the rights described above, please contact us by using the following methods:

  • Calling us toll-free at 1-866-467-8688 using service code 731
  • Emailing us at privacy@pretty-smartcosmetics.com
  • Visiting our California Rights page here.

 

After submitting a request, we will take steps to verify your identity in order for us to properly respond and confirm that it is not a fraudulent request. In order to verify your identity, we will ask, at a minimum, that you provide your name, email address, phone number, address, and relationship to us, so that we can seek to match this information with the information existing in our systems. When providing us this information, you represent and affirm that all information provided is true and accurate. If we are unable to verify that the consumer submitting the request is the same individual about whom we have collected Personal Information, we may contact you for more information, or we may not be able to meet your request.

Only you, or an agent legally authorized to act on your behalf, may make a verifiable request related to your Personal Information. If an authorized agent of a California consumer is making a request on your behalf, we will ask your agent to submit reliable proof in writing of such authorization by you to act on your behalf. To do so, you must: (1) provide that authorized agent written and signed permission to submit such request; and (2) verify your own identity directly with us (i.e., provide sufficient information that allows us to reasonably verify that you are the person about whom we collected the Personal Information). Please note, we are required to validate any request to exercise these rights, including any authorized agent request and we may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf.

If you have been designated as an authorized agent to submit a request on behalf of another consumer, you must (1) download and complete this form and have it signed by the consumer, and (2) provide the signed form when you submit a request here to exercise your rights under the California Consumer Privacy Laws.

We will make every effort to respond to your request within 45 days from when you contacted us. If you have a complex request, the CCPA allows us up to 90 days to respond. We will still contact you within 45 days from when you contacted us to let you know we need more time to respond.

California Shine The Light Law

In addition to the above rights, under California Civil Code Section 1798.83 (“Shine the Light”), California residents may have the right to request in writing from businesses with whom they have an established business relationship: (a) a list of the categories of Personal Information, as defined under Shine the Light, such as name, email address, and mailing address, and the type of services provided to the customer that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes; and (b) the names and addresses of all such third parties. To request the above information, please contact us by email at privacy@pretty-smartcosmetics.com. If you do not want your Personal Information shared with any third party who may use such information for direct marketing purposes, then you may opt out of such disclosures by sending an email to us at privacy@pretty-smartcosmetics.com.

OTHER U.S. STATE PRIVACY RIGHTS

The Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Utah Consumer Privacy Act, and similar laws in other U.S. states ("Applicable State Privacy Laws") provide consumers in those states (“Applicable States”) with specific rights regarding their Personal Information. This section describes your rights under Applicable State Privacy Laws and explains how you may exercise these rights. To be clear, these rights are granted only to the extent that you are a consumer who resides in an Applicable State, and we are acting as a controller with respect to your Personal Information. The rights in this section are not intended to grant you additional rights, but only your rights under the Applicable State Privacy Laws.

The categories of Personal Information we process, our purposes for processing your Personal Information, the categories of Personal Information that we disclose to third parties, and the categories of third parties with whom we disclose it are set forth in the terms of our Privacy Policy above, as well as in the Personal Information Processing Chart below.

Rights to Your Information

In addition to the rights set forth in our Privacy Policy, the Applicable State Privacy Laws provide you with the following rights:

  • Right to know.You have the right to know whether we process your Personal Information and to access such Personal Information.
  • Right to data portability.You have the right to obtain a copy of your Personal Information that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another business without hindrance, where the processing is carried out by automated means. You may request such Personal Information up to twice annually, subject to certain exceptions.
  • Right to delete.You have the right to delete Personal Information that you have provided by or that we have obtained about you. Please note that we may deny such request if the requested deletion falls under an exception as set forth in Applicable State Privacy Laws. Additionally, if you request deletion of your Personal Information and we have obtained such information from a third-party source, we may retain such data by keeping a record of the deletion request and the minimum data necessary to ensure that your Personal Information remains deleted from our records and that such retained data is not used for any other purpose, or we may opt you out of the processing of such Personal Information for any purpose except for those allowed under Applicable State Privacy Laws.
  • Right to opt out.You have the right to opt out of the processing of the Personal Information for purposes of: (i) targeted advertising; (ii) the sale of Personal Information; or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. As of the latest date of the Privacy Policy:
    • We process Personal Information for the purposes of targeted advertising;
    • We may sell your Personal Information in exchange for monetary or other valuable consideration under the laws of certain Applicable States; and
    • We do not engage in profiling decisions based on your Personal Information that produce legal or similarly significant effects concerning you.

If you wish to opt out of the processing of your Personal Information for any of the above purposes, please click here. For residents of Colorado and Connecticut, we will also treat opt-out preference signals as valid opt-out requests.

  • Right to correct.You have the right to correct inaccuracies in your Personal Information, taking into account the nature of the Personal Information and the purposes for which we process it.
  • Right to nondiscrimination.You have the right not to receive discriminatory treatment by us for the exercise of your privacy rights. Unless permitted by Applicable State Privacy Laws, we will not:
    • Deny you goods or services;
    • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
    • Provide you a different level or quality of goods or services; or
    • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

How to Exercise Your Rights; Verifying Your Identity

To exercise any of your privacy rights, or if you have any questions about your privacy rights, you may contact us by:

After submitting a request, we will take steps to verify your identity in order for us to properly respond and/or confirm that your request is not fraudulent. We may contact you for additional information as reasonably necessary to authenticate your request, but if we are ultimately unable to authenticate your request using reasonably commercial efforts, then we may not be able to comply with it.

Only you may make a verifiable request related to your Personal Information. If you are making a request as the parent or legal guardian of a known child regarding the processing of that child’s Personal Information, we may ask you to submit reliable proof of your identity.

Response Time; Your Right to Appeal

We will make every effort to respond to your request within 45 days from when you contacted us. If you have a complex request, Applicable State Privacy Laws allow us up to 90 days to respond. We will contact you within 45 days from when you contacted us to inform you of the need for additional time and the reason for such extension. We may charge you a reasonable fee to cover administrative costs if your requests are manifestly unfounded, excessive, or repetitive.

If we decline to take action on a request that you have submitted, we will inform you of our reasons for doing so, and provide instructions for how to appeal the decision. You will have the right to appeal within a reasonable period of time after you have received our decision. Within 60 days (45 days for residents of Colorado) of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If we deny your appeal, we will provide you with a method for contacting your state attorney general’s office to submit a complaint.

NEVADA PRIVACY RIGHTS

If you are a resident of Nevada, you have the right to opt out of the sale of certain Personal Information that we have collected (or may collect) from you to data brokers or other third parties. You can exercise this right by emailing us at privacy@pretty-smartcosmetics.com with the subject line “Nevada Do Not Sell Request.”

EUROPEAN PRIVACY RIGHTS

IF YOU ARE SITUATED IN THE EU, SWITZERLAND OR THE UK, THIS SECTION APPLIES TO OUR COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL DATA AND ADDITIONAL RIGHTS YOU HAVE UNDER APPLICABLE LAW.

Legal Basis:

We will only use your personal data as defined by the EU General Data Protection Regulation (“GDPR”) when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where you have consented to a certain use of your personal data.
  • Where we need to comply with a legal or regulatory obligation.

To the extent permitted under applicable laws, we will also process, transfer, disclose and preserve personal data when we have a good faith belief that doing so is necessary.

Data controller:

Shipman Associates, LLC d/b/a Pretty Smart cosmetics is the data controller of all personal data collected through our Website and Other Interactions. To contact us, please see the section titled CONTACT.

If you are situated in the EU, UK or Switzerland and have any complaints regarding our privacy practices, you have the right to make a complaint at any time to your local Supervisory Authority. We would, however, appreciate the chance to deal with your concerns before you approach your Supervisory Authority so please contact us in the first instance. If you have a complaint, please contact our EU privacy manager located in Slovenia at: 1-888-747-2256

Provision of personal data and failure to provide personal data:

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we will not be able to provide services to you.

Third parties or publicly available sources

We may receive personal data about you from various third parties such as Social Networks (as described above) and Shopify to assist us with your sale and refund procedures.

Withdrawing your consent:

If we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time. You have the right to withdraw your consent at any time by contacting us at privacy@pretty-smartcosmetics.com

Data Transfer:

We may transfer personal data from the EU, UK or Switzerland to the USA and other countries, some of which have not been determined by the European Commission or the UK to have an adequate level of data protection. If we transfer personal data outside the EU. UK or Switzerland (as applicable) to a processor, such transfer will be in compliance with the requirements of the GDPR. Where we use certain vendors, we may use specific contracts approved by the European Commission or the UK Secretary of State which give personal data the same protection it has in Europe. For more information about how we transfer your data, please contact us at privacy@pretty-smartcosmetics.com.

Use of your personal data for marketing purposes:

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising:

  • Promotional offers from us: We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us if you have requested information from us or used our services and, in each case, you have consented to our use of your personal data for marketing purposes.
  • Third-party marketing: We will get your express opt-in consent before we share your personal data with any company outside our company for their marketing purposes.

To see how you can opt out of marketing communications, please see the section above titled YOUR CHOICES.

Data Subject Rights:

If you are a situated in the EU, UK, or Switzerland, under the GDPR, as a data subject, you have the following rights:

  • Right to access– This right allows individuals to obtain confirmation as to whether or not personal data concerning him or her is being process and provide access to such personal data. It also allows individuals to request details of the processing of their personal data, including, without limitation, categories of recipients to whom the personal data have been or will be disclosed and purposes of processing.
  • Right to rectify– This right allows individuals to rectify any inaccurate personal data about him or her.
  • Right to restrict processing– This right allows individuals to block or suppress processing of personal data under certain circumstances.
  • Right to be forgotten (also known as right to erasure)– This right is also known as the “right to erasure”. It is an individual’s right to have personal data erased or to prevent processing in specific circumstances. You have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Right of data portability– This right allows individuals to move, copy or transfer personal data from one place to another in a secure manner without interrupting the integrity and usability of the information. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Right to object to processing– This right allows individuals to object to certain types of processing, including direct marketing, profiling and providing for purposes of scientific or historical research and statistics. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Right to withdraw consent– This right allows individuals to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

 

To exercise your rights under the GDPR and other applicable laws, please contact us at privacy@pretty-smartcosmetics.com. Please note that in order for you to assert these rights, we may need to verify your identity to confirm your right to access your personal data.  This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. In order to verify your identity, we may need to gather more personal data from you than we currently have.

PERSONAL INFORMATION PROCESSING CHART

In the past 12 months, we have collected the following categories of Personal Information from the sources described in the section of the Privacy Policy above titled How We Collect Your Personal Information. While we recommend that you review the full Privacy Policy above, which provides greater detail, the chart below summarizes our business or commercial purposes for collecting and disclosing these categories Personal Information, the parties we have disclosed such information to, and whether we have sold or shared (or otherwise disclosed for targeted advertising) each category of Personal Information. Depending on your level of interaction with us, we may not have collected your Personal Information from all of the categories listed below. The categories of Personal Information described below are retained and stored for as long as is necessary to effectuate the business and commercial purposes for which they have been collected, and otherwise as described in the section of the Privacy Policy above titled Data Retention.

Category

Examples

Business or Commercial Purposes for Collecting Personal Information 

Disclosed  in the Prior Twelve (12) Months for the Following Business Purposes

“Sold” or “Shared” in the Prior Twelve (12) Months for the Following Purposes

Categories of Third Parties With Whom We Disclose, Sell, or Share Personal Information

Personal identifiers.

A real name, postal address, online identifier, Internet Protocol address, email address, account name.

To process your orders, to contact you about our products and services and to add you to our mailing list for that purpose, to personalize your experience with us including by presenting products or offers tailored to you, to allow you to use, communicate and interact with others on our Web site and though Other Interactions, to administer our loyalty rewards program; to respond to your direct inquiries; and as otherwise described in the section titled Information Usage and Disclosure in the Privacy Policy above.

To help ensure the security and integrity of our services, to verify or maintain the quality or safety of our services, and to identify and repair errors;

 

Undertaking internal research for service optimization;

 

Providing advertising and marketing services;

 

Auditing related to counting ad impressions to unique visitors;

 

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services;

 

and as otherwise described in the section titled Information Usage and Disclosure in the Privacy Policy above.

To personalize your experience with us including by presenting products or offers tailored to you; for analytics, marketing and advertising, including targeted advertising.

Service providers and other third parties, including providers of the following services: website hosting, data analysis, payment processing, targeted advertising, order fulfillment, infrastructure provision, information technology services, customer service, e-mail delivery, credit card processing, auditing, training, and other similar services.

Personal information covered by the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

(Some Personal Information included in this category may overlap with other categories.)

A name, physical characteristics or description, address, telephone number, credit card number, debit card number, or any other financial information.

To process your orders, to contact you about our products and services and to add you to our mailing list for that purpose, to personalize your experience with us including by presenting products or offers tailored to you, to allow you to use, communicate and interact with others on our Web site, to administer our loyalty rewards program, to respond to your direct inquiries; and as otherwise described in the section titled Information Usage and Disclosure in the Privacy Policy above.

To help ensure the security and integrity of our services, to verify or maintain the quality or safety of our services, and to identify and repair errors;

 

Undertaking internal research for service optimization;

 

Providing advertising and marketing services;

 

Auditing related to counting ad impressions to unique visitors;

 

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services;

 

and as otherwise described in the section titled Information Usage and Disclosure in the Privacy Policy above.

Not applicable, except to the extent that some Personal Information included in this category may overlap with other categories, in which case please see details from those categories.

 

Service providers and other third parties, including providers of the following services: website hosting, data analysis, payment processing, order fulfillment, infrastructure provision, information technology services, customer service, e-mail delivery, credit card processing, auditing, training, and other similar services, including services that deliver targeted advertising about goods and services that may be of interest to you.

Commercial information.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

If you provide information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns, to contact you about our products and services, to personalize your experience with us including by presenting products or offers tailored to you, to administer our loyalty rewards program, and to respond to your direct inquiries.

To help ensure the security and integrity of our services, to verify or maintain the quality or safety of our services, and to identify and repair errors;

 

Undertaking internal research for service optimization;

 

Providing advertising and marketing services;

 

Auditing related to counting ad impressions to unique visitors;

 

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services;

 

and as otherwise described in the section titled Information Usage and Disclosure in the Privacy Policy above.

To personalize your experience with us including by presenting products or offers tailored to you; for analytics, marketing and advertising, including targeted advertising.

Service providers and other third parties, including providers of the following services: website hosting, data analysis, payment processing, order fulfillment, infrastructure provision, information technology services, customer service, e-mail delivery, credit card processing, auditing, training, and other similar services including services that deliver targeted advertising about goods and services that may be of interest to you.

Internet or other similar network activity.

Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.

To personalize your experience with us, including by presenting products or offers tailored to you, to allow you to use, communicate and interact with others on our Web site, and as otherwise described in this Privacy Policy.

To help ensure the security and integrity of our services, to verify or maintain the quality or safety of our services, and to identify and repair errors;

 

Undertaking internal research for service optimization;

 

Providing advertising and marketing services;

 

Auditing related to counting ad impressions to unique visitors;

 

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services;

 

and as otherwise described in the section titled Information Usage and Disclosure in the Privacy Policy above.

To personalize your experience with us including by presenting products or offers tailored to you; for analytics, marketing and advertising, including targeted advertising.

Service providers and other third parties, including providers of the following services: website hosting, data analysis, payment processing, order fulfillment, infrastructure provision, information technology services, customer service, e-mail delivery, credit card processing, auditing, training, and other similar services, including services that deliver targeted advertising about goods and services that may be of interest to you.

Non-precise  geolocation  data.

Geolocation information derived from your IP address

Undertaking internal research for service optimization;

 

Auditing related to counting ad impressions to unique visitors;

 

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services;

 

and as otherwise described in the section titled Information Usage and Disclosure in the Privacy Policy above.

Undertaking internal research for service optimization;

 

Auditing related to counting ad impressions to unique visitors;

 

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services;

 

and as otherwise described in the section titled Information Usage and Disclosure in the Privacy Policy above.

To personalize your experience with us including by presenting products or offers tailored to you; for analytics, marketing and advertising, including targeted advertising.

Service providers and other third parties, including providers of the following services: website hosting, data analysis, payment processing, order fulfillment, infrastructure provision, information technology services, customer service, e-mail delivery, credit card processing, auditing, training, and other similar services, including services that deliver targeted advertising about goods and services that may be of interest to you.

Visual information

Photographs you may submit to us in connection with a review, product or service.

 

For business services performed on our behalf, including providing customer service.

N/A

None, except with your consent.

Inferences drawn from other Personal Information for profiling purposes.

Used to create a profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

To personalize your experience with us, including by presenting products or offers tailored to you, and as otherwise described herein.

To help ensure the security and integrity of our services, to verify or maintain the quality or safety of our services, and to identify and repair errors;

 

Undertaking internal research for service optimization;

 

Providing advertising and marketing services;

 

Auditing related to counting ad impressions to unique visitors;

 

For other business services performed on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services;

 

and as otherwise described in the section titled Information Usage and Disclosure in the Privacy Policy above.

To personalize your experience with us including by presenting products or offers tailored to you; for analytics, marketing and advertising, including targeted advertising.

Service providers and other third parties, including providers of the following services: website hosting, data analysis, payment processing, order fulfillment, infrastructure provision, information technology services, customer service, e-mail delivery, credit card processing, auditing, training, and other similar services, including services that deliver targeted advertising about goods and services that may be of interest to you.