EFFECTIVE DATE: 4/12/2021
By visiting the Sites, or using any of our Services, you agree that your personal information will be handled as described in this Policy.
If you are a California resident or a resident of the United Kingdom or European Union, additional provisions may apply to you as set forth in California Privacy Notice and GDPR Notice below, respectively.
The Information We Collect About You
We collect information about you directly from you and from third parties, as well as automatically through your use of our Sites or Services.
Information We Collect Directly From You. We collect personal information from you as follows:
- Registration: If you register as a salon, distributor, salon professional, student, salon distributor or stylist through MyTribe, we ask for your name, your salon name, address, email addresses, phone number, and as applicable your distributor, and distributor identification number.
- Events: We may organize events relating to our products. We may ask you to register for such events by providing your name, email, and other necessary contact information.
- Newsletters: You can also sign up to receive our newsletters. We only collect your email address in connection with such newsletters.
- Certification: We conduct a certification process for stylists using our products. In connection with this process we may collect a stylist’s name and contact information as well as information regarding the stylist’s skills, knowledge and training.
- Orders: If you purchase products from us through Thelanzashop, we will collect you name, shipping address, and email address to fulfill those orders. We will keep a record of the transactions you made, including the products ordered. You will be required to provide credit card information to pay for such orders but all such payments are processed by PayPal; we do not receive or store you credit card information.
- Customer Inquiries: Our Sites contain forms you can use to contact us about our products and services. We will collect your name, email and other contact information and other information you wish to provide in connection with your inquiry.
In addition, if you are providing personal information for third parties in connection with using our Sites or Services, you are responsible for ensuring that you have all required permissions and consents to provide such personal information to us for use in connection with the Sites and Services, and that our use of such personal information to provide the Sites and Services does not violate any applicable law, rule, regulation or order.
How We Use Your Information
We use your information, including personal information, for the following purposes:
- Provide our Sites and Services
We use your information to communicate with you about your use of our Sites and Services, to respond to your inquiries, to fulfill your orders of our products, and for other customer service purposes.
- Provide personalized services
We use your information to tailor the content and information that we may send or display to you, to offer location customization, and personalized help and instructions, and to otherwise personalize your experiences while using the Sites and Services.
- Improve and develop our Sites and Services
We use your information to ensure our Sites and Services are working as intended, better understand how users access and use our Sites and Services, both on an aggregated and individualized basis, make improvements to our Sites and Services, detect and correct errors, develop new products and Services, prevent fraud, and to conduct product and market research and analysis.
- Offer promotions
We use your information for marketing and promotional purposes. For example, we may use your information, such as your email address, to send you newsletters, special offers, and promotions, or to otherwise contact you about products or information we think may interest you. We also may use the information that we learn about you to assist us in advertising our Services on third party websites.
- Cart Reminder Messages via SMS
- SMS Data Sharing
We understand that express consent is required for SMS, and therefore sharing data is prohibited. Our privacy policies specify that data sharing excludes SMS opt-in data and consent. We do not share any personal data provided in connection with our text messaging programs with any third parties. The above excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.
To Comply With Legal Obligations, Prevent Fraud, and Protect Rights or Property
We use your information as necessary to comply with our legal obligations, respond to law enforcement inquiries, comply with legal process (e.g. warrant, subpoena, civil discovery or investigative demand), to enforce or defend legal claims, prevent fraud and protect the security of our systems, prevent injury or damage, and protect our rights or property or the rights or property of others.
How We Share Your Information
We may share your information, including personal information, as follows:
- Consent. Where you have provided consent, we share your information, including Personal Information, as described at the time of consent, such as when you authorize a third party application or website to access your MyTribe account or when you participate in promotional activities conducted by our partners or third parties.
- Affiliates. We may disclose the information we collect from you to our affiliates or subsidiaries solely for the purpose of providing Sites and Services to you; however, if we do so, their use and disclosure of your personal information will be maintained by such affiliates and subsidiaries in accordance with this Policy.
- Service Providers. We may disclose the information we collect from you to third party vendors, service providers, contractors or agents who perform functions on our behalf.
- Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, or are in negotiations for any of these types of transactions, we may transfer the information we have collected from you to the other company or entity involved in such transactions.
- In Response to Legal Process. We also may disclose the information we collect from you in order to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a subpoena.
- To Protect Us and Others. We also may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of this Policy, or as evidence in litigation in which we are involved.
- Aggregate and De-Identified Information. We may share aggregate or de-identified information about users and their use of the Services with third parties and publicly for marketing, advertising, research or similar purposes.
- Disclosure of Professional Users. We may receive and disclose information to and from distributors in connection with our Pro Loyalty program.
Please note that except as noted above, we will not sell or share your personal information with any third party for their direct marketing purposes without your consent.
Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed in this section (e.g., by disabling cookies), but such disabling will impair use of the Sites and Services.
Cookies. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Sites and Services, while others are used to enable a faster log-in process or to allow us to track your activities at our Sites and Services. There are two types of cookies: session and persistent cookies.
- Session Cookies. Session cookies exist only during an online session. They disappear from your computer when you close your browser or turn off your computer. We use session cookies to allow our systems to uniquely identify you during a session or while you are logged into the Sites. This allows us to process your online transactions and requests and verify your identity, after you have logged in, as you move through our Sites.
- Persistent Cookies. Persistent cookies remain on your computer after you have closed your browser or turned off your computer. We use persistent cookies to track aggregate and statistical information about user activity.
For more information on the cookies we used see the Cookies Settings on the Sites.
Disabling Cookies and Cookie Preferences. You can control your cookie preferences by going to Cookie Settings on the Sites. You can disable non-necessary cookies, but you cannot disable necessary cookies because they are essential for the working of basic functionalities of the Sites. In addition, most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our Sites who disable cookies will not be able to browse certain areas of the Sites or use the Services.
Our Sites and Services may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third party websites. We are not responsible for the information practices of such third party websites.
Security of My Personal Information
We have implemented commercially reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our efforts, no data security measures can guarantee 100% security.
You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
What Rights Do I Have Regarding My Personal Information
You may request access, a copy, modification or deletion of personal information that you have submitted to us by contacting us at firstname.lastname@example.org. We will use reasonable efforts to accommodate such requests to the extent required by law, provided that we may be required to retain personal information to comply with legal obligations, accounting requirements, or for other business purposes. We may request additional information to verify the identity of the requesting party before responding to a request. Please note that copies of information that you have updated, modified or deleted may remain viewable in cached and archived pages of the Sites for a period of time.
What Choices Do I Have Regarding Use of My Personal Information for Marketing?
We may send periodic promotional or informational emails to you. You may opt-out of such communications by following the opt-out instructions contained in the e-mail. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you e-mails about your account or any Services you have requested or received from us.
Location of Information
Our Sites and Services are offered from the United States. We store any information we collect in the United States. If you access the Services or Sites from outside the United States, you agree to the transfer of your information to the United States, which may have less protections for your personal information than your jurisdiction of residence.
Our Sites and Services are not designed for children under 16. If we discover that a child under 16 has provided us with personal information, we will delete such information from our systems.
If you have questions about the privacy aspects of our Sites or Services or would like to make a complaint, please contact us at email@example.com.
Changes to this Policy
This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on the Sites. If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavor to provide you with notice in advance of such change by highlighting the change on our Sites or if you have an account with us, providing notice to the email address in your account (for this reason you should make sure to update your account information promptly if it changes.
CALIFORNIA PRIVACY NOTICE
This California Privacy Notice supplements the Policy and contains certain additional disclosures required under the California Consumer Privacy Act (“CCPA”). For individuals who are California residents, the CCPA requires certain disclosures about the categories of personal information we collect and how we use it, the categories of sources from whom we collect personal information, and the third parties with whom we share it. You have also the right to exercise certain rights regarding your personal information.
Please note that for California residents, the term personal information means information that identifies, relates to, describes, is reasonably capable of being associated with or could reasonably be linked, directly or indirectly, with a particular consumer or household as defined in the CCPA. All other capitalized terms have the same meanings as given them in the Policy.
Do Not Track Signals
Your browser settings may also allow you to transmit a "Do Not Track" signal when you visit various websites. Like many websites, our website is not designed to respond to "Do Not Track" signals received from browsers. To learn more about "Do Not Track" signals, you can visit http://www.allaboutdnt.com/
Data Subject Requests
If you are a California resident who has provided personal information to [•], or a California resident that reasonably believes that Davex Labs collected or stores their personal information, you have the right to request Davex Labs to:
- Disclose the categories of personal information we collected about you in the preceding 12 months, categories of sources from which the personal information was collected; the business or commercial purpose for which we collected or sold the personal information; the categories of third parties with which the business we have shared your personal information, categories of personal information that we sold in the preceding 12 months, and for each category identified, categories of third parties to which we sold that particular category of personal information, and the categories of personal information that we disclosed for a business purpose in the preceding 12 months, and for each category identified, the categories of third parties to whom we disclosed that particular category of personal information (“Request to Know”);
- Disclose the specific pieces of personal information that we have collected on you (“Request to Know”);
- Delete personal information we have collected on you (“Request to Delete”); and
- Opt-out of the sale of the personal information we have collected on you (“Right to Opt-out”).
You can only make two Requests to Know in a 12-month period, and the information provided need only cover the 12-month period prior to receipt of your request.
Methods For Submitting Request
You may submit Requests to Know and Requests to Delete in one of the following methods sending an email to firstname.lastname@example.org.
Verification of Requests
We will need to verify your identity to respond to Requests to Delete and Requests to Know. If you have an account with us that is password-protected, we may verify your identity through our existing authentication practices for your account.
If you do not have an account with us, and your request concerns “categories” of personal information collected, we can request from you two data points of personal information to verify your identity. If you do not have an account with us, and your request concerns specific pieces of personal information, we can request from you at least three data points of personal information as well as a signed declaration with penalty of perjury to verify your identity.
Time for Response
Please note that once you have submitted a Request to Know or Request to Delete, we will send you a receipt, acknowledging your request, within 10 business days. If, for some reason, you do not receive such a receipt within 10 days of your submitted request, please send us an email to email@example.com as an error may have occurred.
We will respond to Requests to Know and Requests to Delete within 45 calendar days after they are received. If we cannot verify you within the 45-day time period, we may deny the request. If necessary, we may take up to an additional 45 calendar days to respond to the consumer’s request, for a maximum total of 90 calendar days from the day the request is received, provided that we will provide you with notice and an explanation of the reason that we will take more than 45 days to respond to the request.
In the case of a Request to Delete, we may use a two-step process for online requests to delete where you must first, submit the Request to Delete and then second, separately confirm that you want your personal information deleted.
Notice of Opt-Out
We do not sell your personal information as defined under the CCPA or Nevada law. However, if you wish to opt-out of the sale of your personal information by us, please send an email to . firstname.lastname@example.org.
As a California resident, you have the right to designate an agent to exercise these rights on your behalf. We may require proof that you have designated the authorized agent to act on your behalf and to verify your identity directly with us. Please contact us at email@example.com for more information if you wish to submit a request through an authorized agent.
Right to Non-Discrimination for the Exercise of CCPA Rights
You have a right not to receive discriminatory treatment by us for the exercise of the privacy rights conferred by the CCPA. We hereby inform you that if you exercise any of your rights under the CCPA we may not deny you goods or services for that reason, or subject you to different prices than those paid by other consumers, except to the permitted under the CCPA.
If you have questions about our privacy policies or practices or this California Privacy Notice, please contact us at firstname.lastname@example.org .
Notice at Collection
Pursuant to California Civil Section 1798.100(b), this serves as notice of the categories of personal information that we collect through the Sites and Services, the business or commercial purposes for which such personal information was collected, the categories of sources of such personal information and the categories of third parties to whom such information was disclosed in the past twelve (12) months.
Business or Commercial Purpose
Categories of Sources
Categories of Third Parties to Whom Disclosed
|A. Identifiers.||YES||To process registrations for MyTribe and orders for products, respond to customer service inquiries, send newsletter and for the other purposes described in the Policy.||Users, distributors, and service providers.||Users, distributors, and service providers.|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||YES||To process registrations for MyTribe and orders for products, respond to customer service inquiries, send newsletter and for the other purposes described in the Policy.||Users, distributors, and service providers.||Distributors and service providers.|
|C. Protected classification characteristics under California or federal law.||NO|
|D. Commercial information.||YES||To process orders, market products and services, and develop new products and services and for the other purposes described in the Policy.||Users, distributors, and service providers.||Distributors and service providers.|
|E. Biometric information.||NO|
|F. Internet or other similar network activity.||YES||Users and service providers (such as data analytics providers).||Service providers, such as data analytics providers.|
|G. Geolocation data.||NO|
|H. Sensory data.||NO|
|I. Professional or employment-related information.||YES||We only collect the identity of the salon you work with if you have provided it in connection with your registration or purchase. We use this information for the same purposes as the Identity information.||Users, distributors and service providers.||Distributors and service providers.|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||NO|
|K. Inferences drawn from other personal information.||YES||We conduct a certification process for stylists in which may determine a stylist’s aptitude for hairstyling.||Stylists||Service Providers|
If you are a resident of the European Union or the United Kingdom, the following provisions apply to you. Capitalized shall have the meaning ascribed to them by the European Union General Data Protection Regulation 2016/679 and its amendments (“GDPR”)(including any applicable provisions of the UK Data Protection Act incorporating the same).
The controller of personal information collected through the Sites and Services is Davex Labs, 720 Wilshire Blvd, Santa Monica, CA 90401.
LEGAL BASIS FOR PROCESSING OF PERSONAL INFORMATION
We process the personal information collected for the purposes described in the section entitled “The Information We Collect About You” in our Policy. The legal basis for our processing activities include processing personal information as necessary to comply with our contractual obligations, compliance with our legal obligations, for our legitimate business interests, and pursuant to your consent. The particular legal basis for the processing of your personal information is based on the purpose for which such information was provided or collected.
For example, we use personal information as necessary for the performance of contracts with you, or in order for us to take steps, at your request, prior to entering into a contract, such as registering you as a member of MyTribe or in connection with fulfilling your order of our Lanza products through our Sites. This collection and processing of the Personal Data is based on Art. 6 para. 1 (b) GDPR (necessary for the performance of a contract with you).
We may also process your personal information if we have received your consent, to respond to requests from you or to take actions in our legitimate interest (except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal information) such as for marketing purposes (such as when you sign up for our newsletter) or to otherwise inform you of our business operations, and to improve our products and services. Please note that if we rely on consent, you may withdraw your consent at any time by email, but such withdrawal will not affect the lawfulness of the processing prior to the withdrawal. The collection and processing of personal information based on your consent is in accordance with Art. 6 para. 1 (a) GDPR; the collection and processing of personal information based on legitimate interest is in accordance with Art. 6 para 1(f) GDPR.
We retain personal information about you for the time necessary to accomplish the purpose for which such information was collected, usually for the duration of any contractual relationship and for any period thereafter as legally required or permitted by applicable law. We may routinely review and if appropriate purge data from accounts that have not been active for 12 or more months. Our retention policies further reflect applicable statute of limitation periods and legal requirements.
DATA SUBJECT RIGHTS
Data Subjects of the European Union have the following rights:
- Access, Correction and Erasure Requests: You have the right to:
- contact us to confirm whether we are processing your personal information;
- receive information on how your personal information is processed;
- obtain a copy of your personal information;
- request that we update or correct your personal information; and
- request that we delete personal information in certain circumstances.
- Right to Object to Processing: You have the right to request that we cease processing of your personal information for marketing activities, including profiling for statistical purposes where such processing is based on our legitimate business interests, unless we are able to demonstrate a compelling legitimate basis for such processing or we need to process your personal information for the establishment, exercise or defense of a legal claim.
- Right to Restrict Processing: You have the right to request that we limit the processing of your personal information:
- while we are evaluating or in the process of responding to a request by you to update or correct your personal information where such processing is unlawful and you do not want us to delete your data;
- where we no longer require such data, but you want us to retain the data for the establishment, exercise or defense of a legal claim; or
- where you have submitted an objection to processing based on our legitimate business interests, pending our response to such request.
- Data Portability Requests: You have the right to request that we provide you or a third party that you designate with certain of your personal information in a commonly used, machine readable format. Please note, however, that data portability rights apply only to personal information that we have obtained directly from you and only where our processing is based on consent or the performance of a contract.
If you believe our processing of your personal information violates data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged violation. If you are resident of the United Kingdom, you have a legal right to lodge a complaint with the United King Information Commissioner's Office.
Submitting Requests: You can submit requests by contacting us at email@example.com. We will respond to all such requests within 30 days of our receipt of the request or such period as is required by law, unless there are extenuating circumstances, in which event we may take up to 60 days to respond. We will inform you if we expect our response to take longer than 30 days. Please note, however, that certain personal information may be exempt from such rights pursuant to applicable data protection laws. In addition, we will not respond to any request unless we are able to appropriately verify the requester’s identity. We may charge you a reasonable fee for subsequent copies of personal information that you request. In addition, if we consider that a request is manifestly unfounded or excessive, we may either request a reasonable fee to deal with the request or refuse to deal with the request.