Privacy Policy | L'ANZA Healing Haircare

Privacy Policy

EFFECTIVE DATE: 4/12/2021

Davex Labs, LLC d.b.a. L'ANZA (“we”, “us” or “our”) value your privacy. In this Privacy Policy (“Policy”), we describe how we collect, use, and disclose information that we obtain about visitors to our websites at https://www.lanza.com/ and https://www.thelanzashop.com/, and other websites on which the Policy is posted (collectively the “Sites”) and the services available through our Sites, such as our (collectively, the “Services”), and how we use and disclose that information.

By visiting the Sites, or using any of our Services, you agree that your personal information will be handled as described in this Policy.

If you are a California resident or a resident of the United Kingdom or European Union, additional provisions may apply to you as set forth in California Privacy Notice and GDPR Notice below, respectively.

The Information We Collect About You

We collect information about you directly from you and from third parties, as well as automatically through your use of our Sites or Services.

Information We Collect Directly From You. We collect personal information from you as follows:

  • Registration: If you register as a salon, distributor, salon professional, student, salon distributor or stylist through MyTribe, we ask for your name, your salon name, address, email addresses, phone number, and as applicable your distributor, and distributor identification number.
  • Events: We may organize events relating to our products. We may ask you to register for such events by providing your name, email, and other necessary contact information.
  • Newsletters: You can also sign up to receive our newsletters. We only collect your email address in connection with such newsletters.
  • Certification: We conduct a certification process for stylists using our products. In connection with this process we may collect a stylist’s name and contact information as well as information regarding the stylist’s skills, knowledge and training.
  • Orders: If you purchase products from us through Thelanzashop, we will collect you name, shipping address, and email address to fulfill those orders. We will keep a record of the transactions you made, including the products ordered. You will be required to provide credit card information to pay for such orders but all such payments are processed by PayPal; we do not receive or store you credit card information.
  • Customer Inquiries: Our Sites contain forms you can use to contact us about our products and services. We will collect your name, email and other contact information and other information you wish to provide in connection with your inquiry.

In addition, if you are providing personal information for third parties in connection with using our Sites or Services, you are responsible for ensuring that you have all required permissions and consents to provide such personal information to us for use in connection with the Sites and Services, and that our use of such personal information to provide the Sites and Services does not violate any applicable law, rule, regulation or order.

Information We Collect Automatically.  We may automatically collect the following information about your use of our Sites or Services through cookies and other technologies: your domain name; your browser type and operating system; web pages you view; links you click; your IP address; the length of time you visit our Sites or use our Services; and the referring URL, or the webpage that led you to our Sites. We may combine this information with other information that we have collected about you, including, where applicable, your username, name, and other personal information. Please see the section “Our Use of Cookies and Other Tracking Mechanisms” below for more information.

How We Use Your Information

We use your information, including personal information, for the following purposes:

  • Provide our Sites and Services

We use your information to communicate with you about your use of our Sites and Services, to respond to your inquiries, to fulfill your orders of our products, and for other customer service purposes.

  • Provide personalized services

We use your information to tailor the content and information that we may send or display to you, to offer location customization, and personalized help and instructions, and to otherwise personalize your experiences while using the Sites and Services.

  • Improve and develop our Sites and Services

We use your information to ensure our Sites and Services are working as intended, better understand how users access and use our Sites and Services, both on an aggregated and individualized basis, make improvements to our Sites and Services, detect and correct errors, develop new products and Services, prevent fraud, and to conduct product and market research and analysis.

  • Offer promotions

We use your information for marketing and promotional purposes. For example, we may use your information, such as your email address, to send you newsletters, special offers, and promotions, or to otherwise contact you about products or information we think may interest you. We also may use the information that we learn about you to assist us in advertising our Services on third party websites.

  • Cart Reminder Messages via SMS

The website uses cookies to help keep track of items you put into your shopping cart, including when you have abandoned your cart, and this information is used to determine when to send cart reminder messages via SMS. By providing us with your phone number and placing items in your shopping cart, you consent to receive such cart reminder messages from us. You may opt-out of receiving these messages at any time by replying to the message with the word "STOP."

  • SMS Data Sharing

We understand that express consent is required for SMS, and therefore sharing data is prohibited. Our privacy policies specify that data sharing excludes SMS opt-in data and consent. We do not share any personal data provided in connection with our text messaging programs with any third parties. The above excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.

To Comply With Legal Obligations, Prevent Fraud, and Protect Rights or Property

We use your information as necessary to comply with our legal obligations, respond to law enforcement inquiries, comply with legal process (e.g. warrant, subpoena, civil discovery or investigative demand), to enforce or defend legal claims, prevent fraud and protect the security of our systems, prevent injury or damage, and protect our rights or property or the rights or property of others.

How We Share Your Information

We may share your information, including personal information, as follows:

  • Consent. Where you have provided consent, we share your information, including Personal Information, as described at the time of consent, such as when you authorize a third party application or website to access your MyTribe account or when you participate in promotional activities conducted by our partners or third parties.
  • Affiliates. We may disclose the information we collect from you to our affiliates or subsidiaries solely for the purpose of providing Sites and Services to you; however, if we do so, their use and disclosure of your personal information will be maintained by such affiliates and subsidiaries in accordance with this Policy.
  • Service Providers. We may disclose the information we collect from you to third party vendors, service providers, contractors or agents who perform functions on our behalf.
  • Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, or are in negotiations for any of these types of transactions, we may transfer the information we have collected from you to the other company or entity involved in such transactions.
  • In Response to Legal Process. We also may disclose the information we collect from you in order to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a subpoena.
  • To Protect Us and Others. We also may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of this Policy, or as evidence in litigation in which we are involved.
  • Aggregate and De-Identified Information. We may share aggregate or de-identified information about users and their use of the Services with third parties and publicly for marketing, advertising, research or similar purposes.
  • Disclosure of Professional Users. We may receive and disclose information to and from distributors in connection with our Pro Loyalty program. 

Please note that except as noted above, we will not sell or share your personal information with any third party for their direct marketing purposes without your consent.

Our Use of Cookies and Other Tracking Mechanisms

We and our service providers use cookies and other tracking mechanisms to track information about your use of our Sites and Services. We may combine this information with other personal information we collect from you (and our third party service providers may do so on our behalf).

When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email or home address. We (or service providers on our behalf) may then send communications and marketing to these email or home addresses. You may opt out of receiving this advertising by visiting https://app.retention.com/optout.

Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed in this section (e.g., by disabling cookies), but such disabling will impair use of the Sites and Services.

Cookies. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Sites and Services, while others are used to enable a faster log-in process or to allow us to track your activities at our Sites and Services. There are two types of cookies: session and persistent cookies.

  • Session Cookies. Session cookies exist only during an online session. They disappear from your computer when you close your browser or turn off your computer. We use session cookies to allow our systems to uniquely identify you during a session or while you are logged into the Sites. This allows us to process your online transactions and requests and verify your identity, after you have logged in, as you move through our Sites.
  • Persistent Cookies. Persistent cookies remain on your computer after you have closed your browser or turned off your computer. We use persistent cookies to track aggregate and statistical information about user activity.

For more information on the cookies we used see the Cookies Settings on the Sites.

Disabling Cookies and Cookie Preferences. You can control your cookie preferences by going to Cookie Settings on the Sites. You can disable non-necessary cookies, but you cannot disable necessary cookies because they are essential for the working of basic functionalities of the Sites. In addition, most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our Sites who disable cookies will not be able to browse certain areas of the Sites or use the Services.

Third Party Analytics. We use automated devices and applications, such as Google Analytics, to evaluate usage of our Sites and our Services. We also may use other analytic means to evaluate our Services. We use these tools to help us improve our Services, performance and user experiences. These entities may use cookies and other tracking technologies to perform their services. We do not share your personal information with these third parties.

Third-Party Links

Our Sites and Services may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third party websites. We are not responsible for the information practices of such third party websites.

Microsoft Ads

Data Collection: Microsoft collects data to provide personalized advertisements. This includes information about your interactions with Microsoft services, your interests, and your location.

Data Usage: The collected data is used to show ads that are more relevant to you. This can include targeted ads based on your browsing history, search queries, and other online activities.

Data Sharing: Microsoft may share your data with third-party advertisers and partners to help deliver personalized ads. However, this is done in a way that protects your privacy, and personal identifiers are removed where possible.

User Control: You have control over your ad preferences. You can opt out of personalized ads through your Microsoft account settings or by using tools like the AdChoices program.

Transparency: Microsoft provides clear information about how your data is used for advertising. This includes details on what data is collected, how it is used, and who it is shared with.

Security of My Personal Information

We have implemented commercially reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our efforts, no data security measures can guarantee 100% security.

You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.

What Rights Do I Have Regarding My Personal Information

You may request access, a copy, modification or deletion of personal information that you have submitted to us by contacting us at dataprotection@davexlabs.com. We will use reasonable efforts to accommodate such requests to the extent required by law, provided that we may be required to retain personal information to comply with legal obligations, accounting requirements, or for other business purposes. We may request additional information to verify the identity of the requesting party before responding to a request. Please note that copies of information that you have updated, modified or deleted may remain viewable in cached and archived pages of the Sites for a period of time.

What Choices Do I Have Regarding Use of My Personal Information for Marketing?

We may send periodic promotional or informational emails to you. You may opt-out of such communications by following the opt-out instructions contained in the e-mail. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you e-mails about your account or any Services you have requested or received from us.

Location of Information

Our Sites and Services are offered from the United States. We store any information we collect in the United States. If you access the Services or Sites from outside the United States, you agree to the transfer of your information to the United States, which may have less protections for your personal information than your jurisdiction of residence.

Children

Our Sites and Services are not designed for children under 16. If we discover that a child under 16 has provided us with personal information, we will delete such information from our systems.

Contact Us

If you have questions about the privacy aspects of our Sites or Services or would like to make a complaint, please contact us at dataprotection@davexlabs.com.

Changes to this Policy

This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on the Sites. If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavor to provide you with notice in advance of such change by highlighting the change on our Sites or if you have an account with us, providing notice to the email address in your account (for this reason you should make sure to update your account information promptly if it changes.

CALIFORNIA PRIVACY NOTICE

This California Privacy Notice supplements the Policy and contains certain additional disclosures required under the California Consumer Privacy Act (“CCPA”). For individuals who are California residents, the CCPA requires certain disclosures about the categories of personal information we collect and how we use it, the categories of sources from whom we collect personal information, and the third parties with whom we share it. You have also the right to exercise certain rights regarding your personal information.

Please note that for California residents, the term personal information means information that identifies, relates to, describes, is reasonably capable of being associated with or could reasonably be linked, directly or indirectly, with a particular consumer or household as defined in the CCPA. All other capitalized terms have the same meanings as given them in the Policy.

Do Not Track Signals

Your browser settings may also allow you to transmit a "Do Not Track" signal when you visit various websites. Like many websites, our website is not designed to respond to "Do Not Track" signals received from browsers. To learn more about "Do Not Track" signals, you can visit http://www.allaboutdnt.com/

Data Subject Requests

If you are a California resident who has provided personal information to [•], or a California resident that reasonably believes that Davex Labs collected or stores their personal information, you have the right to request Davex Labs to:

  1. Disclose the categories of personal information we collected about you in the preceding 12 months, categories of sources from which the personal information was collected; the business or commercial purpose for which we collected or sold the personal information; the categories of third parties with which the business we have shared your personal information, categories of personal information that we sold in the preceding 12 months, and for each category identified, categories of third parties to which we sold that particular category of personal information, and the categories of personal information that we disclosed for a business purpose in the preceding 12 months, and for each category identified, the categories of third parties to whom we disclosed that particular category of personal information (“Request to Know”);
  2. Disclose the specific pieces of personal information that we have collected on you (“Request to Know”);
  3. Delete personal information we have collected on you (“Request to Delete”); and
  4. Opt-out of the sale of the personal information we have collected on you (“Right to Opt-out”).

You can only make two Requests to Know in a 12-month period, and the information provided need only cover the 12-month period prior to receipt of your request.

Methods For Submitting Request

You may submit Requests to Know and Requests to Delete in one of the following methods sending an email to dataprotection@davexlabs.com.

Verification of Requests

We will need to verify your identity to respond to Requests to Delete and Requests to Know. If you have an account with us that is password-protected, we may verify your identity through our existing authentication practices for your account.

If you do not have an account with us, and your request concerns “categories” of personal information collected, we can request from you two data points of personal information to verify your identity. If you do not have an account with us, and your request concerns specific pieces of personal information, we can request from you at least three data points of personal information as well as a signed declaration with penalty of perjury to verify your identity.

Time for Response

Please note that once you have submitted a Request to Know or Request to Delete, we will send you a receipt, acknowledging your request, within 10 business days. If, for some reason, you do not receive such a receipt within 10 days of your submitted request, please send us an email to dataprotection@davexlabs.com as an error may have occurred.

We will respond to Requests to Know and Requests to Delete within 45 calendar days after they are received. If we cannot verify you within the 45-day time period, we may deny the request. If necessary, we may take up to an additional 45 calendar days to respond to the consumer’s request, for a maximum total of 90 calendar days from the day the request is received, provided that we will provide you with notice and an explanation of the reason that we will take more than 45 days to respond to the request.

In the case of a Request to Delete, we may use a two-step process for online requests to delete where you must first, submit the Request to Delete and then second, separately confirm that you want your personal information deleted.

Notice of Opt-Out

We do not sell your personal information as defined under the CCPA or Nevada law. However, if you wish to opt-out of the sale of your personal information by us, please send an email to . dataprotection@davexlabs.com.

Authorized Agent

As a California resident, you have the right to designate an agent to exercise these rights on your behalf. We may require proof that you have designated the authorized agent to act on your behalf and to verify your identity directly with us. Please contact us at dataprotection@davexlabs.com for more information if you wish to submit a request through an authorized agent.

Right to Non-Discrimination for the Exercise of CCPA Rights

You have a right not to receive discriminatory treatment by us for the exercise of the privacy rights conferred by the CCPA. We hereby inform you that if you exercise any of your rights under the CCPA we may not deny you goods or services for that reason, or subject you to different prices than those paid by other consumers, except to the permitted under the CCPA.

Contact Us

If you have questions about our privacy policies or practices or this California Privacy Notice, please contact us at dataprotection@davexlabs.com .

Notice at Collection

Pursuant to California Civil Section 1798.100(b), this serves as notice of the categories of personal information that we collect through the Sites and Services, the business or commercial purposes for which such personal information was collected, the categories of sources of such personal information and the categories of third parties to whom such information was disclosed in the past twelve (12) months.

 

Category

Collected

Business or Commercial Purpose

Categories of Sources

Categories of Third Parties to Whom Disclosed

A. Identifiers. YES To process registrations for MyTribe and orders for products, respond to customer service inquiries, send newsletter and for the other purposes described in the Policy. Users, distributors, and service providers. Users, distributors, and service providers.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). YES To process registrations for MyTribe and orders for products, respond to customer service inquiries, send newsletter and for the other purposes described in the Policy. Users, distributors, and service providers. Distributors and service providers.
C. Protected classification characteristics under California or federal law. NO      
D. Commercial information. YES To process orders, market products and services, and develop new products and services and for the other purposes described in the Policy. Users, distributors, and service providers. Distributors and service providers.
E. Biometric information. NO      
F. Internet or other similar network activity. YES   Users and service providers (such as data analytics providers). Service providers, such as data analytics providers.
G. Geolocation data. NO      
H. Sensory data. NO      
I. Professional or employment-related information. YES We only collect the identity of the salon you work with if you have provided it in connection with your registration or purchase. We use this information for the same purposes as the Identity information. Users, distributors and service providers. Distributors and service providers.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). NO      
K. Inferences drawn from other personal information. YES We conduct a certification process for stylists in which may determine a stylist’s aptitude for hairstyling. Stylists Service Providers

 

GDPR NOTICE

If you are a resident of the European Union or the United Kingdom, the following provisions apply to you. Capitalized shall have the meaning ascribed to them by the European Union General Data Protection Regulation 2016/679 and its amendments (“GDPR”)(including any applicable provisions of the UK Data Protection Act incorporating the same).

The controller of personal information collected through the Sites and Services is Davex Labs, 720 Wilshire Blvd, Santa Monica, CA 90401.

LEGAL BASIS FOR PROCESSING OF PERSONAL INFORMATION

We process the personal information collected for the purposes described in the section entitled “The Information We Collect About You” in our Policy. The legal basis for our processing activities include processing personal information as necessary to comply with our contractual obligations, compliance with our legal obligations, for our legitimate business interests, and pursuant to your consent. The particular legal basis for the processing of your personal information is based on the purpose for which such information was provided or collected.

For example, we use personal information as necessary for the performance of contracts with you, or in order for us to take steps, at your request, prior to entering into a contract, such as registering you as a member of MyTribe or in connection with fulfilling your order of our Lanza products through our Sites. This collection and processing of the Personal Data is based on Art. 6 para. 1 (b) GDPR (necessary for the performance of a contract with you).

We may also process your personal information if we have received your consent, to respond to requests from you or to take actions in our legitimate interest (except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal information) such as for marketing purposes (such as when you sign up for our newsletter) or to otherwise inform you of our business operations, and to improve our products and services. Please note that if we rely on consent, you may withdraw your consent at any time by email, but such withdrawal will not affect the lawfulness of the processing prior to the withdrawal. The collection and processing of personal information based on your consent is in accordance with Art. 6 para. 1 (a) GDPR; the collection and processing of personal information based on legitimate interest is in accordance with Art. 6 para 1(f) GDPR.

DATA RETENTION

We retain personal information about you for the time necessary to accomplish the purpose for which such information was collected, usually for the duration of any contractual relationship and for any period thereafter as legally required or permitted by applicable law. We may routinely review and if appropriate purge data from accounts that have not been active for 12 or more months. Our retention policies further reflect applicable statute of limitation periods and legal requirements.

DATA SUBJECT RIGHTS

Data Subjects of the European Union have the following rights:

  • Access, Correction and Erasure Requests: You have the right to:
    • contact us to confirm whether we are processing your personal information;
    • receive information on how your personal information is processed;
    • obtain a copy of your personal information;
    • request that we update or correct your personal information; and
    • request that we delete personal information in certain circumstances.
  • Right to Object to Processing: You have the right to request that we cease processing of your personal information for marketing activities, including profiling for statistical purposes where such processing is based on our legitimate business interests, unless we are able to demonstrate a compelling legitimate basis for such processing or we need to process your personal information for the establishment, exercise or defense of a legal claim.
  • Right to Restrict Processing: You have the right to request that we limit the processing of your personal information:
    • while we are evaluating or in the process of responding to a request by you to update or correct your personal information where such processing is unlawful and you do not want us to delete your data;
    • where we no longer require such data, but you want us to retain the data for the establishment, exercise or defense of a legal claim; or
    • where you have submitted an objection to processing based on our legitimate business interests, pending our response to such request.
  • Data Portability Requests: You have the right to request that we provide you or a third party that you designate with certain of your personal information in a commonly used, machine readable format. Please note, however, that data portability rights apply only to personal information that we have obtained directly from you and only where our processing is based on consent or the performance of a contract.

If you believe our processing of your personal information violates data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged violation. If you are resident of the United Kingdom, you have a legal right to lodge a complaint with the United King Information Commissioner's Office.

Submitting Requests: You can submit requests by contacting us at dataprotection@davexlabs.com. We will respond to all such requests within 30 days of our receipt of the request or such period as is required by law, unless there are extenuating circumstances, in which event we may take up to 60 days to respond. We will inform you if we expect our response to take longer than 30 days. Please note, however, that certain personal information may be exempt from such rights pursuant to applicable data protection laws. In addition, we will not respond to any request unless we are able to appropriately verify the requester’s identity. We may charge you a reasonable fee for subsequent copies of personal information that you request. In addition, if we consider that a request is manifestly unfounded or excessive, we may either request a reasonable fee to deal with the request or refuse to deal with the request.