Updated June, 2022
Personal Information We Collect About You
We collect several types of information from and about users of our Site, including information:
By which you may be personally identified, such as name, dates of birth, postal address, email address, cell and work telephone numbers, passport details, travel details including flight manifests, locations details, creditcardnumber, debit card number, or any other financial information and any other identifier by which you may be contacted online or offline ("personal information");
Regarding your commercial transactions, including records of or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies; and
About your internet connection, IP address, the equipment you use to access our Site, your history on the Site, location information, telemetry data, user history and usage details.
For example, we collect the following information:
When you register with us, we ask for information such as your name, postal address, zip code, email address, and telephone number. We also acquire your Internet protocol address and/or mobile device identification, whichcertainjurisdictions consider to be personal data because it could be used to identify an individual or device if it were combined with other identifying information.
We may also obtain your personal data with your express consent when you visit our spa and register for our treatment, information requested could include your name and date of birth and some health-related questions whichhelpdetermine if a treatment is right for you.
We may capture user information when users send us questions or comments via email. Information collected in this manner will only be used to contact the user and/or respond to the user’s inquiry/issue. Sending us an email will notenrollyou on our email list unless you specifically request it.
For purchases made on the Site, a third-party payment processor such as Authorize.net, Amazon Pay or Apple Pay may collect your name, email address, postal address, contact details and credit or debit card information. This record willbestored and processed in the United States and other countries (see further below under “How we use information about you” and “How we store and process information about you”). By making a purchase, you grant to us and to all otherpersonsand entities involved in the operation of the Site, the right to use, store, monitor, retrieve and transmit your account information in connection with the operation of the Site and as otherwise provided herein. You also agree thatsuchaccess and use of your Personal data is governed by their privacy policies. We are not responsible or liable for the content, activities or privacy policies of any third-party sites. Accordingly, please refer totheirrespective privacy policies.
We generally do not request on or through the Site other information that is often considered “highly sensitive,” such as other financial account information (e.g., credit report information, bank account numbers), personalhealthinformation, or government issued identification numbers (e.g., social security number, drivers’ license number, or passport number), although we reserve the right to do so when such information is necessary to offer youcertainservices.
We take reasonable precautions to protect the confidentiality and security of your personally identifiable information by using industry recognized security safeguards such as site monitoring, secured networks and servers, firewallsand/orencryption. When we ask for sensitive information, we protect it using encryption during transmission, such as SSL (Secure Socket Layer). Unfortunately, no method of transmission over the Internet is completely secure.Therefore,while we strive to protect your personally identifiable information within industry standards, we cannot guarantee its absolute security.
We may also obtain your Personal data through your use of social media and/or other websites such as Facebook, Twitter, Instagram, YouTube or Amazon, depending on your settings or the privacy policies of these websites. Tochangeyour settings on these services, please refer to their respective privacy notices.
Lawful Basis for Processing Your Information
The lawful basis to process your personal data can be further explained below:
1. Performance of a Contract
This applies when you have provided your personal data so we can provide a product or service to you (e.g., creating a customer account when purchasing one of our products)
In order to use your personal data, we are required to have a lawful basis to do so.
When you buy a product from our website or use one of our beauty services, you have given us your consent, we are fulfilling a contract to provide a product to you, or we have a legitimate interest in using your Personal data.
2. Legal Obligation
We are legally required to keep certain pieces of your personal data for various legal or regulation reasons (records of your transaction information must be kept for tax and financial reporting purposes)
This applies where you ask us to provide a specific service to you and subsequently provide your consent as a result of that request:
Cookies: We may place cookies that target you with personalized adverts, this way we can tailor how you interact with us on our website.
Advertising cookies are different from analytical/performance cookies which measure and record your interaction with our website for site improvements. When you visit our website, we give you the option to set what your preferencesareso we can respect it.
Marketing Communications from us: if you opt in and later opt out of these communications and ask us to stop sending you communications, we will do that although we would need to keep some ofyour Personal data inour database so that we know not to contact you again.
4. Legitimate Interests
We may use your personal data that you have provided to us in the following scenarios legitimately
Fraud prevention: Carry out fraud checks on transactions involving your personal data to ensure that your payment is free from any fraudulent or suspicious activities.
Securing our systems: Making sure our (websites/internal systems) are safe and secure, working properly and that your personal data is secure.
Products and Services Improvement: How you interact with our products and services can also help us understand and meet your expectations, we can run market research or surveys using aggregatedinformation to see whichof our products or services you like and to get better insights into your needs.
How We Collect Personal Information About You
We collect personal information about you:
Directly from you when you voluntarily provide it to us.
Automatically as you navigate through the Site and from your browser or device. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, andothertracking technologies used by SRMS.
Records and copies of your correspondence (including email addresses), if you contact us or submit an online request.
Through an account profile, if you create one with us.
When you contact us for assistance using our online chatbot
Through user history on our Site.
A. Information You Provide to Us
The information that you provide to us through our Site may include:
Information that you provide by filling in forms on our Site. This includes information provided at the time of using our service, posting material, or requesting further services. We may also ask you for information when requestanassessment, purchase our products or services, talk with our employees, or when you report a problem with our Site.
Records and copies of your correspondence (including email addresses), if you contact us.
Details of transactions and reservations you carry out through our Site. You may be required to provide personal and financial information before using our Services and Site.
Through creation of accounts through our Site.
B. Information We Collect About You Automatically
As you navigate through and interact with our Site, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
Details of your visits to our Site, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Site.
Information about your computer and internet connection, including your IP address, operating system, and browser type.
We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). Contact information on how you can opt out of behavioraltrackingon this Site and how we respond to web browser signals and other mechanisms that enable consumers to exercise choice about behavioral tracking.
The information we collect automatically includes statistical and analytical data and, in some instances, personal information. We collect such data automatically because it helps us to improve our Site and to deliverabetter and more personalized Service, including by enabling us to:
Estimate our audience size and usage patterns.
Store information about your preferences, allowing us to customize our Site Interface according to your individual interests.
Speed up your searches.
Recognize you when you return to our Site.
The technologies we use for this automatic data collection may include:
We do not use third parties to collect personal information.
How we use your Information
This section explains what we use your Personal data for, the business purposes or processes that require us to collect and use this data.
Personal data collection scenario
Personal data used
Why we collect such personal data
Lawful basis for processing personal data
Order management and fulfilment
Events and Promotions
Where your Personal data are collected during a promo tour, promotional offer, game, etc.
Run analytics and statistics
Manage your participation in the event and promotion
Where you call, text or contact us using our chatbot for assistance with an order
First name and surname
To assist in resolving issues regarding your order of our product or service
Performance of a Contract – In order to assist in fulfilling our contract with you
User Generated Content
When you post your user generated content to the public and tag us in the post
Social Media details
First name and surname
User Generated Content
Product/services analysis and improvement
Legitimate Interest – When you tag us in a user generated post that is public, we are interested in viewing that content
When we send or display personalized communications or content, we use a technique known as “profiling”. We process this personal data using an automated process toanalyze key criteria aboutindividuals such as (interests, location, shopping behavior etc.). Using the result of this analysis we may send or display personalized contents tailored toyour interests and/or needs. We make sureto have a valid legal basis to process your personal data when conducting such profiling activities (e.g., consent). You may have the right to withdraw this consentor to object to the processing of your data in sucha manner at any time during your engagement with us. Please see the “Privacy Rights” section below.
b) Automated Decision Making
We use automated decision-making techniques for fraud prevention purposes when it comes to transactions placed on our websites/apps and/or devices. In addition, we may also usea third-party solutionproviders’ technology or tool to protect our systems, assets etc. against fraud. The fraud detection methods can be fully automated or have certain aspects of itcontrolled by human intervention,in all instances, we take care to ensure access to your personal data is limited.
As a result of this automatic fraud detection techniques, you may be (i) asked to reconfirm a transaction via a different means, (ii) experience a delay in the processing of your order/request while we reviewatransaction and/or (iii) be asked to provide more evidence before a transaction or service can be allowed if a risk of fraud is detected. You have the right to request the information we have used to makethis decision andwhere we are allowed to, we will provide it. Please see the “Privacy Rights” section below.
Data Controller and Joint Controller
There are times we act as the Data Controller related to your personal information There are cases when we partner with our trusted partners and this responsibility is shared with such partners
Our commitments with regards to your data are as follows:
We will provide an opportunity for you to be able to exercise your legal rights.
We will work with our partners to define roles and responsibilities for each partner with regards to your personal data.
We will ensure transparency when it comes to what are the joint purposes that we use or have when it comes to processing your personal data.
Who we share your personal data with
In certain instances, we may share your personal information with other companies both in the United States and in other countries around the world. We may disclose aggregated information about our users, and information that does notidentifyany individual, without restriction. Where we share your personal information with third parties, we will put in place contractual measures to require them to take reasonable precautions to safeguard your personal information, asrequiredby applicable laws.
To our subsidiaries and affiliates.
To contractors, service providers, and other third parties we use to support our business.
To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all SRMS’s assets, whether as a going concern or as part ofbankruptcy,liquidation, or similar proceeding, in which personal information held by SRMS about our Site users is among the assets transferred.
To third parties to market their products or services to you if you have consented to and/or not opted out of these disclosures.
To fulfill the purpose for which you provided it.
For any other purpose disclosed by us when you provide the information.
With your consent.
We may also disclose your personal information:
To comply with an appropriate UK or EU court order, law, or legal process, including to respond to any appropriate government or regulatory request.
If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of SRMS, our customers, or others. This includes exchanging information with other companies and organizations for the purposes offraudprotection and credit risk reduction.
Service Providers. We may share information about you with companies we have chosen to handle our order dispatch service, any delivery company that we may use from time to time and with other companies that provide supportservicesto us, including website hosting companies, IT service providers and fraud management solution providers. We may also share your information with other companies who sell or promote our products and services, (including social mediaandinternet search platforms who you independently subscribe to), in order to provide you with an enhanced customer experience. In addition, we may also share certain limited information with companies who assist use with other services,forexample, in analyzing our customer data in order to better understand, profile and monitor customer patterns so we can consistently improve our products and services and understand what may be of interest to you and other customers.Ineach case, we will only provide these companies with the information which they need to carry out their services and they will not be permitted to use the information for other purposes. They will only be allowed to use your informationinthe way in which we instruct them and as permitted by applicable laws.
Financial Institutions, Payment Processing Partners and Fraud Management Solution Providers. Payments using our Site are made through our payment solutions providers. In such a case, you will be providing creditordebit card information direct to our providers who process payment details further. When you make a payment we may share your information, including details of your transaction, with service providers who provide fraud detectionandmanagement solutions related to your transaction.
Legal Disclosures. In certain circumstances (where required or permitted under applicable laws or with your consent (if so required by applicable laws), we may disclose personal information relating to you to thirdparties(including in other jurisdictions) in order to conform to any requirements of law, to comply with any legal or regulatory process, for the purposes of obtaining legal advice, for the purposes of credit risk reduction, to prevent anddetectfraud, At all times where we disclose your information for the purposes of credit risk reduction, fraud prevention and/or sanctions screening, we will take all steps reasonably necessary to help ensure that it remains secure.
Additionally, in the following situations, we may share personal data with outside parties:
In connection with their content and advertisements, our Affiliates may collect personally identifiable information. For example:
SRMS is an Amazon Associate. In connection with the Amazon Affiliate Program, Amazon may monitor, record, use and disclose personal data about you obtained in connection with SRMS’ display of special links and programcontent(please review the applicable terms and policies, including the privacy and data gathering practices of Amazon for more information); and
SRMS has teamed up with Commission Junction LLC, a Conversant company (“CJ Affiliate”), to spread the word out about SRMS! CJ Affiliate may collect and share Personal data about you, such as your full name, home address,telephonenumber or email address, to help us provide digital advertising on browsers, mobile applications and televisions, in a variety of ways, from banner and video ads to coupon codes. For more information about CJ Affiliateor toopt-out, please review their applicable terms and policies.
Subsidiaries and Site Consultants and Service Providers. We may disclose personal data to our subsidiaries, third party consultants and service providers (such as providers of hosting, support, maintenance; thirdpartypayment processing agencies; and remedial and repair services) to the extent that they require access to our databases, or the information contained in our databases, to service us and the Site.
Reorganization or Sale. If we merge with or become a part of another organization, or if we are sold, we sell all or substantially all our assets, or we are otherwise reorganized, the information you provide willbeone of the transferred assets to the acquiring or reorganized entity.
Aggregated Information. We may aggregate information that you provide with information provided by other individuals in such a manner that the information is not personally identifiable to you, and we may transfer thataggregatedinformation to third parties.
We may make available services such as blogs, message boards and chat functionality to which you are able to post information and materials. Please note that any information you disclose through such services or otherwise on theSitebecomes public information and may be available to visitors to the Site and to the general public. In addition, when you choose to make a posting on such services certain Personal data will be available for otherusersto view. We urge you to exercise discretion and caution when deciding to disclose Personal data about you, or any other information, on the Site. WE ARE NOT RESPONSIBLE FOR THE USE BY ANY THIRD PARTY OFANY PERSONALDATA YOU VOLUNTARILY DISCLOSE THROUGH ANY SUCH SERVICES OR OTHERWISE ON THE SITE; and
With your express consent.
Personal data received from third parties
Your information may be shared with us by independent organizations, for example, organizations that Sunday Riley works with to run partnerships, competitions and events or companies that provideservicesto us.
These organizations will only share your information when there is a lawful basis for them to do so. You should check their Privacy Policies when you provide your information to them, it shouldhelpyou understand how they process and safeguard your data. Some of these organizations include:
Social media and messaging services – Depending on your settings or the privacy policies for social media and messaging services like Facebook Inc, WhatsApp, Twitter, or Google incyoumay give us permission to access information from those accounts or services.
Third party organizations – we may combine information you have given to us with additional information made available from/shared with us by external sources. We will only be able to do this wherewehave a lawful basis to do so.
Cross-border data transfer
This Site is hosted in the United States. In order to communicate with you about products, local events, offers and opportunities, the information that we collect from you may be transferred to, stored, used and processed by SRMS intheUnited States or one of our service providers based in the United States or outside of the United States. Such entities may be engaged in, among other things: (I) preparing and sending newsletters to which you subscribe; (ii) the processingofpayment details; and (iii) the provision of support services.
If you are visiting from the European Union or other regions with laws governing information collection and use that may differ from United States law, please note that you are transferring your personal data to the United States.
Cookies and other tracking technologies
Third-party advertisers on the Site may place or recognize cookies and other technologies on your browsers in connection with their advertisements for statistical purposes; we have no control over cookies placed on the Site bythirdparties.
Personal data over the Internet and other Sites
The Internet is a global network and, therefore, there are times when information about you travels globally and may not always be completely secure. If you provide us with information over the Internet, this will be at your own risk. Byusingthe Site, you agree and authorize us to process information in this way. However, please be assured that we use commercially reasonable procedures and security features to prevent unauthorized access to information about you.
Social Media and User Generated Content
Our social media accounts and apps may allow users to submit contents generated by them. Please note that such contents generated and shared on our social media platforms is public and can therefore be viewed by anyone, pleasebecareful and avoid including certain details such as address details or financial information in these posts. We are not responsible for malicious use of personal data that has been posted on our social media platforms.
Your Rights in Relation to Your personal Information
You may have the following rights under applicable data protection laws:
What does this mean?
The right to be informed
The right of access
You have the right to access any personal data we hold about you (subject to certain restrictions). In exceptional circumstances we may charge a reasonable fee for providing this access although this would have tobepermitted by the law (e.g. Where your request is manifestly unfounded or excessive).
The right to rectification
You have the right to have your personal data rectified if it is incorrect or outdated and/or completed if it is incomplete. If you have an account, it may be easier to correct your own personal data usingthe“My Account” function.
The right to erasure/right to be forgotten
In some cases, you have the right to have your personal data erased or deleted. Although this is not an absolute right, there may be legal or legitimate reasons for retainingyour personaldata.
The right to withdraw consent at any time for and personal data processing based on consent
You can withdraw your consent to our processing of your personal data when such processing is based on consent. Where you withdraw your consent, this will not affect the lawfulness of our processing before yourwithdrawal.Please see the table in section “what personal data do we collect from you and how do we use it” specifically the section “What is our lawful basis for processing your personaldata?” to seewhere/when our processing is based on consent.
The right to object to direct marketing, including profiling
You can unsubscribe or opt out of our direct marketing communication at any time. The easiest way to do this is by clicking the “unsubscribe” link in the email or communication we send you or you can also follow otheropt-outinstructions we may communicate to you. In circumstances where you have the right to object to profiling you should contact us using the method listed below.
The right not to be subject to a decision based solely on automated decision-making which produces legal effects or similarly significant effects
You may have the right not to be subject to such types of automated decisions-making about you, except in circumstances where (I) you gave us your explicit consent to use your personal data to make our decision; (ii)weare allowed by law to make our decision; or (iii) our automated decisions were necessary to enable us to enter a contract with you.
The right to lodge a complaint with a supervisory authority
You have the right to contact the data protection authority of your country to lodge a complaint against our data protection and privacy practices. Do not hesitate to contact us at the details below prior to lodging suchcomplaintswith the relevant data protection authority as we will always seek to resolve your complaint in the first instance.
The right to data portability
You have the right to move, copy or transfer personal data from our database to another. This only applies to personal data that you have provided, where processing is based on a contract or your consent, andtheprocessing is carried out by automated means. See the table in the section “What information we collect about you and why” to see where/when our processing is based on consent or the performance of a contract.
The right to restriction
This right means that our processing of your personal data is restricted, so we can store it, but not use nor process it further.
They apply in the following limited circumstances set out below:
How can I exercise these rights?
For more information on how to requests any of the rights listed above, please contact us using the email address listed in the “How to contact us” section of this page.
a) Marketing/Promotional Communications and opt-out
At any time, you can add your name to a SRMS marketing and/or promotional list by contacting us at firstname.lastname@example.org. If at any time you would like to stop receiving marketing and/orpromotionalinformation from SRMS, you can opt-out by (1) emailing us at email@example.com or(2) byclicking on the unsubscribe link in the bottom of SRMS promotional emails or text messages sent to you. We will endeavor to comply with your request as soon as reasonably practicable. Please keep in mind that if youopt-out ofreceiving promotional messages from this Site, we will continue to send you transactional messages and important account-related information on products or services offered through this Site.
Retention and deletion of personal data
Our websites, online services and products are not directed at children. We do not knowingly solicit or knowingly collect personal data from children under the age of 16. If you are under 16, you may not useourSite.
If we become aware that you are under this age and are attempting to or have submitted Personal data via the Site, we will not accept such information and we will take steps to remove such information from our records. This may involveushaving to access and verify your age and other relevant details.
Changes to this Notice
How to Contact Us
If you have any questions or comments about this notice, the ways in which SRMS collects and uses your information described here, your choices and rights regarding such use, please do not hesitate to contact our DataProtectionOfficer:
Sunday Riley Modern Skincare, LLC
4444 Westheimer Rd, Ste G305
Houston, TX 77027
Phone: 346 220 1719
“If you are located in the EEA or the United Kingdom and have questions about your personal data or would like to request to access, update or delete it, you may contact our representative at:
Bird & bird GDPR Representative Services SRL
Avenue Louise 235
Key contact: Vincent Rezzouk-Hammachi
Bird & Bird GDPR Representative Services UK
12 New fetter Lane
Key contact: Vincent Rezzouk-Hammachi
If you need access to this Notice in an alternative format due to having a disability, please contact us by email at firstname.lastname@example.org or via phone at 346 220 1719.