Effective Date of this Policy: July 1, 2020
Lush: A Beauty Lounge (“We” or “Us”) (“we,” “us,” or “our”) offer services and products (collectively, “Services”) to our customers, website visitors, and users (“you”). We also own this website, lushbeautyloungeco.com (the “Site”), to help us provide these Services to you. We sometimes collect Personal Information to provide information and Services that you request, and to better understand our customer’s wants and needs. Personal Information is information that specifically identifies an individual. Personal Information can include, but is not limited to, your name, address, e-mail address, phone number, and credit card information. Personal Information also includes the specific types of information defined under locally applicable law.
This Policy applies only to Personal Information collected through the Site and does not apply to any other data or information collected by us online or offline except to the extent this Policy is expressly referenced or incorporated into such other Services, such as by internet link on a website or presentation or display to Users.
What Types of Information Do We Collect?Information You Voluntarily Provide
We collect Personal Information you and others voluntarily provide when you use the Site and the Services. This could include information when you create an account, sign up for news alerts or newsletters, or contact us with questions. There may also be optional functions of the Site that you must provide Personal Information to use. The ways we will use such information will be provided on the page where you provide that information. Such optional services may include:
- You opting in to location-based services;
- Use of integrated services with third parties (e.g., logging using credentials from a different platform, linking accounts from different platforms)
- Forum subscriptions after you create a forum registration;
- Submitting general contact forms; and
- Submitting inquiries in any form (e.g., e-mail, phone, mail, etc.).
When you provide us with Personal Information, you agree to provide accurate, complete and true information. You agree to not use a false or misleading name that you are not authorized to use.
In order to provide our Services and deliver products, we also need to collect and store Personal Information. The types of information we may collect from you may include name, physical address, email address, telephone number, date of birth, gender, geographic area, geolocation information (using your IP address, GPS, or sensors in nearby equipment, such as WiFi access points and cell towers), and any other information you choose to provide in connection with the Services.Information Your Web Browser Provides
We may also use information in the aggregate that has no personal identifying characteristics to understand aggregate user and customer behavior. Non-personally identifiable information is not treated the same as Personal Information and we may use and disclose such information for various purposes.Cookies and Similar Technology
How Do We Use and Share Personal Information?Use
We use collected Personal Information to authenticate your access and use of the Site; to respond to your e-mail inquiries (when we deem such response to be appropriate); to respond to your submission of “Contact Me,” “Register Now,” “Get Started,” “Message Provider,” or other forms which involve your requests for information from us; to send you notices about changes to the Site; to send you notices about our services (including service-related announcements): to send you marketing information through our CRM system; and to manage and improve the Site to optimize our products and services.
We may use Personal Information to send you marketing materials that we believe might match your interests. You are able to opt-out of these marketing materials by using a link within the materials themselves.
We may use location or other information that you provide to better deliver personalized content to you.
We may also use your Personal Information (such as search terms) to optimize our exposure and availability on external web search engines such as Google. More on this use may be found below.Sharing
There may be times when we need to share your Personal Information with third parties to provide you Services, for the proper functioning of website features, to comply with the law, and for other lawful bases consistent with locally controlling laws and regulations. The occasions when we will share your Personal Information because of these reasons are explained below.Service Providers
We may use third party data analytics services to maintain databases, distribute information, process transactions, and for hosting services. When we engage a Service Provider to provide such business-related functions, we limit the amount and types of Personal Information we share and insist upon reasonable measures on behalf of the Service Provider to safeguard such information.Business Transfers
We may disclose Personal Information if we believe we must to comply with a law, or if disclosure is in our interest to protect property or other legal rights. This may include disclosing Personal Information to enforce contracts and agreements, to protect the rights or property of others, or to help protect the security of our Service and the information of other users.Integrated Services
Our Services and Site may allow you to integrate accounts with a third party service. When you elect to integrate your accounts, you are electing to share your Personal Information with the third party for this purpose. Any Personal Information disclosed to a third party providing an integrated service is outside of our control and is subject to that third party’s own terms and policies.Location Information
We may share aggregate, non-personally identifiable location information with third parties to assist in understanding our user’s interests and usage of our Site and Services.
We may use third party data analytics services to help us improve our services.
These include Google Analytics, which helps us understand how you use our Services. Google Analytics collects data about your traffic via Google advertising cookies and anonymous identifiers, as well as data collected through standard Google Analytics implementation. We strive to adhere to Google Analytics Advertising policies.
We will not facilitate the merger of personally identifiable information with non-personally identifiable information collected through any Google Advertising product or feature.
We reserve the right to test, turn-on, or turn-off any of the Google Analytics features from time-to-time without notice to you. By utilizing certain Google Analytics Advertising features, we are required to disclose the following information:
We use the following Google Analytics Advertising Features: The Site may employ Google® Analytics Display Advertising features.
The Site and other third-party vendors may use first-party cookies (such as the Google® Analytics cookie) or other first-party identifiers, and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together. Visitors to the Site can opt-out of the Google® Analytics Advertising Features used, including through Ads Settings, Ad Settings for mobile apps, or any other available means (for example, the NAI's consumer opt-out).
We store the information we collect about you for as long as is necessary for the purpose(s) for which we collected it and in accordance with applicable law and legitimate business interests.
When assessing the data retention period, we take into account the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the information, the purposes for which we process the data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Security of Information
We have reasonable and appropriate security measures in place to protect against the loss, misuse, and alteration of any personal information we receive about you. We maintain appropriate security standards to protect the personal information that we maintain.
Unfortunately, no data transmission or storage can be guaranteed to be completely secure. As a result, while we strive to protect your personal information, you acknowledge that: (a) we cannot control security and privacy indefinitely; (b) the security, integrity, and privacy of information or data exchanged between you and us cannot always be guaranteed; and (c) any such information and data may be viewed or compromised when in transit by a third party.
Accuracy of Information
We strive to keep our records accurate and will make appropriate corrections when you notify us. Please let us know if there is incorrect information in any statements or other communications that you receive from us. If you would like to correct or update your personal information, please contact us at Dataprivacy@revlocal.com.
Questions About Your Data
If you have questions about this Policy, or how we handle your Personal Information, please contact us at: Dataprivacy@revlocal.com.
Special Disclosures“Do Not Track” Disclosures
Our Services and Site are not directed at children under the age of 13, and we do not knowingly collect Personal Information from children under the age of 13 without obtaining parental consent. It is our procedure to promptly delete any Personal Information collected from a child under the age of 13 upon discovery of such a circumstance. If you believe that we may have collected Personal Information from a child under the age of 13, please contact us using the contact information at the end of this Policy and we will take appropriate steps to rectify this inadvertent collection.
Your California Privacy Rights
Likewise, other California Privacy laws may apply to you in certain circumstances.
Pursuant to California Business and Professions Code Section 1798.83 (or such successor provision), as amended and supplemented, residents of California have the right to request from a business with whom the California resident has an established business relationship certain information with respect to the types of Personal Information the business shares with third parties for those third parties’ direct marketing purposes and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year.
In addition, an operator of a commercial website subject to California Business and Professions Code Section 22581 must allow California residents under age 18 who are registered users of online sites, services or applications to request and obtain removal of content or information they have publicly posted. If this applies to you and you wish to make such a request, your request should include a detailed description of the specific content or information to be removed. Please be aware that your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.
European Data Subjects
The European Union (“EU”) General Data Protection Regulation (“GDPR”) provides certain regulations for the processing of personal data of users who are located within the EU. The GDPR applies when an entity offers goods or services to a person located within the EU or monitors the behavior of a person if the behavior takes place in the EU.
In the event that we offer Services subject to the GDPR, we will comply with the requests of European data subject requests to: (1) access Personal Information, (2) have inaccurate or unnecessary Personal Information rectified or deleted, or (3) stop using your Personal Information in a certain way. If your use of our Services or Site is subject to GDPR you would also have a right to lodge a complaint with your local EU regulator.
Changes and Updates to this Policy
We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the Site and update the notice's effective date. Your continued use of our Site following the posting of changes constitutes your acceptance of such changes.
Lush: A Beauty Lounge Privacy Notice for California Consumers
Effective Date: July 1, 2020
Last Reviewed on: June 30, 2020
This Privacy Notice for California Consumers supplements the information contained in the Privacy Statement of #Business Name# (“collectively, “we,” “us,” or “our) and applies solely to all visitors, users, and others who reside in the State of California ("consumers" or "you"). We also own this website, www.revlocal.com (the “Site”), to help us provide our services to you. We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this Notice.
To the extent temporarily exempted from application of the CCPA, this Notice does not apply to employment-related personal information collected from California-based employees, job applicants, contractors, or similar individuals (“employment information”) or to personal information reflecting a written or verbal business-to-business communication ("B2B personal information"). For clarity, to the extent required by Cal. Civ. Code 1798.100, this Notice does apply to employment information in so far as the law requires disclosure at or before the point of collection of the categories of personal information to be collected and the purposes for which the categories of personal information shall be used.
This Policy applies only to Personal Information collected through the Site and does not apply to any other data or information collected by us online or offline except to the extent this Policy is expressly incorporated in connection with such other Services, such as by internet link on a website, reference within a contract, or other presentation or display to Users.
Information We Collect
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device ("personal information"). Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA's scope, like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
In particular, we have collected the following categories of personal information from its consumers within the last twelve (12) months:
||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some personal information included in this category may overlap with other categories.
|C. Protected classification characteristics under California or federal law.
||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
|D. Commercial Information
||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
|E. Biometric Information
||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
|F. Internet or other similar network activity
||Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
|G. Geolocation data
||Physical location or movements.
|H. Sensory data
||Audio, electronic, visual, thermal, olfactory, or similar information.
|I. Professional or employment-related information.
||Current or past job history or performance evaluations.
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
|K. Inferences drawn from other personal information.
||Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following purposes:
- To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery.
- To provide, support, personalize, and develop our Site, products, and services.
- To create, maintain, customize, and secure your account with us.
- To process your requests, purchases, transactions, and payments and prevent transactional fraud.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To personalize your Site experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Site, third-party sites, and via email or text message (with your consent, where required by law).
- To help maintain the safety, security, and integrity of our Site, products and services, databases and other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improve our Site, products, and services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our [Website users/consumers] is among the assets transferred.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
Disclosures of Personal Information for a Business Purpose
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
Category A: Identifiers.
Categories of Disclosures
Category B: California Customer Records personal information categories.
Category C: Protected classification characteristics under California or federal law.
Category D: Commercial information.
Category F: Internet or other similar network actiity.
Category G: Geolocation data.
Category H: Sensory data.
Category I: Professional or employment-related information.
Category K: Inferences drawn from other personal information.
We disclose your personal information for a business purpose to the following categories of third parties:
Sales of Personal Information
- Our affiliates.
- Service providers.
- Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.
In the preceding twelve (12) months, we have not sold any personal information.
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
We do not provide these access and data portability rights for employment or B2B information.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We do not provide these deletion rights for B2B personal information.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include:
- We will use the data we have to match against data provided.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an account with us.
We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Other California Privacy Rights
California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our Site that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to Dataprivacy@revlocal.com or write us at:
Attn: General Counsel
4009 Columbus Rd. SW Ste 222
Granville, OH 43023
Changes to Our Privacy Notice
We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the Website and update the notice's effective date. Your continued use of our Site following the posting of changes constitutes your acceptance of such changes.
: (800) 456-7470
: Data Subject Request Web Form
Attn: General Counsel
4009 Columbus Rd. SW Ste 222
Granville, OH 43023
1. About this Cookie Notice
This cookie notice applies when you use any of our Services that refer or link to this notice. This notice may be supplemented by additional cookie notices, or terms provided on certain areas of the Service or during our interactions with you.
With the exception to the cookies that are set by third parties, the company that owns or administers the Service, as identified therein, is the primary controller of your personal information provide to, or collected by or for, the Service.
2. What are “Cookies” and Why Do we Use Them?
Cookies are small text files that are placed on your computer by websites that you visit. Cookies are widely used in order to make websites and applications work, or work more efficiently, and help them remember certain information about you, either for the duration of your visit (using a "session" cookie) or for repeat visits (using a "persistent" cookie).
The cookies used on this website are as follows:
Strictly necessary cookies: These cookies are essential in order to enable you to move around the website. They are usually only set in response to actions made by you which amount to a request for service, such as setting your privacy preferences, logging in or filling in forms. For example, authentication and security cookies are used to identify and recognize registered users and to enable them to gain access to requested content or features. You can set your browser to block or alert you about these cookies, but without these cookies, services you have asked for cannot be provided. See below for more information on how to manage the collection of this information, or, refer to your email browser or device instructions.
Functionality cookies: These cookies allow our websites to remember the choices you make and your account preferences and to provide enhanced, more personal features. These are set by us or by our third party providers whose services we have added to our pages. For example, these cookies will remember your log-in details. You can set your browser to block or alert you about these cookies, but without these cookies, services you have asked for cannot be provided. See below for more information on how to manage the collection of this information, or, refer to your email browser or device instructions.
Performance cookies: These are analytics and research cookies that allow us to count visits and measure traffic, so we can measure and improve the performance of our site. They also help us to know which pages are the most and least popular, and see how visitors move around the site. This helps us to improve the way the website works and improve user experience. All information these cookies collect is aggregated and therefore anonymous. You can set your browser to block or alert you about these cookies. Blocking these cookies will not affect the service provided you. See below for more information on how to manage the collection of this information, or, refer to your email browser or device instructions.
Targeting cookies: These cookies are set by us and our advertising partners to record your visit to the website, the pages you have visited and the links you have followed. We, and our advertising partners, will use this information to make the website, and, the advertising displayed to you more relevant to your interests. You can set your browser to block or alert you about these cookies. Blocking these cookies will not affect the service provided you, but will limit the targeted advertising that you will see, or limit our ability to tailor the website experience to your needs. See below for more information on how to manage the collection of this information, or, refer to your email browser or device instructions.
Third Party and Social Media Cookies: These cookies are set by a range of social media services that we have added to our websites that enable you to share our content with your colleagues, friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages that you see on other websites that you visit. If you do not allow these cookies you may not be able to use of see the social media sharing tools. See below for more information on how to manage the collection of this information, or, refer to your email browser or device instructions.
Tracking Technologies Including Pixels, Script, Web Beacons/Gifs, Page Tags: These files, or, code may be included in our emails and mobile apps to record how you interact with us, to help us better analyze and improve our services to you. Again, you can block the cookies either through your browser or device settings, and these settings will apply to all cookies whether included on websites or in emails. However, in some instances, depending on your email or browser settings, the files may be automatically accepted (for example, when you've added an email address to your address book or safe senders list). See below for more information on how to manage the collection of this information, or, refer to your email browser or device instructions.
You can prevent your browser from accepting certain cookies, have the browser require your consent before a new cookie is placed in your browser, or block cookies altogether by selecting the appropriate settings on your browser privacy preferences menu.
The links below will help you find the settings for some common browsers (please note that we are not responsible for the content of external websites):
For all other browsers, or, for alternative advice, help may be sought by visiting www.allaboutcookies.org, or, via your device user manual, or, online help files. For information on how to opt-out of cookies set by our suppliers, please visit the applicable links listed in the table above.
4. Third Party Web Advertising Services
The following sites may be used to register your 3rd party opt-out preferences:
Please note: Clicking the links above will redirect you to the appropriate third party website. We are not responsible for the content of external websites. Opting out of Advertising Cookies will not remove advertising from the pages you visit; instead it means the ads you will see may not be matched to your interests.
We reserve the right to amend this notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the Site and update the notice's effective date. Your continued use of our Site following the posting of changes constitutes your acceptance of such changes.
If you have any questions, comments, complaints or requests regarding this cookie notice, or our processing of your information, you can contact us at: Dataprivacy@revlocal.com.
You may also lodge a complaint with the data protection authority in the applicable jurisdiction.