PRIVACY POLICY

This privacy policy was last updated on December 30, 2022.

You make our world beautiful. We love nothing more than to see our community of members thrive. We know you're unique, and we know you trust us with your personal information when you visit or join our community. This Privacy Policy spells out our commitment to protect that trust. It explains our privacy practices for IPSY.com and the IPSY app (collectively, the "Site") and the services and events (together with the Site, “Services”) provided by Personalized Beauty Discovery, Inc. ("IPSY," "we," or "us").

We believe in full disclosure when it comes to our privacy practices. This Privacy Policy explains what information we collect from you, how we collect it, how we use it and how we protect it. We want you to feel safe in our community, so we use industry-standard safeguards and procedures. We also let you control how much personal information you share and how certain information is used.

To make our data collection practices easier to understand, we have provided some quick links to different sections of our Privacy Policy. Please be sure to read our entire Privacy Policy to fully understand our practices and how we handle your information.

This Privacy Policy contains the following sections:

  1. Information We Collect or Receive From You

  2. What We Do with Your Information

  3. Online Analytics and Tailored Advertising

  4. Managing the Information You Share with Us

  5. Your Rights

  6. Protecting Your Information

  7. Children's Privacy

  8. Notice to California Residents - Your Privacy Rights

  9. Notice to Nevada Residents

  10. Data Retention

  11. International Data Transfers

  12. Updates to This Privacy Policy

  13. Contact Us

Introduction

By using our Services, you accept the terms of this Privacy Policy. You're not authorized to use the Services unless you agree with this Privacy Policy. This Privacy Policy applies only to our Services. We're not responsible for the practices employed by any third-party sites including ones to which we link or that link to us. Those sites will have rules and practices of their own. If you have any questions or concerns about this Privacy Policy or our privacy practices, please email us at: privacy@IPSY.com.

  1. INFORMATION WE COLLECT OR RECEIVE FROM YOU

    We collect information from you on our Services to provide a meaningful, safe, efficient, and customized experience. We use this information to:

    • make it easier for you to use this Site,

    • communicate with you about your orders, billing and payment,

    • verify your identity when you make a purchase on the Services,

    • help you more quickly find information on IPSY's products and services,

    • provide targeted online marketing for the Site,

    • create content on this Site that's more relevant to you, and

    • alert you to new products, services and special offers that might specifically interest you.

    1. Information You Provide.

      1. When You Join IPSY. In order to join IPSY you must complete a beauty quiz that asks for beauty profile information like your skin tone, eye color, hair color, beauty brands and products you love, and where you usually shop for beauty products (your "Beauty Profile"). We use the Beauty Profile information to personalize your experience. If you subscribe to one of our Glam Bag programs then we will use the Beauty Profile information to send you Glam Bag items that fit your unique profile, alerts about IPSY products, services, and other beauty news that might interest you.

        At the end of the beauty quiz, in order to join IPSY you must choose a username and password. Your username will be visible to other Ipsters when they visit the Site, so please choose carefully. You also must provide a valid email address and your age. We use your email to communicate with you about our Site and your account. We ask for your age to make sure you're old enough to use our Site and services.

        If you provide us your email address but choose not to become a member, then we will retain your email address for a period of time to invite you back to the Site.

      2. When You Order from Us.

        If you subscribe to one of our monthly subscription services or order any products from our Site, you must provide your: name, shipping address, billing address, and credit card information. If you order products through IPSY Shopper or our IPSY app, your name, shipping address, and email address may be shared with our Brand Partners, whose products you are purchasing. Brand Partners are those beauty brands that you love whose products are featured on our Site or in our subscription services.

        We use this information, along with your email, for billing purposes, to fulfill your orders, and to communicate with you about your orders.

        We collect your credit card information through our Site. The credit card information is encrypted and transmitted for storage to a high security vault according to strict industry standards. Once the data reaches the vault it is "tokenized". That means no credit card information is retained in IPSY's own systems. Instead we retain a token associated with your account that has no intrinsic value. Your credit card information is not exposed anywhere in our own systems. Please do not send your credit card information to our team directly, for example by sending this information to an IPSY customer care representative. Please use our secure, online system to enter your credit card information.

      3. When You Request Information from Us. If you want us to notify you regarding particular products or special offers, contact us through IPSYCare, or if you sign up for our emails or SMS (text) messsages, you'll need to give us your email address or mobile number. We use them to honor your requests, whether that's emailing or texting you information about certain products or emailing or texting you to tell you about an IPSY offer. You may choose to opt out of receiving these type of marketing messages at any time by clicking on the appropriate link at the bottom of the email you receive or by texting “STOP” to cancel the text message you receive.

      4. When You Post Public Content. We use this content to bring our community of fabulous Ipsters to life.

        Public information you post on the Site. Information you post publicly on our Site is intended for public consumption. Please be aware that your username and profile image will be publicly displayed whenever you post a comment or review. In addition, postings you make on our Site may appear when Internet users execute searches on the subject of your posting. If you do not want this information to be displayed, you may terminate your account at any time. Please note that if you are a minor, living in California, and you have posted information publicly that you cannot remove yourself, you have the right to request it be hidden from public view. If you wish to have this information removed, please email us at privacy@IPSY.com and request removal. We may request additional information from you in order to complete your request.

        Site visitors may be able to identify you or associate you with your IPSY account if you include personal information in your account profile or in any content you post. We cannot control who reads your postings or what other users may do with the information you voluntarily post, so we encourage you to exercise discretion and caution with respect to your personal information.

        You can reduce the risk of being personally identified by choosing a username and profile image that do not identify you and by taking care to exclude any personal information in your comments, reviews, looks, or videos. You can change your username and profile picture at any time by logging into your account.

        Public information you post on other sites. We also may collect information you post publicly on third-party sites, but only if you choose to follow instructions we provide. For example, we may collect pictures you post publicly on Instagram and re-post them on our Site, but only if you choose to use the hash tag "#IPSY" inside your Instagram post. You can always have us remove the information from our Site by contacting us through help.ipsy.com.

      5. When You Share Information about Your Contacts. You may choose to share personal information about friends, relatives or colleagues with IPSY, such as the person's name, shipping address and email address. Please do not do so without their express permission.

        You may choose to manually invite your friends to IPSY by using the "Invite with Email" button on the Site or by uploading data about your contacts to the Site. You also may grant IPSY permission to access your contacts list and pull the email addresses of your contacts to invite them to the Site.

        If you use the Site to send others an email invitation to become an IPSY member or subscriber, we may store the personal information of each recipient in order to process those requests or facilitate future activities. All information that you enter or upload about your contacts is covered by this Privacy Policy and our. We use this information about your friends to enable IPSY to send invitations and reminders to your friends and to ship products to your friends, if applicable. By providing personal information of others to IPSY, you represent that you have their permission to do so.

      6. When You Connect to Us with a Third-Party Service. You can connect to your IPSY account using external third-party services. The Site collects personal information about you from your social media accounts, but only if you opt-in and permit us to do so. When you connect to us through a third-party service like Facebook, Twitter, YouTube, and Instagram, we receive information from that third party identifying your account. We collect and store this information and use it to help you connect to our Site and to share your public content. Connecting your IPSY account to a third-party service is completely optional, and you will have the opportunity to grant permission when you attempt to connect. You can revoke permission by logging into the third party service and disconnecting the IPSY application from there, and through the native applications on your smart phone. We may retain the information we collected previously from you.

      7. When You Opt-In to Receive Text Messages. When you opt into SMS messages you provide your express written consent for IPSY to contact you through the phone number you provide. When you opt-in to SMS Messaging Services, we will send you an SMS message to confirm your signup. Message frequency varies. You may cancel the SMS Service at any time. Reply “STOP” to cancel and “HELP” for assistance. The SMS Messaging Service is provided by participating third-party mobile phone/wireless carriers. Message and data rates may apply. If you have any questions regarding your text or data plan, please contact your mobile phone/wireless carrier. Carriers are not liable for delayed or undelivered messages.

      8. When You Participate In a Contest or Promotion. When you participate in contests and promotions, we collect and process information that is necessary to perform our contract with you and allow you to participate in contests and promotions offered or sponsored by IPSY, our co-marketing partners, and sponsors. This includes your personal identifiers (such as your name and email address). Your personal information may be shared with our co-marketing partners and sponsors to allow them to fulfill their contest obligations and for subsequent marketing offers and resources, newsletters and other company updates, in accordance with your marketing preferences.

      9. When You Interact with Our Chat Bot. When you go to our help site for information and interact with our virtual assistant, the Glam Bot, we may record your chat. The recording may be used for training purposes or to track any issues or concerns you bring to our attention so that we can improve our site or services. We kindly ask that you not include any sensitive personal information or credit card numbers in your chat. We may, however, ask you for information like your name or email address only for purposes of locating your account so that we may better serve you. Please note that IPSY does not sell or share any personal information that you may provide to the Glam Bot with third parties.

    2. Information We Automatically Collect or Receive.

      1. Log Files. Like most sites, IPSY automatically receives and stores in log files certain information from your browser when you visit the Site. This information includes your Internet protocol ("IP") address, browser type, Internet service provider, the referring/exit pages, your operating system, and the date/time stamp of your Site visit.

      2. Cookies and Other Tracking Technologies Policy.

        We use a variety of technologies to help us understand how you use IPSY.com, our IPSY apps, and our services so that we can provide you with a better experience. This guide explains the tracking technologies IPSY uses and is part of our commitment to a high standard of transparency in our privacy practices.

        (i) Types of tracking technologies

        • Cookies. This is a small data file sent from a server to your web browser that is stored in your browser and sent back to the server each time the browser makes a request to the server. Cookies can improve a site user's experience by, for example, allowing the site to keep a user logged in while browsing, saving a user's site preferences, and allowing a user to add items to a shopping cart and preserve cart contents between site visits, even when the user is not logged in.

        • Clear gifs, web beacons, tracking pixels. These are tiny graphics with a unique identifier. They function similarly to cookies and are used to track the online movements of web users. Unlike cookies which are stored on a user's computer hard drive, clear gifs are embedded on web pages and are single pixel wide. Tracking pixels helps us to understand the effectiveness of different parts of the website so that we can offer content that is relevant to you.

        • GeolocationIf you have turned on location services in your mobile device, we may collect information about your geolocation. If you do not want us to collect this information, you may turn off location services on your smart phone. Turning off location services will not affect your ability to access the app.

        • SDKs. Software development kits (“SDKs”) are blocks of code provided by our partners that may be installed in our mobile applications. SDKs help us understand how you interact with our mobile applications and collect certain information about the device and network you use to access the application.

        (ii) Tracking Technology Lifespans

        • Single-session tracking technology: lasts only as long as your site visit. Single-session cookies expire and delete themselves when you leave the site or close your browser. They are used for technical purposes such as enabling better navigation through a site or generating aggregated statistics about how a site is used. Single-session cookies do not publicly expose your personal information.

        • Multi-session or persistent tracking technology: remains on your browser or mobile device until you choose to delete it or the cookie expires. Persistent cookies are used to recognize a computer that has previously visited a site. This can improve the user's experience, for example by continuing preference settings from previous visits and by allowing users to login without entering a password with every site visit.

        (iii) Tracking Purposes

        We use tracking technologies for these general purposes:

        • Because it is strictly necessary. This tracking is needed to make IPSY work properly.

        • For performance. This tracking helps IPSY understand how the Site is functioning so IPSY can improve the Site.

        • For functionality. This tracking retains your personal preferences as you use the Site.

        • For advertising. This tracking helps us to refrain from delivering advertising to you that is not of interest to you

        (iv) Cookies IPSY currently uses

        • Single session cookies are used to ensure the Site displays correctly on your device.

        • Persistent cookies are used to measure Site metrics such as which pages are popular, how often people visit the Site, whether people are visiting the Site for the first time, and whether visitors make purchases on the Site. They also are used to enhance Site functionality, for example to allow returning users to use the Site without logging in.

        (v) Cookies for email subscribers

        We may use cookies to measure the effectiveness of our email communications and to tailor email content. For example, we may connect the data showing that you clicked a link in an email from IPSY then completed an action on our Site such as buying a Glam Bag. This links cookie data with an individual user, so we only do this for users who have consented and opted in to receiving emails from IPSY.

        (vi) Third Party Cookies

        IPSY partners with third-party service providers who set cookies and tracking pixels for Site visitors and members on our behalf in order to deliver their services. These services include targeted online marketing and analysis of data collected through cookies. These technologies allow a partner to recognize your computer or mobile device each time you visit IPSY.com or other sites that also utilize the third party's services, but do not allow access to personally identifiable information from IPSY.

        Third parties may choose to include IPSY widgets on their sites. When you load a site that has chosen to include our widgets, we receive analytics information through a cookie that may be used to enhance our data or to improve our services.

        IPSY does not have access to or control over these third-party technologies, and they are not covered by our Privacy Policy.

        (vii) Managing Cookies

        You can delete cookies stored in your browser at any time. You also can choose not to accept cookies from any site, including IPSY.com, by changing the settings of your browser. If you reject or block all cookies in your browser settings, then you will not be able to fully use IPSY's services.

        (viii) Do not track

        IPSY does not currently take steps to respond to browsers "Do Not Track" signals as no uniform standard to respond to such signals has been developed at this time. Please note that Do Not Track is a different privacy mechanism than the Global Privacy Control browser choice referenced below.

      3. Information from other sources. We may receive information about our users from third party social platforms, such as Facebook or Instagram. When you access or use our site or mobile application through such a site, you allow us to access or collect information made available by the third party site in accordance with its privacy policy. This information may be available from your profile or account with the third party site or from cookies placed on your device by the third party site. Depending on your privacy settings this information may include: Facebook interests, gender, friends and location.

      4. Information collected automatically. We automatically collect information from your browser or device when you visit the Site. This information includes your IP address, device ID, your browser type and language, access times, the content of any undeleted cookies that your browser previously accepted from us, and the referring site address.This information also includes your operating system or application, your location, and your activities voluntarily have submitted to us (for example, your email address).

      5. Information collected from your mobile device When visiting any of our mobile applications, we may use an advertising identifier created by your mobile operating system to store information on our servers and later retrieve it. The Android Advertising ID and Apple iOS IDFA are examples of advertising identifiers. For more information about advertising identifiers, please check the settings of your mobile device.

    3. Other Information We Receive About You.

      As you might expect, we usually collect or receive information through our Services. But we also may collect information offline, and it's important to us that we preserve the privacy of your personal information both online and off. For example, if you enter a drawing or request information at one of our live events such as IPSY Live, we may ask for your email address. We treat offline information collection, uses, and disclosures consistently with our online privacy practices.

      If you're not an IPSY member but we contacted you, then we may have received your contact information from one of your friends. An IPSY member may give us your name and email address so IPSY can send a personalized invitation to you to join IPSY. We also may send you personalized email ‘reminders' about IPSY from your friends. Similarly, an IPSY member may provide your personal information to us so we can ship a gift or other merchandise to you. We ask your contacts to share your personal information only with your permission, and you may unsubscribe from any marketing email you receive by following the unsubscribe link contained at the bottom of the communication.

  2. WHAT WE DO WITH YOUR INFORMATION

    Information we collect from you may be either personal or aggregate. Personal information is identifiable to you, like your name, email address, shipping and billing addresses, credit card information, and phone number. Aggregate information is summary data of the behaviors and interests of groups or categories, so it won't identify you.

    1. Aggregate Information. We use aggregate information for the purposes of internal business research, sales and business development and reporting back to our brand partners. We may share aggregated information about our visitor and user base with third parties such as our Retail Partners. This information may include the number of daily visitors to our Site and the number of orders placed on a certain date. We also may share Beauty Profile information with brand partners. We do not link aggregated data with our Ipsters' personal information.

    2. Personal Information. We use your information to fulfill transactions requested by you and to send you offers of products and services that may be of interest to you, and for the purposes described above. The following describes the limited circumstances in which we may share your personal information:

      1. Disclosures to IPSY Agents, Consultants and Related Third Parties. Like most Internet retailers, we use third parties to help ensure our business runs smoothly. We disclose your information to these third-party companies so they can perform their specific functions for us. For example, we may provide your name, shipping address, email and phone number to third-party shippers like the U.S. Postal Service, the United Parcel Service or DHL to deliver our products to you. We also may provide your credit card information to third-party credit card processors and issuers to help us process your orders from us. IPSY’s third party vendors may recognize a tracking code used by your browser or application to enable you to receive customized content, or to enable you to use other technologies such as tags and scripts. The tracking code may reflect de-identified demographic or other data linked to data you. When we employ other companies to perform functions of this nature, we only disclose the information that they need to perform their requested function. We do not authorize them to retain, share, store, or use personal information provided by us for any other purpose.

      2. Disclosures Required by Law or Otherwise. We may disclose your personal information if we believe, in good faith, that it's necessary to: (1) comply with a legal obligation such as in response to a court order or subpoena; (2) protect the safety of fellow Ipsters or the public; (3) protect against legal liability; or (4) protect and defend IPSY's rights or property.

      3. Disclosures for a Business Transaction or Insolvency. We also may disclose your personal information in connection with an actual or proposed corporate transaction or insolvency proceeding involving all or part of IPSY's business or assets. For example, if we merge with another company, we may disclose your personal information to that company, but the disclosure would be subject to our Privacy Policy.

      4. Disclosures through Social Media. Remember that you control the privacy settings on each of your social media platforms. We allow you to share information from the Site to social media. In order for this to happen you first must opt-in. You can revoke permission to do this by logging into the social media service and disconnecting the IPSY application from there.

      5. Disclosure to Affiliates. Affiliates are companies that are owned or controlled by IPSY. We may share your personal information with our Affiliates in order to bring new product offerings to you.

      6. Disclosure to Third Parties. Occasionally, we may share personal information with third-parties including:

        • to other users: We may provide our users with the ability to interact among themselves via user forums or discussion threads that allow users of the Sites to share information or exchange products among other users. You should be aware that any information you provide on these forum and discussion threads - including profile information associated with the account you use to post the information - may be read, collected, and used by any member of the public who accesses the Sites. Your posts and certain profile information may remain even after you terminate your account. We urge you to consider the sensitivity of any information you input into these forums and discussion threads. To request removal of your information from publicly accessible websites operated by us, please contact us as provided below. In some cases, we may not be able to remove your information, in which case we will let you know if We are unable to and why;
        • to our brand partners: We use aggregate information for the purposes of internal business research, sales and business development and reporting back to our brand partners. This information may include the number of daily visitors to the Sites and the number of orders placed on a certain date. We also may share product reviews with brand partners. We may also share the product reviews you post with our brand partners who may repost your reviews about their products on their websites or social media channels owned and operated by those brand partners;
        • to our advertising partners: We may partner with third party advertising networks, exchanges and Social Networking Services (like Facebook) to display advertising on our Sites or to manage and service advertising on other sites and we may share personal information with them for this purpose;
        • to third partiesy providing search results and links (including paid listings and links);
        • third party marketers: We may disclose your personal information to third party marketing cooperatives to enhance our marketing efforts and to offer new products and services to you; and
        • to any other person or entity with your consent to the disclosure.
      7. Fraud Prevention and Credit Risks: We use personal information, such as your personal identifiers (including your name and contact details), financial information (including your payment details), and commercial information (such as your purchase history and tendencies) to prevent and detect fraud and abuse in order to protect the security of our customers, IPSY, and others and we rely on our and third parties' legitimate interest in promoting the safety of our Services and in protecting our rights and the rights of others. We may also use scoring methods to assess and manage credit risks. Where we need your consent to collect and use your personal information under applicable data protection laws, we will ask for this at the relevant time and make clear the purposes to which you are consenting.

    3. ONLINE ANALYTICS AND TAILORED ADVERTISING

      Analytics

      We may use third-party web analytics services on the Site, such as those of Google Analytics. These service providers use the sort of technology described in the “Information We Automatically Collect or Receive” section above to help us analyze how users use the Site, including by noting the third-party website from which you arrive. The information collected by the technology will be disclosed to or collected directly by these service providers, who use the information to evaluate your use of the Site. We also use Google Analytics for certain purposes related to advertising, as described in the following section. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-Out Browser Add-on.

      Tailored Advertising

      We may allow certain third parties (e.g., ad networks and ad servers such as Google Analytics) to serve tailored marketing to you and to access their own cookies or other tracking technologies on your computer, mobile phone, or other device you use to access the Site. We neither have access to, nor does this Privacy Policy govern, the use of cookies or other tracking technologies that may be placed on your computer, mobile phone, or other device you use to access the Site by non-affiliated, third-party ad technologies, ad servers, ad networks or any other non-affiliated third parties. Those parties that use these technologies may offer you a way to opt out of targeted advertising as described below. You may receive tailored advertising on your computer through a web browser. Cookies may be associated with de-identified data linked to or derived from data you voluntarily have submitted to us (e.g., your email address) that we may share with a service provider in hashed, non-human-readable form. If you are interested in more information about tailored browser advertising and how you can generally control cookies from being put on your computer to deliver tailored marketing, you may visit the Network Advertising Initiative's (“NAI”) Consumer Opt-Out Link and/or the Digital Advertising Alliance's (“DAA”) Consumer Opt-Out Link to opt-out of receiving tailored advertising from companies that participate in those programs. To opt out of Google Analytics for Display Advertising or customize Google Display Network ads, you can visit the Google Ads Settings page. Please note that to the extent advertising technology is integrated into the Site, you may still receive advertising content even if you opt out of tailored advertising. In that case, the advertising content will just not be tailored to your interests. Also, we do not control any of the above opt-out links and are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms. If your browsers are configured to reject cookies when you visit this opt-out page, or you subsequently erase your cookies, use a different computer or change web browsers, your NAI or DAA opt-out may no longer be effective. Additional information is available on NAI's and DAA's websites, accessible by the above links. When using a mobile application you may also receive tailored in-application advertising content. Each operating system--iOS for Apple devices, Android for Android devices, and Windows for Microsoft devices--provides its own instructions on how to prevent the delivery of tailored in-application marketing content. You may review the support materials and/or the privacy settings for the respective operating systems in order to opt-out of tailored in-application advertising. For any other devices and/or operating systems, please visit the privacy settings for the applicable device or contact the applicable platform operator.

  3. MANAGING THE INFORMATION YOU SHARE WITH US

    • Log Into Your IPSY Account. You can change the personal information you provide to us, including reviews, looks and videos, by logging into your IPSY account and making the appropriate changes.

    • Contact Us. If you are unable to remove content you have posted publicly, you can request that we take down public posts on the Site by contacting IPSYCare. We will remove your public posts from view, but we may retain personal information about you solely for the purposes authorized under this Privacy Policy. For example, we may retain information to prevent, investigate, or identify possible wrongdoing in connection with the Services or to comply with legal obligations. If you do not want your profile information displayed, you may terminate your account.

    • Opt-Out. You can always "opt-out" of having your personal information used for certain purposes. At your request, we will stop sending you certain emails or even deactivate your account to prevent any future purchases through it. You can submit these requests at any time by contacting IPSYCare.

    • Do Not Sell. You have a choice to opt out of sharing your information with our Retail Partners and other third party marketers. In order to opt out of sharing your information, including product reviews, with third parties, you may record your request here.

    • Block Cookies and Targeted Advertising. You can prevent IPSY and its third-party partners from setting and accessing cookies on your computer by setting your Internet browser to block cookies.

    • Cancel Your Subscription or Deactivate Your Account. You may cancel your Glam Bag subscription by logging into your account, clicking on "Account" and choosing "Edit Account Settings". If You need help deactivating your IPSY account, contact IPSYCare.

  4. YOUR RIGHTS

    In addition to the choices described above, the laws of your jurisdiction (including Colorado, Virginia, Connecticut, and Utah) may provide you with certain rights as to your personal information. Applicable law may permit you to request that we:

    • Confirm whether or not we are processing your personal information and provide you with access such personal information;

    • Correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing of the personal information;

    • Delete your personal information;

    • Provide you a copy of personal information that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another business, where our processing is carried out by automated means; and

    • Opt you out of the processing of the personal information for purposes of targeted advertising, the sale of personal information, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.

    Certain information may be exempt from such requests under applicable law. We need certain types of information so that we can provide the Service to you. If you ask us to delete it, you may no longer be able to access or use the Service. If would like to exercise any of these rights, please submit a request at IPSY Data Request or by calling, toll free 1-855-661-0018. Please be aware that we do not accept or process requests through other means (e.g., via fax, social media, email addresses, etc.). You will be required to verify your identity before we fulfill your request. To do so, you will need to provide the information identified in the webform or as otherwise directed by us. IPSY may use your personal information to send you targeted advertising. Targeted advertising (as defined in applicable law) is advertising based on a consumer’s personal information obtained from the consumer’s activity across websites to predict the consumer’s preferences or interests. To opt out of targeted advertising, please visit this link: Do Not Sell Or Share My Personal Information. If we deny your request to exercise any of the rights above, you may appeal that denial by sending an email to privacy@ipsy.com describing in detail why you believe the denial was in error. Your description must include your full name and the email addressed used for your account with IPSY along with a copy of the denial notice you received from IPSY.__________

  5. PROTECTING YOUR PERSONAL INFORMATION

    At IPSY, we take data security seriously. We use industry standard technical, physical and administrative safeguards to secure our customers’ data. Online, we encrypt your personal information using Transport Layer Security (“TLS”). TLS allows for a private, reliable Site connection where your identity is authenticated with cryptography. Offline, we restrict access to your personal information to only those IPSY employees who need it to perform a specific job function. We require all IPSY employees with access to your personal information to follow specific security protocols concerning its proper handling. We also hold our vendors who need access to your personal information to strict confidentiality and security requirements. Third-party service providers assist us with the physical security of some of our computer hardware. When you visit our Site, you access servers that we backup constantly. Our servers are hosted at locations which are private and secure data center facilities, behind physical and virtual firewalls.

    Please remember, however, that while we use industry-standard security measures to safeguard your personal information, we can't guarantee absolute security. We wish we could, but 100% security just doesn't exist anywhere online or off. We recommend that you do your part by keeping your passwords secure, changing them often and not using the same password across multiple accounts.

  6. CHILDREN'S PRIVACY

    We respect children's privacy. The Services are not directed to children under the age of 13 (see IPSY's Terms of Use). We do not knowingly collect, maintain, or use personal information from children under age 13. If a parent or guardian becomes aware that his or her child has provided us personal information without their consent, he or she should contact us at privacy@ipsy.com. If we confirm we collected such information, we will take all reasonable measures to delete that information from our system as soon as possible.

    If you're 16 years old but under the age of majority in your jurisdiction, you must have your parent/guardian's written permission to have an account and we ask that you not submit any personal information to us or post on our Site without the consent and supervision of a responsible parent or legal guardian.

  7. NOTICE TO CALIFORNIA RESIDENTS -- YOUR PRIVACY RIGHTS

    If you’re a California resident, the California Consumer Privacy Act (“CCPA”) requires us to disclose information regarding the categories of personal information and sensitive personal information that we have collected about California consumers, the categories of sources from which the information was collected, the business or commercial purposes (as those terms are defined by applicable law) for which the information was collected, and the categories of parties to whom we disclose personal information.

    Throughout this Policy, we describe the specific pieces of personal information and sensitive personal information we collect, the sources of that information, and how we share it. Under the CCPA, we also have to provide you with the "categories" of personal information and sensitive personal information we collect and disclose for “business or commercial purposes” (as those terms are defined by applicable law). The categories of personal information are identifiers (such as name, address, and email address); commercial information (such as transaction data); financial data (such as credit card and other financial account information); internet or other network or device activity (such as IP address); geolocation information; inference data about you; physical characteristics or description (such as when you complete our beauty quiz); audio and visual information (such as when you call into customer service), legally protected classifications (such as your gender), and other information that identifies or can be reasonably associated with you. The categories of sensitive personal information are account log-in and password or other credentials allowing access to your account, and precise geolocation.

    We or our service providers collect and disclose the above categories of personal information for the purposes described in our Policy. This includes the following business and commercial purposes (as those terms are defined in applicable law):

    • Provide the Services (e.g., account servicing and maintenance, order processing and fulfillment, customer service, advertising and marketing, analytics, and communication about the Service);

    • Operational purposes (e.g. to enable and troubleshoot our Service);

    • Auditing consumer interactions on our site (e.g., measuring ad impressions);

    • Detecting, protecting against, and prosecuting security incidents and fraudulent or illegal activity;

    • Bug detection, error reporting, and activities to maintain the quality or safety of our Service;

    • Short-term, transient use, such as customizing content that we or our service providers display on the Service;

    • Improving our existing Services and developing new services (e.g., by conducting research to develop new products or features);

    • Other uses that advance our commercial or economic interests, such as third-party advertising and communicating with you about relevant offers from third-party partners;

    • Other uses about which we notify you.

    We collect the categories of personal information identified above from the following sources: (1) directly from you; (2) through your use of the Services; (3) affiliates; and (4) third parties such as other users and social networks.

    We describe our information disclosure practices in the Policy above. We may disclose certain categories of personal information to third parties (as defined by the CCPA) for the business purposes described above. For example, we may disclose identifiers (such as name, address, and email address) with our Brand Partners so that they may fulfill your order and ship products directly to you, and contact you about that product.

    Rights of California Consumers

    If you’re a California resident, you may have certain rights. California law may permit you to request that we:

    • Provide you the categories of personal information we have collected or disclosed about you; the categories of sources of such information; the business or commercial purpose for collecting, “selling,” or “sharing” your personal information; the categories of third parties to whom we disclose or “sell,” or with whom we “share,” personal information; and the categories of personal information we “sell.”

    • Provide access to and/or a copy of certain information we hold about you.

    • Delete certain information we have about you.

    • Correct inaccurate personal information that we maintain about you.

    You have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights. Certain information may be exempt from such requests under applicable law. We need certain types of information so that we can provide the Service to you. If you ask us to delete it, you may no longer be able to access or use the Service.

    If would like to exercise any of these rights, please submit a request at IPSY Data Request or by calling, toll free 1-855-661-0018. Please be aware that we do not accept or process requests through other means (e.g., via fax, social media, email addresses, etc.).

    You will be required to verify your identity before we fulfill your request. To do so, you will need to provide the information identified in the webform or as otherwise directed by us. You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us.

    The CCPA requires businesses that “sell” personal information, as the term “sell” is defined under the CCPA, to provide an opt-out from such sales. Some people have taken the position that when a website uses third parties’ cookies or similar technology for its own analytics or advertising purposes, the website is engaged in a “sale” under the CCPA if the third parties have some ability to use, disclose or retain the data to improve their service or to take steps beyond the most narrowly drawn bounds of merely providing their service to the website/app. Some take this position even when the website pays the third party (not vice versa), and in most cases merely provides the third party with an opportunity to collect data directly, instead of providing personal information to the third party. As part of these analytics and advertising services, these technologies may access identifiers (like IP addresses), internet or other electronic network activity information (like information regarding an individual’s browsing interactions on our Site), and commercial information (like the fact that a browser visited a page directed to people who are considering purchase of beauty product) to those sorts of companies. While IPSY does not believe these are “sales” as that term is defined under the CCPA, you can opt out of this activity. In addition, IPSY shares identifiers (like your email address) and internet or other electronic network activity information (like information regarding an individual’s browsing interactions on our Site) with our Brand Partners so they can send you information about their products, which may qualify as a “sale” under the CCPA. You can opt out of these activities by visiting this link: Do Not Sell Or Share My Personal Information.

    The CCPA also requires businesses that "share“ personal information to provide an opt out from such sharing. Under the CCPA, ”sharing” is defined as the targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across websites. We “share” information for these purposes to provide more relevant and tailored advertising to you regarding our Services. As part of this advertising, we may "share“ identifiers (like IP addresses and email addresses), internet or other electronic network activity information (like information regarding an individual’s browsing interactions on our Site), and commercial information (like the fact that a browser visited a page directed to people who are considering a beauty purchase) with advertising platforms and advertising networks. To opt out of such “sharing,” please visit this link: Do Not Sell Or Share My Personal Information.

    Please note that we also respond to and abide by opt-out preference signals sent through the Global Privacy Control. Any opt out preferences you have exercised through these methods will only apply to the specific device/browser on which you made them. For more information on how to use the Global Privacy Control, see www.globalprivacycontrol.org.

    We do not knowingly “sell” or “share” the personal information of children under 16. We will only “sell” or “share” such personal information if we receive express consent to do so from those aged 13 to 16 years of age.

    The CCPA also allows you to limit the use or disclosure of your “sensitive personal information” (as defined in the CCPA) if your sensitive personal information is used for certain purposes. Please note that we do not use or disclose sensitive personal information other than for purposes for which you cannot opt out under the CCPA.

    Retention of Your Personal Information

    Please see the “Data Retention” section below.

    Notice of Financial Incentive

    We provide certain rewards or incentives for customers to provide product reviews, referring friends and contacts, and follow creators (the “Points Program”) and occasionally run sweepstakes and contests where participants may provide personal information in return for a chance to win or compete to win certain prizes. You can opt into the Points Program, sweepstakes, or contest by taking the requested action. Your participation is completely voluntary, and you have a right to withdraw from these incentives at any time. If you decide you don’t want to participate in these financial incentives, you can refrain from taking the request actions. For more information on the Points Program, see: https://www.ipsy.com/blog/ipsy-points-faq. For more information on sweepstakes and contests, see: https://www.ipsy.com/contest-terms.

    The specific reward or incentive offered, if any, is made available to you when you provide the information requested, submit a review, or follow a creator. The monetary value of the reward or incentive is a reasonable approximation of the monetary value of the information you provide us. We have arrived at this estimate based on consideration of multiple factors, including the following: (1) revenue generated by IPSY in developing insights on our customers; (2) expenses incurred by IPSY in operating the Points Program; and (3) our reasonable assessment of revenue we may generate as a result of the referrals provided to us by our customers.

    Shine the Light

    Under California Civil Code Section 1798.83 (also known as the “Shine the Light” law), IPSY customers who are residents of California may request certain information about our disclosure of personal information during the prior calendar year to third parties. To make such a request, email privacy@ipsy.com. You may also request this information by mail at: IPSY, Attn: Legal - Privacy Policy, 903 Colorado Ave., San Mateo, CA 90401

  8. NOTICE TO NEVADA RESIDENTS

    Nevada consumers may opt out of the sale of “personally identifiable information” for monetary consideration. “Personally identifiable information” includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a specific person to be contacted either physically or online. We do not engage in such activity; however, if you are a Nevada resident who has purchased or leased goods or services from us, you may submit a request to opt out of any potential future sales under Nevada law by emailing privacy@ipsy.com. Please note we will take reasonable steps to verify your identity and the authenticity of the request. Once verified, we will maintain your request in the event our practices change.

  9. DATA RETENTION

    We retain personal information we collect from you for as long as required to meet our business goals (for example, to provide you with our Services, share information about new Services or to comply with applicable legal, tax or accounting requirements). When we no longer have an ongoing need to process your personal information to meet our business goals, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

    If you no longer want IPSY to use your information to provide you Services, you may close your account. If you close your account then your profile and the content you posted to the Site will no longer appear on the Site.

    You may make changes to your personal data at any time by logging on to your account. If you would like to request information about your personal data or would like to delete your personal data, you may do so by logging on to your account and going to Account/Profile. Please note that IPSY may need to retain limited information about you in order to fulfill any order requests made by you, for litigation purposes or to fulfill other legal or regulatory obligations.

  10. INTERNATIONAL DATA TRANSFERS

    The Site is hosted in the United States. At this time, we only ship products to residents of the United States, United States Territories and parts of Canada. If you are a Canadian resident, we will transfer your information to the United States, where that information may be accessible to law enforcement and national security authorities under certain circumstances.

    If you use the Site or Services and reside in the EEA, UK or any other country outside of the U.S. or Canada, then please note that you are transferring your personal information outside of your country to the United States for storage and processing, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world.

  11. UPDATES TO THIS PRIVACY POLICY

    We reserve the right to change or modify this Privacy Policy at any time and in our sole discretion. At the top of our Privacy Policy, we will indicate the date of the most recent update. If we make a material change to the Privacy Policy, you will be provided with appropriate notice in accordance with legal requirements, which may be by email. By continuing to use the Services, you are confirming that you have read and understood the latest version of this Privacy Policy.

  12. CONTACT US

    You may contact us regarding this Privacy Policy via email at privacy@ipsy.com or write to us at the following address: IPSY, Attn: Legal - Privacy Policy, 903 Colorado Ave., Santa Monica, CA 90401.