When you visit our site, our servers may be automatically logging the standard data sent to us by your web browser. This data is essential to responding to requests your browser sends us and usually includes your computer’s IP address, your browser type and version, the pages you visit, the time and date of your visit, the amount of time spent on each page, and other details.
We might ask you for information like:
- Date of Birth
- Phone number
- Home/Mailing Address
- Payment details
- Sensorial Information
- Protected Classifications information
- User generated content
- Inferred Information
- Biometrics information
This data will only be requested if you access our services or require features that need this data to work.
Legal basis for processing
We collect and process data about you only where we have a legal basis for doing so. The legal bases for processing are when:
- It’s necessary for a contract you enter with us (for example, when you request a service that we provide and we give it to you);
- It satisfies a legitimate interest where the processing is not required by law but is of clear benefit to you or others;
- You give us consent to do so (for example if you give us permission to email you a newsletter or product update);
- We need to process your data to comply with a legal obligation;
- You can withdraw consent at any time, however this will not affect any processing that has already happened;
We endeavour not to keep personal data for longer than we need it. While we have your data, we protect it within acceptable means to prevent loss, theft and unauthorised access, disclosure, copying, use or modification. If necessary we may retain your data for our compliance with legal obligation, or in order to protect your vital interests. We cannot guarantee absolute data security and advise that no method of electronic transmission or storage is 100% secure.
Collection and use of information
We may collect, hold, use and disclose data in order for us to:
- Legal Obligations
- Provide Service
International data transfer
Any personal information we collect is stored and processed in the United States, and where our partners, affiliates and third-party providers maintain facilities. When you give us your information you consent to its transfer overseas. If this transfer overseas results in transfer outside of the European Economic Area (EEA) we shall ensure that it’s protected by appropriate safeguards. These safeguards include those approved by the European Commission, binding corporate rules, and other legally acceptable means. Transfers overseas may result in data you give us being held in jurisdiction which are not subject to similar data privacy laws as ours, therefore if a third party engages in acts or practices which would contravene our laws this may mean you will not be able to seek redress.
Your rights around and controls of your data
Information from third-parties
Restriction of processing
You can restrict the collection and processing of your personal data where consent was given in the past. If you have agreed to us using your personal data for marketing purposes, you can opt out by contacting us.
Information from third-parties
You may request the personal data we hold on you, and where possible we will return this to you in a generally accepted, easily readable machine format format such as JSON or CSV. You may also request that we transfer this personal information to a third-party. We may request verification of your identification in case we doubt the authenticity of the request.
If you believe that we have breached a relevant data protection law or have evidence of any breach, you may contact the Data Protection Officer at Hair By Dr. Max, Restoration Center using the details below and we will investigate your complaint.You also have the right to contact any regulatory body or data protection authority in relation to your complaint.
To unsubscribe from our email databases or opt-out of communications, please contact us using the opt-out facilities provided in the footer of the emails.
Cookies are small pieces of data about you and your activity across the site. Sometimes they store preferences, and other times they return data to who issued them. You can opt-in and out of cookies when they are requested or follow your browser instructions for turning cookies off.
If Hair By Dr. Max, Restoration Center’s assets are acquired, or if we go out of business, we would include data amongst the assets to transfer to any parties who acquire us. You acknowledge such transfers might occur, and that any parties who acquire us may continue to use your personal information according to this policy. In an acquisition context we may also have a new data controller and data protection officer, and their details would be passed onto you.
California Consumer Privacy Act (CCPA) Notice
(LAST UPDATED: 4/28/2020)
Categories of Personal Data that We Collect
In the past 12 months, we have collected the following categories of personal information:
- Any categories of personal information described in the California Customer Records statute (“California Consumer Records statute information“). This includes, but it is not limited to, information such as a name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. This category of information may overlap with other categories and does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records
- Identifiers (“Identifiers”) such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
- Audio, electronic, visual, thermal, olfactory, or similar information (“Sensorial information”).
- Characteristics of protected classifications under California or federal law (“Protected classifications information”). This category of information includes, but it is not limited to, age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information)
- User generated content
- Inferences drawn from any of the personal information to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes (“Inferred information”).
- Biometrics information
Categories of Sources of Personal Data
We obtain your personal information when you provide it to us (e.g., where you contact us via email or telephone, or by any other means). For example, you directly provide your personal information through your submissions or requests made via bringbackhair.com.
We receive personal information indirectly when you navigate bringbackhair.com, as personal information about you and usage details are automatically observed and collected (such as device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connecting to bringbackhair.com and other technical communications information).
We receive your personal information from third parties who provide it to us that work with us in connection with the service that we provide or with the functioning of bringbackhair.com
Why we collect personal data and the purposes for how we use it
We may use your personal information to permit the operational functioning of bringbackhair.com and features thereof (“business purposes”). In this case, your personal information will be processed in such a fashion that is necessary and proportionate to the business purpose for which it was collected, and strictly within the limits of compatible operational purposes.
We may also use your personal information for other reasons such as for commercial purposes, as well as for complying with the law and defending our rights before the competent authorities in case our rights and interests are threatened or we suffer actual damage.
In particular, we use your personal information for the following purposes:
- to provide the service and fulfil your requests about it
- to carry out our legal obligations and enforce our rights arising from any agreement in place between you and us
- to protect our rights and interests, or those of all our Users or third parties
- to protect our safety, and those of all our Users or third parties
- to detect any malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity
- to respond to law enforcement requests, as required by the law, court orders or other governmental authorities
- to communicate with you, through the means described in bringbackhair.com, about any news, offers, events or other initiatives regarding our service
- for all other purposes as described when we collect your personal information on bringbackhair.com.
We will not use your personal information for any different, unrelated, or incompatible purposes without providing you notice.
Children’s Personal Data
We do not collect personal information directly from children under 16. We may receive children’s data from parents and guardians.
Sale of your personal data
bringbackhair.com does not sell the personal information of California Consumers and will not sell this information unless we modify this Notice and take the additional steps required under the CCPA.
Do not sell my personal information
bringbackhair.com does not offer an opt-out from the sale of personal information because bringbackhair.com does not engage in the sale of personal information as contemplated by the CCPA.
Requests under the CCPA
1) You have the right to request that we disclose to you:
- the categories of personal information we collected about you
- the categories of sources for the personal information we collected about you
- our business or commercial purpose for using your personal information
- the categories of third parties with whom we share that personal information
- the specific pieces of personal information that we hold about you
- in case of sale of personal data, we will make sure that you receive two separate lists where we disclose:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
The disclosure described above will be limited to the personal information collected or used over the past 12 months.
If we deliver our answer electronically, the information enclosed will be “portable”, i.e. delivered in an easy usable format in order to enable you to transmit the information to another entity without hindrance, provided that this is technically feasible.
2) You have the right to request that we delete any of your personal information, subject to the following exceptions:
- if we need your personal information to complete the transaction for which we collected the personal information, provide a good or service that you requested, or otherwise perform our agreement with you.
- detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities
- debug products to identify and repair errors that impair existing intended functionality of bringbackhair.com
- exercise free speech or exercise another right provided for by law
- comply with the California Electronic Communications Privacy Act (“CalECPA”) and with any other legal obligation that lies with us.
- engage in public or peer-reviewed scientific, historical, or statistical research in the public interest
- enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us
- make any other internal and lawful uses of your personal information in such a fashion that is compatible with the context in which you provided it.
If none of the exceptions above applies, as a result of the exercise of your right, we will delete your personal information and direct any of our service providers to do so.
How to make requests
To exercise the rights described above, you need to submit your verifiable request to us by:
- writing us an email at the contact details provided in this document, or, if it is the case, follow the specific instructions provided on bringbackhair.com
For us to respond to your request, it’s necessary that we know who you are.
Therefore, you can only exercise the above rights by making a verifiable request which must:
- provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We will not respond to any request if we are not able to verify your identity and confirm the personal information in our possession actually relates to you.
If you cannot personally submit a verifiable request, you can authorize a person registered with the California Secretary of State to act on your behalf.
If you are an adult, you can make a verifiable request on behalf of a minor under your parental authority.
You can submit a maximum number of 2 requests over a period of 12 months.
Right to non-discrimination for the exercise of a consumer’s privacy rights
You have the right to not be discriminated against if you exercise your rights.
This means that we will not put in place conducts such as denying you access to our service or to on-going promotions, lowering the service standards, increasing the prices, suggesting that a different price or quality may be offered or, in general, acting in such a way that will discourage the exercise of your rights.
Our contact for questions or concerns about our privacy policies and practices:
- Email: firstname.lastname@example.org
Changes to this notice
We may change or update this Notice periodically. When we do, we will post the revised Notice on this webpage indicating when the Notice was “Last Updated.”
Limits of our policy
Our site, social media profiles and product/service offerings may link to external sites that are not operated by us. In such an event please be aware that we cannot control the content or policies of those sites, and do not accept responsibility or liability for their privacy practices