Effective Date: March 1, 2024
California, Colorado, Connecticut, Nevada, Utah, and Virginia residents have certain rights under state privacy laws with respect to personal data we collect. If you are a resident of such states, this section of the Privacy Policy contains disclosures required by law and explains rights that may be available to you.
This U.S. State Privacy Notice (“Notice”) serves as a supplement to Profectus Beauty, LLC’s (“Company” “us” “we” our”) other privacy policies or notices. In the event of a conflict between any other Company policy, statement or notice and this Notice, this Notice will prevail as to residents of the previously listed states and their rights under their respective state laws.
This Notice covers the collection, use, disclosure, and sale of “Personal Information” (“PI”), except to the extent such PI is exempt from the notice obligations of the various state laws. This Notice also covers rights residents of relevant states have under their respective state laws. The description of our data practices in this Notice the preceding 12 months and will be updated annually. Our practices may change, and we will post any changes to this page. We encourage you to visit this page and other applicable privacy notices periodically to learn of any updates.
Job applicants, current and former employees and independent contractors (“Personnel”), and subjects of certain business-to-business communications acting solely in their capacity as representatives of another business, who are California residents may have rights under the California Privacy Rights Act (“CPRA”). California Personnel and business-to-business contacts may obtain a separate privacy notice that is applicable to them by contacting our Human Resources department at ccpa@thickhead.com.
You can click on the following blue links to navigate to the different sections in this Notice.
Table of Contents
In the preceding 12 months, we collected the following categories of PI:
Category of PI | Examples of PI | Sources of PI | Business or Commercial Purposes for PI Collection |
1. Identifiers | This may include, but is not limited to: a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, or email address | Consumers directly | Auditing, security, debugging, processing interactions and transactions, performing services, quality assurance |
2. Personal Records | This may include, but is not limited to: telephone number, credit card number, or debit card number. | Consumers directly | Auditing, security, debugging, processing interactions and transactions, performing services, quality assurance |
3. Customer Account Details / Commercial Information | This may include, but is not limited to: products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Consumers directly | Auditing, security, debugging, processing interactions and transactions, performing services, quality assurance |
4. Internet Usage Information | This may include, but is not limited to: browsing history, search history, and information regarding your interaction with an Internet Web site, application, or advertisement. | Consumers directly | Auditing, security, debugging, processing interactions and transactions, performing services, quality assurance |
5. Sensory Data | This may include,but is not limited to: audio recordings of customer care calls. | Consumers directly | Auditing, security, debugging, processing interactions and transactions, performing services, quality assurance |
As permitted by applicable law, we do not treat deidentified data or aggregate consumer information as PI and we reserve the right to convert, or permit others to convert, your PI into deidentified data or aggregate consumer information. We have no obligation to re-identify such information or keep it longer than we need it to respond to your requests. We commit to maintain and use deidentified data in deidentified form and not to attempt to reidentify the information.
We may collect your PI directly from you or from our affiliates. For more specifics tied to each category of PI, see the chart above.
Generally, we collect, use and disclose your PI to provide you services and as otherwise related to the operation of our business. For more specific detail on our disclosures of PI, see the next section Sharing of PI. We may collect, use and disclose the PI we collect for one or more of the following business purposes:
Subject to restrictions and obligations of the state laws, our vendors may also use your PI for some or all of the above listed business purposes.
We may collect, use and disclose your PI for commercial purposes such as for interest based advertising and sharing PI in a manner that is deemed a sale under some state laws.
In addition, we may collect, use and disclose your PI as required or permitted by applicable law.
For more specifics tied to each category of PI, see the chart above.
We may share PI with our service providers, other vendors (including those that facilitate interest-based and other advertising and marketing), affiliates, and/or third parties to which we sell your PI, including without limitation during the preceding 12 months as follows:
Category of PI | Shared with Third Parties? | Categories of Third Parties |
1. Identifiers | Yes | Advertisement networks, social networks |
2. Consumer Characteristics | No | Advertisement networks, social networks |
3. Internet Usage Information | Yes | Advertisement networks, social networks |
We may share your PI (as described above in PI We Collect) with our service providers and other qualified vendors for the same business purposes for which we collect such PI as described above in the Collection and Use of PI, including in the preceding 12 months as follows:
Category of PI | Disclosed for a Business Purpose? | Business Purposes for Disclosures | Categories of Recipients of Business Purpose Disclosure |
1. Identifiers | Yes | Auditing, processing interactions and transactions, performing services, quality assurance | Service Providers |
2. Personal Records | Yes | Auditing, security, debugging, processing interactions and transactions, performing services, quality assurance | Service Providers |
3. Customer Account Details / Commercial Information | Yes | Auditing, security, debugging, processing interactions and transactions, performing services, quality assurance | Service Providers |
4. Internet Usage Information | Yes | Marketing, marketing analytics and diagnostics, fraud prevention | Service Providers |
Notwithstanding anything to the contrary in our other privacy notices, we typically restrict use of your PI that is governed by state law consumer rights provisions and is shared with our vendors to business purposes, or we treat such disclosures as sales of your PI subject to your Do Not Sell rights.
In addition, if you direct us to share PI we may, and that is not a sale. Also, disclosures amongst the entities that constitute Company as defined above are not a sale.
We may sell your PI. The PI sold in the preceding 12 months includes:
Category of PI | Sold? | Purposes for Selling | Categories of Recipients of PI Sold |
1. Identifiers | Yes | Marketing | Third Parties |
2. Personal Records | Yes | Marketing | Third Parties |
For more information on how to exercise your do not sell rights, click here.
We provide residents of California, Colorado, Connecticut, Nevada, Utah, and Virginia the privacy rights described in this section. Depending on your state of residence, you have the right to exercise these rights via an authorized agent who meets the requirements of the state laws and related regulations. Most requests you submit to us are subject to an identification and residency verification process (“Verifiable Consumer Request”). We may not fulfill your rights request unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected PI. Some PI we maintain about Consumers is not sufficiently associated with enough PI about the Consumer for us to be able to verify that it is a particular Consumer’s PI when a Consumer request that requires verification pursuant to the state laws’ verification standards is made (e.g., clickstream data tied only to a pseudonymous browser ID). As required by the state laws, we do not include that PI in response to those requests. If we cannot comply with a request, we will explain the reasons in our response. You are not required to create an account with us to make a Verifiable Consumer Request. We will use PI provided in a Verifiable Consumer Request only to verify your identity or authority to make the request and to track and document request responses, unless you also gave it to us for another purpose.
We will make commercially reasonable efforts to identify Consumer PI that we collect, process, store, disclose and otherwise use and to respond to your consumer privacy rights requests. In some cases, particularly with voluminous and/or typically irrelevant data, we may suggest that you receive the most recent or a summary of your PI and give you the opportunity to elect whether you want the rest or not. We reserve the right to direct you to where you may access and copy responsive PI yourself. We will typically not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded or overly burdensome. If we determine that the request warrants a fee, or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request.
Consistent with the state laws and our interest in the security of your PI, we will not deliver to you your Social Security number, driver’s license number or other government-issued id number, financial account number, any health or medical identification number, an account password, or security questions or answers in response to a CCPA request; however, you may be able to access some of this information yourself through your account if you have an active account with us.
Your state law consumer privacy rights are as follows:
To make a request, please email us at privacy@thickhead.com, call us toll-free at 1-800-552-0281 or click here to access our online data request form. Please include “Privacy Rights Request” in the email subject line and your name, street address, city, state, and ZIP code in the body of the email to assist with identification. For your specific pieces of information, as required by the CCPA, we will apply the heightened verification standards set forth in subsection (ii) below.
Please note that PI is retained by us for various time periods, so we may not be able to fully respond to what might be relevant going back 12 months prior to the request.
You have the right to make or obtain a transportable copy, no more than twice in a twelve-month period, of your PI that we have collected in the period that is 12 months prior to the request date and are maintaining. To make a request, please email us at privacy@thickhead.com, call us toll-free at 1-800-552-0281 or click here to access our online data request form. Please include “[State] Privacy Rights Request” (replacing [State] with your state of residence, e.g., “California Privacy Rights Request”) in the email subject line and your name, street address, city, state, and ZIP code in the body of the email to assist with identification. Please note that PI is retained by us for various time periods, so we may not be able to fully respond to what might be relevant going back 12 months prior to the request.
You have the right to opt out of (i) the sharing of personal data for targeted advertising; (ii) the sale of personal data; or (iii) profiling for decisions that have significant effects. Please note that if you opt out of certain practices, we may be unable to provide you with certain services.
You can access our Data Preference Form and choose whether to allow certain cookies when you engaged our Services. You can also exercise control over browser-based cookies by adjusting the settings on your browser. In addition, third party tools enable you to search for and opt-out of some of these devices, such as the Ghostery browser plug-in available at https://www.ghostery.com/. We also list cookies and provide access to their privacy information and, if available, opt-out programs here. Further, you can learn more about your choices regarding certain kinds of online interest-based advertising here. We do not represent that these third party tools, programs or statements are complete or accurate.
We do not knowingly sell or share the PI of Consumers we know are under 16 unless we receive an opt-in from the Consumer who is at least 13 but under 16, or from the parent or guardian of a Consumer younger than 13. Consumers who opt-in to PI sales or sharing may opt-out at any time. If you think we may have unknowingly collected PI for sale or sharing of yourself or of your child under the age of 13, or if you are at least 13 but under 16, exercising the opt-out will stop our selling or sharing of the PI.
Depending on your state of residence, you may request that we limit our processing of certain sensitive personal information (or withdraw consent for such processing if you previously provided such consent). To make a request, please email us at privacy@thickhead.com, call us toll-free at 1-800-552-0281 or click here to access our online data deletion request form. Please include “[State] Privacy Rights Request” (replacing [State] with your state of residence, e.g., “California Privacy Rights Request”) in the email subject line and your name, street address, city, state, and ZIP code in the body of the email to assist with identification.
You may request that we correct PI we have collected about you. To make a request, please email us at privacy@thickhead.com, call us toll-free at 1-800-552-0281 or click here to access our online data deletion request form. Please include “[State] Privacy Rights Request” (replacing [State] with your state of residence, e.g., “California Privacy Rights Request”) in the email subject line and your name, street address, city, state, and ZIP code in the body of the email to assist with identification.
Except to the extent we have a basis for retention under the state laws, you may request that we delete PI that we have collected about you and are maintaining. Our retention rights include, without limitation, to complete transactions and service you have requested or that are reasonably anticipated, for security purposes, for legitimate internal business purposes, including maintaining business records, to comply with law, to exercise or defend legal claims, and to cooperate with law enforcement. To make a request, please email us at privacy@thickhead.com, call us toll-free at 1-800-552-0281 or click here to access our online data deletion request form. Please include “State Privacy Rights Request” (replacing [State] with your state of residence, e.g., “California Privacy Rights Request”) in the email subject line and your name, street address, city, state, and ZIP code in the body of the email to assist with identification.
We will not discriminate against you because you exercise your state privacy rights. However, we may charge a different price or rate, or offer a different level or quality of good or service, to the extent that doing so is reasonably related to the value of the applicable data. In addition, we may offer you financial incentives for the collection, sale and retention and use of your PI as permitted by the state laws that can, without limitation, result in reasonably different prices, rates, or quality levels. The material aspects of any financial incentive will be explained and described in its program terms. Please note that participating in incentive programs is entirely optional, you will have to affirmatively opt-in to the program and you can opt-out of each program (i.e., terminate participation and forgo the ongoing incentives) prospectively by following the instructions in the applicable program description and terms. We may add or change incentive programs and/or their terms by posting notice on the program descriptions and terms linked to above so check them regularly.
Your state consumer privacy rights are described in this notice. To make a request, please email us at privacy@thickhead.com or call us toll-free at 1-800-552-0281. We will take appropriate steps to confirm the identity of a Consumer making a request for purposes of verifying the authenticity of the request. You may be required to provide certain PI to allow us to verify that you are the Consumer about whom the request is being made. If you request that we provide you with specific pieces of information about you, we will apply heightened verification standards. Depending on your state of residence, an authorized agent may submit a request on behalf of a Consumer if the Consumer has provided the authorized agent with power of attorney in accordance with your state’s law; alternatively, the agent must (1) present verifiable written authorization from the Consumer that the agent has the Consumer’s permission to submit the request; and (2) independently verify the agent’s own identity with us.
Notwithstanding anything to the contrary, we may collect, use and disclose your PI as required or permitted by applicable law and this may override your state privacy rights. In addition, we need not honor any of your requests to the extent that doing so would infringe upon our or any other person or party’s rights or conflict with applicable law.
Additionally, for Colorado, Connecticut, and Virginia residents, if you have submitted a request that we have not reasonably fulfilled, you may contact us to appeal our decision by sending an email with the subject line “Appeal” at privacy@thickhead.com.
For more information on your state privacy rights, contact us at 1-800-552-0281 or email us here. Or, write to us at:
Profectus Beauty, LLC
111 Town Square Place, Suite 1130
Jersey City, NJ 07310
Attention: Legal Counsel