Thick Head U.S. State Privacy Notice

Effective Date: March 1, 2024

California, Colorado, Connecticut, Nevada, Utah, and Virginia residents have certain rights under state privacy laws with respect to personal data we collect. If you are a resident of such states, this section of the Privacy Policy contains disclosures required by law and explains rights that may be available to you.

This U.S. State Privacy Notice (“Notice”) serves as a supplement to Profectus Beauty, LLC’s (“Company” “us” “we” our”) other privacy policies or notices. In the event of a conflict between any other Company policy, statement or notice and this Notice, this Notice will prevail as to residents of the previously listed states and their rights under their respective state laws.

This Notice covers the collection, use, disclosure, and sale of “Personal Information” (“PI”), except to the extent such PI is exempt from the notice obligations of the various state laws. This Notice also covers rights residents of relevant states have under their respective state laws. The description of our data practices in this Notice the preceding 12 months and will be updated annually. Our practices may change, and we will post any changes to this page. We encourage you to visit this page and other applicable privacy notices periodically to learn of any updates.

Job applicants, current and former employees and independent contractors (“Personnel”), and subjects of certain business-to-business communications acting solely in their capacity as representatives of another business, who are California residents may have rights under the California Privacy Rights Act (“CPRA”). California Personnel and business-to-business contacts may obtain a separate privacy notice that is applicable to them by contacting our Human Resources department at ccpa@thickhead.com.

You can click on the following blue links to navigate to the different sections in this Notice.

Table of Contents

  1. PI We Collect
  2. Sharing of PI
  3. State Privacy Rights
  4. Contact Us
  1. PI We Collect.

    In the preceding 12 months, we collected the following categories of PI:

    Category of PI Examples of PI Sources of PI Business or Commercial Purposes for PI Collection
    1. Identifiers This may include, but is not limited to: a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, or email address Consumers directly Auditing, security, debugging, processing interactions and transactions, performing services, quality assurance
    2. Personal Records This may include, but is not limited to: telephone number, credit card number, or debit card number. Consumers directly Auditing, security, debugging, processing interactions and transactions, performing services, quality assurance
    3. Customer Account Details / Commercial Information This may include, but is not limited to: products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Consumers directly Auditing, security, debugging, processing interactions and transactions, performing services, quality assurance
    4. Internet Usage Information This may include, but is not limited to: browsing history, search history, and information regarding your interaction with an Internet Web site, application, or advertisement. Consumers directly Auditing, security, debugging, processing interactions and transactions, performing services, quality assurance
    5. Sensory Data This may include,but is not limited to: audio recordings of customer care calls. Consumers directly Auditing, security, debugging, processing interactions and transactions, performing services, quality assurance

    As permitted by applicable law, we do not treat deidentified data or aggregate consumer information as PI and we reserve the right to convert, or permit others to convert, your PI into deidentified data or aggregate consumer information. We have no obligation to re-identify such information or keep it longer than we need it to respond to your requests. We commit to maintain and use deidentified data in deidentified form and not to attempt to reidentify the information.

    Return to Table of Contents

  2. Sharing of PI.

    We may share PI with our service providers, other vendors (including those that facilitate interest-based and other advertising and marketing), affiliates, and/or third parties to which we sell your PI, including without limitation during the preceding 12 months as follows:

    Category of PI Shared with Third Parties? Categories of Third Parties
    1. Identifiers Yes Advertisement networks, social networks
    2. Consumer Characteristics No Advertisement networks, social networks
    3. Internet Usage Information Yes Advertisement networks, social networks
  3. State Privacy Rights

    We provide residents of California, Colorado, Connecticut, Nevada, Utah, and Virginia the privacy rights described in this section. Depending on your state of residence, you have the right to exercise these rights via an authorized agent who meets the requirements of the state laws and related regulations. Most requests you submit to us are subject to an identification and residency verification process (“Verifiable Consumer Request”). We may not fulfill your rights request unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected PI. Some PI we maintain about Consumers is not sufficiently associated with enough PI about the Consumer for us to be able to verify that it is a particular Consumer’s PI when a Consumer request that requires verification pursuant to the state laws’ verification standards is made (e.g., clickstream data tied only to a pseudonymous browser ID). As required by the state laws, we do not include that PI in response to those requests. If we cannot comply with a request, we will explain the reasons in our response. You are not required to create an account with us to make a Verifiable Consumer Request. We will use PI provided in a Verifiable Consumer Request only to verify your identity or authority to make the request and to track and document request responses, unless you also gave it to us for another purpose.

    We will make commercially reasonable efforts to identify Consumer PI that we collect, process, store, disclose and otherwise use and to respond to your consumer privacy rights requests. In some cases, particularly with voluminous and/or typically irrelevant data, we may suggest that you receive the most recent or a summary of your PI and give you the opportunity to elect whether you want the rest or not. We reserve the right to direct you to where you may access and copy responsive PI yourself. We will typically not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded or overly burdensome. If we determine that the request warrants a fee, or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request.

    Consistent with the state laws and our interest in the security of your PI, we will not deliver to you your Social Security number, driver’s license number or other government-issued id number, financial account number, any health or medical identification number, an account password, or security questions or answers in response to a CCPA request; however, you may be able to access some of this information yourself through your account if you have an active account with us.

    Your state law consumer privacy rights are as follows:

    Return to Table of Contents

  4. Contact Us

    For more information on your state privacy rights, contact us at 1-800-552-0281 or email us here. Or, write to us at:

    Profectus Beauty, LLC
    111 Town Square Place, Suite 1130
    Jersey City, NJ 07310

    Attention: Legal Counsel

    Return to Table of Contents