California Consumer Notice of Collection
WHAT INFORMATION DO WE COLLECT?
The types of Personal Information we collect about you depends on how you interact with us. Depending on the Services you use, the following are the categories of Personal Information that we collect, or have collected, in the preceding twelve (12) months from you for our purposes and how we use that information.
Types of Data
Primary Purpose for Collection and Use of Data
Account Registration (Contact Information/Identifiers)
When you register for an account on our Sites or Apps, we collect your name, account information (username and password), and email address. We may also collect information relating to the actions that you perform while logged into your account. If you choose to provide it, we may also collect information such as product and services preferences.
We have a legitimate interest in providing account related functionalities to our users. Accounts can be used for easy checkout and to save your preferences and transaction history. By registering, you are automatically enrolled in our mailing list.
Site Behaviour &Cookies (Internet or Other Network Activity)
We use first party cookies and other methods to track site activity. We also use third party cookies and other methods to track site activity and disclose it with third parties. Cookies and Other Information Collecting Technologies section below for more information.
First party cookies gather information so you can make a purchase. They are also used to provide you with a better shopping experience. Third party cookies gather information to engage in behavior-based advertising and capture website analytics.
Demographic Information (Contact Information/Identifiers)
We may collect Personal Information, such as your name, address, email, phone number, age and gender (some of which may include characteristics of protected classifications under state or federal law).
We have a legitimate interest in understanding our users and providing tailored services.
We may collect Personal Information, such as your driver’s license number, passport information, and Social Security number. In certain instances, this information may be considered sensitive personal information.
We have a legitimate interest in using this information for identification verification or non-diagnosis or treatment purposes.
Audio, Electronic, Visual, Thermal, Olfactory, or Similar Information (Identifiers)
We may collect information such as electronic signature, photographic, or video images.
We have a legitimate interest in using this information for identification verification or non-diagnosis or treatment purposes.
Bosley does not collect or create biometric information about you. To use our Site, however, we may be required to verify your identity. If you are asked to submit proof of identity (such as a driver’s license or passport) we may share that and the selfie you shared with us with our identity verification partner, who may create biometric information about your face in order to verify that your selfie matches your proof of identity. Biometric information is not shared with Bosley and is deleted by our identity verification partner after completing the identity verification. Bosley may receive information extracted from your photos, such as information from your driver’s license and the confidence that there is a “match” between your two photos. We use this information to help verify your identity.
Purchase History (Information Specific to the Services)
We may collect information about goods or services purchased or obtained.
We have a legitimate interest in using this information for processing or fulfilling orders and transactions, marketing, customer or analytics services.
Health and Medical Information (Identifiers/Sensitive Personal Information)
We may collect medical history and other information, symptoms, prescription history, insurance policy, and insurance eligibility and coverage. In certain instances, this information may be considered sensitive personal information.
We have a legitimate interest in using this information for processing and fulfilling orders and transactions and we may release such information only when instructed by one of our patients.
We may collect payment information, such as credit card, from you.
We have a legitimate interesting in using this information for processing or fulfilling orders and transactions.
Email Interconnectivity (Device Information and Other Unique Identifiers)
If you receive email from us, we use certain tools to capture data related to when you open our message, click on any links or banners it contains and make purchases.
We have a legitimate interest in using this information to understand how you interact with our communications to you.
Feedback &Support (Contact Information/Information Specific to Services)
If you provide us feedback or contact us for support, including via the Live Chat feature, we will collect your name and e-mail address, as well as any other content that you send to us, in order to reply.
We have a legitimate interest in using this information in order to receive, and act upon, your feedback or issues.
Distance Information (Geolocation Data/Device Information and Other Unique Identifiers)
When you use one of our Apps we collect your location from the GPS, Wi-Fi, and/or cellular technology in your device to determine your location and your distance from our retail location(s) that sells our products.
We have a legitimate interest in understanding our users and provide tailored services. In some contexts our use is also based upon your consent to provide us with geo location information.
Mobile Devices (Device Information and Other Unique Identifiers)
We collect information from your mobile device such as unique identifying information broadcast from your device.
We have a legitimate interest in identifying unique visitors, and in understanding how users interact with us on their mobile devices.
Mailing List (Contact Information/Identifiers)
When you sign up for one of our mailing lists we collect your email address or postal address.
We disclose information about our products and services with individuals that consent to receive such information. We also have a legitimate interest in sharing information about our products or services.
Ratings and Reviews (Information Specific to the Services)
When you rate or review us or our products, we collect any information you provide as part of that rating or review.
We have a legitimate interest in using this information to improve and provide feedback on products.
Surveys (Contact Information/Information Specific to the Services)
We have a legitimate interest in using this information to understand your opinions and collect information relevant to our organization.
Website Interactions (Internet or Other Network Activity)
We use technology to monitor how you access and interact with our Site. This may include which links you click on, or information that you type into our online forms. This may also include information about your device or browser.
We have a legitimate interest in using this information to understand how you interact with our Site to better improve it, and to understand your preferences and interests in order to select offerings that you might find most useful. We also have a legitimate interest in detecting and preventing fraud.
Web Logs (Internet or Other Network Activity)
We collect information, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the Internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors.
We have a legitimate interest in using this information to monitor our networks and understand behavior patterns of visitors to our Site. This allows us to improve our browse and shopping experiences.
Sensitive Personal Information
Where permitted and in accordance with applicable law, of the information collected and listed above, username and password, health and medical information, driver’s license number, and Social Security number may be considered sensitive personal information.
We rely on consent when processing sensitive personal information.
In addition to the information that we collect from you directly, we may also receive information about you from other sources, including third parties, business partners, our affiliates, or publicly available sources. The provision of the Personal Information listed above is voluntary. In certain instances, we will not be able to process your request for our Services without the requested Personal Information.
HOW AND WHEN DO WE COLLECT INFORMATION?
Bosley collects Personal Information, from you in different ways or at different points in time, including but not limited to:
- Directly from You
- When you provide us your Personal Information, in person, during a telephone or video call, via email, survey or via the Site.
- When you interact with our Site or Services, including but not limited to, through an interactive feature such as an interactive quiz, survey and or a third party platform, by posting comments or reviews about us, or when you initiate a live chat or video chat with one of our representatives.
- When you fill out any Bosley form whether in person or on our Site, including but not limited to, the forms to request the Bosley Information Kit (a.k.a. Solutions Guide and Complete Book on Hair Restoration), schedule a consultation, make a purchase, request service and product information, report a problem with our Site or services, receive communications, receive Bosley offers, or participate in a sweepstake, quiz, game, or survey.
- When you correspond with us by sending us an email, a letter, a message through social media, or through any other form of electronic communication or messaging.
- Indirectly from You
- From third parties with whom we have a relationship, contractual or otherwise, including but not limited to our marketing partners, related entities, business affiliates, data brokers, platform providers, internet service providers, operating systems, browsers, social media programs. Please know that Bosley is not responsible for the accuracy of the Information provided to us by third parties or how such third parties collect and use your Personal Information.
- When you visit our Sites, open or click on emails we send you, or interact with our advertisements. We or third parties we work with automatically collect certain information using technologies such as cookies, web beacons, clear GIF, pixels, internet tags, web server logs, and other data collection tools. For more information, please see the “Cookies and Other Information Collection Technologies” section below.
- Other Sources
- Including from publicly available sources.
WHY DO WE COLLECT INFORMATION AND HOW DO WE USE IT?
We collect information about and from you, including Personal Information, for various purposes, including but not limited to:
- Presenting our Site and its contents to you;
- Finding out how to contact you and determine how you wish to be contacted, including via telephone call, text message (SMS/MMS), email, or physical correspondence;
- Delivering any information, offers, promotions, Services that you may have requested;
- Notifying you of Bosley and our strategic partner’s latest offers and promotions;
- Managing our business relationship (including reminding you of an appointment, sending you a billing statement, updating or upholding our legal agreements, making material changes to this Site or our services);
- Better tailoring our offers, Site, and Services to your specific needs;
- Improving the content and administration of our Site and Services, and our social or networking applications and our marketing content;
- Ensuring that our advertising partners will display Bosley’s offers which may interest you as you browse the internet;
- Giving you important notices regarding any of the above;
- Detecting, investigating, preventing, or taking action regarding possible malicious, deceptive, fraudulent, or illegal activity, including fraudulent transactions, attempts to manipulate or violate our policies, procedures, and terms and conditions, security incidents, and harm to the rights, property, or safety of Bosley and our users, customers, employees, or others.
- Fulfilling any other purpose for which you consented, or which may have been described to you when you provided the Information; and
- Complying with any legal or regulator obligations, to establish or exercise our rights, and to defend against a legal claim.
Although the section above describes our primary purpose in collecting your information, in many situations we have more than one purpose. For example, if you wish to receive Services from us or more information about our Services, we may collect your information as we have a legitimate interest to perform those Services for you and reach out to you, and we also collect your information so that we can quickly and easily respond to any questions. As a result, our collection and processing of your information is based in different contexts upon your consent, our need to perform the services or contractual obligations, our obligations under law, and/or our general interest in conducting our business.
COOKIES AND OTHER INFORMATION COLLECTING TECHNOLOGIES
We may use the following types of cookies on our Site:
These are cookies that our Site needs in order to function, and that enable you to move around and use the Site and features. Without these essential cookies, the Site will not perform as smoothly for you as we would like it to and we may not be able to provide the Site or certain services or features you request. Examples of where these cookies are used include: to determine when you are signed in, to determine when your account has been inactive, and for other troubleshooting and security purposes.
Analytics cookies allow us to understand more about how many visitors we have to our Online Services, how many times they visit us and how many times a user viewed specific pages within our Site. Although analytics cookies allow us to gather specific information about the Site that you visit and whether you have visited our Site multiple times, we cannot use them to find out details such as your name or address. We use Google Analytics. For more information about Google Analytics, please refer to “How Google Uses Information From Sites or Apps that Use Our Services,” which can be found at www.google.com/policies/privacy/partners/, or any other URL Google may provide from time to time. To access and use the Google Analytics Opt-Out Browner Add-On by visiting https://tools.google.com/dlpage/gaoptout/
Advertising cookies may be placed by us or third parties to enable third party ad networks to recognize a unique cookie on your computer or mobile device. The information that is collected and disclosed by these types of cookies may also be linked to the device identifier of the device you are using to allow us to keep track of all the websites you have visited that are associated with the ad network. This information may be used for the purpose of targeting advertisements on our Sites and third party sites based on those interests.
HOW DO WE COMMUNICATE WITH YOU?
At Bosley, our goal is to ensure that the way we communicate with you reflects your preferences. If we have an existing business relationship, you have consented to receive mail, email, phone and text message (as applicable) in order to manage our business relationship, including, but not limited to telephone, email and text message appointment and or invoice reminders (“Business Communications”).
YOUR RIGHTS AND CHOICES
You may have certain rights regarding your Personal Information. Your rights will vary depending on where you are located. Specifically, you may have the following rights:
- Access To Your Personal Information. You have the right to request access to the Personal Information we hold about you, along with other information such as the purposes of the processing, the recipients or categories of recipients to whom the Personal Information has been or will be disclosed, the sources of the Personal Information, retention, and transfers of Personal Information.
- Changes (Correction) To Your Personal Information. You have the right to request correction of inaccurate Personal Information we have about you. Depending on the purposes of the processing, you may have the right to have incomplete Personal Information completed, including by means of providing a supplementary statement. As noted above, you may also be able to correct your information in your account or profile.
- Deletion Of Your Personal Information. You may request that we delete your Personal Information by contacting us using the contact information described below. If required by law we will grant a request to delete information, but you should note that in many situations we must keep your Personal Information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes.
- Automated Processing: Under certain circumstances, you have the right to object to a significant decision based solely on automated processing (i.e., without human intervention) unless that decision is required or authorized by law. We do not engage in automated decision-making without human intervention.
- Right to request data portability: Under certain circumstances, you may have the right to receive the Personal Information concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, and you may have the right to transmit those data to another entity without hindrance from us
- Commercially Recognized Opt-Out Signal. Bosley generally recognizes commercially recognized opt-out preference signals (e.g., Global Privacy Controls, Do Not Track). Recognition of this signal applies only to the specific device and/or browser that communicates the signal and does not apply to other devices/browsers you use to access our Sites.
- Promotional Emails. You may choose to provide us with your email address for the purpose of allowing us to send free newsletters, surveys, offers, and other promotional materials to you, as well as targeted offers from third parties. You can stop receiving promotional emails by following the unsubscribe instructions in e-mails that you receive. You may also contact us using the contact information below to unsubscribe. Please note that unsubscribing via email may take up to 10 business days to implement.
- Promotional Mailings. If at any time you do not want to receive offers and/or circulars from us you can remove yourself from our mailing lists by emailing us (our contact information is below) with “NO SNAIL MAIL” in the subject line along with your name, address and zip code. Please note that our mailings are prepared in advance of their being sent. Although we will remove your name from our mailing list after receiving your request, you may still receive mailings from us that had been initiated prior to your name being removed. To unsubscribe from receiving mailings, please use our contact information below.
- Promotional Text Messages. If you receive a text message from us that contains promotional information you can opt-out of receiving future text messages by replying “STOP.” Alternatively, if you wish to stop receiving text messages, you can contact us by using the contact information listed below.
- Promotional Calls and Follow-Ups. From time to time, after you have provided us your Personal Information, a Bosley representative may call you to inform you of special Bosley offers or offers specially tailored to you, and or other information. By providing your Personal Information to us regardless of the method by which you provide it, including but not limited to, via our Site, via a Form, via text, over the phone or through social media, you are consenting to receiving follow-up calls from time to time unless you revoke such consent. To unsubscribe from receiving calls, please use our contact information below. Please note that unsubscribing via email may take up to 10 business days to implement.
- Revocation Of Consent. Where we rely on your consent to process your Personal Information, you have the right to withdraw that consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.
- Right to Limit the Use and Disclosure of Sensitive Personal Information. We do not currently use or disclose Sensitive Personal Information for purposes other than those which cannot be limited under applicable law.
- Opt-Out of the “Sale” or “Sharing” of Personal Information. Subject to certain exceptions, California residents have the right to opt-out of the “sale”/”sharing” of their Personal Information. Making Personal Information (such as online/device identifiers, browsing activity, or geolocation) available to social media platforms and ad networks to deliver interest-based ads to you may be a “sharing” under California law (in this context “sharing” means cross contextual behavioral advertising). To opt-out of the “sharing” of your Personal Information as just described, please use the “Do Not Sell or Share My Personal Information” button at the bottom of our Sites, or click here.
Please note that many of the above rights are subject to exceptions and limitations. Your rights and our responses will vary based on the circumstances of the request. If you choose to assert any of these rights under applicable law, we will respond within the time period prescribed by such law. In some cases, we may limit or deny your requests to access or delete your information. This may occur because the law permits or requires us to do so, or if we are unable to adequately verify your identity.
If you are located in the State of California in the United States, a person authorized to act on your behalf may make a verifiable request related to your Personal Information. If you designate an authorized person to submit requests to exercise certain privacy rights on your behalf, we will require verification that you provided the authorized agent permission to make a request on your behalf.
In any circumstances, your request must: (i) provide sufficient information that allows us to reasonably verify that you are the person about whom we collected Personal Information or an authorized representative of that person; and (ii) describe the request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
DISCLOSURE OF PERSONAL INFORMATION
In addition to the specific situations discussed elsewhere in this policy, we disclose information in the following situations:
- Analytics services and Advertising Networks and or Providers. When you visit our Site, we may be sharing your non-identifiable information, with certain parties, only with respect to your browsing or usage, pursuant to our agreements with them. These third parties do not change their tracking practices in response to “do-not-track” signals from your web browser and we do not obligate these parties to honor “do-not-track” signals.
- Affiliates and Acquisitions. We may disclose information with our corporate affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control). If another company acquires, or plans to acquire, our company, business, or our assets, we will also disclose information with that company, including at the negotiation stage.
- Service Providers. We disclose your information with service providers. Among other things service providers may help us to administer our Site, collect data for analysis purposes, conduct surveys, provide technical support, process payments, and assist in the fulfillment of orders.
- Compliance with Law or Other Legal Process. We may disclose information in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also disclose your information in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies, or to comply with your request for the shipment of products to or the provision of services by a third party intermediary.
- Other Disclosures without Your Consent. We may disclose information in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also disclose your information in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies, or to comply with your request for the shipment of products to or the provision of services by a third party intermediary.
- Disclosures with Your Consent. Bosley may disclose Personal Information for any purpose for which you have prior consented to the disclosure.
- De-identified or Aggregate Information. We may aggregate and anonymize information you provide to us in such a way as to ensure it will no longer be identifiable to you. This data may be used for statistical, analytic, and administrative purposes, including analyzing our website traffic and trends, tailoring our Services, or conducting product analysis. We may disclose anonymized or aggregated data at our discretion, in accordance with applicable laws.
SECURITY OF YOUR PERSONAL INFORMATION
We take the privacy of your Personal Information seriously. We use commercially reasonable technical, administrative and physical security measures to protect your Personal Information, including generally accepted industry standards to protect the Personal Information submitted to us during transmission and once we receive it. However, no method of transmission over the Internet or method of electronic storage is 100 percent secure, so we unfortunately cannot guarantee absolute security. In the event of a breach that we are required by law to inform you of, we may notify you electronically, in writing, or by telephone, if permitted to do so by law. If you have reason to believe that your interaction with us is no longer secure (e.g., if you feel that the security of any account you might have with us has been compromised), please contact us immediately as detailed under the “Contact Us” heading below.
RETENTION OF YOUR PERSONAL INFORMATION
How long we retain your Personal Information depends on the context in which, and purpose for which, we collected it. We generally retain Personal Information for as long as necessary for achieving the purpose for which it was collected, unless a different retention period is required by applicable law.
OTHER IMPORTANT INFORMATION
- Links to Third-Party Websites. From time to time, the Site may contain links to other websites not belonging to or under the control of Bosley. Bosley explicitly disclaims responsibility or liability for the privacy practices or the content of websites that do not belong to or are not under Bosley’s control.
- Children. Our Site is intended for adults over the age of 18 and it is therefore not intended for minors. We do not currently collect age information through our Site. No one under age 18 may provide any information to or on the Site. In compliance with the Children’s Online Privacy Protection Act (“COPPA”), Bosley does not knowingly collect information from children, as our policy is that no one under the age of 18 should use our website. Bosley does not target its Site to minors in general. Children should always get permission from their parents before sending any information about themselves (such as their names, email addresses, and phone numbers) over the Internet. If you are under 18, do not use or provide any information on this Site or on or through any of its features/register on the Site, use any of the interactive features of this Site or provide any Personal Information to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received Personal Information from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us as provided in the Contact Us section below. If you are under the age of 18 stop using the Site, and please have your parent or legal guardian contact us on your behalf.
- Automated Technology Disclosure. When submitting your information on the Site, you agree to the following statements: 1) I agree to receive advertising calls made via an autodialer to my phone at the number I provided, including my cellphone. Message, minutes and data rates may apply; 2) I agree to receive automated text messages to my mobile phone number provided. Max 6 messages per week per #. Message and data rates may apply. You may reply STOP to any text message at any time to stop receiving text messages; 3) I agree to receive transactional, advertising, promotional, news-related and other emails from Bosley regarding the company and its products and services. I understand that I may withdraw my consent to receive calls, texts, or email at any time, and that I am not required to agree to the receipt of advertising calls, texts, or emails in order to receive services from Bosley. If I opt-out of advertising emails, I understand that I still may receive service-related communications via email as permitted by applicable law.
- Accessibility. If you are visually impaired, you may access this notice through your browser’s audio reader.
Attn: Customer Care
9100 Wilshire Blvd
East Tower Penthouse
Beverly Hills, CA 90212
- For Customer Service or if you wish to no longer receive information from Bosley: [email protected]
Effective Date: February 2023
Last Updated: February 2023