RMS BEAUTY PRIVACY NOTICE
Revision effective and last updated on April 26, 2022.
Welcome to rmsbeauty.com. As a valued customer, RMS Beauty, LLC (“RMS Beauty,” “we,” “us,” “our”) respects your security concerns and is committed to protecting your privacy. This Privacy Notice describes what personal data is collected, how the information is used, to whom it is disclosed, and the measures taken to safeguard it. This Privacy Notice applies to the personal data collected through our website, third party sources, and our communications with you (collectively, the “Services”).
WHAT DATA DO WE COLLECT?
We collect a variety of personal data from and about you through the Services, including:
Data You Provide Directly to Us. We collect personal data from you when you provide it directly to us, such as:
- Contact information, such as your name, home address, email address, and phone number.
- Payment card information, such as payment card numbers, expiration dates, and security codes.
- Any personal data you share with us during a One2One video consultation, including images and audio disclosed during the video consultation.
- Any personal data you provide if you contact us generally with questions, requests, or complaints, or to exercise your legal rights.
- Other information about you, such as information regarding your personal tastes, preferences, general demographics, and purchasing habits.
We may collect information directly from you when you communicate with us, including by engaging in any of the following:
- Submit an order for our products or services, including a One2One consultation.
- Register for an account.
- Submit product reviews.
- Subscribe to email communications.
- Participate in any RMS Beauty programs including contests, sweepstakes, surveys, or loyalty programs, including RMS Rewards.
- Communicate with our customer service team who may assist with purchases or field inquiries.
- Contact us or on our social media pages with a comment, question, or complaint.
- If you contact us with questions, requests, or complaints, or to exercise your legal rights, we collect any personal data you choose to provide, including personal data necessary for us to answer your questions and address the issue you are contacting us about.
Data Collected Automatically. When you browse or use the Services, we may collect other personal data through commonly-used logging and analytics tools, including Google Analytics, that collect information about your browser, your device, the network used to access the Services, and information about your use of the Services (such as how you navigate and move around the Services).
We also use certain technologies on the Services, including cookies and pixel tags, that allow us, our service providers, and other third parties to store information locally on your device, identify your device, track your interactions with other sites, and track activity over time and across websites. We also partner with third-party advertising companies. Advertisers sometimes include their own web beacons, cookies or pixels (or those of their other advertising partners) within their advertisements enabling them to set and read their own cookies. These third parties may place cookies on your computer and collect data about your online activities across websites or online services.
Information collected automatically includes the software and hardware attributes of the device and browser you use to access the Services, unique device ID information, regional and language settings, performance data about the Services, network provider, clickstream data, information about the website from which you came, and IP address (a number assigned to your device when you use the Internet). In addition, information is collected automatically in the form of log files and third-party analytics that record website activity. For example, log file entries and analytics data are generated every time you visit a particular page on our website, and track the dates and times that you use the Services, the pages you visit, the amount of time spent on specific pages, and other similar usage information, and general data (including the name of the web page from which you entered our website).
- Location Information: We may collect location information provided by your device. See the “YOUR CHOICES” section below for more information about how to disable or limit the collection of location information.
Please see the “YOUR CHOICES” section of this Privacy Notice for more information about how you can opt out of, limit, or prevent certain web tracking technologies and/or advertising providers from collecting information about you.
Information Obtained from Third Party Sources. We receive personal data from third parties that we have engaged to provide services to us, including website chat providers, as well as from third parties that provide web analytics and usage information to us such as Google Analytics.
These third-party sources may include:
- Our affiliates.
- Services that make user-generated content from their service available to others, such as website review firms or public social media posts.
- Communication services and networks, including social networks, when you give us permission to access your data on such third-party services or networks.
- Service providers that help us determine your device’s location.
- Partners with which we offer co-branded services or engage in joint marketing activities.
- Partners with whom we share and receive personal information.
- Publicly-available sources, such as open government databases.
In addition, if you choose to interact with us or our partners on social media by posting to our pages, tagging us (or using certain hashtags or other identifiers) in posts, or participating in activities, we may collect certain information from the social media account you use to interact with us, including the name associated with the account, the account handle, recent activity, the content of any posts in which we are tagged, and other information that may be contained on your social media profile to allow us to respond to the posts and understand and engage with our audience. We may also collect data that is not identifiable to you or otherwise associated with you, such as aggregated data, and is not personal data. This data is not subject to this notice unless it is stored or otherwise associated with your personal data.
HOW DO WE PROCESS PERSONAL DATA?
As a general matter, we collect, use, disclose, and store your information to provide you the Services when we have an appropriate legal basis. We may use the information we collect from you for the following purposes.
- Your Consent. We process personal data to the extent you provide your consent, such as when we request to process personal information for a purpose that is not already identified by this Privacy Notice. You have choices when it comes to the technology you use and the data you share. When you are asked to provide personal data or consent to processing, you can decline. Many of our products, services, and offerings require some personal data to operate and provide you with a service. If you choose not to provide data necessary to operate and provide you with a product or feature, you cannot use that product or feature.
- Performance of a Contract. We process personal data to enter into, or perform under, the agreement between us, such as processing payments, shipping orders, and responding to support or warranty requests. If you do not provide the data, we will not be able to enter into the contract; or if this relates to an existing product you’re using, we may have to suspend or cancel it. We will notify you if this is the case at the time. Where providing the data is optional, and you choose not to share personal data, features like personalization that use the data will not work for you.
- Legitimate Interests. We process personal data for our legitimate interests, consistent with your rights and appropriate to the context, for:
- Processing and fulfilling your orders for our products or services, including processing your payments;
- Providing you with information tailored to your requests, responding to inquiries, and communicating with you about your account, purchases, orders, and use of the Services, including responding to your comments, questions, and concerns and otherwise administering customer service;
- Delivering and providing the Services and other products to you and our customers;
- Storing information about your preferences and customizing your experience on the Services;
- Operating, maintaining, modifying, and improving the quality of the Services and such content, products and/or services as we may make available through the Services, including understanding our audience size and usage patterns and identifying and repairing issues impairing intended functionality;
- Performing analytics;
- Compliance with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies and for other administrative and fraud detection purposes;
- Endeavoring to protect and secure the Services, including against fraud and other misuse, and our and our partners’ rights, property, or safety, and the rights, property, and safety of our users and other third parties;
- To engage in or enable internal uses consistent with our relationship with you, or compatible with the context in which you provided the information, such as internal research for technology development;
- For marketing and advertising purposes, including sending messages, such as by email or SMS text message, about us, our partners, and the products and services we and our partners offer, which may from time to time include contests, rewards, events, and special offers for products and services, and personalizing those messages;
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding; and
- For other purposes, as permitted or required by law or as authorized or directed by you.
- Compliance with Legal Obligations and Protection of Individuals. We may process personal data to comply with the law and our legal obligations, as well as to protect you and other individuals from certain harms.
Sharing of Personal Data. Some of the above processing may involve sharing collected personal data with third parties, including service providers, affiliates, and other partners, as described below.
- We may share personal data with third parties when you direct us to do so or as otherwise necessary to address your requests;
- We may share personal data among our affiliated entities and with our subsidiaries;
- We may share personal data with our service providers, including payment processors, software and web developers, order processing and fulfillment services, commercial email providers, security consultants, and other vendors we engage;
- We may share personal data we collect with certain partners, prospective partners, and service providers;
- We may share personal data to communicate with you and others, including for marketing purposes, including email and SMS text message communications;
- We may share personal data to protect and secure the Services, including against fraud and other misuse, and our and our partners’ rights, property, or safety, and the rights, property, and safety of our users and other third parties;
- We may share personal data with third parties when we believe it is required by, or necessary to comply with, applicable law, a court order, legal process, or other governmental or regulatory requests;
- We may share personal with a buyer or other successor or organization in the event of an actual or potential merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, including as part of bankruptcy, liquidation, or similar proceedings; and
- We may share personal data for such purposes as you may authorize or direct us.
PROTECTING PERSONAL DATA
We maintain safeguards in alignment with relevant industry standards intended to promote the security of our systems and protect the confidentiality, integrity, availability, and resilience of personal data. Those safeguards may include encryption of personal data where we deem it appropriate, and taking steps to ensure personal data is backed up and remains available in the event of a security incident.
However, no method of safeguarding information is completely secure. While we use measures designed to protect personal data in alignment with relevant industry standards , we cannot guarantee that our safeguards will be effective or sufficient. In addition, you should be aware that Internet data transmission is not always secure, and we cannot warrant that information you transmit utilizing the Services is or will be secure.
RETENTION OF PERSONAL DATA
We retain personal data for as long as necessary to carry out the processing activities described above, including but not limited to providing the Services or content, products, or other services we make available through the Services, compliance with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, and protecting our and our business partners’ and customers’ rights, property, or safety, and the rights, property, and safety of our users and other third parties.
You have choices about personal data we collect, how we communicate with you, and how we process certain personal data. For example, when you are asked to provide personal data, you may decline to do so; but if you choose not to provide personal data that is necessary to provide any aspect of our Services, you may not be able to use those Services. Other examples of your choices, and how to exercise them, are listed below.
Cookie Preferences. You can accept or reject certain cookies for the Services through our Cookie Preference Center. You can also do so by adjusting your web browser controls.
Tailored Advertising. We currently employ third-party service providers to deliver display and banner ads or links on our behalf, throughout the internet. Our service providers use cookie and pixel technologies to deliver tailored advertising based on your engagement with our website. You may click the preference icon that may appear on some of our display or banner ads to hide future advertisements. You may manage your third-party advertising preferences by clicking HERE.
Communications Opt-Out. You may opt out of receiving marketing or other communications from us at any time through a given communications channel (such as email or telephone, including SMS text message) by following the opt-out link or other unsubscribe instructions provided in any email message, SMS text message, or other communication received, by contacting us as provided in the CONTACT INFORMATION AND ASSISTANCE section at the end of this Privacy Notice, or by informing our customer service representatives of your desire to opt out. If you wish to opt out by sending us an email to the address provided below, please include “Opt-Out” in the email’s subject line and include your name and the email address you used to sign up for communications in the body of the email. Note that if you do business with us in the future, you may not, subject to applicable law, opt out of certain automated notifications, such as order or subscription confirmations, based on business transactions (e.g. e-commerce).
Location Information. If you want to limit or prevent our ability to receive location information from you, you can deny or remove the permission for certain Services to access location information or deactivate location services on your device. Please refer to your device manufacturer or operating system instructions for instructions on how to do this.
Do Not Track. We use analytics systems and providers and participate in ad networks that process personal data about your online activities over time and across third-party websites or online services, and these systems and providers may provide some of this information to us. Note that our service providers may not recognize “Do Not Track” headers from some or all browsers.
OTHER IMPORTANT INFORMATION ABOUT PERSONAL DATA AND THE SERVICES
Our Privacy Notice also includes information about other practices with respect to personal data, including:
- Collection of personal data from children;
- Links and references to third-party websites and services on our Services:
- Information about where we process and transfer personal data.
Collection of Personal Data from Children. We do not direct our Services toward children under the age of 13. We also do not intentionally collect, maintain, or request information provided by children under the age of 13. If you are the parent or guardian of a child under the age of 13 and you believe we have inadvertently received information about that child, please contact us as described in the CONTACT INFORMATION AND ASSISTANCE section at the end of this Privacy Notice for assistance.
Third-Party Websites and Services. As a convenience, we may reference or provide links to third-party websites and services, including those of unaffiliated third parties, our affiliates, service providers, and third parties with which we do business. When you access these third-party services, you leave our Services, and we are not responsible for, and do not control, the content, security, or privacy practices employed by any third-party websites and services. You access these third-party services at your own risk This Privacy Notice does not apply to any third-party services; please refer to the Privacy Notices or policies for such third-party services for information about how they collect, use, and process personal data.
International Transfers. Your personal data will be stored and processed in your region, in the United States, and in any other country where RMS Beauty or its affiliates, subsidiaries, or service providers operate. Typically, the primary storage location is in the customer’s region or in the United States, and may have a backup to a data center in another region. By your use of the Services you acknowledge that we will transfer your data to, and store your personal data in, jurisdictions which may have different data protection rules than in your country, and personal data may become accessible as permitted by law in those territories, including to law enforcement and/or national security authorities in those territories.
When we transfer personal data subject to the data protection laws of the European Economic Area, Switzerland, or the United Kingdom to entities located outside the European Economic Area, Switzerland, or the United Kingdom, we will rely on a legal framework that provides appropriate safeguards, which could include the standard contractual clauses, binding corporate rules, or frameworks deemed adequate by the European Commission or relevant governmental authorities of Switzerland or the United Kingdom.
MODIFICATIONS AND UPDATES TO THIS PRIVACY NOTICE
We reserve the right, in our sole discretion, to modify, update, remove, or otherwise change our Privacy Notice at any time and without prior notice in order to reflect changes regarding our information practices. This Privacy Notice replaces any previous disclosures we may have provided to you about our information practices. We will notify you of an updated Privacy Notice by posting the changes on our website with the updated effective date.
ADDITIONAL INFORMATION FOR RESIDENTS OF THE EUROPEAN ECONOMIC AREA, SWITZERLAND, OR THE UNITED KINGDOM
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you may have rights in respect of their personal data. These rights may include, depending on the circumstances surrounding the processing of personal data:
- The right to object to or request restriction of processing of personal data or object to processing of personal data carried out pursuant to (i) a legitimate interest or (ii) performance of a task in the public interest;
- The right to access your personal data and other information about our processing of your personal data;
- The right to correct inaccurate personal data about you that we process;
- The right to data portability, which means that you can request that we provide certain personal data we hold about you in a format you can more readily use;
- The right to erasure, which means that you can request deletion or removal of certain personal data we process about you;
- Where processing of personal data about you is based on consent, the right to withdraw your consent to such processing; and
- The right to lodge a complaint with a supervisory authority.
You may exercise these rights, to the extent they apply, by contacting us as provided at the end of this Privacy Notice, or by following instructions provided in this Privacy Notice or in communications sent to you. Please be prepared to provide reasonable information to identify yourself and authenticate your requests.
ADDITIONAL INFORMATION FOR RESIDENTS OF CALIFORNIA
This section of the Privacy Notice applies solely to consumers who reside in the State of California (“consumers” or “you”), and generally to the personal data of a particular consumer or household (“California Personal Data”). Provided, however, that California Personal Data does not include, and this section of the Privacy Notice does not apply to, information excluded from or otherwise not regulated by the California Consumer Privacy Act of 2018 unless otherwise indicated below.
California Personal Data We Collect. We have collected the following categories of California Personal Data regarding consumers within the last 12 months:
- Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as name, address, telephone number, state identification card number, bank account number, credit card number, debit card number, or any other financial information,. Some personal information included in this category may overlap with other categories.
- Identifiers such as your real name, alias, postal address, zip code, telephone number, email address, account name, payment card numbers, or other similar identifiers
- Unique and online identifiers such as device identifiers, internet protocol addresses, cookie identifiers, beacon identifiers, pixel tags or mobile ad identifiers or similar technology, or other forms of persistent or probabilistic identifiers that can be used to identify a particular consumer or device
- Commercial information that identifies or could reasonably be linked to you, such as products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
- Internet or other electronic network activity information identifies or could reasonably be linked to you, such as browsing history, search history and information regarding an individual’s interaction with an internet website, application, or advertisement
- Geolocation information, such as your specific, real-time physical location or precise movements while you access our sites or apps if you have enabled location services on your device
- Protected classification characteristics under California or federal law, which includes age if 40 years or older, race, color, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, pregnancy or childbirth and related medical conditions), veteran or military status, genetic information (including familial genetic information)
- Inferences drawn from personal information, such as person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.
Sources of California Personal Data. We may obtain the categories of California Personal Data that we collect as indicated above from the following categories of sources.
- Directly from you. For example, through website forms you complete or ordering our products and services.
- Automatically and indirectly from you, such as through logging and analytics tools, cookies, pixel tags, and other automatic data collection.
- From third parties, such as our service providers, consumer data resellers, services that make user-generated content available to others, communications services, social networks and social media online services, affiliates, and other business partners.
Use of California Personal Data. We may use the categories of California Personal Data that we collect, as described above, for one or more of the business purposes and commercial purposes described in the How Do We Process Personal Data? section above.
Sharing California Personal Data. We may disclose the categories of California Personal Data that we collect as indicated above to the categories of third parties described in the How Do We Process Personal Data? section above. In the preceding 12 months, we may have disclosed categories of California Personal Data that we collected, as described above, for a business purpose.
We do not directly exchange California Personal Data for financial remuneration, such as monetary compensation. However, under the CCPA, a “sale” of California Personal Data is now defined in a manner that includes disclosures in exchange for anything of value, such as other information. Applying that definition of “sale,” we sell California Personal Data by sharing it with our data partners. In the preceding twelve months we may have sold the California Personal Data categories described below:
- Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as name, address, telephone number, Some personal information included in this category may overlap with other categories.
- Identifiers such as your real name, alias, postal address, zip code, telephone number, email address, account name, or other similar identifiers.
- Commercial information that identifies or could reasonably be linked to you, such as products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Geolocation information, such as your location as indicated by your IP address.
In the preceding 12 months, we have not sold California Personal Data. We do not sell your California Personal Data, and we do not have actual knowledge that we sell the California Personal Data of consumers under the age of 16.
California Personal Data Rights and Choices. The CCPA provides consumers with specific rights regarding their California Personal Data. The below sections describe the rights you may have and explains how to exercise those rights.
Direct Marketing Disclosure Request Right. California residents who have an established business relationship with us may request information regarding third parties, if any, to whom we may have disclosed personal information (as defined by Cal. Civ. Code. § 1798.83(e)(7)) for the direct marketing purposes of those third parties during the preceding calendar year. Requests may be made only once per year per person. To submit a request, send an email or letter to the addresses provided in the Contact Information and Assistance section at the end of this Privacy Notice.
Access to Specific Information and Data Portability Rights. You have the right to request that we disclose certain information to you about our sale, collection, use, and disclosure of your California Personal Data over the past 12 months. If we receive and confirm a verifiable consumer request from you pursuant to the Exercising Access, Data Portability, and Deletion Rights section below, we will disclose one or all of the following depending on the scope of the request:
- The categories of California Personal Data we collected about you over the past 12 months.
- The categories of sources for the California Personal Data we collected about you over the past 12 months.
- Our business or commercial purpose for collecting California Personal Data about you over the past 12 months.
- The categories of third parties with whom we shared California Personal Data over the past 12 months.
- The specific pieces of California Personal Data we collected about you over the past 12 months.
- If we disclosed or sold your California Personal Data for a business purpose, a list of the disclosures for a business purpose identifying the categories of California Personal Data disclosed and a list identifying the California Personal Data sold and the categories of third parties who purchased that California Personal Data.
Deletion Request Rights. Subject to certain exceptions, you have the right to request that we delete the California Personal Data that we collected about you. Once we receive and confirm your verifiable consumer request, we will delete your California Personal Data from our records, unless an exception applies.
Exercising Access, Data Portability, and Deletion Rights. To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
- Calling us at 1-877-767-1147
- Emailing us at firstname.lastname@example.org
- Mailing us at
Re: Privacy Compliance Officer
1460 Tobias Gadson Blvd.
Charleston, SC 29407
Only you, or an authorized agent registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your California Personal Data. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. Your request must provide information sufficient to permit us to reasonably verify you are the person about whom we collected California Personal Data, or an authorized representative of that person. Your request also must include sufficient detail for us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with California Personal Data if we cannot verify your identity or authority to make the request and confirm the California Personal Data relates to you.
If you have an online account with us, we will deliver our written response to that online account. If you do not have an online account with us, we will deliver our written response by mail or electronically.
Making a verifiable consumer request does not require you to create an account with us. However, if you have a password-protected account with us we consider requests made through that account sufficiently verified when the request relates to California Personal Data associated with that specific account.
Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable request. If we cannot fulfill, or are permitted to decline, your request then we will alert you or your authorized representative. For data portability requests, we will select a format to provide your California Personal Data that is readily usable.
If your request is manifestly unfounded, repetitive, or excessive, including if you have made several repetitive requests, we may charge a reasonable fee to respond. We also may decline to respond, in which case we will notify you.
Non-Discrimination. You have a right to not receive discriminatory treatment for exercising your access, data portability, and deletion rights described above. Except to the extent permitted by the CCPA, we will not discriminate against you for exercising the access, data portability, and deletion rights described above.
Notice of Financial Incentive. We offer a voluntary loyalty program, rms rewards, that provides customers who choose to sign up the opportunity to earn points that can be redeemed for free products, discounts, and other perks. We may also offer other programs that offer similar benefits, such as a discount code if you join our mailing list. When you sign up for rms rewards or these other programs, we will ask you to provide your name and contact information, such as your email address and/or telephone number.
Because we ask you to provide California Personal Data when you sign up for these programs, and you receive benefits, including financial benefits such as free products, discounts, and other perks, when you make purchases and otherwise participate in them, they may be considered a “financial incentive” under the CCPA. The value of the California Personal Data we collect through these programs is inherently variable and depends on each participant’s purchasing and reward redemption activity. We estimate, however, that the value of the California Personal Data we collect from each program participant is equivalent to the expenses related to our providing the program to that program participant, including the cost of free products and other perks that the participant earns, and the value of discounts on purchases made by the participant that are related to their participation in the program.
You can opt in to participate in rms rewards by registering for an account on our website (https://www.rmsbeauty.com/account/register). You can opt in to participate in other programs by following the instructions provided at the time the program is offered. You have the right to withdraw from these programs at any time and may exercise that right by contacting us by as described in the CONTACT INFORMATION AND ASSISTANCE section at the end of this Privacy Notice, or as otherwise provided in the terms and conditions that govern the applicable program.
THIRD PARTY LINKS AND SOCIAL MEDIA
We welcome your engagement via our social media channels such as Facebook, Twitter, Pinterest, LinkedIn, and Instagram. We invite you to share your décor inspiration, RMS Beauty purchases, and/or introduce friends to the RMS Beauty brand. Please be advised that anything shared on each respective social media channel is subject to the privacy policies of that social media channel.
APPLICABILITY OF THIS PRIVACY NOTICE
This Privacy Notice does not apply to information from or about you collected by any third-party services, applications, or advertisements associated with, or websites linked from, the Services. The collection or receipt of your information by such third parties is subject to their own privacy policies, statements, and practices, and under no circumstances are we responsible or liable for any third party’s compliance therewith.
CONTACT INFORMATION AND ASSISTANCE
If you have any questions or concerns about this Privacy Notice and/or how we process personal data, or would like to exercise any applicable legal rights set forth above, please contact via the methods provided below:
Mail: RMS Beauty
Re: Privacy Compliance Officer
1460 Tobias Gadson Blvd.
Charleston, SC 29407