Effective Date: September 30, 2021
Here are a few general principles to keep in mind as you read through this Policy:
- The Site is owned and operated by Deva Concepts LLC and its corporate affiliates (referred to collectively in this policy as “we,” “us,” “our” and other similar pronouns).
- As our business evolves, this Policy may change, so check back to this page periodically to make sure you understand how your personal information will be treated.
- Advertisements displayed to you on this Site and elsewhere may be customized to your interests and preferences based on your Personal Information and Site Usage Information (as further described below) collected through our Site. We may work with third parties, such as Facebook and Google, to make this happen. You may be able to opt out of such advertisements. For more information, visit http://www.networkadvertising.org/choices/ or http://www.aboutads.info/choices/ or https://youradchoices.ca/en/tools (in Canada) . (You have to opt-out using each of your Web browsing applications and devices separately.) You may also learn how to individually opt-out of these activities for Facebook at https://www.facebook.com/help/568137493302217 and for Google at https://www.google.com/settings/u/0/ads/authenticated?hl=en. However, if you opt-out we may still suggest offerings to you on our Site based on your history at our Site.
What information do we collect?
We may collect or have collected the following categories of information about you. In some cases, the information we collect may fall within more than one category.
- Contact information and personal identifiers, such as your name, home address, delivery address, email address, telephone number, wireless device addresses (including text message addresses) and username or social media handle.
- Device identifiers, such as information about your device like your MAC address, IP address, or other online identifiers.
- Demographic information, such as your age, sex, and gender (some of which may be protected by applicable law).
- Physical characteristics, such as your hair type or hair care concerns.
- Commercial information, such as the products or services you have purchased, returned or considered, and your product preferences.
- Identity verification information, such as DevaCurl account information and other authentication information (like passwords).
- Online or network activity information, such as information regarding your interaction with our website, digital properties, and advertisements, information about your browsing and search history on our website or mobile applications, and log file information which includes, but may not be limited to, your browser type, webpages you visit, and other electronic network activity.
- Geolocation information, such as information that can help identify your physical location (like your GPS coordinates or the approximate location of your mobile device).
- Audio and visual information, such as recordings of your voice when you call our customer service.
- Professional or employment-related information, such as information from your resume, employment history, education information, and professional licenses or certifications.
- User Content, such as your communications with us and any other content you provide (including photographs and images, videos, reviews, articles, survey responses, and comments).
- Inferences drawn from or created based on any of the information identified above.
“Personal Information” is information that can be used to identify you as an individual or allow someone to contact you, as well as information attributed with such information.
How do we collect this information?
We may collect or may have collected personal information about you through various sources. We may collect personal information directly from you, such as when you make a purchase, or conduct another transaction, on our website, contact us with a question or complaint, create an account on our website, review our products, respond to a survey, take our quizzes (such as our Curl Quiz), upload photos to our website, provide your social media content, participate in a contest or other promotion, make an online appointment for one of our salons, sign-up to attend an event, apply for employment, sign-up to receive marketing communications, or use other services, features or resources we make available on the Site. We may collect personal information that you enter in a web form on our website automatically and prior to you pressing a submit button.
Information you are required to provide to us in order to complete your transaction or make your request is indicated with an asterisk next to the field on our online forms. In those cases, you are not required by law to provide the information, but if you do not provide the information, you will not be able to conduct your transaction and we may not be able to respond to your request. An example of this is your payment card information, billing address and shipping address when you make a purchase, or your email address when you sign up to receive emails from us.
We may also collect personal information through offline technologies, such as call recording technology when you speak to our customer service team; or from our business partners and service providers, such as demographic companies, analytics providers, advertising companies and networks, third-party retailers, and other third parties that we choose to collaborate or work with.
We may also collect personal information about you from your friends or family members, such as when your friend or family member sends you a gift or makes a referral.
Site Usage Information
As is the case with many websites, our servers automatically collect your IP address when you visit our Site, and we may associate that with your domain name or that of your Internet access provider, and your general geographic location. We may also capture certain “clickstream data” pertaining to your Site usage. Clickstream data includes, for example, your IP address, information about your computer or device, Web browser and operating system and their settings, the referring page that linked you to the Site, the pages, content or ads you see or click on during your visit and when and for how long you do so, items you download, the next website you visit when you leave the Site, and any search terms you have entered on the Site or a referral site.
Among other things, this information enables us to generate analytics reports on the usage of the Site. We may also implement certain Google Analytics Advertising Features (including Remarketing with Google Analytics; Google Display Network Impression Reporting or Google Analytics Demographics and Interest Reporting). To opt-out of your Site usage being included in our Google analytics reports or being used for Google Analytics Advertising Features, you may follow these instructions: https://tools.google.com/dlpage/gaoptout. To learn more about privacy and Google Analytics please consult the Google Analytics overview provided by Google at: http://www.google.com/intl/en/analytics/privacyoverview.html.
In addition, we may deploy various tracking technologies on the Site and in emails to collect additional information about your Site visits. For example:
- A pixel tag (also known as a “clear GIF” or “web beacon”) is a tiny image – typically just one-pixel – that can be placed on a Web page or in our electronic communications to you in order to help us measure the effectiveness of our content by, for example, counting the number of individuals who visit us online or verifying whether you’ve opened one of our emails or seen one of our Web pages.
These tracking technologies may be deployed by us and/or by our service providers or partners on our behalf. These technologies enable us to assign a unique number or identifier to you, your device or household and relate your Site Usage Information to other information about you, including your Personal Information. These technologies also enable us to recognize you when you access our Site using different Web browsers and different computers or devices.
How is your information used?
We or our service providers may use the information we collect from and about you to perform the following business functions:
- providing you with our products and services, such as fulfilling orders and processing payments, creating, servicing and/or maintaining your account, assisting with product selection and replenishment, and managing current or past purchases
- enabling users to use our Site and its features
- analyzing your responses to our quizzes and tailoring content based on your quiz results
- for marketing and advertising, such as to send you marketing and advertising materials via postal mail, text message or e-mail, and to show you advertisements for products and/or services tailored to your interests on social media and other websites
- sending you triggered real-time interaction emails such as abandoned cart, abandoned category and abandoned product emails
- advertising and marketing our products and services, contextual advertising, and tailoring ads displayed to you on our Site and elsewhere to your interests and history with us
- auditing your transactions with us
- receiving and posting your product reviews and blog comments
- engaging in a chat session with you on our Site
- registering you for courses, classes or other education about DevaCurl
- adding you to our list of Deva-certified professionals
- administering the Site and your account with us
- responding to your requests, questions and concerns
- verifying customer information
- internal research to develop, improve, upgrade and enhance new products, features and offerings for our customers
- featuring your social media content
- research, analytics and developing new features and offerings on the Site
- customizing our Site to your interests and history with us
- providing you and others with more relevant content and advertisements
- advertising and marketing our products and services, contextual advertising, and tailoring ads displayed to you on our Site and elsewhere to your interests and history with us
- counting and verifying ad impressions
- analytics, such as to understand how you use our website, understand your preferred method of purchasing with us, determine what browser and devices you use to visit our website, and to evaluate and improve our products, services, advertisements and our website
- auditing compliance and other practices
- protecting our rights and property
- preventing fraud
- detecting security incidents
- protecting against malicious, deceptive, fraudulent or illegal activity
- bringing claims against wrongdoers
- quality and safety assurance measures
- debugging software, systems and practices
- other purposes disclosed when Personal Information is submitted to us
- other limited transactional uses
To perform the above functions, we may match information collected from you through different means or at different times, including both Personal Information and Site Usage Information, and use such information along with information obtained from other sources (including third parties like data aggregators and sales lead generators), inferences we can derive from Personal Information and Site Usage Information, and publicly accessible information (such as information available publicly on the Internet). This information includes, for example, demographic information and updated contact information. We or our service providers may also use your information to assess the level of interest in, and use of, the Site, our e-mails and our other messaging campaigns both on an individual basis and in the aggregate.
Do we share your information with others?
Yes. We may share your information with others for a variety of reasons. In addition to the kinds of information sharing you might expect, such as sharing what you voluntarily post to public areas on the Site with other Site users, we may share your information:
- with third parties who need your information in order to provide services to us or on our behalf, including those service providers that process credit card payments, fulfill orders, and that provide website and application functionality, hosting, analytics, advertising and marketing services
- with third party advertising companies (such as advertising networks) to serve advertisements or send marketing messages on our behalf. For additional information, see “Third-Party Advertising Companies.”
- with our current and future parents, subsidiaries, affiliates, and other companies under common control and ownership
- with our co-sponsor(s) if we obtain your information in connection with a contest, sweepstakes, offering, or other promotional activity that is jointly offered by us and any third parties, unless you instruct us not to by following the instructions under “Email Opt-Out” below.
- when we believe in good faith that disclosure is necessary to protect our rights or property, protect your safety or the safety of others, investigate fraud or respond to a government, judicial or other legal request, or to comply with the law.
- in connection with a corporate change or dissolution, including for example a merger, acquisition, reorganization, consolidation, bankruptcy, liquidation, sale of assets or wind down of business.
When you provide a product review or other user content, that content will be publicly posted. Other users may be able to see your name or other information about you that you post.
In addition, we may share non-personally identifiable Site Usage Information (including aggregate data) with others, for their own use, in a form that does not include your name or contact information.
Third-Party Advertising Companies
Some of these service providers may be able to collect personal information that you enter into a web form automatically and prior to you pressing a submit button; and they may be able to use information from your visits to this site to send marketing messages to you in a way that may personally identify you.
You can opt-out of cookie-based targeted advertising from the companies we work with by changing your Cookies Settings.
For more information about third-party advertising companies and how you can exercise choice regarding use of your information, visit: the Network Advertising Initiative’s consumer website at http://www.networkadvertising.org/choices/, Digital Advertising Alliance’s website at http://optout.aboutads.info/#!/ or the Digital Advertising Alliance of Canada at https://youradchoices.ca/en/tools.
We also work with third-party platforms, including platforms operated by social networks, such as Google, and Facebook, to show you advertisements or measure the effectiveness of our advertisements. We may share your email address, telephone number, or other information, and/or convert such information into a unique value and have these third-party platforms match this with a user on their platform or with other data they may have. This matching enables us to deliver advertisements to you and others on these platforms. You also can request that we refrain from using your personal information in this way by emailing us at firstname.lastname@example.org.
Do Not Track Disclosures
We currently do not change our tracking practices in response to “do-not-track” signals or other similar mechanisms. Third parties that have content or services on our website such as a social feature, an analytics service, or an advertising network partner, may obtain information about your browsing or usage habits. These third parties do not change their tracking practices in response to “do-not-track” signals from your web browser and we do not obligate these parties to honor “do-not-track” signals. To learn more about browser tracking signals and “Do Not Track,” please visit http://allaboutdnt.com.
We utilize Google Analytics for our web analytics and you can opt out of your Site usage data being included in our Google Analytics reports by visiting https://tools.google.com/dlpage/gaoptout.
We use several social networking and blogging platforms to communicate with our customers, some of which are operated by third parties, such as Instagram, TikTok, Facebook, Twitter and Pinterest. This Policy applies to our use of information you submit to us there, but it does not apply to what those third-party platforms do with your information. Those platforms have their own privacy policies, and we encourage you to read them.
Our Site may include features and functionalities that allow you to share information with us that you have already provided to a third-party social networking platform. For example, you may be able to create an account on our Site or log-in to our Site using your Facebook account or other third-party credentials. If you do so, then Personal Information or other data that you have provided to that third party will be made available to us, pursuant to the third party’s terms and conditions, and you consent to our use of that information in accordance with this Policy. The information we receive from that third party may depend on the privacy settings you have on the third-party site.
We also include tools on our Sites that allow you to share and/or publicly post content or information from our Sites to your profile on a third-party social network. Third party social networking platforms and blogging platforms have their own privacy policies which explain how they will use, protect and share your information, including any information you share on those platforms from our Site, and we encourage you to read them.
Accessing, Updating and Modifying Personal Information
Subject to applicable law, you may have the right to request access to and receive details about the personal information we maintain about you, update and correct inaccuracies in your personal information, and have the personal information deleted, as appropriate. These rights may be limited in some circumstances by local law. You may review, update or modify certain of the Personal Information that is stored in your user account on the Site (if you have one) by logging in to the “Account” area of the Site. You may request to review, change or delete your personal information by sending an email to email@example.com. We may ask you to verify your identity and to provide other details before we are able to provide you with any information, correct any inaccuracies, or delete any information. Your right to delete your information is subject to our records retention policies and applicable law.
You can opt-out of receiving marketing communications by email by following the instructions within the emails you receive from us or by sending an email to firstname.lastname@example.org. Please note that your opt-out request is specific to the particular type of email communication you receive from us. Please note that if you opt-out from marketing communications from us, we may still send you transactional or operational emails. Examples of transactional or operational emails include, purchase or shipping confirmations, password resets, profile updates or other account related messages.
Text Message Opt-Out
You can opt-out from receiving text messages from us by replying STOP to the text message you receive from us or by sending an email to email@example.com. Please note that this will only opt you out of the specific text messaging program associated with that number.
While we endeavor to protect the security and integrity of sensitive Personal Information collected via our Sites, due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that any information, during transmission through the Internet or while stored on our system or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers. However, we maintain reasonable administrative, technical, and physical safeguards designed to protect any Personal Information that you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure, or use.
If you correspond with us by e-mail, you should be aware that your transmission might not be secure. A third party could view the information you send in transit by such means. We will have no liability for disclosure of your information due to errors or unauthorized acts of third parties during or after transmission.
If you create an account on our Site, you are responsible for maintaining the strict confidentiality of your account password, and you shall be responsible for any activity that occurs using your account credentials, whether or not you authorized such activity. Please notify us of any unauthorized use of your password or account or any other breach of security.
If at any time during or after our relationship we believe that the security of your Personal Information in our care may have been compromised, we may seek to notify you of that development. If a notification is appropriate, we will endeavor to notify you as promptly as possible under the circumstances. If we have your e-mail address, we may notify you by e-mail to the most recent e-mail address you have provided us in your account profile. Please keep your e-mail address in your account up to date. You can change that e-mail address anytime in your account profile. If you receive a notice from us, you can print it to retain a copy of it. To receive these notices, you must check your e-mail account using your computer or mobile device and email application software. If you prefer for us to use the U.S. Postal Service to notify you in this situation, please e-mail us at firstname.lastname@example.org. You can make this election any time, and it will apply to notifications we make after a reasonable time thereafter for us to process your request. You may also use this e-mail address to request a print copy, at no charge, of an electronic notice we have sent to you regarding a compromise of your Personal Information.
“Linked-To” Web Sites
The Site may contain links, banners, widgets or advertisements that lead to other websites. We are not responsible for these other sites, and so their posted privacy policies (not this Policy) will govern the collection and use of your information on them. We encourage you to read the privacy statements of each website visited after leaving the Site to learn about how your information is treated by others.
ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS
Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), we are providing the following additional details regarding our collection, use, and disclosure of Personal Information about California residents. Under the CCPA, “Personal Information” is information that identifies, relates to, describes, or could reasonably be associated or linked with a particular California resident or household.
Personal Information of DevaCurl employees, independent contractors, owners, directors and officers (and their emergency contacts or beneficiaries) and job applicants who are California residents are not covered by this CCPA notice.
Collection of Personal Information
We plan to collect, and have collected within the preceding 12 months, the following categories of Personal Information, as listed in the CCPA:
- Identifiers, such as name, contact information, government-issued ID numbers, and online identifiers that can reasonably be linked or associated with a particular California resident or household;
- Customer records information, or “personal information” as defined in the California customer records law, such as payment card number and financial information;
- Characteristics of protected classifications under California or federal law, such as sex;
- Commercial information, such as transaction information, purchase history, financial details and payment methods;
- Internet or network activity information, such as browsing history and interactions with our website;
- Geolocation data, such as device location and IP location;
- Audio, electronic, visual and similar information, such as call recordings created in connection with our business activities;
- Professional or employment-related information, such as work history and prior employer; and
- Inferences drawn from any of the Personal Information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics.
Sources and Uses of Personal Information
We collect this Personal Information from you and from other categories of sources as further described in the “How do we collect this information?” section above.
As described in the “How is your information used?” section above, we may use this Personal Information to operate, manage, and maintain our business, to provide our products and services, for our vendor management purposes, and to accomplish our business purposes and objectives, including, for example, using Personal Information to: develop, improve, repair, and maintain our products and services; personalize, advertise, and market our products and services; conduct research, analytics, and data analysis; maintain our facilities and infrastructure; undertake quality and safety assurance measures; conduct risk and security control and monitoring; detect and prevent fraud; perform identity verification; perform accounting, audit, and other internal functions, such as internal investigations; comply with law, legal process, and internal policies; maintain records; and exercise and defend legal claims.
Disclosure and Sale of Personal Information
We disclose Personal Information to the following categories of third parties:
- Service Providers, such as our third-party service providers who carry out activities at our direction, including that process credit card payments, fulfill orders, and that provide website and application functionality, hosting, analytics, advertising and marketing services and fraud detection providers.
- Public Audience, when you voluntarily post to public areas on the Site, including when you provide a product review or other user content;
- Affiliates, such as our current and future parents, subsidiaries, affiliates, and other companies under common control and ownership;
- Co-Sponsors, if we obtain your information in connection with a contest, sweepstakes, offering, or other promotional activity that is jointly offered by us and any third parties, subject to your opt-in to the sharing of such information;
- Social Networks, as described in the “Social Networking” section above;
- Advertising Companies, as described in the “Third-Party Advertising Companies” section above;
- Corporate Change Participants, such as in connection with a corporate change or dissolution, including for example a merger, acquisition, reorganization, consolidation, bankruptcy, liquidation, sale of assets or wind down of business.
- Legal Authorities, when we believe in good faith that disclosure is necessary to protect our rights or property, protect your safety or the safety of others, investigate fraud or respond to a government, judicial or other legal request, or to comply with the law; and
- Other Parties in Litigation, when we share information in the context of litigation discovery and in response to subpoenas and court orders.
In the preceding 12 months, we disclosed for our operational business purposes or sold the following categories of Personal Information to the following categories of third parties:
Sale of Personal Information
We do not sell your personal information to any other business or party for payment of money, and we have no present plans to do so. However, California law may characterize our sharing of personal information with companies that provide services to us, such as companies that help us to market or advertise our products and services to you, as "sales”. We may “sell” or may have “sold” the following categories of personal information for valuable consideration to the third parties listed below:
We do not have actual knowledge that we sell the personal information of minors under 16 years of age.
To opt-out of the sales of personal information described here, use our Cookie Preferences tool to disable the cookies on our website.
Your CCPA Rights
If you are a California resident covered by the CCPA, you may request that we:
(1) Disclose to you the following information covering the 12 months preceding your request ( up to two times in any 12 month period):
- The categories of Personal Information we collected about you and the categories of sources from which we collected such Personal Information;
- The specific pieces of Personal Information we collected about you;
- The business or commercial purpose for collecting, or disclosing for monetary or other valuable consideration (if applicable), Personal Information about you;
- The categories of Personal Information about you that we disclosed for monetary or other valuable consideration and, for each, the categories of third parties to whom we disclosed such Personal Information (if applicable); and
- The categories of Personal Information about you that we otherwise shared or disclosed, and the categories of third parties with whom we shared or to whom we disclosed such Personal Information (if applicable).
(2) Delete Personal Information we collected from you, subject to any applicable exceptions under the CCPA.
To make a request for the disclosures or deletion described above, you can either:
- submit a request through our California Privacy Rights Portal; or
- call 1-888-914-9661 and enter PIN 361 306.
We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the Personal Information subject to the request. We may need to request additional Personal Information from you, such as full name, email, and postal address, in order to verify your identity and protect against fraudulent requests. If you maintain a password-protected account with us, we may verify your identity through our existing authentication practices for your account and require you to re-authenticate yourself before disclosing or deleting your Personal Information. If you make a deletion request, we may ask you to confirm your request before we delete your Personal Information. In some instances, we may decline to honor your request where the law does not apply or where an exception applies.
If you are the authorized agent of a consumer making a request for the disclosures or deletion described above on behalf of the consumer, we will ask you for:
- Proof of your registration with the California Secretary of State to conduct business in California.
- Proof that the consumer has authorized you to make such request on the consumer’s behalf. This must be a permission signed by the consumer. “Signed” means that the permission has either been physically signed or provided electronically in accordance with the Uniform Electronic Transactions Act, Civil Code 1633.7 et seq.
If an authorized agent has not provided us with a power of attorney from the consumer pursuant to Probate Code sections 4000-4465, we may also:
- Require the consumer to provide you with a written permission signed by the consumer to make the request on the consumer’s behalf
- Verify the identity of the consumer as we would if the consumer were making the request personally
- Obtain verification from the consumer that they provided the authorized agent permission to make the request.
(3) Opt you out of any future disclosure of Personal Information to adtech businesses as described above by visiting our Cookie Preference Center. Please note that you must change your cookie preferences for each device (mobile phone, desktop, laptop, etc) and browser that you use to visit our site.
If you are the authorized agent of a consumer making a request to opt-out of future sale of Personal Information on behalf of the consumer, we will ask you for:
- Proof of your registration with the California Secretary of State to conduct business in California.
- A copy of the consumer’s approval for you to make such request on the consumer’s behalf. This must be a permission signed by the consumer. “Signed” means that the permission has either been physically signed or provided electronically in accordance with the Uniform Electronic Transactions Act, Civil Code 1633.7 et seq.
Right to Non-Discrimination
You have the right to be free from unlawful discriminatory treatment for exercising your rights under the CCPA.
Right to Opt-Out of Sharing for Third-Party Direct Marketing
California law permits residents of California to opt out of their personal information being shared with third parties for third-party direct marketing purposes. If you are a California resident and would like to opt out, please email us at email@example.com (please include your name, mailing address and email address).
We may change this Policy from time to time. When we do, we will let you know by posting the changed Policy on this page with a new “Effective Date.” In some cases (for example, if we significantly expand our use or sharing of your Personal Information), we may also tell you about changes by additional means, such as by sending an e-mail to the e-mail address we have on file for you. In some cases, we may request your consent to the changes.
If you have any questions or comments regarding our privacy practices, you may contact us at:
Deva Concepts LLC (d/b/a DevaCurl)
75 Spring Street, 5th Floor
New York, NY 10012