Last Updated: September 12, 2022
Acceptance Of These Terms
By using this Site, you signify your acceptance of this policy and any changes to this policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.
Collection Of Information
Information You Provide to Us. We collect information you provide directly to us. For example, we collect information when you use our websites, shop in our online stores, call us on the phone, create an online account, join our loyalty program, sign up to receive our emails, opt-in to our text marketing and notifications program, request a catalog, participate in a sweepstakes, contest, promotion or survey, communicate with us via third party social media sites, request customer support, apply for a job or otherwise communicate with us. The types of information we may collect include your name, email address, zip code, billing address, shipping address, phone number, payment card information, product preferences, demographic information and any other information you choose to provide (“Personal Information”). In some cases, we may also collect information you provide about others, such as when you purchase a gift card for someone and request that we deliver it electronically, create and share a “wish list” or decide to purchase and ship products to someone. We will use this information to fulfill your requests and may also use that information to send marketing communications to your contact, unless he or she has previously opted out of marketing communications from Kosas.
Retention and Transfer of Personal Information. We retain Personal Information that you provide us as long as we consider it potentially useful in contacting you about our products and services, or as needed to comply with our legal obligations, resolve disputes and enforce our agreements. We will delete this information from the servers at an earlier date if you so request by unsubscribing, opting-out, or emailing us at email@example.com. Personal Information may be transferred and stored to secure servers in the United States.
Use Of Information
We may use information about you for various purposes, including to: (i) facilitate and improve your online shopping experience; (ii) provide the products and services you request, process transactions and send you related information, including confirmations and receipts; (iii) respond to your comments, questions and requests and provide customer service; (iv) communicate with you about products, services, checkout reminders, webhooks, offers, promotions, rewards and events and provide news and information we think will be of interest to you, including via text message if you opt-in to the Kosas text message program; (v) manage your online account(s) and send you technical notices, updates, security alerts and support and administrative messages; (vi) personalize your online experience and provide advertisements, content or features that match your profile and interests; (vii) monitor and analyze trends, usage and activities; (viii) process and deliver contest, promotion and sweepstakes entries and rewards; (ix) link or combine with information we get from others to help understand your needs and provide you with better service; and (x) carry out any other purpose for which the information was collected. We are based in the United States and the information we collect is governed by U.S. law. By accessing or using our websites or otherwise providing information to us, you consent to the processing and transfer of information in and to the U.S. and other countries.
Text marketing (if applicable): With your permission, we may send text messages about our store, new products, and other updates. Updates include Checkout Reminders. Webhooks will be used to trigger the Checkout Reminders messaging system.
Sharing of Information
We may share information about you as follows: (i) with vendors, consultants and other service providers who need access to such information to carry out work on our behalf; (ii) with our business partners and other third parties for purposes of sending their own direct mail; (iii) in response to a request for information if we believe disclosure is in accordance with any applicable law, regulation or legal process or as otherwise required by any applicable law, rule or regulation; (iv) if we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property and safety of us or any third party; (v) in connection with, or during negotiations of, any merger, sale of company assets, financing or transfer of all or a portion of our business to another company; or (vi) with your consent or at your direction. We may also share aggregated or de-identified information, which cannot reasonably be used to identify you.
Advertising and Analytics
We use functional and analytical cookies to provide for the best user experience. We, as well as third parties, also use tracking cookies on our websites to show you customized advertisements and offers on our websites, as well as on third party websites and apps. Most web browsers are set to accept cookies by default. If you prefer, you can usually set your browser to remove or reject cookies, but note that doing so does not necessarily affect third party flash cookies used in connection with our websites. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our websites. In addition, many web browsers support Do Not Track technology. If you enable Do Not Track, Note, however, third-party companies may not recognize browser “Do Not Track” signals. If you would like to opt out of the collection and use of tracking data for ad targeting, please visit www.aboutads.info/choices/.
Links To 3rd Party Websites
We take reasonable measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. We use organizational, procedural, and technical safeguards to secure data in our possession, consistent with the sensitivity level of such data. When sensitive information (such as a credit card data) is collected on our Site it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol and may be processed by third parties using similar levels of protection. Regardless of the precautions we take, no transmission of data over the internet is guaranteed to be completely secure. It may be possible for third parties not under our control to intercept or access transmissions or private communications unlawfully. While we strive to protect Personal Information, we cannot ensure or warrant the security of any information you transmit to us.
Other Data Protection Rights
Under certain international data privacy laws, including the General Data Protection Regulation (GDPR), the Personal Information Protection and Electronic Documents Act (PIPEDA), and the Act on the Protection of Personal Information (APPI), you may have the following data protection rights:
- To access, correct, update or request deletion of Personal Information. We take reasonable steps to ensure that the data we collect is reliable for its intended use, accurate, complete and up to date. As a registered user, you can manage many of your individual account and profile settings within your account provided through the Site, or you may contact us directly by emailing us at firstname.lastname@example.org or through the applicable link below. We will consider your request in accordance with applicable laws.
- In addition, individuals who are residents of the European Economic Area (“EEA”) can object to processing of their Personal Information, ask to restrict processing of their Personal Information or request portability of their Personal Information. You can exercise these rights by contacting us at email@example.com or clicking the applicable link below.
- Similarly, if Personal Information is collected or processed on the basis of consent you can withdraw consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.
- EEA residents have the right to complain to a data protection authority about the collection and use of Personal Information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA are available here.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection law. We may ask you to verify your identity in order to help us respond efficiently to your request.
We do not knowingly collect any Personal Information from children under the age of 13. We do not sell products for purchase by children and all children’s products we sell are for purchase by adults only.
California Privacy Rights
Consumers residing in California are afforded certain additional rights with respect to their Personal Information under the California Consumer Privacy Act or (“CCPA”) (California Civil Code Section 1798.100 et seq.). If you are a California resident, these terms and conditions apply to you.
Access to Information
You have the right to request that we disclose information about our collection and use of your Personal Information over the past 12 months, including:
- Categories of Personal Information we collected;
- Categories of sources for the Personal Information we collected;
- Our business purpose for collecting Personal Information;
- The categories of third parties with whom we share that Personal Information; and
- The specific Personal Information we collected about you.
You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.
We may deny a deletion request where retaining the information is necessary for us or our service providers. For example, data may need to be kept to:
- Complete a sales transaction for which we collected the Personal Information (such as the sale of our beauty products to you);
- Track consumer complaints or product issues;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity;
- Comply with a legal obligation; and
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
Submitting a Request
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.
The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative of a California resident who wishes to make a request.
We may not be able to respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will ask you for the email information that you used to interact with us or sign up for a loyalty, email or to make purchases to help verify your identity or authority to make the request and confirm that your information is in our system. Information provided to submit a request will only be used for request purposes.
California consumers may make requests by either:
- Making the request on our CCPA data request page here;
- Emailing your request to firstname.lastname@example.org. In the subject line of your email, please write “CCPA Rights Request”; or
- Calling the toll-free number listed below in our Contact Us section.
We will use best efforts to respond to a verified consumer request within 45 days. If we require more time, we will inform you of the reason and extension in writing. You may only make a request for access or data portability twice within a 12-month period.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.