Privacy Policy

Florence Privacy Policy 

Last Updated 07/14/20  

Welcome! This website florencebymills.com (the “Site”) is owned and operated by Florence Beauty, LLC, a Delaware limited liability company headquartered in Los Angeles, California ("Florence", "we", "our" or "us"). This Privacy Policy describes our privacy practices and applies to your use of this Site, including interactive features, platforms, marketplace, widgets, plug-ins, applications, content, downloads of the Site and other online services that we own and control and that post a link to this Privacy Policy, regardless of how you access or use the Site, whether via personal computers, mobile devices or otherwise (collectively with the Site, the “Service”).

However, this Privacy Policy does not apply to data we receive from third parties, unless we combine such data with Personal Data (defined below) that we have ourselves collected under this Privacy Policy. This Privacy Policy does not apply to our data collection activities offline or otherwise outside of our Service (unless otherwise stated below), and does not govern the data practices of third parties that may interact with our Service.

To the extent we provide you notice on our Service of different or additional privacy policies or practices (e.g. at the point of our collection), those additional terms shall govern such data collection and use.  In addition, please review the Service’s Terms and Conditions of Service, which governs your use of the Service.

If you are located in the European Union ("EU"), the United Kingdom ("UK"), or otherwise in the European Economic Area (“EEA”), it is important you read this Privacy Policy, in particular to Section 7.
 

By using our Service, you agree to the Terms and Conditions of Service and consent to our Privacy Policy, including the collection, use, sharing and disclosure of your information and data, and other activities as described in this Privacy Policy. If you do not agree to the terms of this Privacy Policy, please do not use this Service.

Table of Contents

  1. Type of Information We Collect
  2. Source of Personal Data and the Purposes of Collection
  3. Why and When We Share Your Information
  4. Cookies
  5. Your Choices
  6. Transfer of Your Information
  7. Additional Information Regarding Individuals in the EU, UK or EEA
  8. Security
  9. Children
  10. Retention Period
  11. Changes to This Privacy Policy
  12. How to Contact Us
  13. California Residents: Your California Privacy Rights

1. Types Of Information We Collect

We may collect and store information about you in connection with your use of the Service, including any information you transmit to or through the Service.  Such information may be collected in three ways: (1) you voluntarily provide information to us, such as by creating an account, or signing up for email alerts, (2) we collect information automatically, such as through tracking tools like browser Cookies, and/or (3) from third parties, such as ad networks or social networks, may provide information to us.

For purposes of this Privacy Policy, "Personal Data" generally includes information that may be used to identify you.  We may collect the following categories of Personal Data:

Categories of Personal Data
Examples of Personal Data
Identifiers Name, mailing address, phone number, email address, username and password, online identifiers (e.g., social media handle), IP address.
Commercial information Services and goods purchased, obtained, and considered and purchase history and tendencies.
Financial information Credit card information (including billing address) and other payment details or methods (e.g. use of PayPal, Amazon Pay, Afterpay, or Google Pay express checkout).
Internet or similar network activity Browsing history, search history, clickstream patterns, session information, browser and operating system type, navigation paths, date/time stamps, cookie identifiers, language preferences, and other information about device characteristics and how you interact with our Site.
Geolocation data Physical location or device location, including zip code and Global Positioning System (“GPS”) data.
Sensory data Audio recordings.
Inferences from other Personal Data Preferences, behaviors, characteristics, psychological trends, number of persons in household, income level, location.


Precise Location Data. 

As set forth in the chart above, we may collect certain location data.  We may obtain information regarding your location or the location of your device through which you access our Service. For example, we collect general location data when you provide us with your zip code. In addition, if you use our mobile applications, our Service may obtain precise information about the location of your device with your express consent. Once you have consented to the collection of the precise location of your device, you may revoke this consent by managing your location services preferences through the settings of your device.

Cookies and Similar Technologies.

We may collect certain Personal Data using cookies and other technologies, such as web beacons, device IDs, geolocation, HTML5 local storage, Flash cookies, and IP addresses. Please see Section 4 for more information about cookies.

Aggregated Data and Pseudonymous and De-Identified or Anonymous Data. 

We may create de-identified or anonymous data or pseudonymous data from Personal Data as permitted by applicable law.  Those processes can include removing data elements (such as your name, email address, or linkable tracking ID) that makes the data identifiable to you, through obfuscation, or through separating the identifying data elements and storing them separately through appropriate technical and organization measures.

We may also create aggregated data, i.e. information that relates to a group or category of individuals from which individual customer identities have been removed, as permitted by applicable law.

Our use of anonymized or aggregated data is not subject to this Privacy Policy.  Our use of pseudonymous data is subject to this Privacy Policy; however, our sharing of pseudonymous data is not subject to this Privacy Policy if we are sharing that data without including the data elements that can identify you or the individuals about whom the data relates.

2. Source of personal Data and the Purposes of Collection

The following is intended to describe the various sources through which we may collect Personal Data and the purposes for which we collect it:

 Sources of Personal Data
Categories of Personal Data from Source
Purposes of Collection and Disclosure

Registration Forms and Account Creation

We may collect Personal Data from you, your family members, or your authorized representatives during the account creation or registration process, through other forms or applications, or through discussions we have with you, your family, or your authorized representatives. 

  • Identifiers
  • Internet or similar network activity
  • Geolocation data
  • Inferences from other Personal Data 
  • Provide, perform, update, and enhance the Service
  • Personalize the Service or reflect your preferences
  • Customer and technical support
  • Protect against unauthorized access, security incidents, fraud, and other malicious or illegal activity
  • Comply with legal and regulatory obligations

Communications and Interactions with Us

We may collect Personal Data from you or your authorized representative when you communicate with us, including when you contact customer support, submit inquiries, request information from us, or participate in a promotion or survey, or make a purchase from us.

  • Identifiers
  • Commercial information
  • Financial information
  • Internet or similar network activity
  • Geolocation data
  • Sensory data
  • Inferences from other Personal Data 
  • Provide, perform, update, and enhance the Service
  • Customer and technical support (including in response to feedback)
  • Personalize the Service or reflect your preferences
  • Market, advertise, and promote the Service
  • Protect against unauthorized access, security incidents, fraud, and other malicious or illegal activity
  • Comply with legal and regulatory obligations

Our Websites

We may collect Personal Data from you or your device when you visit or interact with our Sites. 

  • Identifiers
  • Commercial information
  • Financial information
  • Internet or similar network activity
  • Geolocation data
  • Inferences from other Personal Data 
  • Provide, perform, update, and enhance the Service
  • Customer and technical support
  • Personalize the Service or reflect your preferences
  • Market, advertise, and promote the Service (including sharing content) 
  • Protect against unauthorized access, security incidents, fraud, and other malicious or illegal activity
  • Comply with legal and regulatory obligations

Social Media, Online Forums, and Advertisements

We may collect Personal Data from third-party social media platforms and sites, when you engage with our social media pages, online communities and forums, and when you mention us on your own or other social media pages, online communities, or forums, or when you interact with advertisements related to our services.

  • Identifiers
  • Commercial information
  • Internet or similar network activity
  • Geolocation data
  • Inferences from other Personal Data 
  • Provide, perform, update, and enhance the Service
  • Customer and technical support
  • Personalize the Service
  • Market, advertise, and promote the Service
  • Protect against unauthorized access, security incidents, fraud, and other malicious or illegal activity
  • Comply with legal and regulatory obligations

Affiliates

We may collect Personal Data from our parents, subsidiaries, and affiliates.

  • Identifiers
  • Commercial information
  • Financial information
  • Internet or similar network activity
  • Geolocation data
  • Sensory data
  • Inferences from other Personal Data 
  • Provide, perform, update, and enhance the Service
  • Customer and technical support (including in response to feedback)
  • Personalize the Service or reflect your preferences
  • Market, advertise, and promote the Service
  • Protect against unauthorized access, security incidents, fraud, and other malicious or illegal activity
  • Comply with legal and regulatory obligations

Business Partners and Service Providers

We may collect Personal Data from our business partners and service providers.  We may also collect Personal Data from other third parties who are authorized to act on our behalf.

  • Identifiers
  • Commercial information
  • Financial information
  • Internet or similar network activity
  • Geolocation data
  • Inferences from other Personal Data 
  • Provide, perform, and enhance the Service
  • Customer and technical support
  • Market, advertise, and promote the Service
  • Protect against unauthorized access, security incidents, fraud, and other malicious or illegal activity
  • Comply with legal and regulatory obligations

Publicly-available Sources

We may collect Personal Data from publicly-available sources.

  • Identifiers
  • Protected classifications under applicable law
  • Commercial information
  • Internet or similar network activity
  • Geolocation data
  • Sensory data
  • Inferences from other Personal Data 
  • Provide, perform, and enhance the Service
  • Market, advertise, and promote the Service
  • Protect against unauthorized access, security incidents, fraud, and other malicious or illegal activity
  • Comply with legal and regulatory obligations

3. Why and When We Share Your Information

We may share Personal Data as described in this Privacy Policy, including with the following categories of third parties:

 

 Categories of Third Party with Whom We Share Personal Data
Categories of Personal Data We Share
Disclosed for a Business Purpose in the Last 12 Months?

Affiliates

We may share Personal Data with our affiliates.  Where we share Personal Data with our Affiliates, we will require our Affiliates to honor this Privacy Policy.

  • Identifiers
  • Commercial information
  • Financial information
  • Internet or similar network activity
  • Geolocation data
  • Sensory data
  • Inferences from other Personal Data
Yes

Technical and Operational Service Providers and Business Partners

We may engage third parties to perform certain functions on our behalf.  To do so, we may disclose Personal Data to our third-party business partners and service providers in order to maintain and operate the Sites and provide, improve, and personalize the services, including to fulfill requests for the services, to administer your account, for payment processing, for customer service and communications, and for other technical and processing functions, such as sending e-mails on our behalf, fulfilling orders, and technical support.  We may also share Personal Data to service providers or other third parties to detect, protect against, and respond to security incidents or other malicious, deceptive, illegal or fraudulent activity or other threats and for legal compliance purposes or pursuant to legal process.

  • Identifiers
  • Commercial information
  • Financial information
  • Internet or similar network activity
  • Geolocation data
  • Sensory data
  • Inferences from other Personal Data
Yes

Marketing, Advertising, and Analytics Providers

We may share Personal Data with third-party providers for marketing, advertising, and analytics purposes.  We do not share Personal Data that you provided voluntarily through a registration form, transaction, or communication with us with third parties for those third parties’ direct marketing purposes unless you have consented (either through an opt-in our opt-out opportunity) at the time you provide your Personal Data.

  • Identifiers
  • Commercial information
  • Financial information (use of third-party transaction services, e.g., Google Pay or PayPal)
  • Internet or similar network activity
  • Geolocation data
  • Sensory data
  • Inferences from other Personal Data
Yes

Social Media Networks

We may use widgets and tools from social networks to enable sharing and other functions through social networks.  For additional information on the use of social network sharing widgets, please refer to the “Social Network Widgets” section of this Privacy Policy.

  • Identifiers
  • Commercial information
  • Financial information (use of third-party transaction services, e.g., Google Pay or PayPal)
  • Internet or similar network activity
  • Geolocation data
  • Sensory data
  • Inferences from other Personal Data
Yes

 

Business Transactions

Subject to applicable law, we reserve the right to transfer some or all Personal Data in our possession to a successor organization in the event of any reorganization, merger, sale, joint venture, assignment, transfer, liquidation, or other disposition of all or any portion of our business, assets, or equity. If any such transaction occurs, the purchaser will be entitled to use and disclose the Personal Data collected by us in the same manner that we are able to, and the purchaser will assume the rights and obligations regarding Personal Data as described in this Privacy Policy.

  • Identifiers
  • Commercial information
  • Financial information
  • Internet or similar network activity
  • Geolocation data
  • Sensory data
  • Inferences from other Personal Data
Yes

 

    We may also share non-Personal Data, such as aggregated user statistics, with third parties such as ad networks and content distributors. For example, we may disclose the number of users that have been exposed to, or clicked on, advertisements.

    In addition, we may share the information we have collected about you, including Personal Data, as disclosed at the time you provide your information and as described below (or otherwise in this Privacy Policy) for various purposes, including:

    • where we have your consent to do so.  For example, to provide you with services that you have requested and that we have agreed to provide to you, such as our products, customer services, and third-party social network connectivity;
    • as reasonably necessary in order to provide the Service to you (for example, by providing your Personal Data to service providers we may use to fulfill your order) or to protect the rights, property, or safety of Florence, our users, or others; and
    • as we reasonably believe is permitted by law or regulation or as is necessary to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions of Service and/or any other agreement with you.

    Third Party Service Providers.  As shown in the table above, we may also share your information with technical, operational, marketing, advertising, and analytics providers and business partners. Those providers and business partners may set and access their own Cookies on your Device and they may otherwise collect or have access to information about you, potentially including Personal Data, about you.  We are not responsible for those third-party technologies or activities arising out of them. However, some may offer you certain choices regarding their practices. We are not responsible for the effectiveness of or compliance with any third parties’ opt-out options.

    4. Cookies

    The Site may use cookies and similar technologies to improve user experience, for performance and analytics, and to improve our content and the Service. A “cookie” is a small text file stored on your device. The purpose of cookies is to remember the browser over time and distinguish one browser instance (or user) from all others. Some cookies and other technologies may serve to track Personal Data previously entered by a web user on the Site. Cookies can remember login information, preferences, and similar information.

    We may use various cookies and similar technologies to collect and store information automatically (“Cookies”) when you use or interact with the Service. This information may be stored or accessed using Cookies that may be downloaded to your personal computer, browser, laptop, tablet, mobile phone or other device (each, a “Device”). We may use cookies to collect certain information about you and your use of our Service, such as IP addresses, domain names, and the type of device and operating system being used. We may also use cookies to identify your device when you revisit our Service to, for example, recall your authentication information or to track statistical information related to navigation throughout the Site.

    A few of the Cookies include, without limitation, the following (and subsequent technology and methods later developed):  Cookies, advertising identifiers (including mobile identifiers such as Apple’s IDFA or Google’s Advertising ID), web beacons, tags, embedded scripts, local shared objects such as HTML5 and Flash (sometimes called "flash cookies"), advertising identifiers (including mobile identifiers such as Apple’s IDFA or Google’s Advertising ID), Browser Fingerprinting, E-Tags and similar technology in connection with your use of the Service, third party websites and mobile applications. For more information about some of these Cookies click here.

    We may also use web beacons or “pixels,” and in certain circumstances may collect IP address, screen resolution and browser software and operating system types, clickstream patterns, dates and times that our site is accessed, and other categories of data. Most browsers allow you to control cookies, including whether or not to accept them, and how to remove them. You may adjust your browser to refuse to accept cookies, remove cookies, or notify you when a cookie is set by editing your web browser preferences or options. (Each browser is different, so you should refer to the settings menu on your browser to change your cookie preferences.) Please note that if you choose to erase or block your cookies, you may not be able to use some features of the Service, or certain features may not function properly.

    Our Cookie Policy provides details on the cookies used on the Site.

      5. Your Choices

      We provide you with choices about whether to provide us with Personal Data and whether it is shared. We generally only ask you for Personal Data that is necessary to provide the service you request. You can choose not to give us the Personal Data we request, as described in the “Information You Choose to Provide” section of this Privacy Policy. However, in some cases, if you decide not to provide the Personal Data we request, to perform a contract or when required by law, you will not be able to receive the product or service you ordered or otherwise register on our Service. 

      Other examples of your choices include:

      • If you have elected to receive direct marketing communications from us, you can change your mind at any time by following the opt out link in any marketing communication that is sent to you.
      • You can browse our Service without creating an account or providing Personal Data other than IP address or the types of Personal Data described above as "Internet or similar network activity." We may collect some limited information automatically, including IP address and the types of Personal Data described above as "Internet or similar network activity," as described above.
      • You may be able to limit our sharing of some of this information through your browser or mobile device settings, as further described below.
      • You can change your privacy settings on third-party websites, such as social networks, which may stop or limit our receipt of information from those other websites. You also may choose not to use social features we make available on the Service. If you choose to use these features, please keep in mind that any Personal Data you post  will be visible to others, such as including your email address in a forum or during a chat.
      • You may change your browser settings or take other steps to block, manage, or delete Cookies. Not all of our Services currently respond to browser “do not track” signals, so you will need to use your browser settings to effectively manage Cookies. In some cases, blocking or disabling Cookies may cause our Services not to work as intended and some features may not be available. You can also manage cookies on this Site by visiting our Cookies Policy
      • You can limit interest-based advertising by opting out at www.aboutads.info/choices/ or www.networkadvertising.org/choices/. If you are located in Europe, more information is available at www.youronlinechoices.eu/.  Please note that opting out does not prevent the display of all advertisements to you.
      • You may also be able to reset your mobile advertising identifier or limit ad tracking altogether using the settings in your phone.

      You can also amend your choices by sending an email to us as detailed in the “How to Contact Us” section below.

      Mobile Device Tracking

      As of the Effective Date of this policy, Apple and Google offered the owners of devices that use their operating systems (iOS and Android) with options for limiting tracking and targeting in relation to ads. Please note that changing any of these settings does not prevent the display of certain advertisements to you. Florence does not control your Device-level opt-out processes and is not responsible for any choices you make through such a mechanism or for the continued availability, accuracy, effectiveness, or location of that mechanism.

      • If you use an Apple device, go here
      • If you use an Android device, navigate to the Google Settings page, select Ads and then choose to reset your Android Ad ID or opt-out of personalized ads.
      • To learn about options for many mobile ad networks, go here

        6. Transfer of Your Information

        To provide our Service, we may transfer information about you to other jurisdictions where we do business.  When you use our Service, you acknowledge that we may transfer information about you, including Personal Data, as described in this Privacy Policy.

        We will transfer your Personal Data for any of the purposes identified in this policy to our subsidiaries, affiliates, service providers, and business partners that may be located outside of the jurisdiction where you are located.  The laws in those jurisdictions may not provide the same level of data protection compared to the laws in your country.  However, we will treat your Personal Data as subject to the protections described in this Privacy Policy.

        If you are located in the EU, UK, or EEA please see Section 7 for more information regarding transfers of Personal Data from the EU, UK, or EEA to locations outside of the EU, UK, and EEA. 

        7. Additional Information Regarding Individuals in the EEA

        Basis for processing Personal Data of individuals in the EU, UK, or EEA.

        We will only use your Personal Data for the purposes for which we collect as outlined below and in Section 3 (How we use your information).  Please note that we may process your Personal Data without your knowledge or consent, in compliance with the applicable data protection laws.

        Purpose(s) for Processing
        Legal Basis for Processing

        Processing, tracking and completing purchase, return and similar transactions.

         

        To manage and administer your loyalty account

        • The processing of your Personal Data is necessary to perform a contract or enter into a contract with you
        • The processing of your Personal Data is necessary for us to comply with legal and regulatory obligations
        • The processing is necessary to support our legitimate interests in managing our business (or those of a third party) provided such interests are not overridden by your interests and rights
        Sending you marketing information, newsletters and other promotional communications, including through direct mail offerings
        • Where you have given consent to the processing of your Personal Data for direct marketing – which you may withdraw at any time
        • The processing is necessary to support our legitimate interests to promote our products and manage our business (or those of a third party) provided such interests are not overridden by your interests and rights
        Sending you marketing information, newsletters and other promotional communications, including through direct mail offerings
        • If you have provided your email address in the context of the sale of a product or service, where you have not objected to such use initially or in response to a message, for purposes of direct marketing of similar products or services within a reasonable time
        • Otherwise, or for purposes of direct marketing of non-similar products or services to those you have provided your email address in connection with purchasing, where you have given consent to the processing of your Personal Data for direct marketing – which you may withdraw at any time
        • The processing is necessary to support our legitimate interests to promote our products and manage our business (or those of a third party) provided such interests are not overridden by your interests and rights
        Improve our products and services,  carry out market research, or  perform data analytics 
        • The processing is necessary to support our legitimate interests in managing our business (or those of a third party) provided such interests are not overridden by your interests and rights
        • Where you have given consent to the processing of your Personal Data for direct marketing – which you may withdraw at any time
        For the prevention and detection of fraud, or other unlawful activities 
        • The processing of your Personal Data is necessary for us to comply with legal and regulatory obligations
        • Where you have given consent to the processing of your Personal Data for these purposes – which you may withdraw at any time
        To manage our relationship with you
        • The processing of your Personal Data is necessary to perform a contract or enter into a contract with you
        • The processing is necessary to support our legitimate interests in managing our business (or those of a third party) provided such interests are not overridden by your interests and rights
        • Where you have given consent to the processing of your Personal Data for direct marketing – which you may withdraw at any time
        Notifying you of product recalls or providing other information concerning products you have purchased
        • The processing of your Personal Data is necessary to perform a contract or enter into a contract with you
        • The processing is necessary to support our legitimate interests in managing our business (or those of a third party) provided such interests are not overridden by your interests and rights
        • The processing of your Personal Data is necessary for us to comply with legal and regulatory obligations
        • The processing is necessary to protect your vital interests and/or those of a third party


        We may determine later that another necessary purpose which is compatible with the original purpose.  If you wish to obtain information as to how the processing for the new purpose is compatible with our original purpose, please contact us by email at hello@florencebymills.com.

        If we need to use your Personal Data for an unrelated purpose, we will notify you and provide an explanation of the legal basis which allows us to do so.

        Basis for processing Usage Information relating to Individuals in the EU, UK or EEA.

          
        Purpose(s) for Processing
        Legal Basis for Processing

        To improve the Service or our products or services, to customize your experience on the Service, or to serve you specific content that is relevant to you

         

        To contact you with regard to your use of the Service and, in our discretion, changes to the Service or related tems or policies

         

        For internal business purposes, including to help us understand how our Service is navigated and used

        • The processing is necessary to support our legitimate interests in managing our business (or those of a third party) provided such interests are not overridden by your interests and rights

         

        • Where you have given consent to the processing of your Personal Data for direct marketing – which you may withdraw at any time

         

         

        What additional rights do you have if you are in the EU, UK, or EEA?

        If you are located in the EU, UK, or EEA, you have several rights in relation to your Personal Data under applicable privacy and data protection laws, which may be subject to certain limitations and restrictions. Depending upon the basis for processing your Personal Data and your country of residence, the rights you have around your Personal Data may vary. We endeavor to respond to any valid requests within one month, unless such request is complex or you have made repeated requests, in which case we aim to respond within three months. We will inform you of any such extension within one month of receipt of your request, together with the reasons for the delay. You will not be charged a fee to exercise any of your rights unless your request is clearly unfounded, repetitive or excessive, in which case we will charge a reasonable fee in the circumstances or refuse to act on the request. If you wish to exercise any of these rights, please contact us using the contact details set out in Section 12 below. We may request proof of identification to verify your request.

        Your Right

        What This Means

        Right To Withdraw Consent

        If we are processing your Personal Data on the legal basis of consent, you are entitled to withdraw your consent at any time. However, the withdrawal of consent would not invalidate any processing we carried out prior to your withdrawal based on your consent.

         

        Right of Access

        You can ask us to confirm whether we are processing your Personal Data and request a copy of that Personal Data. You can also ask that we provide additional information, including what Personal Data we have and why we have it, who we disclose it to (including any international transfers outside the EEA), how long we keep it, what rights you have, how you can make a complaint to the supervisory authority, where we obtained your Personal Data, and whether we have carried out any automated decision-making as further described below.

         

        Right to Retification

        You have the right to request that we correct any inaccuracies in the Personal Data we hold about you and complete any Personal Data where this is incomplete.

         

        Right to Erasure ('Right to be Forgotten')

        You have the right to request that your Personal Data be deleted in certain circumstances including:

        • The Personal Data are no longer needed for the purpose for which they were collected;
        • You withdraw your consent (where the processing was based on consent);
        • You object to the processing and there are no overriding legitimate grounds justifying us processing the Personal Data (see Right to Object below);
        • The Personal Data have been unlawfully processed; or
        • To comply with a legal obligation.

        However, this right does not apply where, for example, the processing is necessary:

        • To comply with a legal obligation; or
        • For the establishment, exercise or defense of legal claims.

         

        Right to Restriction of Processing

        You can ask that we restrict your Personal Data (i.e., keep but not use) where:

        • The accuracy of the Personal Data is contested;
        • The processing is unlawful but you do not want it erased;
        • We no longer need the Personal Data but you require it for the establishment, exercise or defense of legal claims; or
        • You have objected to the processing and verification as to our overriding legitimate grounds is pending.

        We can continue to use your Personal Data:

        • Where we have your consent to do so;
        • For the establishment, exercise or defense of legal claims;
        • To protect the rights of another; or
        • For reasons of important public interest.

         

        Right to Data Portability

        Where you have provided Personal Data to us, you have a right to receive such Personal Data back in a structured, commonly-used and machine-readable format, and to have those data transmitted to a third-party data controller without hindrance but in each case only where:

        • The processing is carried out by automated means; and
        • The processing is based on your consent or on the performance of a contract with you

        Right to Object

        You have a right to object to the processing of your Personal Data in those cases where we are processing your Personal Data in reliance on our legitimate interests. In such a case we must stop processing your Personal Data unless we can demonstrate compelling legitimate interests which override your interests. You also have the right to object where we are processing your Personal Data for direct marketing purposes.

         

        Automated Decision Making

        You have a right not to be subjected to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affects you other than where the decision is:

        • Necessary for entering into a contract, or for performing a contract with you (e.g., your policy of insurance);
        • Based on your explicit consent – which you may withdraw at any time; or
        • Is authorized by EU or Member State law.

         

        Where we base a decision solely on automated decision-making, you will always be entitled to have a person review the decision so that you can contest it and put your point of view and circumstances forward.

        Right to Complain

        If you are not satisfied with our use of your Personal Data or our response to any request made by you to exercise any of your rights, you have the right to lodge a complaint with the local data protection supervisory authority at any time.

         

        Transfers of Personal Data out of the EU, UK, or EEA

        If you are located in the EU, UK, or EEA, the Personal Data we collect from you may be transferred to, and stored at a destination outside of the EU, UK, and EEA for purposes described above (including, Canada, Israel and the United States). The recipients may be located in countries which do not provide a similar or adequate level of protection to that provided by countries in the EU, UK, and EEA.

        If we transfer Personal Data of individuals located in the EU, UK, or EEA to entities within our organization located outside of the EU, UK, and EEA, we will do so in compliance with lawful mechanisms, which may include the standard contractual clauses ("Model Clauses") adopted by the European Commission.

        Transfers to service providers and other third parties will comply with applicable data protection laws.

        The Service is hosted in the United States. By accessing the Service, you hereby explicitly consent to the transfer of your Personal Data to Florence in the United States.

        We may also transfer your Personal Data outside of the EU, UK, or EEA when required by law (e.g., if we receive a valid and mandatory request from a judicial, regulatory or law enforcement body that carries the force and effect of law). Such transfers will be made in accordance with applicable privacy data protection laws.

        8. Security

        We maintain reasonable security measures in place to protect Personal Data from accidental loss, or use and protect against unauthorized access. We limit access to your Personal Data to those who have a business need to know.

        We use various safeguards to protect the personal information submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet or via mobile device, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

        9. Children

        Our Services are not directed to children under the age of 13. We also do not intentionally collect Personal Data from children under the age of 13 through our Service. If you are the parent or guardian of a child under the age of 13, and you believe that we have inadvertently received Personal Data about your child, please contact us as described in the How to Contact Us section of this Privacy Policy to delete the Personal Data.

        10. Retention Period

        We will retain your Personal Data for as long as it is needed or permitted in light of the purposes for which it was obtained or as necessary for us to comply with our legal obligations, to resolve disputes, and to enforcement our agreements. The criteria used to determine our retention periods include (1) the length of time we have an ongoing relationship with you; (2) the purposes of processing your Personal Data and the bases why; (3) whether there is a legal obligation to which we are subject; and (3) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitation, litigation or regulatory investigations).

        11. Changes to this Privacy Notice

        This Privacy Policy may be updated periodically to reflect changes in our privacy practices or relevant laws and will indicate when it was last updated. Any updates to this Privacy Policy become effective when we post the updates on the Site. Please review this policy every time you access or use our Service to make sure that you have reviewed the most recent version.

        12. How to Contact Us

        If you have any questions or comments about this Privacy Policy, if you need to report a problem, or if you are located in the EU and would like to exercise your rights under EU law data protection law, please contact our privacy team:

        Florence Beauty, LLC
        Attn: Privacy
        2210 E Maple Ave
        El Segundo, CA 90245 USA
        hello@florencebymills.com
        855.996.4557

        13. California Residents: Your California Privacy Rights.

        California residents have the right to request the identity of any third parties to whom the resident’s personal information was shared, if such sharing was to enable the third party’s direct marketing efforts. If you are a California resident and wish to make such a request, please submit your request to hello@florencebymills.com OR to opt-out of having your personal information shared with third parties for their direct marketing purposes, please email us at hello@florencebymills.com.

        To make such a request, please provide sufficient information for us to determine if this applies to you, attest to the fact that you are a California resident and provide a current California address for our response.  You must include your full name, email address, and postal address in your request.

        This section applies to California residents about whom we have collected Personal Data, including through use of our Site, by purchasing or utilizing our Service, or by communicating with us electronically, in paper correspondence, or in person.  For purposes of this section, the term “Personal Data” includes information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or household.

        We do not sell your Personal Data, including that we do not sell the personal information of minors under 16 years of age. 

        You may be entitled by applicable law to exercise the following rights with respect to your Personal Data:

          • Right to Know. You have the right to request what Personal Data we collect, use, disclose, and/or sell, as applicable. 
          • Right to Delete. You have the right to request that we delete the Personal Data that we have collected about you.
          • Right to Opt-out of the Sale of Personal Data. You have the right to request to be opted-out from the sale of your Personal Data; however, as set forth above, we do not sell Personal Data.
          • Right to Non-Discrimination. You have the right not to receive discriminatory treatment by us for the exercise of the privacy rights described above.

        You may also authorize someone to exercise the above rights on your behalf by sending an email to hello@florencebymills.com with the word “Urgent” in your subject line.   If we have collected information on your minor child, you may exercise the above rights on behalf of your minor child. 

        In addition, residents of California also have the right to request once per calendar year certain information with respect to the types of personal information (as defined by California law) we share with third parties for those third parties' direct marketing purposes, and the identities of the third parties with whom we have shared such information during the immediately preceding calendar year.

        The above rights are subject to our being able to reasonably verify your identity and authority to make these requests, including providing relevant details related to your account sign in. To exercise your rights, submit your request by postal mail, email, or telephone at the contact information listed in the “Contacting Us” section.

        We will respond to authorized and verified requests as soon as practicable and as required by law. In addition, the above rights are subject to various exclusions and exceptions under the law, and, under certain circumstances, we may be unable to implement your request. We will advise you of any reason for denying or restricting a request.