Additional CA Privacy Notice
ADDITIONAL CA PRIVACY NOTICE
CA Privacy Notice
Effective: February [_1_], 2022
This CA Privacy Notice (the “CA Notice”) supplements the information contained in our Privacy Policy and applies solely to individual residents of the State of California (“consumers” or “you”). If you partner with Hestla(TM) (“Hestla”, we” or “us”) as a Beauty Professional, please refer to the Beauty Professional Privacy Policy for more information.
This CA Notice describes how we collect, use, disclose, and otherwise process personal information of individual residents of the State of California, either online or offline, within the scope of the California Consumer Privacy Act of 2018 (“CCPA”).
Unless otherwise expressly stated, all terms in the CA Notice have the same meaning as defined in our applicable Privacy Policy or as defined in the CCPA.
Personal Information Definition
When we use the term “personal information” in this CA Notice, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. The term does not include information relating to job applicants, employees, contractors, Beauty Professionals or Participating Hestla Salons, or other personnel of Hestla; publicly available information from government records; deidentified, aggregated or anonymized information that is maintained in a form that is not capable of being associated with or linked to you; or any other information excluded from the CCPA’s scope (e.g. certain types of health or medical information). Any terms defined in the CCPA have the same meaning when used in this CA Notice.
Collection and Use of Personal Information
We collect personal information in connection with our Platform and Services for various purposes. For example, we use personal information to:
- Process your transactions or fulfill your requests
- Communicate with you
- Inform our marketing and advertising activities
- Optimize and improve our products and Services and to develop new products and Services
- For other business, operational and commercial purposes described in our Privacy Policy.
Please review the following sections of the Privacy Policy to learn more about the personal information we collect and the purposes for which we collect it: “Personal Information We Collect” and “How We Use Your Personal Information.”
In the last 12 months, we have collected the following categories of personal information:
Category of Personal Information Collected
Collected
Categories of Sources
Identifiers, such as your name, address, phone number, email address or other similar identifiers.
X
- Directly from you
- Automatically generated or collected during your use of our Platform (e.g. by your browser or device)
- Our affiliates and third parties, including third parties you direct to share information with us (e.g. social networks)
California Customer Records (Cal. Civ. Code § 1798.80(e)), such as your name, address, phone number, credit card number or other payment account number (including the three (3) or four (4) digit validation code for your credit card).
X
- Directly from you
- Automatically generated or collected during your use of our Platform (e.g. by your browser or device)
- Our affiliates and third parties, including third parties you direct to share information with us (e.g. social networks)
Protected Classification Characteristics, such as age, gender or demographic group.
Solely if you participate in a voluntary survey*
- Directly from you
Commercial Information, such as your ordering history, record of shopping or purchasing tendencies.
X
- Directly from you
- Automatically generated or collected during your use of our Platform (e.g. by your browser or device)
- Our affiliates and third parties, including third parties you direct to share information with us (e.g. social networks)
Internet/Network Information, such as your browsing history, search history, and information regarding your interaction with the Platform.
X
- Automatically generated or collected during your use of our Platform (e.g. by your browser or device)
Geolocation Data, such as information about your physical location collected from geolocation features on your device, including your IP address and GPS (e.g. latitude and/or longitude).
X
- Automatically generated or collected during your use of our Platform (e.g. by your browser or device)
Sensory Information, such as recorded calls with our customer care teams.
X
- Directly from you
Inferences, including information generated from your use of the Platform reflecting your preferences.
X
- Automatically generated or collected during your use of our Platform (e.g. information generated or derived from your online browsing and usage activity)
*Hestla or service providers performing research on our behalf may collect information through voluntary surveys. The surveys may ask about background and behavior, including demographics information, to help us understand how our consumers use our Platform and Services. This data is collected on a voluntary basis. Anyone can decline to participate in our voluntary surveys.
Sharing and Disclosure of Personal Information
As further described in the section called “Our Sharing and Disclosure of Personal Information” in our applicable Privacy Policy, we share personal information with third parties for business purposes, or we may “sell” your personal information to third parties, subject to your right to opt out of those sales (see Exercise Your Right to Opt-out below). The CCPA defines “sell” broadly to include many different types of data disclosures or data sharing to third parties for monetary or other valuable consideration. While Hestla may disclose or otherwise share your personal information with select third parties, we do not sell your data to third parties in the traditional sense of the word, including collecting, compiling and then selling your data to data brokers, data resellers or other similar parties.
The categories of third parties to whom we sell or disclose your personal information for a business purpose include:
- Our affiliates
- Beauty Professional and Participating Hestla Salon partners
- Third parties in connection with our enterprise customers, including corporate clients
- Our service providers and contractors
- Marketing and promotional partners
- Ad networks and advertising partners
- Analytics providers
- Social networks
We may also disclose personal information to third parties at your direction or upon your request, in connection with a corporate business transaction, or to comply with legal or contractual obligations, as described in our applicable Privacy Policy.
In the last 12 months, we have disclosed for a business purpose all of the categories of personal information we collect, explained in the chart above.
In the last 12 months, we have sold the following categories of personal information to third parties, subject to your settings and preferences and your Right to Opt-out:
- Identifiers, such as your name, email address and similar identifiers
- CA Customer Categories, such as your name, phone number and delivery address
- Commercial Information, such as order history and purchase tendencies
In addition, as is common practice among companies that operate online, we permit third party advertising networks, social media companies and other third party businesses to collect and disclose your personal information (including Internet / Network Information, Geolocation Data, Commercial Information, and Inferences) directly from your browser or device through cookies or tracking technologies when you visit or interact with our websites, use our apps or otherwise engage with us. Please visit the About Our Ads policy for more information about how third parties collect information automatically on our websites and other online services and the choices you may have in relation to those practices.
Your California Privacy Rights
As a California resident, you may be able to exercise the following rights (collectively, the “California Privacy Rights”) in relation to the personal information about you that we have collected (subject to certain limitations at law):
Privacy Right
Description
Right to Know
You have the right to request any or all of the following information relating to your personal information we have collected and disclosed in the last 12 months, upon verification of your identity:
- The specific pieces of personal information we have collected about you;
- The categories of personal information we have collected about you;
- The categories of sources of the personal information;
- The categories of personal information that we have disclosed to third parties for a business purpose, and the categories of recipients to whom this information was disclosed;
- The categories of personal information we have sold (as that term is defined by the CCPA) and the categories of third parties to whom the information was sold; and
- The business or commercial purposes for collecting or selling the personal information.
Right to Delete
You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions.
Right to Opt-out
You have the right to direct us not to sell (as that term is defined by the CCPA) personal information we have collected about you to third parties now or in the future.
Right to Non-Discrimination
If you choose to exercise your rights, we will not charge you different prices or provide different quality of services unless those differences are related to your personal information. That is, if the exercise of these rights limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you our products and Services or engage with you in the same manner.
“Shine the Light”
California residents that have an established business relationship with us have the right to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for such third party’s direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those third parties under California’s “Shine the Light” law (Civ. Code § 1798.83).
How to Exercise Your California Privacy Rights
Exercise Your Right to Know or Right to Delete
You may submit a request to exercise your California Privacy Rights through one of the mechanisms described below. We will need to verify your identity before processing your request, which may require us to request additional personal information from you or require you to log into your account. We will only use personal information provided in connection with a California Privacy Rights request to review and comply with your request. You may also designate an authorized agent to make requests on your behalf. In order to be able to act, authorized agents must submit a request using the email address below and provide sufficient evidence to demonstrate that the requestor is an authorized agent with written permission to act on your behalf.
In certain circumstances, we may decline a request to exercise the Right to Know or Right to Delete described above, particularly where we are unable to verify your identity. If we are unable to comply with all or a portion of your request, we will explain the reasons for declining to comply with the request.
To exercise your Right to Know and/or your Right to Delete, please submit a request through:
- Emailing privacy@hestla.com with the subject line “California Privacy Rights Request.”
Exercise Your Right to Opt-out
Unless you have exercised your Right to Opt-out, we may disclose or “sell” your personal information to third parties for monetary or other valuable consideration. The third parties to whom we sell personal information may use such information for their own purposes in accordance with their own privacy policies. Remember, CCPA defines data “sales” broadly. While Hestla may disclose or otherwise share your personal information with select third parties, we do not sell your data to third parties in the traditional sense of the word, including collecting, compiling and then selling your data to data brokers, data resellers or other similar parties.
To exercise the Right to Opt-out of personal information sales, you may submit a request below:
Submit to privacy@hestla.com header “Opt-out”
You do not need to create an account with us to exercise your Right to Opt-out. However, we may ask you to provide additional personal information so that we can properly identify you to track compliance with your opt-out request. We will only use personal information provided in an opt-out request to review and comply with the request. If you choose not to provide this information, we may only be able to process your request to the extent we are able to identify you in our data systems.
Once you make an opt-out request, you may not opt back in to personal information sales.
Minors. We do not sell the personal information of consumers we know to be less than 16 years of age, unless we receive affirmative authorization (the “Right to Opt In”) from either the minor who is between 13 and 16 years of age, or the parent or guardian of a minor less than 13 years of age. Please contact us at privacy@hestla.com to inform us if you, or your minor child, are under the age of 16. If you are a California resident under the age of 18 and want to remove your personal information from our publicly-displayed content, you can contact us directly at privacy@hestla.com ; however, we may not be able to modify or delete your information in all circumstances.
“Shine the Light” disclosures. California’s “Shine the Light” law (Civil Code Section §1798.83) provides certain rights to California residents that have an established business relationship with us with regard to the disclosure of certain types of personal information to third parties for their direct marketing purposes. To opt-out of having your personal information disclosed to third parties for their direct marketing purposes, please click the Do Not Sell My Info link below.
Updates to This CA Notice
We may update this CA Notice from time to time. When we make changes to this CA Notice, we will change the Effective Date at the beginning of this CA Notice. All changes shall be effective from the date of publication unless otherwise provided in the notification. If you do not cancel your Account before the date the revised CA Notice becomes effective, you will be subject to the revised CA Notice.
Contact Us
If you have any questions or requests in connection with this CA Notice or other privacy-related matters, please send an email to privacy@hestla.com.
Alternatively, inquiries may be addressed to:
Hestla, Inc.
Attention: Privacy Team
2900 Government Way #261
Coeur D Alene, ID 83815
Please note that email communications will not necessarily be secure; accordingly, please do not include credit card information and/or other sensitive personal information in your email correspondence with us.
Get to Know Us
Useful links
Connect with us
Partner with us
For Participating Hestla Salons
© 2022 Hestla All rights reserved.