Privacy
May Lindstrom Skin, LLC
PRIVACY POLICY
Last Updated: February 1, 2024
At May Lindstrom Skin, LLC, maintaining the trust of our online users is of the utmost importance to us. We have developed this Privacy Policy (the “Policy”) to show our commitment to fair information practices and the protection of our users’ privacy, and to explain how we collect, process, use and share information about our users. This Policy applies to our company website, http://www.maylindstrom.com, and to all other websites that are owned or operated by May Lindstrom Skin, LLC or its subsidiaries (referred to collectively herein as “May Lindstrom Skin”, “us”, “we” or “our”) and that have this Policy posted (collectively, the “Site” or “Sites”).
Please review this Policy carefully, and use the information herein to make informed choices. Feel free to contact us using the contact information provided in Section 16 below if you have any concerns or questions about our privacy practices. By accessing the sites, registering for an account, or making a purchase from us, you are agreeing to all of the terms set forth in this Policy.
If you do not agree to this Policy, do not use the Sites, purchase our products, interact with us, or give us any information. Your continued use of the Sites and/or of our services means that you agree to this Policy.
1. NOTICE CONCERNING CHILDREN
The Sites are not specifically directed at or intended for children under the age of 13, and May Lindstrom Skin does not knowingly collect personal information via the Sites from anyone under 13. Any user that believes that May Lindstrom Skin has in its database the personal information of a child under the age of 13 should contact us using the contact information provided in Section 16 below, so that, if necessary, we can remove the applicable information.
2. WHAT PERSONAL INFORMATION WE COLLECT
The types of personal information we obtain about you depends on how you interact with us and our products and services. When we use the term “personal information,” we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an individual. It does not include aggregated or identified information that is maintained in a form that is not reasonably capable of being associated with or linked to an individual.
When we collect any information that does not identify you as a specific natural person, such information may not be deemed personal information under applicable law; such information, unless otherwise prohibited by law, may be used and disclosed for any purpose. Similarly, if applicable law requires that we treat non-personal information as personal information, we will use and disclose this information as personal information in accordance with this Policy.
The following are the categories and specific types of personal information that we collect:
Basic Identifying Information. This may include your full name, postal and billing address, e-mail address, phone number, date of birth, account name, signature, username, social media handle, or other similar identifiers.
Government-Issued Identifiers. This may include your driver’s license number or other similar government identifier.
Device Information and Other Unique Identifiers. This may include device identifier, internet protocol (IP) address, cookies, beacons, pixel tags, mobile ad identifier, or similar unique identifiers.
Internet or Other Network Activity. This may include browsing or search history and information regarding your interactions with our websites, mobile applications, emails, or advertisements.
Geolocation Data. This may include information that permits us to determine your location, such as if you manually provide location information or enable your mobile device to send us precise location information.
Payment Information. Including credit or debit card numbers.
Order Information. This may Include products or services you have purchased, returned, exchanged, or considered, and your product preferences.
Demographic Data. This may include age, gender, race, ethnicity, estimated income, and household information, some of which may include characteristics of protected classifications under state or federal law.
User Content. This may include your communications with us and any other content you provide (such as social media profiles, photographs, images, videos, survey responses, comments, product reviews, testimonials, and other content).
Audio and Visual Information. This may include photographs, images, videos, and recordings of your voice (such as when we record customer service calls for quality assurance).
Inferences. Inferences drawn from or created based on any of the information identified above.
Job Applicant Information. Including professional or employment-related information (such as education and employment history) and any other information you provide in connection with applying and interviewing for employment with us. If we retain you as an employee, this may include, among other things, your Social Security number or taxpayer ID.
Sensitive Personal Information. We only collect sensitive personal information, as defined in the applicable U.S. state privacy laws, with your consent. We do not use sensitive personal information for inferring characteristics about you.
3. HOW WE COLLECT YOUR PERSONAL INFORMATION
We collection information about you in a range of ways, including the following:
Directly from You. We collect personal information you provide, such as when you make a purchase; register for an account or create a profile; contact us; respond to a survey; participate in a sweepstakes, contest, or other similar campaign or promotion; apply for a job; or sign up to receive emails, text messages, and/or postal mailings.
Using Online Tracking Technologies and Other Automatic Data Collection Technologies. When you visit our website, open or click on emails we send you, or interact with our advertisements, we or third parties we work with automatically collect certain information using online tracking technologies such as pixels, web beacons, software developer kits, third-party libraries, and cookies. For more information, please see Section 4 below.
From Our Business Partners. We may obtain information from businesses that we have partnered with, collaborate or work with. Additionally, if you have given us permission to store your payment information, your credit card issuer may provide us with updated payment information (including credit card number and expiration date) in connection with the credit card issuer’s account updater service.
From Social Media Platforms and Networks. If you interact with us on social media or use features, such as plugins, widgets, or other tools made available by social media platforms or networks (including Instagram, Facebook, Twitter, Google, YouTube, and Pinterest) in connection with our website, we collect information that you disclose to us, or that the social media platforms disclose to us. For more information about the privacy practices of those social media platforms, please review the privacy policies and settings of the social media platforms and networks that you use.
From Other Sources. For example, we may obtain information about you from other sources, such as data analytics providers, marketing or advertising service providers, fraud prevention service providers, vendors that provide services on our behalf, or publicly available sources. We may also create information based on our analysis of the information we have collected from you.
Do Not Track. May Lindstrom Skin understands that some users may have enabled a “do not track” feature or other mechanism intended to provide consumers with a choice regarding the collection of their personally identifiable information; however, consistent with our rights under applicable law, our Sites may not support or respond to do-not-track requests or other signals sent from a web browser.
4. ONLINE TRACKING TECHNOLOGY
We and our third–party partners and service providers (such as advertising and analytics providers) use tags, pixels, web beacons, software developer kits, third–party libraries, cookies, and other similar online tracking technologies (collectively, “online tracking technologies”) to gather information when you interact with our website and email communications. Some online tracking technologies help us maintain the security of our websites and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.
We also permit third parties and service providers to use online tracking technologies on our website for analytics and advertising, including to help manage and display advertisements, to tailor advertisements to your interests, or to send abandoned shopping cart reminders (depending on your communication preferences). The third parties and service providers may use their technology to provide advertising about products and services tailored to your interests which may appear either on our websites or on other websites.
To the extent these online tracking technologies are deemed to be a “sale” / “sharing” (which includes targeted advertising, as defined under the applicable laws) under applicable U.S. state laws, you may be able to opt-out of these online tracking technologies. Please see Section 12 for more information.
5. HOW WE USE YOUR PERSONAL INFORMATION
Depending on how you interact with our Site, the personal information we collect and the way in which it is used may vary. We use the information we collect in order to best provide our services. Where you have provided us with your personal information, we may use that information in the following ways:
Providing Products and Services. We use your personal information to provide products and services, such as to fulfill your orders and/or complete the transactions you request; to process your payments; to provide you receipts and order updates; to send notifications to you related to your account, purchases, returns, exchanges, and subscriptions; to create, maintain, and otherwise manage your account or profile, including offering functionalities such as easy checkout and the ability to save user preferences and transaction history.
Operate and Improve Site and Services. We use your personal information to operate, maintain, and improve our sites, products, and services, including to collect amounts owed to us and to identify and repair errors or problems; to respond to comments and questions and provide customer service; and to send information including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.
Marketing and Promotions. We use your personal information to send marketing, advertising, and promotional communications by email, text message, and postal mail (such as newsletters, promotions, new product launches, and event invitations); to show you advertisements for products and services tailored to your interests on social media and other websites; and to administer sweepstakes, contests, and other similar promotions.
Analytics and Personalization. We use your personal information to develop your user profile (which may include information collected elsewhere), or to update other user information we may have about you; to conduct research and analytics, including to improve our services and product offerings; to understand how you interact with our websites, advertisements, and communications with you; to determine which of our products or services are the most popular; to improve our website and marketing campaigns; to personalize your experience; to customize the marketing and advertising that we show you; to provide services; to better understand our customers’ needs; and to provide personalized recommendations about our products and services.
Promote Security and Prevent Fraud. We use your personal information to detect, investigate, prevent, or take action regarding possible malicious, deceptive, fraudulent, or illegal activity, including fraudulent transactions; attempts to manipulate or violate our policies, procedures, and terms and conditions; and security incidents.
Legal Obligations. We use your personal information to comply with our legal and regulatory obligations, to establish or exercise our rights, and to defend against a legal claim.
Recruitment and Hiring. We use your personal information to make decisions about recruitment and in anticipation of a contract of employment.
6. DISCLOSURE OF PERSONAL INFORMATION
We will not disclose your personal information to third parties except as follows:
- We may share personal information with your consent. For example, you may consent to our sharing of personal information with others for their own marketing uses. Those uses will be subject to their privacy policies.
- We may share personal information with third-party service providers that perform services to support our core business functions, internal operations, and marketing. Their use of your information is not governed by this privacy policy.
- We may share personal information through Site features such as, plugins, widgets, and/or other tools made available by social media platforms and networks that may result in information being collected or disclosed between us and such parties. Their use of your information is not governed by this privacy policy.
- We may share personal information for legal, protection, and safety purposes, such as to comply with laws; respond to lawful requests and legal processes; protect the rights and property of May Lindstrom Skin, LLC, our agents, customers, and others; and enforce our agreements, policies, and terms of use.
- If you submit a public review or feedback, we may (at our discretion) store and present your review on our Sites. If you wish to remove your public review, please contact us using the contact information provided in Section 16 below.
- We may share information in an emergency. This includes protecting the safety of our employees and agents, our customers, or any person.
- Personal information is maintained on our servers or those of our service providers, and is accessible by authorized employees, representatives, and agents as necessary for the purposes described in this Policy.
- We may share personal information with our affiliates, or when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
- Our customers have access to any personal data we process on their behalf in our capacity as a “processor” or a “service provider”, as well as to personal information relating to their users.
For the avoidance of doubt, May Lindstrom Skin may share personal information in additional manners, pursuant to your explicit approval, or if we are legally obligated to do so, or if we have successfully rendered such data non-personal, non-identifiable and anonymous. We may transfer, share or otherwise use non-personal and non-identifiable data at our sole discretion and without the need for further approval.
7. THIRD PARTY LINKS
This Policy applies only to information we collect, process, and use through our Sites. This Policy does not apply to information that we collect through other channels or any third-party websites that you may be able to access from our Sites, which may have data collection and use practices and policies that materially differ from those described in this Policy, or to any services that may be offered by our business partners. We are not responsible for the content or privacy practices of any third-party sites.
8. STORAGE AND TRANSFER OF PERSONAL INFORMATION
Your personal information may be processed in a foreign country, where privacy laws may be less stringent than the laws in your country. By submitting your personal information to us, you agree to the transfer, storage, and processing of your personal information in a country other than your country of residence including, but not necessarily limited to, the United States. BY USING OUR SITES, YOU CONSENT TO THE TRANSFER AND USE OF YOUR PERSONAL INFORMATION IN ACCORDANCE WITH THIS PRIVACY POLICY.
9. HOW LONG WE STORE YOUR INFORMATION
We will keep your personal information while you have an account with us or while we are providing products and/or services to you. Thereafter, we will keep your personal information for as long as necessary to:
- Respond to any questions, complaints or claims made by you or on your behalf;
- Show that we treated you fairly; or
- Comply with our legal obligations; resolve disputes; enforce our agreements; or protect against fraudulent, deceptive, or illegal activity.
We will not retain your personal information for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of personal information. When it is no longer necessary to retain your personal information, we will delete or anonymize it.
10. PROTECTION OF PERSONAL DATA
We have put in place reasonable measures and appropriate procedures for implementing these policies and for safeguarding the personal data we collect. However, we cannot guarantee that personal information we collect will never be disclosed in a manner inconsistent with this Policy. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received.
11. DATA CONTROLLER/PROCESSOR
Certain data protection laws and regulations, such as the EU GDPR, UK GDPR, CCPA/CPRA, and VCDPA, typically distinguish between two main roles for parties processing personal data: the “data controller” (or under the CCPA/CPRA, “business”), who determines the purposes and means of processing; and the “data processor” (or under the CCPA/CPRA, “service provider”), who processes the data on behalf of the data controller (or business). Below we explain how these roles apply to our Services, to the extent that such laws and regulations apply.
12. YOUR LEGAL RIGHTS OVER YOUR PERSONAL INFORMATION
Consistent with applicable law, you may exercise the rights described in this Section 12. Please note that some of the rights may vary depending on your country, province, or state of residence.
The Right to Access, Correct or Delete Personal Information
Where allowed under applicable law, you may have the right to request access to and receive details about the personal information we maintain about you and how we have processed it, correct inaccuracies, get a copy of, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. However, we may not delete your data in the following situations:
- If you have any open or ongoing matter with our customer service or technical support personnel; or
- When retention is required to comply with our legal obligations; resolve disputes; enforce our agreements; or protect against fraudulent, deceptive, or illegal activity.
To exercise any such rights applicable to you, please contact us using the contact information provided in Section 16 below. Please note that we may charge a reasonable fee for multiple requests in the same 12-month period, as permitted by law. We will respond to your request within a reasonable timeframe in accordance with the applicable law.
The Right to Opt Out of Cookies and Sale/Sharing Using Online Tracking Technologies
Our use of online tracking technologies may be considered a “sale” / “sharing” under applicable law. You can typically remove and reject cookies from our Sites with your browser settings. Many browsers are set to accept cookies until you change your settings. Please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. Removing or rejecting cookies may affect your ability to use our Sites.
Because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.
You may be able to opt out of targeted advertising using the following:
- FACEBOOK - https://www.facebook.com/settings/?tab=ads
- GOOGLE - https://www.google.com/settings/ads/anonymous
- BING - https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: https://optout.aboutads.info/.
For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at https://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
Identity Verification
For us to process some requests, we will need to verify your identity to confirm that the request came from you. We may contact you by phone or e-mail to verify your request. Depending on your request, we will ask for information such as your name, an e-mail address that you have used with us, a phone number you have used with us, or other information to help us verify your identity.
Authorized Agent
Depending on applicable law, you may be able to designate an authorized agent to submit a request on your behalf to access or delete your personal information. To do so, you must: (1) provide that authorized agent written and signed permission to submit such request; and (2) verify your own identity directly with us. Please note, we may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf.
13. YOUR CALIFORNIA PRIVACY RIGHTS
If you are a California resident, you have additional rights under the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”), including but not limited to, the right to request a list of all third parties to which we have disclosed certain personal information during the preceding year. California residents additionally have the right to limit the use of their sensitive personal information. We only collect sensitive personal information, as defined by applicable California law, with your consent and only use the sensitive personal information for the use disclosed at the time of collection.
If you are a California resident and want to exercise your rights, please contact us by submitting a request to our partner Privacy Center. You may be required to create an account to submit your request.
We do not discriminate against California residents who exercise any of their rights described in this Policy.
14. RESIDENTS OF THE EUROPEAN ECONOMIC AREA
If you are a resident of the EEA, we note that we are processing (as defined in the EU General Data Protection Regulation (“GDPR”)) your information in order to fulfill contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests. You have additional rights under the GDPR, including but not limited to, the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased.
Lawful Basis
We process your personal information under the following lawful bases. Please see Section 5 of this Policy for a more specific description of how we use your Personal Information to support our legal basis.
- Your consent;
- The performance of the contract between you and the Site;
- Compliance with our legal obligations;
- For our legitimate interests, which do not override your fundamental rights and freedoms.
Automated Decision Making
As a resident of the EEA, you also have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.
We do not engage in fully automated decision-making that has a legal or otherwise significant effect using Personal Information. Our processor, Shopify, uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.
Services that include elements of automated decision-making include:
- Temporary blacklist of IP addresses associated with repeated failed transactions. This blacklist persists for a small number of hours.
- Temporary blacklist of credit cards associated with blacklisted IP addresses. This blacklist persists for a small number of days.
If you would like to exercise your rights under the GDPR, submit a request to our partner Privacy Center. You may be required to create an account to submit your request.
15. MANAGING COMMUNICATION PREFERENCES
Email. You can stop receiving promotional e-mails at any time by clicking on the “unsubscribe” link at the bottom of any promotional e-mail that you receive from us.
Text Messages. You can opt-out of receiving text messages from us by replying “STOP” to the text message you receive from us. Please note that this will only opt you out of the specific text messaging program associated with that number.
16. CONTACT INFORMATION
We welcome your comments or questions about this Policy. You may contact us at the following address:
May Lindstrom Skin, LLC
2652 Pasadena Ave.
Los Angeles, California 90031
For requests about personal information, please refer to the link to our partner Privacy Center provided above. Such requests can include requests to view, update, or remove your personal information.
17. DATA SECURITY
We have implemented industry-standard physical, procedural and technical security measures, designed to secure your personal information, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information. However, we cannot guarantee that our Sites will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse. As such, your use of the Sites is at your own risk and, when you register an account with us, we encourage you to choose passwords of sufficient length and complexity and not used to access any other site or services, install the latest security updates and anti-virus software on your computer/device to help prevent malware and viruses, not share your password with others, and review your account information periodically. If there is any unexpected activity or inaccurate information or if you have reason to believe that your information is no longer secure, or if you have any questions about our security, please contact us using the contact information provided above.
18. CHANGES TO THIS POLICY
We reserve the right to revise this Policy from time to time (for example, to keep up with changes in the law or to reflect changes in how we are doing business). We will post the date it was last updated at the top of this Policy and provide additional notice to you if we make any changes that materially affect your privacy rights.