CÉCRED PRIVACY POLICY

Last Updated: 1/10/24
This Privacy Policy describes how Kirby Beauty LLC d/b/a Cécred (“we”, “us,” “our,” or the “Company”) collects, uses and discloses information about individuals who use our website (www.cecred.com), applications, services, tools and features (collectively, the “Services”). For the purposes of this Privacy Policy, “you” and “your” means you as the user of the Services, whether you are a customer, website visitor, or another individual whose information we have collected pursuant to this Privacy Policy.
 
Please read this Privacy Policy carefully.  By using or accessing any of the Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy.  If you do not agree to this Privacy Policy, please do not use or access any of the Services.

1. CHANGES TO THIS PRIVACY POLICY
We may modify this Privacy Policy from time to time in which case we will update the “Last Updated” date at the top of this Privacy Policy. If we make material changes to the way in which we use information we collect, we will use reasonable efforts to notify you (such as by emailing you at the last email address you provided us, by posting notice of such changes on the Services, or by other means consistent with applicable law) and will take additional steps as required by applicable law.  If you do not agree to any updates to this Privacy Policy, please do not access or continue to use the Services.

2. HOW WE COLLECT AND USE YOUR INFORMATION
When you access or use the Services, we collect certain categories of information about you from a variety of sources.
 
Information We Collect Directly from You
 
Some features of the Services may require you to directly provide us with certain information about yourself. You may elect not to provide this information, but doing so may prevent you from using or accessing these features. Information that you directly submit through our Services include:
 
  • Basic contact details (e.g., name, mailing address, phone number, email). We collect basic contact details to provide you with products and the Services, as required to perform our contract with you, and because it is in our legitimate interest to communicate with you, and, to market to you (including where we’ve collected your consent to do so, if required by applicable law), which includes sending you newsletters, SMS text messages, and engaging in targeted advertising.
  • Account information (e.g., username, password, security questions). We collect account information because it is in our legitimate interest to maintain and secure your account with us. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password, or other access details with anyone else. If you believe your account has been compromised, please contact us immediately.
  • Transaction information (e.g., past orders). We collect transaction information because it is in our legitimate interest to maintain your history of transactions with us and to fulfill our as required to perform our contract with you.
  • Payment information (e.g., bank account, credit or debit card information, billing address). We collect payment information to process your payment in order to provide you with products or Services you have requested, as required to perform our contract with you.
  • Other Submissions. Any other information you choose to provide to us, such as in communications with us, or participating in surveys or promotions, because it is in our legitimate interest to be responsive to answer any questions or respond to inquiries or feedback about us or the Services.
Information We Obtain from Third Parties
 
We may obtain information about you from third parties as follows:
 
  • Personal identifiers, consisting of name, email address, telephone number and IP address. We receive this information from consumer marketing databases or other data enrichment companies. We use this information in our legitimate interests to enhance our Services, and to customize and serve advertising and marketing to you (with your consent, where required by applicable law).
  • Personal identifiers consisting of name, email address and telephone number as well as commercial information such as shipping address, billing address and a record of items purchased. We receive this information from third party retail distributors and merchants where you’ve purchased or returned our products as required under contract (e.g., to provide refunds) or in our legitimate interests to fulfill and manage your orders. We may also receive this information from our service providers, for example, when we need to verify or correct your shipping/billing address. We use this information in our legitimate interests to fulfill your orders.
  • Data from advertising technologies both on and off our website, such as pixels, ad tags, cookies, and device identifiers, which we use to customize advertising and marketing to you, measure our audience, and provide the Services (with your consent, where required by applicable law).
  • When you choose to link any social media platforms to your account. We use this information in our legitimate interests to maintain your account and login information, and for any other uses you permit.
 
Any information we obtain from third parties will be treated in accordance with this Privacy Policy. We are not responsible or liable for the accuracy of the information provided to us by third parties and are not responsible for any third party’s policies or practices. For more information, see the section below, Third Party Websites and Links.
 
Technical Information We Collect From You
 
We also collect certain information about your interaction with the Services (“Usage Data”). Usage Data includes:
 
  • Device information (e.g., unique device identifier, device type, IP address, and operating system)
  • Browser information (e.g., browser type and internet service provider)
  • Location information (e.g., IP address and approximate geolocation)
  • Other information regarding your interaction with the Services (e.g., log data, pages viewed, time spent on the website, date and time stamps, clickstream data, and ad impressions)
We use Usage Data because it is in our legitimate interests to tailor features and content to you, to market to you, provide you with offers or promotions, run analytics and better understand user interaction with the Services. We may also associate Usage Data to your account if you choose to register an account for our Services.
 
To collect Usage Data, we may use cookies, pixels, web beacons/clear gifs, other geolocation tracking technologies, etc. (“Tracking Technologies”). For more information on how we use Tracking Technologies and your choices, see the section below, Cookies and Other Tracking Technologies.
 

In addition to the foregoing, we may use any of the above information to provide the Services, comply with any applicable legal obligations, to enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.

3. COOKIES AND OTHER TRACKING TECHNOLOGIES
We will automatically drop Tracking Technologies that are strictly necessary for the website and any other applications, and if required by applicable law, we will request your consent to drop the following additional Tracking Technologies:
 

Tracking Technology

Description

Duration

Google Analytics

We use Google Analytics, which is a web analytics tool that helps us understand how users engage with the Services and our website and applications. Google Analytics collects Usage Data. Like many services, Google Analytics uses first-party cookies to track user interactions, as in our case, where they are used to collect information about how users use our website and applications. This information is used to compile reports about user trends and help improve our Services.

 

You can opt in to Google Analytics via our cookies banner.

 

At any time, you can opt out of tracking by Google Analytics by clicking here.

12 months

Google Ads Pixels

We use the Google Ads Pixel, which is a web advertising tool that helps us gather information and understand how you engage with our Services and advertisements, and deliver advertisements. The Google Ads Pixel collects Usage Information.

12 months

Meta Pixels

We use the Meta Pixel, which is a web advertising tool that helps us gather information on the effectiveness of our advertising and understand how you engage with our Services and advertisements, and deliver advertisements. The Meta Pixel collects Usage Data.

12 months

TikTok Pixel

We use the TikTok Pixel, which is a web advertising tool that helps us gather information and understand how you engage with our Services and advertisements, and deliver advertisements. The TikTok Pixel collects Usage Information.

12 months

Shopify

We use Shopify plug-ins to help us provide, personalize and protect our Services. The Shopify plug-ins may collect Usage Data and Basic Contact Details.

12 month

TripleWhale Pixel

We use the TripleWhale Pixel, which is a web analytics tool that helps us understand how users engage with the Services and our website and applications. TripleWhale collects Usage Data and Transaction Information.

12 months
 
 
If you so choose, you may block or delete our Tracking Technologies from your browser; however, blocking or deleting Tracking Technologies may cause some of the Services, including certain features and general functionality, to work incorrectly.
 
We engage Ad Networks to provide interest-based advertising for our Services, including ads across other third party websites. Ad Networks collect information about you via our Services, but also across other non-Company affiliated-websites that you visit. To learn more about interest-based advertising, or to opt out of having your web browsing information used by certain third-party advertisers for behavioral advertising purposes, please visit www.aboutads.info/choices, https://www.networkadvertising.org/choices/ or in Canada, https://youradchoices.ca/.
 
Your browser settings may allow you to transmit a “do not track” signal, “opt-out preference” signal, or another signal or mechanism for exercising your choice regarding the collection of your information when you visit various websites, including our Services. When you transmit an opt-out preference signal on our websites we will process this signal to your browser/device. To enable such a signal, you must use a platform or internet browser with technology to set and communicate your preferred privacy setting.
 
If you have questions regarding the specific information about you that we process or retain, as well as your choices regarding our collection and use practices, please contact us using the information listed below.

4. HOW WE DISCLOSE YOUR INFORMATION
In certain circumstances, we may disclose your information to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:
 
  • With our affiliates or otherwise within our corporate group as a matter of our legitimate interests to efficiently provide the Services.
  • With vendors or other service providers (e.g., eCommerce platform provider, payment processors, data analytics vendors, cloud storage providers, fulfillment partners, IT service management vendors, email vendors, security vendors, etc.), as a matter of our legitimate interests to efficiently provide the Services.
  • With marketing or analytics companies that conduct and/or track marketing that is related to our products and services and reach high-quality audiences for our products and services (“Marketing Partners”), based on our legitimate interests to promote our business and, if required, with your consent.
  • With advertising publishers, networks and exchanges to retarget advertisements to you or show you advertisements that are interesting to you (“Ad Networks”), if required by applicable law, based on your consent.
  • When you request us to share certain information with third parties, such as through your use of social media widgets or login integrations, if required by applicable law, with your consent or to perform our contract with you.
  • In connection with or anticipation of an asset sale, merger, bankruptcy, or other business transaction, as a matter of our legitimate interests to run a successful and efficient business.
  • To comply with applicable law or any obligations thereunder, including cooperation with law enforcement, judicial orders, and regulatory inquiries.
  • In our legitimate interests to enforce any applicable terms of service and ensure the safety and security of the Company and/or its users.
  • With professional advisors, such as auditors, law firms, or accounting firms, as a matter of our legitimate interests to assess, protect, enforce and defend our rights and to comply with our legal and regulatory obligations.

5. USER GENERATED CONTENT
The Services also host review boards, powered by a third-party service provider, which users may elect to participate in. The purpose of these features is to leave product reviews. Through your participation, you may submit messages, photos, recordings, etc. (“User-Generated Content” or “UGC”). We or others may store, display, reproduce, publish, or otherwise use UGC, and may or may not attribute it to you. Others may also have access to UGC and may have the ability to share it with third parties. If you choose to submit UGC to any public area of the Services, your UGC will be considered “public” and will be accessible by anyone, including the Company.
Please note that we do not control who will have access to the information that you choose to make available to others, and cannot ensure that parties who have access to such information will respect your privacy or keep it secure.  We are not responsible for the privacy or security of any information that you make publicly available on the features permitting creation of UGC or what others do with information you share with them on such platforms.  We are not responsible for the accuracy, use or misuse of any UGC that you disclose or receive from third parties through the forums.

6. SOCIAL FEATURES
Certain features of the Services permit you to initiate interactions between the Services and third-party services or platforms, such as social networks (“Social Features”). Social Features include features that allow you to click and access our pages on certain third-party platforms, and from there to “like” or “share” our content on those platforms. Use of Social Features may entail a third party’s collection and/or use of your data. If you use Social Features or similar third-party services, information you post or otherwise make accessible may be publicly displayed by the third-party service you are using. Both the Company and the third party may have access to information about you and your use of both the Services and the third-party service. For more information on third-party services and platforms, see the section below, Third Party Websites and Links.

7. THIRD PARTY WEBSITES AND LINKS
We may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of these sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.

8. CHILDREN’S PRIVACY
Our Services are not intended for children. Children, including children under the age of 14, are not permitted to use the Services, and we do not seek or knowingly collect any personal information about children, including children under 14 years of age. If we become aware that we have unknowingly collected information about a child, including any child under 14 years of age, we will make commercially reasonable efforts to delete such information. If you are the parent or guardian of a child under 13 years of age who has provided us with their personal information, you may contact us using the below information to request that it be deleted.

9. SECURITY AND RETENTION OF YOUR INFORMATION
Please be aware that, despite our reasonable efforts to protect your information, no security measures are perfect or impenetrable, and we cannot guarantee “perfect security.” Any information you send to us electronically, while using the Services or otherwise interacting with us, may not be secure while in transit. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us.
We retain your information for as long as is reasonably necessary for the purposes specified in this Privacy Policy. When determining the length of time to retain your information, we consider various criteria, including whether we need the information to continue to provide you the Services, resolve a dispute, enforce our contractual agreements, prevent harm, promote safety, security and integrity, or protect ourselves, including our rights, property or products.

10. CALIFORNIA RESIDENTS
This section applies to you only if you are a California resident (“resident” or “residents”). For purposes of this section, references to “personal information” shall include “sensitive personal information,” as these terms are defined under the California Consumer Privacy Act (“CCPA”).
 
Processing of Personal Information
 
In the preceding 12 months, we collected and (where indicated below) disclosed for a business purpose the following categories of personal information  about residents:

Category

Categories of Recipients

Identifiers such as name, e-mail address, IP address

Service Providers

 

Corporate Group

 

Marketing Partners

 

Ad Networks

Personal information categories listed in the California Customer Records statute such as name, physical characteristics or description, address, and telephone number

Service Providers

 

Corporate Group

Commercial information such as records of products or services purchased and/or returned

Service Providers

Internet or other similar network activity such as information regarding your interaction with the Services

Service Providers

 

Corporate Group

 

Marketing Partners

 

Ad Networks

Geolocation data such as IP address

Service Providers

 

Corporate Group

 

Marketing Partners

 

Ad Networks

Audio, electronic, visual, thermal, olfactory, or similar information such as photographs, video recordings and voice recordings

Service Providers

 

Corporate Group

Inferences drawn from other personal information such as profile reflecting your preferences and interests

Service Providers

 

Corporate Group

Account access credentials* such as email and password

Service Providers
 
The specific business or commercial purposes for which we collect your personal information and the categories of sources from which we collect your personal information are described in the section above, How We Collect and Use Your Information. The criteria we use to determine how long to retain your personal information is described in the section above, Security and Retention of Your Information.
 
We disclosed personal information over the preceding 12 months for the following business or commercial purposes: 
 
  • to communicate with you, provide you with products and services, to market to you, etc.
  • to maintain and secure your account with us
  • to process your payment, to provide you with products or services that you have requested
Selling and/or Sharing of Personal Information
We do “sell” or “share” any personal information and do not have actual knowledge that we “sell” or “share” (as those terms are defined under the CCPA and used throughout this section) personal information of residents under 16 years of age.
 
 
 
11. U.S. RESIDENTS – YOUR PRIVACY RIGHTS
Depending on where you live, you may have some or all of the rights listed below in relation to information that we have collected about you. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.  
·Right to Access/Know. You have a right to request that we confirm whether we process information about you and give you access to that information. You may also have a right to receive that information in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the information to another business without impediment. If you are a California resident, you have a right to request the following information about our collection, use and disclosure of your information over the prior 12 months:  
    • categories of information about you we have collected, disclosed for a business purpose, sold, or shared;
    • categories of sources from which we collected information about you;
    • the business or commercial purposes for collecting, selling, and/or sharing information about you;
    • categories of third parties to whom the information about you was disclosed for a business purpose, sold, or shared; and
    • specific pieces of information about you we have collected. 
·Right to Delete. You have a right to request that we delete information we maintain about you.  
·Right to Correct. You have a right to request that we correct inaccurate information we maintain about you.  
·Right to Object to Targeted Advertising or Profiling. You have a right to opt-out of the processing of your information for the purposes of targeted advertising and/or the profiling of your information in furtherance of decisions that produce legal or similarly significant effects (as all such terms and concepts are defined under applicable law). For information on how we process opt-out preference signals, see the section above, Cookies and Other Tracking Technologies.   You may exercise any of these rights by contacting us using the information provided below, by using the U.S. Privacy Rights form  or.  We will not discriminate against you for exercising any of these rights. We may need to collect information from you to verify your identity, such as first and last name, your email address, government issued ID, before providing a substantive response to the request. Depending on your location, you may designate, in writing or through a power of attorney document, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us.   In addition, where applicable, we will provide you with more information about our appeal process. When you submit a request or launch an appeal, we will limit our collection of your information to only what is necessary to securely fulfil your request or process your appeal. We will not require you or your authorized agent to pay a fee for the verification of your request or appeal.

12. RESIDENTS IN OTHER REGIONS – YOUR PRIVACY RIGHTS
Depending on where you live (e.g., the EEA, UK, Canada, the British Virgin Islands, etc.), you may have some or all of the rights listed below in relation to personal information that we have collected about you. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.
Data Transfers
The information we collect from you may be stored and processed in countries outside the EEA and UK, and in particular will be transferred to the United States. For any transfers of data from the EEA or the UK, we will endeavor to complete such transfers in accordance with applicable law. Please contact us for additional information. 
Data Subject Rights
A number of these rights only apply in certain circumstances, and all of these rights may be limited by law. To exercise any of these rights, you can contact us at the email address provided below:
·Access. You have the right to access the personal information we hold about you, and to obtain information about how we use it, and who we share it with.
·Portability. You have the right to receive a copy of the personal information we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.
·Correction. You have the right to correct any of your personal information we hold that is inaccurate.
·Erasure: In certain circumstances, you have the right to delete the personal information we hold about you.
·Restriction of processing to storage only. You have the right to require us to stop processing the personal information we hold about you, other than for storage purposes, in certain circumstances.
·Objection. You have the right to object to our processing of your personal information in certain circumstances.
·Objection to marketing. You can object to marketing at any time by opting-out using the unsubscribe / opt-out function displayed in our communications to you. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you administrative messages that are required to provide you with the Services.
·Withdrawal of consent. Where we rely on consent to process your personal information, you have the right to withdraw this consent at any time by contacting us at the email address provided below.
·Cease dissemination. You have the right to request that we stop disseminating your personal information via a website or platform, upon a valid court order.
·Indexing. You have a right to request that we de-index hyperlinks attached to personal information about you, that provides access to information via technological means, and/or re-index a link that provides access to personal information about you via technological means.
·Complaints. You have the right to complain to your local data protection authority about how we process your personal information. Of course, we hope you will contact us first so we can resolve any issues.   You may exercise any of these rights by contacting us using the information provided below, by using the Global Privacy Rights form.  

13. HOW TO CONTACT US
Should you have any questions about our privacy practices or this Privacy Policy, please email us at support@cecred.com or contact us by submitting this US Privacy Rights form or Global Privacy Rights form.