Last Updated: July 24, 2024
Dermalogica Privacy Principles
Dermalogica takes your privacy seriously. The following principles guide our treatment of your personal information:
- We value the trust you place in Dermalogica when sharing your personal information with us.
- We strive to be transparent with you about what personal information we collect, what we do with it, and to whom we disclose it.
- We endeavor to work with you to address your concerns about how we use your personal information.
- We strive to take steps designed to secure your personal information and reduce the risk it will be misused.
SCOPE
This Privacy Notice (“Notice”) describes how Dermalogica, LLC (“Dermalogica,” “we,” “us,” or “our”) collects, uses, discloses, and otherwise processes personal information in connection with our websites, mobile applications, and other online services which link to or display this Privacy Notice (collectively, the “Platform”); our in-person interactions with you (e.g., in one of our physical retail locations, at an in-person event, etc.); and our other interactions with you (collectively, the “Services”). This Notice is not, however, a contract and does not create any legal rights or obligations.
When we use the term “personal information” in this Notice, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to you or your household. It does not include aggregated or de-identified information that is not reasonably capable of being associated with or linked to you.
CALIFORNIA NOTICE AT COLLECTION
We collect the categories of personal information (as defined in the California Consumer Privacy Act of 2018 (CCPA)) listed in the table below.
Category of Personal Information Collected |
Sold or Shared |
Identifiers, including names, shipping addresses, email addresses, online identifiers, IP addresses, account names, and other similar identifiers (e.g., social media identifiers). |
Yes |
Personal information categories listed in the California Customer Records statute, including names, addresses, telephone numbers, and credit and debit card information. |
No |
Protected classification characteristics under California law or federal law, including age and sex/gender expression. |
No |
Commercial information, including items purchased, obtained, or considered and other purchasing or consuming histories or tendencies. |
Yes |
Biometric information, including images and other information for the purpose of uniquely identifying individuals (as described in the Face Mapping® Privacy Statement below). |
No |
Internet or other electronic network activity information, including internet browsing history, search history, and information regarding interactions with the Platform and advertisements. |
Yes |
Geolocation data, such as IP location. |
Yes |
Audio, electronic, visual, or similar information, such as phone call recordings (where permitted by law). |
No |
Inferences, meaning inferences drawn from any of the information in the above-listed categories of information. |
Yes |
Sensitive personal information, including log-in information in combination with passwords and information concerning individuals’ health. |
No |
As further described in the “How We Use Personal Information” section below, we generally collect and use the above-listed categories of personal information to provide and manage the Platform and the Services, to process and fulfill your orders, and as otherwise necessary to support and market our business.
As noted in the table above, we “sell” or “share” (as these terms are defined in the CCPA) certain categories of personal information, and you may exercise your right to opt out of such disclosures by clicking “do not sell or share my personal information” in the footer of our website and following the instructions on the window that pops up. Alternatively, where available, you may choose to enable an online tool that automatically communicates your opt-out preferences, such as the Global Privacy Control (“GPC”). When detected, we will process such a signal as a request to opt out.
We retain each category of personal information that we collect for as long as necessary to fulfill the purposes described in this Notice, including to satisfy legal or reporting requirements.
More information about our information handling and privacy practices and a description of your legal rights can be found in the “California Privacy Rights” section below.
COLLECTION OF PERSONAL INFORMATION
Depending on how you interact with us and the Platform, we may collect a variety of information, including:
- Contact Information, including your name, mailing/shipping address, telephone number(s), and email address.
- Payment Information, including your credit/debit card information and billing address.
- Shopping History, including information about the items you viewed, added to your cart, purchased, or returned.
- Information You Post, including information that you provide when using the Platform’s posting feature(s) and any other information that you choose to make public on the Platform. Please note that we cannot control the actions of third parties who may have access to or collect information you choose to make public.
- Social Media Information, including information that you post on our social media pages, your social media profile information, and information posted on your social media page(s).
- Information You Submit, including photos, videos, and other user-generated content that you choose to provide when you send us a message through the “Contact Us” page, any chatbot, or similar features on the Platform; information that we collect when you enter a promotion; and other information that you choose to provide during your interaction(s) with us.
- Audio and Visual Information, including photographs, video images, CCTV recordings, call center recordings and call monitor recordings, and voicemails. For example, if you complete a quiz or use our skin assessment tool that allows you to upload an image, we may collect images that you submit to those features. Similarly, if you call into our customer support center, then we may record your calls for quality assurance purposes. If this information constitutes “Biometric Information” (such as facial recognition information, biometric identifiers, faceprints, or face scans), then we will collect, use, and store such information in accordance with applicable privacy laws. We will have additional disclosures about services or features of the Platform that collect “Biometric Information,” which we will provide to you prior to the collection of any such information.
- Demographic Information, including your birthdate, age, gender, and zip code as well as information relating to your lifestyle, routine, interests, and shopping behavior.
- Health and Medical Information, including information about your health status, information related to your physical health condition, or information about your diagnosis by a health care professional that you voluntarily share with us (e.g., when you complete a quiz, sign up for a skin treatment, use our assessment tools, speak with one of our skin health experts or customer service representatives, or contact customer support to report a product issue). If you participate in a consumer research study where we have collected your informed consent, then we may collect and use certain health-related information as outlined in that particular informed consent form.
- Device and Browser Information, including your device type, browser type, operating system name and version, device identifier(s), and IP address.
- Location Information, including your approximate location derived from your device’s IP address. If you are using any of our mobile applications, please note that we may collect your personal information at any time the app is running in the foreground (i.e., fully visible on the screen) or in the background (i.e., not the focus on the screen). For more information about your options related to the collection of your location information, see the “Your Choices and Legal Rights” section below.
- Log and Usage Information, including the date and time you access the Platform, the site you came from and/or the site you visit when you leave the Platform, the frequency with which you access and use the Platform, the pages that you navigate to, the links that you click, and other information about your interactions with the Platform.
SOURCES OF PERSONAL INFORMATION
We collect your personal information in the following ways:
- Directly from You. When you visit and use the Platform or otherwise interact with us, we collect the personal information that you share with us. In particular, we collect personal information directly from you when you:
- Register for an account on the Platform.
- Purchase products or services through the Platform.
- Sign up to receive marketing and promotional communications from us.
- Request a sample from us.
- Join a loyalty, rewards, or similar program or club administered by us.
- Participate in one of our promotional sweepstakes, contests, surveys, or focus groups.
- Use any of the services and features available on the Platform.
- Use a Platform feature such as taking a quiz or engaging with one of our analysis or assessment tools.
- Provide us with feedback or submit a request to our Consumer Service team.
- Interact with our social media pages.
- Interact with us in-person (e.g., in one of our physical retail locations, at an in-person event, etc.)
- Through Automated Means. When you access and engage with the Platform, we automatically collect information about your browser, device, and activity, including when you:
- Install and use our mobile apps.
- Visit and navigate the Platform on any device.
- Enable location-based features on the Platform.
- Click on sponsored links, social media advertisements, or third-party advertisements.
We (and our partners) may also use cookies and other similar tracking technologies (e.g., pixel tags (or web beacons) and software development kits (SDKs)) to collect information automatically when you use the Platform. The information collected may include details about your behavior on the Platform, including how you move and scroll through the Platform, your keystrokes, the links you choose to click, and how you interact with forms. These technologies may also be used to collect information about you over time and across different websites, mobile apps, and devices.
For more information about our use of cookies and other tracking technologies, please refer to the “Tracking Technologies, Interest-Based Advertising, and Analytics” section below.
- From Third Parties. We may receive your personal information from other sources. Our third-party sources may include:
- Our business partners, including companies that co-sponsor our promotions.
- Our analytics and advertising partners, including online advertising networks and analytics providers.
- Social media platforms, including Facebook, Twitter, YouTube, Pinterest, Snapchat, and Instagram. The information we receive from any social media platform is dependent upon its policies and your settings on that platform.
- Third-party sites, including those that allow you to integrate your third-party account with your account with us.
- Other individuals (e.g., your family, friends, or other personal contacts) who provide your personal information to us because they think you may be interested in our products and services or they want to share a product or service with you.
- Other companies that provide personal information to supplement what we already know about you, including data aggregators. Certain third parties might link your name or email address to other information they have collected, such as your past online/offline purchases and your online usage information.
Please note that we may combine personal information that we receive from various sources. For example, we may combine:
- Personal information that we collect from you offline with personal information we collect from you through the Platform.
- Personal information that we collect from the different devices you use to access the Platform.
- Personal information we receive from third parties with personal information we already have about you.
We use, disclose, and protect combined personal information as described in this Notice.
HOW WE USE PERSONAL INFORMATION
We may use your personal information in the following ways:
- To Provide and Manage the Platform and the Services. We use your personal information to provide, administer, and manage the Platform (and its features) and as otherwise necessary to provide the Services and to operate our business.
- To Process and Fulfill Your Order(s). Where applicable, we use your personal information to process and fulfill your orders and requests for our products or services. We may also use your personal information to process your returns or inform you of any product recall.
- To Identify Usage Trends and Make Improvements. We use your personal information to understand how you use the Platform and identify usage trends. We also use your personal information to identify issues, test new features or changes in our features, and improve the Platform, the Services, and our products.
- To Understand Your Interests and Personalize Your Experience. We use your personal information to help us understand which parts of the Platform and/or which of our products are of interest to you. We also use your personal information to customize or personalize your experience with us.
- To Communicate with You. We use your personal information to communicate with you about your account or our relationship; to respond to your submissions, requests, and inquiries; and to request information or feedback from you. We may also use your personal information to invite you to participate and communicate with you about your participation in sweepstakes, contests, surveys, or focus groups administered by us or on our behalf. Additionally, from time to time, we may use your personal information to send you important updates and communications about this Notice and/or other applicable terms and conditions.
- To Determine Your Eligibility. We may use your personal information to verify your identity or determine your eligibility for some of our products, services, and promotions. For example, this may include verifying your age, date of birth, and state of residence.
- To Send You Marketing and Promotional Communications. We use your personal information to send you communications (including via email, text message, and push notification) and other materials with information about new products and features and special offers. These communications and materials might be third-party offers or products we think you might find interesting. Details on how to exercise your choices with respect to marketing and promotional materials and communications from us can be found in the “Your Choices and Legal Rights” section below.
- To Conduct Research and Analytics. We use your personal information to help us (and our service providers and partners) conduct research and analytics and to otherwise measure the effectiveness of the Platform’s content and our online and offline marketing and advertising efforts.
- To Engage in Interest-Based Advertising. We and our third-party partners use personal information gathered across multiple websites, devices, or other platforms to serve you relevant advertising on the Platform or on other online services across the devices you may use. Details on how to exercise your choices with respect to interest-based advertising can be found in the “Tracking Technologies, Interest-Based Advertising, and Analytics” section below.
- To Maintain Security and Prevent Fraud. We use your personal information to help monitor and maintain the security and integrity of the Platform as well as our systems and networks. Additionally, we use your personal information to detect; prevent; investigate; and protect you, our business, and others from fraud, unauthorized transactions, and other unlawful or unsafe activity.
- To Satisfy Our Legal Obligations. We use your personal information to comply with applicable law and respond to lawful requests and communications from law enforcement authorities and other government officials.
- To Carry Out Sales and Business Transactions. We may use your personal information in connection with the evaluation, negotiation, and/or completion of a business transaction (e.g., a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets), whether as a going concern or as part of any bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred or is otherwise relevant to the evaluation, negotiation, or completion of the transaction.
- As Otherwise Permitted, Necessary, or Appropriate. We use your personal information as otherwise described in this Notice or as explained to you at the point of information collection. We will also use your personal information at your direction or with your consent. Finally, we will use your personal information as we believe necessary or appropriate to protect our rights, privacy, safety, property, and/or those of others.
HOW WE DISCLOSE PERSONAL INFORMATION
In connection with one or more of the purposes outlined above, we may disclose personal information from each of the categories of information described in the “Collection of Personal Information” section above to the following categories of third parties:
- Our Affiliates. We may disclose your personal information within the Unilever Group of companies and brands for purposes consistent with this Notice and other business and operational purposes.
- Other Users of the Platform. We disclose your personal information to other individuals who visit and interact with the Platform. For example, we may display the personal information you post using the Platform’s features. We may also display publicly on the Platform the personal information you submit in connection with a promotion.
- Our Service Providers. We disclose your personal information to service providers who perform services on our behalf. For example, this may include merchandise vendors and payment processors. It may also include companies that send emails on our behalf or help us operate the Platform or provide the Services. Our service providers are restricted in their use of personal information that we disclose to them.
- Our Business Partners. We disclose your personal information to other companies with whom we partner to offer products and services and carry out other related activities. For example, we may disclose your personal information to a third party that co-sponsors a contest or promotion. We may also disclose your personal information to third parties whose products or services may be of interest to you.
- Our Research Partners. We disclose your personal information to our research partners, including those that perform surveys or research projects in partnership with us or on our behalf.
- Our Analytics Partners. We disclose your personal information to our partners that assist us in performing analytics and help us measure the effectiveness of the Platform’s content and our online and offline marketing and advertising efforts.
- Our Advertising Partners. We disclose your personal information to third parties for advertising purposes, including social media platforms, third-party advertising networks, and other parties that assist us in serving and optimizing our advertisements.
- Third-Party Data Providers. We disclose your personal information to third-party data providers, including data aggregators and data brokers, who collect personal information about consumers from various sources to create consumer databases that help companies and brands understand consumer behavior, grow their customer relationships, and meet their marketing and advertising objectives.
- Relevant Third Parties in Connection with Business Transactions or Reorganizations. We may take part in or be involved with a corporate business transaction, such as a merger, acquisition, joint venture, financing, or sale of all or a portion of our company assets. If another entity acquires us or any of our assets, personal information that we have collected may be transferred to such entity and its advisors leading up to and/or following the transaction. In addition, if any bankruptcy or reorganization proceeding is brought by or against us, personal information that we hold may be considered an asset of ours and may be sold or transferred to third parties.
- Competent Governmental and Public Authorities. We disclose your personal information as necessary pursuant to a court order or subpoena or to cooperate with a government agency or investigatory body request.
- Other Parties. We disclose your personal information to other parties at your direction or with your consent. If you are the winner of a sweepstakes or other contest, we may also disclose your personal information to anyone who requests a winner’s list. Finally, we disclose your personal information to other parties as we believe necessary or appropriate either to: (i) comply with applicable law; (ii) protect our operations and those of any of our affiliates; (iii) investigate and prevent against fraud; (iv) protect our rights, privacy, safety, or property and/or those of others; or (v) allow us to pursue available remedies or limit damages that we may sustain.
We may disclose your personal information for other reasons that we will describe at the time of information collection or prior to disclosing your information.
Depending on your U.S. state residency, some of the disclosures described above constitute “sales” or “sharing” of personal information under applicable law. Details on how to exercise your legal rights with respect to such disclosures can be found in the “Your Choices and Legal Rights” and the “California Privacy Rights” sections below.
Please note that we may de-identify or aggregate personal information so that it will no longer be considered “personal information” and disclose such information to other parties for purposes consistent with those described in this Notice.
CHILDREN’S PRIVACY
The Platform is intended for adults. We do not knowingly collect or solicit any information from anyone under the age of 16 through the Platform. In the event that we learn that we have inadvertently collected personal information from a child under the age of 16, we will delete that information as quickly as possible. If you believe that we might have collected personal information from a child under the age of 16, please contact us at dataprivacy@dermalogica.com.
TRACKING TECHNOLOGIES, INTEREST-BASED ADVERTISING, AND ANALYTICS
Cookies & Other Tracking Technologies
We automatically collect certain types of usage and device information when you visit and interact with the Platform, read emails sent by us or on our behalf, or otherwise engage with our content (including our advertisements).
We (and our partners) typically use cookies (i.e., small text files sent from a website and stored on your device), pixel tags (or web beacons), and other similar tracking technologies to collect this information. These tracking technologies may collect information about your browser, device, and browsing activity, such as your IP address, browser type, device type, unique IDs assigned to your device, the date and time of your visit to the Platform, the site from which you came and the site that you visit after leaving the Platform, and information about the way you engage with the Platform and our content (e.g., the pages on the Platform that you visit, how frequently you access the Platform, whether you open emails or click the links contained in emails sent by us or on our behalf, whether you access the Platform from multiple devices, the products you view and click on, and similar actions you take on the Platform).
- We (and our partners) use information collected through cookies and other similar tracking technologies for various purposes, including to:
- remember that you are logged into the Platform and enable certain functionality;
- provide you with personalized content and information, including targeted content and advertising;
- recognize you across multiple devices;
- monitor aggregate usage metrics relating to the Platform, such as total number of visitors, the dates/times visitors accessed the Platform, the pages visitors viewed, and demographic patterns of our visitors); and
- otherwise enhance the Platform and your user experience.
- Your browser may give you the ability to control cookies or other tracking technologies or to reject cookies.
- Because the options you select relating to cookies and other tracking technologies are browser and device specific, you must exercise your choices on each browser and device you use.
- For more information about cookies, including how they work and how to manage them, please visit
Interest-Based Advertising
We engage in interest-based advertising to deliver online, relevant advertising to you. We also permit third-party online advertising networks, social media companies, and other third-party services to collect information about your use of the Platform over time so that they may display advertisements tailored to you both on the Platform and on third-party online services and across the devices you may use.
Typically, though not always, the information used for interest-based advertising is collected through cookies or other similar tracking technologies. We may also provide certain identifiers (such as an email address or user ID) or hashed data to our third-party advertising partners to help identify you across devices or serve you relevant advertisements on social media platforms you may use. In addition to serving interest-based advertisements, our third-party partners may use personal information to deliver certain advertising-related services, such as reporting, attribution, analytics, and market research.
Some web browsers, websites/platforms, and mobile devices allow you to exercise certain choices with respect to interest-based advertising, as described below.
- Web browser opt-out: You may be able to opt out of receiving interest-based advertisements using the browser opt-out tools and consumer choice mechanisms provided by interest-based advertising self-regulatory groups by following the links below:
- Network Advertising Alliance (NAI): www.networkadvertising.org/choices
- Digital Advertising Alliance (DAA): https://optout.aboutads.info/?c=2&lang=EN
- Mobile application opt-out: You have the ability to control whether you see interest-based advertisements on your mobile device in the following ways:
- Your operating system may provide mechanisms that allow you to opt in or opt out of the use of data about your usage of mobile apps to deliver interest-based advertising to your mobile device. For more information, consult your device settings.
- The DAA offers a tool for opting out of the collection of cross-app data on a mobile device for interest-based advertising. To exercise your choices with respect to participating companies, please download the AppChoices tool at www.aboutads.info/appchoices.
You will need to opt out separately on all of your browsers and devices, as each opt-out will apply only to the specific browser or device from which you opt out. If you delete or reset your cookies or mobile identifiers, change browsers, or use a different device, any opt-out cookie or tool may no longer work and you will have to opt out again. Even if you choose to opt out of receiving interest-based advertising, you may still receive advertising, but the advertisements may be less relevant.
Some of our partners may provide you with additional choices with respect to interest-based advertising. For example, certain social media platforms allow you to control your advertising preferences directly through their services. Please review the privacy notices of the third-party services you use for more information.
Depending on your U.S. state residency, our use and disclosure of information for interest-based advertising purposes constitutes the processing of personal information for “targeted advertising” under applicable law. Details on how to exercise your legal rights with respect to “targeted advertising” can be found in the “Your Choices and Legal Rights” section below.
Google Analytics and Advertising
We use Google Analytics to better understand how users interact with the Platform. For information on Google Analytics’ information handling practices and how you can control the use of information sent to Google, please visit: www.google.com/policies/privacy/partners/. To disable Google Analytics, please download and install the Google Analytics Opt-out Browser Add-On, which is available here: https://tools.google.com/dlpage/gaoptout/.
We may also utilize certain forms of display advertising and other advanced features through Google Analytics, such as Remarketing with Google Analytics, Google Display Network Impression Reporting, the DoubleClick Campaign Manager Integration, and Google Analytics Demographics and Interest Reporting. These features enable us to use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick or Google Dynamic Remarketing advertising cookie) together to inform, optimize, and display advertisements based on your past visits to the Platform. You may control your advertising preferences or opt out of certain Google advertising products by visiting the Google Ads Preferences Manager, currently available at: https://google.com/ads/preferences or by visiting the NAI opt-out tool linked to above.
Rakuten Advertising
We partner with Rakuten Advertising, who may collect personal information when you interact with the Platform. Rakuten Advertising’s collection, use, and disclosure of your personal information is subject to the Rakuten Advertising Privacy Policy located here: https://rakutenmarketing.com/legal-notices/services-privacy-policy/
To exercise your choices with respect to Rakuten Advertising’s use and disclosure of your personal information, you can submit a request here: https://rakutenmarketing.com/legal-notices/subject-requests/.
YOUR CHOICES AND LEGAL RIGHTS
Your Choices
We provide you with the ability to make certain choices about how we use your personal information. Additional details are below.
Marketing and Promotional Communications: You can opt out of receiving marketing and promotional communications from us at any time. Note that even if you opt out of receiving marketing and promotional communications from us, you will still receive non-marketing or transactional messages from us, including messages about your account and responses to your inquiries. To opt out of receiving our marketing and promotional communications, you can:
- Send us an email at dataprivacy@dermalogica.com
- Call us at 1-800-345-2761 (Monday through Friday, 8:30 AM – 9:00 PM Eastern)
- Write to us at:
Dermalogica, LLC
Attention: Privacy Notice
1535 Beachey Place
Carson, CA 90746
- Follow the instructions included in any promotional emails or text messages that you receive from us.
Mobile Application and Location-Based Services: You may control our collection and use of location-based information through our mobile applications by adjusting the settings on your mobile device. You can also stop our collection of location information from your device(s) by uninstalling all of our mobile applications.
Push Notifications: If you use our mobile applications, we may use certain information that we have collected to send push notifications to your mobile device. You can manage your push notification preferences or deactivate these notifications at any time by turning off the notification settings in our mobile applications or in your mobile device’s settings. Please note that even if you choose not to receive push notifications, you will still receive in-app notifications when you use our mobile applications.
Your Legal Rights
Depending on your U.S. state residency, under applicable law, you may have certain rights in relation to your personal information, including the right to:
- Request details about our handling of your personal information and to access, or receive a copy of, your personal information in a readily usable format that allows you to transmit the information to another entity.
- Request that we correct inaccuracies in the personal information that we hold (taking into account the nature of the information and the purpose(s) for which we are processing it).
- Request that we delete the personal information we hold about you (subject to certain exceptions prescribed by law).
- Opt out of: (i) the “sale” of your personal information; (ii) the processing of your personal information for “targeted advertising” purposes; and (iii) certain forms of “profiling” (as these terms are defined in the applicable law).
- Withdraw the consent that you have given us to process your personal information (where applicable).
We will not discriminate against you if you decide to exercise your legal rights.
If you reside in Colorado, Connecticut, Utah, or Virginia and are interested in exercising one or more of the rights outlined above, you can do so by:
- Sending an email to dataprivacy@dermalogica.com with the subject line “Privacy Rights Request” or
- Calling us at 1-800-345-2761 or
- Completing and submitting the form available here
To protect your privacy, we may require you to provide certain information to verify that it is you making the request. Where applicable, we will use the requested information for verification purposes only. We may decline certain requests if we cannot verify your identity and confirm the personal information we maintain relates to you.
If you are interested in opting out of the “sale” of your personal information or the processing of your personal information for “targeted advertising” purposes, you can also do so by clicking “do not sell or share my personal information” in the footer of our website and following the instructions on the window that pops up. Additionally, where available, you may choose to enable an online tool that automatically communicates your opt-out preferences, such as the Global Privacy Control (“GPC”). When detected, we will process such signals as a valid request to opt out.
Upon receipt of your request, we will endeavor to honor it based on the information that we collect and maintain.
Exercising your rights does not require you to create an account with us.
Authorized Agents: You may authorize someone to submit a privacy rights request on your behalf (an “authorized agent”) using the submission methods outlined above. An authorized agent will need to demonstrate that you have authorized them to act on your behalf, unless you have provided the agent with power of attorney pursuant to applicable law. Depending on the evidence provided, we may also contact you to verify your identity directly with us or request confirmation from you that the agent is authorized to submit the request on your behalf.
Appealing Privacy Rights Decisions: Depending on your U.S. state residency, you may have the right to appeal a decision we have made in connection with your privacy rights request. To appeal a decision, please contact dataprivacy@dermalogica.com. If you are unsatisfied with the way that we have handled your appeal, you may have the right to complain to your state’s Attorney General.
CALIFORNIA PRIVACY RIGHTS
The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act and its implementing regulations (collectively, the “CCPA”) provides California residents with certain rights with respect to their personal information. Pursuant to the CCPA, we are providing the following additional details regarding the categories of personal information that we collect, use, and disclose. This section also describes the rights available to you as a California resident in relation to your personal information and how you can exercise your rights.
Personal Information Collection and Disclosure
The following chart details which categories of personal information we have collected from and about California residents in the past twelve (12) months, the source(s) of each category of information, the categories of third parties to whom we have disclosed each category of information for a business purpose, and the categories of third parties to whom we have “sold” or with whom we have “shared” each category of information (as such terms are defined in the CCPA) (where applicable). Please note that the first column in the chart lists by category the types of information described in the “Collection of Personal Information” section above, as required by the CCPA.
Category of Personal Information |
Categories of Source(s) |
Disclosures of Personal Information for a Business Purpose |
Sale or Sharing of Personal Information |
Identifiers, including names, shipping addresses, email addresses, online identifiers, IP addresses, account names, and other similar identifiers (e.g., social media identifiers). |
Directly from individuals
Through automated means
Third-party sources |
We have disclosed this category of information for a business purpose in the past 12 months to the following categories of third parties:
· Our Service Providers · Our Business Partners · Our Research Partners · Our Analytics Partners |
We have sold or shared this category of information in the past 12 months to or with the following categories of third parties:
· Our Analytics Partners · Our Advertising Partners (including social media platforms)
|
Personal information categories listed in the California Customer Records statute, including names, addresses, telephone numbers, and credit and debit card information. |
Directly from individuals |
We have disclosed this category of information for a business purpose in the past 12 months to the following categories of third parties:
· Our Service Providers |
|
Protected classification characteristics under California law or federal law, including age and sex/gender expression. |
Directly from individuals |
We have disclosed this category of information for a business purpose in the past 12 months to the following categories of third parties:
· Our Service Providers |
|
Commercial information, including items purchased, obtained, or considered and other purchasing or consuming histories or tendencies. |
Directly from individuals
Through automated means
Third-party sources |
We have disclosed this category of information for a business purpose in the past 12 months to the following categories of third parties:
· Our Service Providers · Our Research Partners · Our Analytics Partners |
We have sold or shared this category of information in the past 12 months to or with the following categories of third parties:
· Our Analytics Partners · Our Advertising Partners (including social media platforms)
|
Biometric information, including images and other information for the purpose of uniquely identifying individuals (as described in the Face Mapping® Privacy Statement below). |
Directly from individuals
|
We have disclosed this category of information for a business purpose in the past 12 months to the following categories of third parties:
· Our Service Providers
|
|
Internet or other electronic network activity information, including internet browsing history, search history, and information regarding interactions with the Platform and advertisements. |
Through automated means |
We have disclosed this category of information for a business purpose in the past 12 months to the following categories of third parties:
· Our Service Providers · Our Business Partners · Our Analytics Partners
|
We have sold or shared this category of information in the past 12 months to or with the following categories of third parties:
· Our Analytics Partners · Our Advertising Partners (including social media platforms)
|
Geolocation data, such as IP location. |
Through automated means |
We have disclosed this category of information for a business purpose in the past 12 months to the following categories of third parties:
· Our Service Providers · Our Business Partners · Our Analytics Partners |
We have sold or shared this category of information in the past 12 months to or with the following categories of third parties:
· Our Analytics Partners · Our Advertising Partners (including social media platforms)
|
Audio, electronic, visual, or similar information, such as phone call recordings (where permitted by law). |
Through automated means |
We have disclosed this category of information for a business purpose in the past 12 months to the following categories of third parties:
· Our Service Providers |
|
Inferences, meaning inferences drawn from any of the information in the above-listed categories of information. |
Through automated means
Third-party sources |
We have disclosed this category of information for a business purpose in the past 12 months to the following categories of third parties:
· Our Service Providers |
We have sold or shared this category of information in the past 12 months to or with the following categories of third parties:
· Our Analytics Partners · Our Advertising Partners (including social media platforms)
|
Sensitive personal information, including account log-in information in combination with passwords, and information concerning individuals’ health. |
Directly from individuals
Through automated means |
We have disclosed this category of information for a business purpose in the past 12 months to the following categories of third parties:
· Our Service Providers |
|
Purposes for Collecting Personal Information
As described in more detail in the “How We Use Personal Information” section above, we collect personal information to provide and manage the Platform and the Services, process and fulfill orders, and as otherwise necessary to support or promote our business.
Disclosures of Personal Information
As detailed in the “How We Disclose Personal Information” section above, we disclose personal information to fulfill the purposes described. We will also disclose certain categories of personal information to competent governmental and public authorities and other third parties as necessary or appropriate, including when we have a legal or contractual obligation to disclose the information.
Sale and Sharing of Personal Information
As detailed in the chart above, we “sell” and “share” (as such terms are defined in the CCPA), certain categories of personal information to and with third parties and have “sold” and “shared” certain categories of personal information in the past twelve (12) months. Please refer to the chart above for additional details.
We do not “sell” or “share” the personal information of individuals we know to be under 16 years of age.
Use and Disclosure of Sensitive Personal Information
As detailed in the chart above, we collect certain “sensitive personal information” (as defined in the CCPA). However, we do not use or disclose such information for any purpose outside of the limited permissible purposes set forth in the regulations implementing the CCPA. Such purposes include providing the Services and our products; preventing, detecting, and investigating security incidents; and verifying, maintaining the quality of, and improving the Services.
Your Legal Rights
You have the right to request that we:
- Disclose to you the following information covering the twelve (12) months preceding your request:
- the categories of personal information we have collected about you and the categories of sources from which we collected such information;
- the specific pieces of personal information we have collected about you;
- the business or commercial purpose for collecting, selling, or sharing personal information about you;
- the categories of third parties to whom we disclosed such personal information; and
- if we sold, shared, or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales and shares, identifying the personal information categories that each category of recipient received; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
- Correct inaccurate personal information that we maintain about you, taking into account the nature of the personal information and the purposes of the processing.
- Delete the personal information that we have collected from you, subject to certain exceptions.
We will not discriminate against you if you decide to exercise your rights under the CCPA. Please note that certain rights are subject to applicable exceptions under the CCPA.
If you are a California resident and interested in exercising any of the above-listed rights, you can do so by:
- Sending an email to dataprivacy@dermalogica.com with the subject line “Privacy Rights Request” or
- Calling us at 1-800-345-2761 or
- Completing and submitting the form available here.
To protect your privacy, we will require the matching of up to three pieces of personal information provided with your request with information we maintain to verify that it is you making the request. Where applicable, we will use the requested information for verification purposes only. Please note that we may decline a request where we are unable to verify your identity and confirm the personal information we maintain relates to you.
Exercising your rights does not require you to create an account with us.
Authorized Agents
You may authorize someone to submit a privacy rights request on your behalf (an “authorized agent”). An authorized agent will need to demonstrate that you’ve authorized them to act on your behalf, unless you have provided the agent with power of attorney pursuant to applicable probate law. Depending on the evidence provided, we may also contact you to verify your identity with us or request confirmation from you that the agent is authorized to submit the request on your behalf.
Exercising Your Sale and Sharing Opt-Out Right
As detailed in the chart above, we “sell” and “share” certain categories of personal information to and with third parties. If you are 16 years of age or older, in addition to the rights described above, you have the right to direct us to not “sell” or “share” your personal information at any time. To exercise your opt-out right, you may submit a request to us by:
- Clicking “do not sell or share my personal information” in the footer of our website and following the instructions on the window that pops up or
- Sending an email to dataprivacy@dermalogica.com with the subject line “Do Not Sell or Share My Personal Information.”
Alternatively, where available, you may choose to enable a tool that automatically communicates your opt-out preferences to all businesses that you interact with online. If you enable a browser-based opt-out preference signal that complies with the CCPA, such as the Global Privacy Control (“GPC”), upon receipt or detection, we will treat the signal as a valid request to opt out of the sale or sharing of personal information linked to that browser and any consumer profile we have associated with that browser. Please note that if you use different browsers or browser profiles, you will have to enable the signal on each one that you use.
An authorized agent may also use the methods described above to submit a request to opt out on your behalf if you provide the agent with signed permission to do so. Please note that we may request from the agent documentation demonstrating that they have your authority to act on your behalf.
Notice of Financial Incentive
We may provide discounts or promotions when you agree to receive marketing and promotional communications from us or claim a specific offer when you interact with us and/or the Platform (each, an “Offer”). The terms of each Offer will be provided to you when it is made available. You may opt out of marketing and promotional communications from us at any time as described in our messages to you and as described in the “Your Choices and Legal Rights” section above.
We collect and retain personal information to support and fulfill certain Offers, which may include information in the following categories:
- Identifiers
- Personal information categories listed in the California Customer Records statute
- Commercial information
- Internet or other electronic network activity information
- Geolocation data
- Inferences
Because we collect and retain personal information in connection with our administration of certain Offers, they may be considered “financial incentives” or “price or service differences” under California law, or a “bona fide loyalty program” under Colorado law. The personal information we collect and retain in connection with the Offers may also be used to make your account, to supplement your account information (where applicable), and for targeted advertising. Additional details regarding our use of personal information can be found in the “How We Use Personal Information” section above. We may sell or share your personal information with third parties as described in our California Privacy Rights “Personal Information Collection and Disclosure” section, including to analytics and advertising partners (including social media platforms). If you ask us to delete the personal information associated with the Offers, we will not be able to provide you with access to these programs.
The value of the personal information we collect will vary based on the Offer and is calculated based on expenses related to offering the Offer, which may include the costs associated with providing discounts or promotions, IP or marketing-related costs, and other related expenses.
You have the right to opt out of any Offer at any time in accordance with the terms of the Offer or by contacting us at dataprivacy@dermalogica.com.
INFORMATION SECURITY
We employ and maintain reasonable administrative, physical, and technical measures designed to safeguard and protect the personal information under our control from loss, misuse, unauthorized access, disclosure, alteration, and destruction.
However, the Internet is not 100% secure. As a result, like all businesses, we cannot guarantee the security of the personal information you provide to us via the Platform. We encourage you to use caution when using the Internet. A username and a password are needed to access certain areas of the Platform. It is your responsibility to protect your username and password.
CROSS-BORDER TRANSFERS
The Platform is directed only to U.S. consumers. The Platform is not directed to consumers outside of the U.S. We will transfer and/or store personal information under our control in the United States and/or other countries where we have facilities or in which we engage service providers. As a result, your personal information may be transferred to other countries or regions.
If you live outside of the United States, you understand and agree that we may transfer your personal information to the United States. When we transfer your personal information outside of your country of residence, we do so in accordance with applicable law and take appropriate steps to ensure your information is protected. However, please note that while outside of the jurisdiction in which you reside, your personal information will be subject to applicable local laws (including those of the United States), which may not provide the same level of protections for personal information as those in your own country.
INFORMATION RETENTION
We will retain your personal information as long as necessary to fulfill the purposes outlined in this Notice, unless a longer retention period is required or allowed under law.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information; the potential risk of harm from unauthorized use or disclosure of the personal information; the purposes for which we use the personal information; whether we can achieve the purposes through other means; and the applicable legal requirements.
If we de-identify information, we will maintain and use the information in de-identified form and not attempt to re-identify the information except as required or permitted by law.
LINKS TO THIRD-PARTY SERVICES
The Platform may contain links to third-party sites, plug-ins, applications, or other online services. If you click on a link to a third-party service, you will be taken to a service we do not control and that is not governed by this Notice. We are not responsible for third parties’ privacy practices. We suggest that you read the privacy notices of every service with which you interact carefully.
CHANGES TO THIS PRIVACY NOTICE
From time to time, we may update this Notice to reflect changes in our practices with respect to the collection, use, and disclosure of personal information and/or changes in applicable law.
The “Last Updated” date at the top of this page indicates when this Notice was last revised. If we make changes, we will revise the date at the top of this page and, in the case of material changes, we will provide you with additional notice (in accordance with applicable law).
Unless otherwise stated, the current version of this Notice applies to all personal information under our control. We encourage you to review this Notice periodically to remain informed about our information handling and privacy practices.
CONTACT US
If you have any questions, comments, or concerns with respect to our information handling or privacy practices or this Notice, or wish to update your information, please feel free to contact us at by email at dataprivacy@dermalogica.com or by telephone at 1-800-345-2761 (Monday through Friday, 8:30 AM – 9:00 PM Eastern).
You may also write to us at the following address:
Dermalogica
Attention: Privacy Notice
1535 Beachey Place
Carson, CA 90746
FACE MAPPING® PRIVACY STATEMENT
We pride ourselves in helping our customers find the right solutions for their skin. In furtherance of this goal, we offer our customers a free Face Mapping® tool designed to provide a personal skin assessment to help each customer discover products that target their most prominent skin concerns.
To use this free Face Mapping® tool, we ask customers to provide us with a real-time selfie image of their face. We use a combination of machine learning tools and statistical algorithms to perform facial analysis to generate a detailed report of the customer’s facial geometry and skin-related characteristics. In connection with this facial analysis, we disclose customer information, including the customer’s selfie image, to our trusted third-party service providers who process this data strictly in accordance with our contractual agreements.
We analyze these detailed facial reports to provide each customer a customized product recommendation and skincare regimen designed to target their most prominent skin concerns. We also use and process the information to further develop future product and skincare recommendations as well as to improve the face and skin mapping tools, technologies and services. For clarity, we do not use this face-related data for purposes of recognizing or identifying an individual customer. Additionally, we do not use, disclose, sell, or retain our customers’ facial geometry reports for any purpose other than those described in this Face Mapping® Privacy Statement.
We automatically delete and permanently destroy the facial geometry data we receive from our third-party service providers and any other information used to represent a customer’s detailed facial geometry promptly after it is used for the purposes of providing that customer their personalized skincare recommendations, generally within a short period of time after it is collected. However, we continue to retain the customer’s selfie image and the results of each customer’s personal skin assessment for up to three years from the date of collection for purposes of quality control and the development and improvement of our Face Mapping® tool and product recommendations.
Because we do not retain the facial geometry data after it is used for the purposes of providing each customer with their personalized skincare recommendations, we will repeat the facial analysis described above each time a customer requests to view their previously provided skincare recommendations.
Consumer Health Data Privacy Policy
Last Updated: March 18, 2024
This policy governs the websites (each a “Site”), apps (each an “App”), offline locations or services (collectively, the “Services”) owned and operated by Dermalogica, LLC,(referred to herein as “Dermalogica,” “we,” “us,” or “our” as applicable) that display, reference, or link to this Health Data Notice. This policy supplements the Dermalogica Privacy Notice and applies to “consumer health data” under US state privacy laws, including Washington's My Heath My Data Act and Nevada's consumer health privacy law.
CONSUMER HEALTH DATA WE COLLECT
We collect the following categories of consumer health data, as defined by MHMDA.
- Information about your health-related conditions, symptoms, status, diagnoses, testing, procedures, or treatments, including information related to your skincare routine.
- Information that could identify your attempt to seek health related services.
- Your biometric data.
- Other information that may be used to infer or derive data related to the above or other health information.
SOURCES OF CONSUMER HEALTH DATA
As described further in the “Sources of Personal Information” section of the Privacy Notice we collect consumer health data directly from you, from your interactions with our Services, and from third parties.
WHY WE COLLECT AND USE CONSUMER HEALTH DATA
We may use the categories of consumer health data described above for the following purposes:
- To Provide and Manage the Platform and the Services. We use your consumer health data to provide, administer, and manage the Platform (and its features) and as otherwise necessary to provide the Services and to operate our business.
- To Process and Fulfill Your Order(s). Where applicable, we use your consumer health data to process and fulfill your orders and requests for our products or services. We may also use your consumer health data to process your returns or inform you of any product recall.
- To Identify Usage Trends and Make Improvements. We use your consumer health data to understand how you use the Platform and identify usage trends. We also use your consumer health data to identify issues, test new features or changes in our features, and improve the Platform, the Services, and our products.
- To Understand Your Interests and Personalize Your Experience. We use your consumer health data to help us understand which parts of the Platform and/or which of our products are of interest to you. We also use your customer health data to customize or personalize your experience with us.
- To Communicate with You. We use your consumer health data to communicate with you about your account or our relationship; to respond to your submissions, requests, and inquiries; and to request information or feedback from you.
- To Determine Your Eligibility. We may use your consumer health data to verify your identity or determine your eligibility for some of our products, services, and promotions.
- To Send You Marketing and Promotional Communications. We use your personal information to send you communications (including via email, text message, and push notification) and other materials with information about new products and features and special offers. Details on how to exercise your choices with respect to marketing and promotional materials and communications from us can be found in the “Your Choices and Legal Rights” section below.
- To Conduct Research and Analytics. We use your consumer health data to help us conduct research and analytics and to otherwise measure the effectiveness of the Platform’s content and our online and offline marketing and advertising efforts.
- To Maintain Security and Prevent Fraud. We use your consumer health data to help monitor and maintain the security and integrity of the Platform as well as our systems and networks. Additionally, we use your consumer health data to detect; prevent; investigate; and protect you, our business, and others from fraud, unauthorized transactions, and other unlawful or unsafe activity.
- To Satisfy Our Legal Obligations. We use your consumer health data to comply with applicable law and respond to lawful requests and communications from law enforcement authorities and other government officials.
- To Carry Out Sales and Business Transactions. We may use your consumer health data in connection with the evaluation, negotiation, and/or completion of a business transaction (e.g., a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets), whether as a going concern or as part of any bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred or is otherwise relevant to the evaluation, negotiation, or completion of the transaction.
- As Otherwise Permitted, Necessary, or Appropriate. We use your consumer health data as otherwise described in this policy or as explained to you at the point of information collection. We will also use your consumer health data at your direction or with your consent. Finally, we will use your personal information as we believe necessary or appropriate to protect our rights, privacy, safety, property, and/or those of others.
WITH WHOM DO WE SHARE CONSUMER HEALTH DATA
As defined by MHMDA, we share consumer health data with the categories of third parties listed below. We will obtain your consent before sharing your consumer health data.
- Our Affiliates. We may disclose your consumer health data within the Unilever Group of companies and brands for purposes consistent with this policy and other business and operational purposes.
- Our Business Partners. We disclose your consumer health data to other companies with whom we partner to offer products and services and carry out other related activities. For example, we may disclose your consumer health data to a third party that co-sponsors a contest or promotion.
- Our Research Partners. We disclose your consumer health data to our research partners, including those that perform surveys or research projects in partnership with us or on our behalf.
- Competent Governmental and Public Authorities. We disclose your consumer health data as necessary pursuant to a court order or subpoena or to cooperate with a government agency or investigatory body request.
- Other Parties. We disclose your consumer health data to other parties at your direction or with your consent. Finally, we disclose your consumer health data to other parties as we believe necessary or appropriate either to: (i) comply with applicable law; (ii) protect our operations and those of any of our affiliates; (iii) investigate and prevent against fraud; (iv) protect our rights, privacy, safety, or property and/or those of others; or (v) allow us to pursue available remedies or limit damages that we may sustain.
We may disclose your consumer health data for other reasons that we will describe at the time of collection or prior to disclosing your consumer health data.
HOW TO EXERCISE YOUR RIGHTS
MHMDA provides covered individuals with certain rights to access, delete, or withdraw consent relating to their consumer health data, subject to certain exceptions.
If you would like to exercise the rights outlined above, please follow the promptsIf you send a request by email, please write “Washington Consumer Health Data Request” in the subject line and state which rights you seek to exercise in the body of your message. We may take steps to verify your identity before responding to your request by asking you a series of questions about your previous interactions with us.
REVISIONS TO THIS PRIVACY POLICY
We reserve the right, at our sole discretion, to change, modify, add, remove, or otherwise revise portions of this policy at any time. When we do, we will post the change(s) on our Services. Your continued use of our products and Services following the posting of changes to these terms means you accept these changes. If we change this policy in a material or substantive way, we will provide appropriate notice to you.
HOW TO CONTACT US
If you have any questions or concerns about this policy or the practices described herein, you may contact us at dataprivacy@dermalogica.com, by calling 1-800-345-2761 (Monday through Friday, 8:30 AM – 9:00 PM Eastern), or by mail to: Dermalogica, LLC Attention: Privacy Notice, 1535 Beachey Place, Carson, CA 90746.