Last updated: July 14, 2021
Limitations on Use by Minors
Our Service is generally intended for use by individuals who are at least eighteen (18) years of age or such older age as may be required by applicable laws in the jurisdiction in which an individual utilizes the Service. Individuals who are between the ages of fifteen (15) and eighteen (18) (or such older age of majority) may use the Service for the sole purpose of obtaining a medical consultation for the treatment of acne using topical skincare products (to the extent made available) if a parent or legal guardian provides consent to such use in accordance with the requirements set forth in our Terms and Conditions and the Service. The Service is not designed or intended to attract, and is not directed to, children under fifteen (15) years of age. If we obtain actual knowledge that we have collected personal information through the Service from a person under fifteen (15) years of age, we will use reasonable efforts to refrain from further using such personal information or maintaining it in retrievable form.
Furthermore, if you are under sixteen (16) years of age, then you (or your parent or legal guardian if you are under age fifteen (15)) may at any time request that we remove content or information about you that is posted on the Platform. Please submit any such request (“Request for Removal of Minor Information”) to either of the following:
- By mail: HairPersonal™ LLC, 6280 Sunset Drive, Suite 504, Miami, FL 33143, with a subject line of “Removal of Minor Information”. If you send by mail, please send by U.S. Certified Mail, Return Receipt Requested to allow for confirmation of mailing, delivery and tracking.
- By email: firstname.lastname@example.org, with a subject line of “Removal of Minor Information”.
For each Request for Removal of Minor Information, please state “Removal of Minor Information” in the email or letter subject line, and clearly state the following in the body of the request:
- The nature of your request;
- The identity of the content or information to be removed;
- The location of the content or information on the Platform (e.g. by providing the URL);
- That the request is related to the “Removal of Minor Information”; and
- Your name, street address, city, state, zip code and email address, and whether you prefer to receive a response to your request by mail or email.
We will not accept any Request for Removal of Minor Information via telephone or facsimile. HairPersonal™ is not responsible for failing to comply with any Request for Removal of Minor Information that is incomplete, incorrectly labeled or incorrectly sent.
Please note that we are not required to erase or otherwise eliminate, or enable erasure or elimination of such content or information in certain circumstances, such as, for example, when (i) an international, federal, state, or local law, rule or regulation requires HairPersonal™ to maintain the content or information; (ii) HairPersonal™ maintains the content or information on behalf of your Providers (as defined in our Terms and Conditions) as part of your electronic medical record; (iii) the content or information is stored on or posted to the Service by a third party other than you (including any content or information posted by you that was stored, republished or reposted by the third party); (iv) HairPersonal™ anonymizes the content or information, so that you cannot be individually identified; (v) you do not follow the aforementioned instructions for requesting the removal of the content or information; and (vi) you have received compensation or other consideration for providing the content or information.
The foregoing is a description of HairPersonal™’s voluntary practices concerning the collection of personal information through the Service from certain minors, and is not intended to be an admission that HairPersonal™ is subject to the Children’s Online Privacy Protection Act, the Federal Trade Commission’s Children’s Online Privacy Protection Rule(s), or any similar international, federal, state, or local laws, rules, or regulations.
Protected Health Information
When you set up an account with HairPersonal™, you are creating a direct customer relationship with HairPersonal™ that enables you to access and/or utilize the various functions of the Platform and the Service as a user. As part of that relationship, you may provide information to HairPersonal™, including, but not limited to, your name, email address, shipping address, phone number and certain transactional information, which we do not consider to be “protected health information” or “medical information”.
The Medical Groups and Providers have adopted a Notice of Privacy Practices that describes how they collect, use and disclose Protected Information. By accessing or using any part of the Service, you are acknowledging receipt of the Notice of Privacy Practices from your Medical Group and Provider(s).
Collection of Information
We may collect information about you, including personal information, from the information you voluntarily provide to us and through automatic data collection technology. Such information includes, but is not limited to, the following:
- Personally identifying information such as your name, e-mail address, phone number, and billing and physical addresses;
- Your login and password and other account (“Account”) registration details;
- Demographic data (such as your gender, date of birth and zip code);
- Computer, mobile device and/or browser information (e.g., IP address, mobile device ID information, operating system, connection speed, bandwidth, browser type, referring/exist web pages, web page requests, cookie information, hardware attributes, software attributes);
- Third-party website, network, platform, server and/or application information (e.g., Facebook, Twitter, Instagram);
- Usage activity concerning your interactions with the Service and/or third-party websites, networks or applications accessed through the Service (e.g., viewing habits, viewing preferences, viewing history, number of clicks on a page or feature, amount of time spent on a page or feature, identify of third-party websites, networks, etc.);
- Billing, payment and shipping information;
- Electronic signature;
- Photographic or video images submitted for identification or non-diagnosis or treatment purposes, including photographs of your driver’s license or passport;
- Information about third parties that you refer to us (e.g., name, email, and/or other contact information, relationship);
- Statements or content (e.g., comments, videos, photographs, images) and information about such statements or content, which you submit or publish on or through the Service or which are accessed via your public or linked social media pages (e.g., Facebook, Twitter, Instagram); and
- Any other information you provide when you contact or communicate with us.
If you use your mobile device to visit, access or use the Service, then additional categories of information that we collect may include:
- Your name associated with your mobile device;
- Your telephone number associated with your mobile device;
- Your geolocation;
- Your mobile device ID information;
- With your express consent, your contacts and/or contact information (e.g., names, telephone numbers, physical addresses, email addresses, photos) stored on your mobile device; and
- With your express consent, information about third-party software applications on your mobile device (including, without limitation, general software apps, downloadable software apps, social media apps).
We may also collect certain medical information on behalf of the Medical Groups and your Providers, which may include, but is not limited to:
- Health and medical data you submit for diagnosis or treatment purposes, including, without limitation, information in any questionnaires or surveys you complete for these purposes;
- Previous doctors or other healthcare providers you visited;
- Date of visit;
- Images or videos you share for diagnosis or treatment purposes; and
- Communications with Providers.
We may also receive information about you from our partners. For example, as part of our identity verification process, our vendor may send us information they have independently collected, such as your name, age, and estimated location. Our marketing partners may also send us information about you, even if you have not visited or registered on our Service.
HairPersonal™ does not collect or create biometric information about you. To use some of our services, however, we may be required to verify your identity. If you are asked to submit proof of identity (such as a driver’s license or passport) we may share that and the picture you shared with us with our identity verification partner, who may create biometric information about your face in order to verify that your picture matches your proof of identity. Biometric information is not shared with HairPersonal™ and is deleted by our identity verification partner after completing the identity verification. HairPersonal™ may receive information extracted from your photos, such as information from your driver’s license and the confidence that there is a “match” between your two photos. We use this information to help verify your identity.
How Information Is Collected
HairPersonal™ might collect personal and non-personal information directly from you when (i) you visit, access or use the Service; (ii) you register with or subscribe to the Service or any products or services available through the Service; (iii) you “sign in,” “log in,” or the like to the Service; (iv) you allow the Service to access, upload, download, import or export content found on or through, or to otherwise interact with, your computer or mobile device (or any other device you may use to visit, access or use the Service) or online accounts with third-party websites, networks, platforms, servers or applications (e.g., your online social media accounts, your cloud drives and servers, your mobile device service provider); or (v) whenever HairPersonal™ asks you for such information, such as, for example, when you process a payment through the Service, or when you answer an online survey or questionnaire. In addition, if you or a third party sends HairPersonal™ a comment, message or other communication (such as, by way of example only, email, letter, fax, phone call, or voice message) about you or your activities on or through the Service, then HairPersonal™ may collect any personal or non-personal information provided therein or therewith.
In addition to the information we collect directly from you, we may also collect certain information from the Medical Group and/or Providers who provide treatment or other services to you in connection with our Service. This information may include, but is not limited to, diagnoses, treatment plans (including prescription details) and notes, and is accessible and visible through certain components of the Service.
We may also receive information from third parties that pay for your care or provide you with treatment, laboratory care or prescription medication, which may include, for example, your prescription history, insurance policy, insurance eligibility and coverage, and laboratory test results.
We also may receive personal information about you from our service providers who assist us with identity verification in connection with our Services, which may include information parsed from your driver’s license or passport, your estimated location, your address and how long you have lived there, and your contact information.
Finally, HairPersonal™ might use automatic data technologies such as tracking, data aggregation and/or data analysis technologies, including, for example, the following:
- Cookies, which are small data files (e.g., text files) stored on the browser or device you use to view a website or message. They may help store user preferences and activity and may allow a website to recognize a particular browser or device. There are several types of cookies, including, for example, browser cookies, session cookies, and persistent cookies. Cookies may record information you access on one page of a website to simplify subsequent interaction with that website, or to help streamline your transactions on related pages of that website. Most major browsers are set up so that they will initially accept cookies, but you might be able to adjust your browser’s or device’s preferences to issue you an alert when a cookie is downloaded, or to block, reject, disable, delete or manage the use of some or all cookies on your browser or device. Cookies can be set by the website owner (i.e., us), or they can be set by third parties (e.g., Facebook, Google, etc.) Cookies are used to help us speed up your future activities or to improve your experience by remembering the information that you have already provided to us. Third party cookies may also be used to enable analytics (e.g. Google Analytics) or advertising functionality (e.g., ad re-targeting on third-party websites) that enables more customized services and advertising by tracking your interaction with our Service and collecting information about how you use the Service.
- Flash cookies, which are cookies written using Adobe Flash, and which may be permanently stored on your device. Like regular cookies, Flash cookies may help store user preferences and activity, and may allow a website to recognize a particular browser or device. Flash cookies are not managed by the same browser settings that are used for regular cookies.
- Web beacons, which are pieces of code embedded in a website or email to monitor your activity on the website or your opening of the email, and which can pass along information such as the IP address of the computer or device you use to view the website or open the email, the URL page on which the web beacon is located, the type of browser that was used to access the website, and previously set cookie values. Web beacons are sometimes used to collect advertising data, such as counting page views, promotion views or advertising responses. Disabling your computer’s, device’s or browser’s cookies may prevent some web beacons from tracking or recording certain information about your activities.
- Scripts, which are pieces of code embedded in a website to define how the website behaves in response to certain key or click requests sent by the user. Scripts are sometimes used to collect information about the user’s interactions with the website, such as the links the user clicks on. Scripts are often times temporarily downloaded to the user’s computer or device from the website server, active only while the user is connected to the website, and deactivated or deleted when the user disconnects from the website.
- Analytic tools and services, which are sometimes offered by third parties, and which track, measure and/or generate information about a website’s or program’s traffic, sales, audience and similar information, and which may be used for various reasons, such as, for example, statistical research, marketing research, and content ratings research, and conversion tracking. Examples of the analytic tools and services which HairPersonal™ might use include Google Analytics and Taplytics. HairPersonal™ may also use other third-party analytic tools and services.
Please be advised that if you choose to block, reject, disable, delete or change the management settings for any or all of the aforementioned technologies and/or other tracking, data aggregation and data analysis technologies, then certain areas of the Platform might not function properly.
By visiting, accessing or using the Service, you acknowledge and agree in each instance that you are giving HairPersonal™ permission to monitor or otherwise track your activities on the Service, and that HairPersonal™ may use the aforementioned technologies and/or other tracking, data aggregation and data analysis technologies. Notwithstanding the foregoing, HairPersonal™ does not permit third parties or third-party cookies to access to any communications you have with the Providers, or medical information that you submit to the Providers for diagnosis and treatment purposes.
Use of Information
In connection with providing the Service, we and our affiliates and service providers may use your information, including your personal information, subject to the limitations addressed in the Protected Health Information section above, for a number of purposes, including, but not limited to:
- Verifying your identity;
- Confirming your location;
- Administering your account;
- Fulfilling your requests;
- Processing your payments;
- Facilitating your movement through the Service;
- Facilitating your use of the Service and/or products or services offered through the Service;
- Communicating with you by letter, email, text, telephone or other forms of communication, including on behalf of your Provider(s) to facilitate telehealth Services;
- Providing you with information about HairPersonal™, the Pharmacies, the Medical Groups, the Providers and/or their businesses, products and services by letter, email, text, telephone or other forms of communication;
- Providing you with customer support;
- Providing you with information about third-party businesses, products and services by letter, email, text, telephone or other forms of communication;
- Developing, testing or improving the Service and Content, features and/or products or services offered via the Service;
- Identifying or creating new products, services, marketing and/or promotions for HairPersonal™ or the Service;
- Promoting and marketing HairPersonal™, the Service, and the products and/or services offered via the Service;
- Improving user experiences with the Service;
- Analyzing traffic to and through Service;
- Analyzing user behavior and activity on or through the Service;
- Conducting research and measurement activities for purposes of product and service research and development, advertising claim substantiation, market research, and other activities related to HairPersonal™, the Service or products and services offered via the Service;
- Monitoring the activities of you and others on or through the Service;
- Placing and tracking orders for products or services on your behalf;
- Protecting or enforcing HairPersonal™’s rights and properties;
- Protecting or enforcing the rights and properties of others (which may include you);
- When required by applicable law, court order or other governmental authority (including, without limitation and by way of example only, in response to a subpoena or other legal process); and
- When HairPersonal™ believes in good faith that such use is otherwise necessary or advisable (including, without limitation and by way of example only, to investigate, prevent, or take legal action against someone who may be causing injury to, interfering with, or threatening the rights, obligations or properties of HairPersonal™, a user of the Service, which may include you, or anyone else who may be harmed by such activities or to further HairPersonal™’s legitimate business interests).
We may de-identify your information and use, create and sell such de-identified information unless prohibited by applicable law.
Disclosure of Information
Subject to the limitations described in the Protected Health Information section above, we may disclose your information in connection with the provision of our Service or as otherwise permitted or required by law. For example, we may disclose your information to:
- Our third-party and service providers (collectively “Vendors”) that provide services to enable us to provide the Service, such as the hosting of the Service, data analysis, IT services and infrastructure, customer service, e-mail delivery, and other similar services;
- Vendors that provide services to enable us to run our business and administrative operations, such as legal and financial advisory services, auditing services, analytics and similar services;
- Vendors that provide services to enable us to promote and advertise the Service and the products and/or services offered via the Service, such as ad platforms or ad-retargeting services, as well as comply with contact removal requests or requirements, such as mailing list removal services, do not call registries, and similar services;
- The Pharmacies, Medical Group or its Providers to enable them to provide services to you via the Service and to collect payment on their behalf;
- Comply with any court order, law or legal process, including to respond to any government or regulatory request;
- Enforce or apply our Terms and Conditions;
- Vendors as we believe necessary or appropriate to comply with applicable laws;
- A third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, liquidation or other disposition of all or any portion of our business, assets or equity interests with such third party;
- Any other party with your consent;
- Any other party for any purpose disclosed by us to you when you provide the information.
We may de-identify your information and disclose such de-identified information for any purpose not prohibited by applicable law.
In connection with any transaction that you conduct through the Service (e.g., the purchase or sale of any products or services on or through the Service), you may be asked to supply certain information relevant to the transaction, including, without limitation, your credit card number and expiration date, your billing address, your shipping address, your phone number and/or your email address. By submitting such information, you grant HairPersonal™ without charge the irrevocable, unencumbered, universe-wide and perpetual right to provide such information to third parties (e.g., payment processing companies, buyers on the Service, sellers on the Service) for the purpose of facilitating the transaction.
Summary of Information Practices
The following table is a non-exhaustive summary of our personal information collection, use, and disclosure practices in the preceding twelve (12) months since we last updated this Policy. As reflected in this table, we may share your personal information with a variety of outside entities.
|Category of Personal Information Collected
|Categories of Sources
|Categories of Third Parties with Whom HairPersonal Shares Personal Information
|Full name, email address, phone number, account login and password, purchase information, billing address, physical address
|You, our and third-party cookies and other tracking technologies on our website, and service providers.
|Facilitating use of Services and/or products or services, processing payments, marketing, customer, or analytic services, protecting against malicious, deceptive, fraudulent or illegal activity, and enabling or effecting, directly or indirectly, a commercial transaction
|Service providers, Medical Groups, Providers, Pharmacies, third parties that assume control over all or part of the business in connection with a merger, acquisition, bankruptcy, or similar event, affiliates, professional advisors, law enforcement authorities, and those involved in legal proceedings, with consent
|Unique identifiers or personal identifiers
|IP address, online identifiers, mobile device ID, dates of medical visit
|You, your mobile device, and our and third-party cookies and other tracking technologies on our website
|Processing or fulfilling orders and transactions, debugging to identify and repair errors that impair existing intended functionality, providing customer or analytic services, and enabling or effecting, directly or indirectly, a commercial transaction
|Service providers, Medical Groups, Providers, Pharmacies, data analytic providers, payment processors, affiliates, professional advisors, law enforcement authorities, and those involved in legal proceedings, with consent
|Internet and other network activity
|Your mobile devices and computers used to access our Service
|Marketing, customer, or analytic services and enabling or effecting, directly or indirectly, a commercial transaction
|Service providers, data analytic providers, affiliates
|Gender, date of birth, zip code
|You and the Vendors
|Marketing, customer, or analytic services, processing or fulfilling orders, transactions and identity verification
|Service providers, data analytic providers, affiliates
|Audio, electronic, visual, thermal, olfactory, or similar information
|Electronic signature, photographic or video images
|Identification verification or non-diagnosis or treatment purposes, on behalf of Medical Groups/Providers for diagnosis or treatment purposes
|Medical Groups and Providers
|Information about goods or services purchased, obtained, or considered
|Your mobile device
|Processing or fulfilling orders and transactions, marketing, customer or analytic services
|Service providers, data analytic providers, affiliates
|Health and Medical Information
|Medical history and other information, symptoms, prescription history, insurance policy, insurance eligibility and coverage, laboratory test results, previous doctors visited
|You or Medical Group and/or Providers
|Processing or fulfilling orders and transactions
|Medical Groups and Providers
|Financial Information (Information under California Civil Code 1798.80)
|Processing or fulfilling orders and transactions
|Payment processors, buyers on Service, sellers on Service
|Your mobile devices and computers used to access our Service, and the Vendors
|Confirming location and verifying identity
|Medical Groups and Providers
|Professional or Employment-related Information
|Job history, educational history, employer
|Applicants or non-applicant email addresses or signature blocks
|Process and evaluate applications for positions with HairPersonal
|Service providers such as HR vendors
If you are a California resident, you have the right to know what personal information we collect, use, disclose or sell about you under the California Consumer Privacy Act of 2018 (“CCPA”). Additionally, you have the right to access and delete your personal information.
To exercise these privacy rights and choices, please follow the instructions below:
- How to request access to your personal information: You may request access to your personal information twice in a 12-month period. To do so, please email us at email@example.com with the subject heading “California Privacy Rights,” or call 305-359-7599. In response, we will produce an Access Report detailing the personal information we have collected, disclosed, and/or sold about you. This Access Report will be delivered by mail or electronically at your request. Note, we may not always be able to fully address your request, for example, if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way. Please be aware that not all information sharing is covered by the California Privacy Rights requirements and only information on covered sharing will be included in our response.
- How to request deletion of your personal information: You may request that we delete the personal information it has collected and/or maintained about you. To do so, please email us at firstname.lastname@example.org, or call 305-359-7599. Note, we may need to retain certain personal information as permitted by law, such as to complete the transaction for which the personal information was collected, maintain an electronic medical record for a Medical Group or Provider, provide a requested good or service, detect security incidents, protect against malicious, deceptive, fraudulent or illegal activities, comply with legal obligations or to enable solely internal uses that are reasonably aligned with your expectations or lawful within the context in which you provided the information.
We reserve the right to charge a fee where permitted by law, for instance, if your request is manifestly unfounded or excessive. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Verification: Please note, we will take steps to verify your identity before fulfilling any of the above requests. If you maintain an account with us, we will verify your identity through existing authentication practices for the account (e.g., login and password). If you are not a registered member, we will verify your identity by matching two or three data points that you provide with data points that we maintain and have determined to be reliable for the purposes of verification (e.g., browser or device ID).
Authorized Agents: Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your or your minor child’s personal information. In order to designate an authorized agent to make a request on your behalf, you must provide written proof that you have consented to this designation unless the agent has power of attorney pursuant to California Probate Code sections 4000-4465. You must also verify your identity directly with us by providing a copy of your government issued identification.
Response Timing and Format: If you are a HairPersonal™ customer with an online account, we will deliver our written response to that account online or via email. If you are not a HairPersonal™ customer or do not have an online account, we will deliver our written response by mail or electronically, at your preference. The response will also explain the reasons we cannot comply with a request, if applicable. Please note that if you are submitting a request regarding information you provided to a Medical Group, a Providers, or a Pharmacy, your request should be directed to that entity.
Anti-Discrimination Right: We will not discriminate against you for exercising any of your CCPA rights. But note that some of the functionality and features available to you may change or no longer be available to you upon deletion of your personal information or opt-out of sale of your personal information.
We do not and will not sell the personal information of minors under sixteen (16) years of age without affirmative authorization.
We strive to use reasonable physical, technical and administrative measures to protect information under our control. However, you must keep your Account password secure and your Account confidential, and you are responsible for any and all use of your Account. If you have reason to believe that the security of your Account has been compromised, please notify us immediately in accordance with the “Contacting Us” section below. Unfortunately, new vulnerabilities arise in the realm of technology every day. Although we strive to protect your information, circumstances beyond our control may compromise that goal. As with any website, please be conscious of the data you share. If you are not comfortable providing any information, it is your right to withhold it. IN NO EVENT SHALL WE BE LIABLE FOR ANY DAMAGES (WHETHER CONSEQUENTIAL, DIRECT, INCIDENTAL, INDIRECT, PUNITIVE, SPECIAL OR OTHERWISE) ARISING OUT OF, OR IN ANY WAY CONNECTED WITH, A THIRD PARTY’S UNAUTHORIZED ACCESS TO YOUR INFORMATION, REGARDLESS OF WHETHER SUCH DAMAGES ARE BASED ON CONTRACT, STRICT LIABILITY, TORT OR OTHER THEORIES OF LIABILITY, AND ALSO REGARDLESS OF WHETHER WE ARE GIVEN ACTUAL OR CONSTRUCTIVE NOTICE THAT DAMAGES WERE POSSIBLE, EXCEPT AS PROVIDED UNDER APPLICABLE LAW.
You may also provide information to be posted on public areas of our Website, or transmitted to other users of our Website or third parties (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. Although you may set certain privacy settings for such information by logging into your account profile, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of our Website with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons. If you delete User Contributions, copies of your User Contributions may remain viewable in archived pages, or may have been copied or stored by other Website users.
6280 Sunset Drive, Suite 504
Miami, FL 33143