Effective Date: January 1, 2023
Last Updated on: August 19, 2023
JPMS™ U.S. Privacy Notice
Service or Services means any of the Sites or other products or services provided or offered by us, including those described in this Policy, whether through a website owned, maintained or controlled by us, through a social network, a mobile application, on a cellular telephone or otherwise.
Your use of the Sites and your other interactions with us constitute your acceptance of this Privacy and Cookie Notice and consent to the practices described.
- INFORMATION COLLECTED
- USE AND SHARING OF INFORMATION
- YOUR PRIVACY RIGHTS, CHOICE AND ACCESS
- ADVERTISING/TARGETED ADVERTISING; HOW TO OPT-OUT
- CONTACT INFORMATION
- INFORMATION COLLECTED
This section describes the information we collect, including information that you provide to us, information automatically collected and information from third parties. We may combine information that we collect via one method (e.g., a website, our digital advertising) with information that we have collected via another method (e.g., an offline event). We do this to get a more complete view of our consumers, which, in turn, allows us to serve you better and with more customization.
Our Sites collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA's scope, like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), clinical trial data, or other qualifying research data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
We may collect the personal information listed below. We do not collect sensitive personal information or personal information of minors. For more information on how we use collected personal information please refer to section “USE AND SHARING OF INFORMATION BY JPMS” below.
In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
- Identifiers, for instance, a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, phone number, account name, date of birth, or other similar identifiers. We require this information in connection with your potential engagement of our Sites and Services or purchase of our products, as well as for website functionality and marketing & advertising purposes. For example, we may use the data of birth that you provide to us to send you “happy birthday” messages and similar notifications. This information is not sold to any third-parties or shared for valuable consideration. However, we may share your information with Google and Meta through Google Pixel and Meta Pixel, and/or other similar search engine or social media platforms, to serve our advertisements to our users who later visit sites within Meta and Google’s ad networks, or other similar ad networks. We also may provide your email address to Google and Meta, or other similar search engine or social media platforms, to create look-a-like audiences on their platforms.
- Commercial information, for instance, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. We require this information in connection with your potential engagement of our Sites and Services or purchase of our products, as well as for website functionality and marketing & advertising purposes. We use this information in compliance with our legal obligations, and solely to manage and administer our business effectively. This information is not sold to any third-parties or shared for valuable consideration. However, we may share your information with Google and Meta through Google and Meta pixel, and/or other similar search engine or social media platforms, to serve our advertisements to our users who later visit sites within Meta and Google’s ad networks, or other similar ad networks. We also provide your email address to Google and Meta, or other similar search engine or social media platforms, to create look-a-like audiences on their platforms.
- Internet or other similar network activity, for instance, product search history, information on a consumer's interaction with our Sites and Services. We use this information in compliance with our legal obligations, and solely to manage and administer our business effectively. This information is not sold to any third-parties or shared for valuable consideration. However, we may share your information with Google and Meta through Google and Meta pixel, and/or other similar search engine or social media platforms, to serve our advertisements to our users who later visit sites within Meta and Google’s ad networks, or other similar ad networks.
Information You Provide
If you register at a Site; make purchases through a Site; join a loyalty program; enter a contest or promotion; social media and blogs; submit a customer service request, consumer survey, photo, video or product review; sign up to receive emails or other offers or communications, we collect and store the information provided. This information includes personal information such as your name, social media handle, email, telephone number, home address, and payment information (such as account or credit card number). You may also be asked for demographic information (such as age, product preferences, beauty needs, zip code) or location information.
Automatically Collected Information
Site Usage Information: JPMS and its third-party service providers may also use a variety of technologies that passively or automatically collect information about how the Sites are accessed and used ("Usage Information"), including but not limited to your browser type, device type, operating system, application version, the pages served to you, the time you browse, preceding page views, and your use of features or applications on the Sites.
Device Identifiers: JPMS also automatically collects an IP address or other unique identifier information ("Device Identifier") for the computer, mobile device, technology or other device (collectively, "Device") you use to access the Sites or on third party websites that publish our advertising. A Device Identifier is a number that is automatically assigned to your Device when you access a web site or its servers, and our computers identify your Device by its Device Identifier. For mobile devices, a Device Identifier is a unique string of numbers and letters stored on your mobile device that identifies it. We may use a Device Identifier to, among other things, administer the Sites; help diagnose problems with our servers; analyze trends; track users' web page movements; help identify you and your shopping cart; deliver advertising and gather broad demographic information.
Cookies: Like many websites, we use "Cookies," which are data files placed on a web browser when it is used to visit the Sites to facilitate site navigation and to personalize your experience, including tailoring advertisements. Cookies may also be used to associate you with social networking sites like Facebook and Twitter and, if you so choose, enable interaction between your activities on the Sites and your activities on such social networking sites.
If you would prefer not to accept cookies, you can change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; or set your browser to automatically not accept any cookies. However, please be aware that some features and services on our Sites may not work properly because we may not be able to recognize and associate you with your account. In addition, the offers we provide when you visit us may not be as relevant to you or tailored to your interests. To learn more about cookies, please visit http://www.allaboutcookies.org.
Pixels or Web Beacons: We use pixel tags or web beacons, which are transparent graphic images placed on a web page or in an email and indicate that a page or email has been viewed or tell your browser to get content from another server. We may share your information with Google and Meta through Google and Meta pixels to serve our advertisements to our users who later visit sites within Meta and Google’s ad networks. We also provide your email address to Google and Meta to create look-a-like audiences on their platforms. If you do not want your information to be shared with third-parties please opt-out using the link “Do Not Sell My Personal Information” that is on our Site. Some browsers have a “do not track” feature that lets you tell those websites you do not want to have your online activities tracked. At this time, we do not respond to browser “do not track” signals. For more information on how to exercise your privacy rights please see section “ADVERTISING/TARGETED ADVERTISING; HOW TO OPT OUT”.
Information From Third Parties
We may receive information from third party partners, such as marketing and demographic data, offline records and information from an advertiser about your experiences or interactions with them. We may combine such third party data with other information we receive from or about you.
- USE AND SHARING OF INFORMATION BY JPMS
JPMS and its brands use information collected for a variety of business purposes such as:
- Providing you with tailored content, services, advertisements and offers from our brands;
- Responding to your questions and providing news and updates from our brands, about our products, services and loyalty programs;
- Providing you with access to features of the JPMS Sites;
- Verifying your identity;
- Fulfilling product purchases;
- Communicating about your account(s) and activities on the Sites;
- Sending notice of changes to a JPMS policies;
- Improving the effectiveness of our Sites, customer service and product offerings;
- To conduct research and analytics related to our operations;
- To protect our legal rights and interests and inforce JPMS Terms and Conditions;
- Processing applications and transactions;
- Posting your content and consumer reviews on the Sites, our social media pages and related third party sites that retail or feature our brands and products;
- Contacting you about content shared by you about our brands and products.
We will not disclose your Personal Information to third parties outside of JPMS for our own independent marketing or business purposes without your consent unless for the following limited purposes:
Third Parties Providing Services On Our Behalf: We share your Personal Information with third parties that perform functions on our behalf (or on behalf of our partners) such as service providers that host or operate our Sites; provide analytics and site usage information; process transactions and payments; fulfill orders or provide customer service; loyalty program administration; redemption; advertisers; sponsors or other third parties that participate in or administer our promotions, contests, sweepstakes, surveys or provide marketing or promotional assistance. We may share information with our subsidiaries, sponsors, partners, advertisers or other third parties to provide you with product information and promotional and other offers, to help maintain and operate the Sites or for other reasons related to the operation of our business, including but not limited to the fulfillment of purchases, promotional offers and administering contests. We may also share non-identifying information, such as aggregate statistics or usage information, with third parties.
Your Agreement To Have Your Content, Ratings and Reviews Shared: Your submissions are helpful to many parties including other consumers, retailers and manufacturers. Overall, they help improve the quality of the shopping experience, products and services. Anything you submit to our Sites may be used for advertising purposes, social media pages and posted to related, third party websites that retail or feature our brands and products, including other websites in the John Paul Mitchell Systems network, in addition to the website that you originally submitted. Accordingly, please do not post anything that you do not want to share with the general public (for example, financial information, social security number, etc.). Thanks for your contribution!
Business Transfers: We may share information with other entities and affiliates of JPMS. As we continue to develop our business, we may sell or purchase assets. If another entity acquires us or our assets, or assets related to the Sites, Personal Information, Usage Information and any other information that we have collected may be disclosed to such entity as one of the transferred assets. Also, if any bankruptcy or reorganization proceeding is brought by or against us, all such information may be considered an asset of ours and as such may be sold or transferred to third parties.
JPMS Services are intended for a general audience and are not directed at children under 13 years of age. We do not knowingly gather personal information of children under 13 years of age (as defined by the U.S. Children’s Privacy Protection Act, or COPPA).. If you are a parent or guardian and you believe we have collected information from your child in a manner not permitted by law, contact us at email@example.com. We will remove the data to the extent required by applicable laws.
Consistent with our practice of not collecting data on anyone under 18 years old, we do not have actual knowledge that we shared information on such minors with the parties with whom we work on targeted advertising. See section “ADVERTISING/TARGETED ADVERTISING; HOW TO OPT OUT” below for more information.
We will retain your personal information for as long as your account is active or as needed to provide you services and as necessary to comply with our legal obligations, resolve disputes and enforce our agreements. If you wish to cancel your account or request that we no longer use your personal information to provide you services, contact us at firstname.lastname@example.org. We do not control certain privacy settings and preferences maintained by our social media partners like Facebook, TikTok and Twitter. If you wish to make changes to those settings and preferences, you may do so by visiting the settings page of the appropriate social media site.
In accordance with our routine record keeping, we may delete certain records that contain personal information you have submitted through the Sites. We are under no obligation to store such personal information indefinitely and, to the extent permitted by applicable law, disclaim any liability arising out of, or related to, the destruction of such personal information. In addition, you should be aware that it is not always possible to completely remove or delete all of your information from our databases without some residual data because of backups and other reasons.
- YOUR PRIVACY RIGHTS, CHOICE AND ACCESS.
You may change your preferences and unsubscribe from email services from our brands by: (i) modifying your registered user information on the Sites; (ii) contacting us at email@example.com; or (iii) following the unsubscribe instructions in the communication that you receive.
You may at any time opt out from push notifications.
Subject to certain limitations, you have the following rights with respect to your personal information:
- Right to Know and Data Portability. You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the "right to know"). Once we receive your request and confirm your identity we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
- The specific pieces of personal information we collected about you (also called a data portability request).
- Right to Delete. Subject to certain limitations, you may ask us to delete your personal information.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.
- Right to Correct. You may also ask us to correct inaccurate personal information that we have about you.
- Right to Opt Out of Targeted Advertising or Sale. You may ask us to stop using your personal information for targeted advertising. Please see the discussion on Advertising/Targeted Advertising; How To Opt-Out.
- Right Against Discrimination. We will not discriminate against you for exercising your rights.
- Right to Limit Use of Sensitive Information. In some circumstances you may ask to stop or otherwise limit the use of your sensitive information. We do not collect sensitive personal information from you.
- Right to Appeal. This right provides you with the opportunity to appeal a decision made by us in connection with a rights request.
Response Timing and Format. You may exercise your right to know, delete, or correct your personal information by emailing firstname.lastname@example.org. We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact us at email@example.com. We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.
We may ask you for additional information to help us verify your identity, including by asking you to confirm other personal information you have provided to us. We may deny your request for reasons permitted by law, including our inability to verify your identity. If we deny your request, we will tell you why we did so.
Subject to certain restrictions, you may have an agent exercise your rights for you. If you have an agent exercising your rights, that person must provide to us your written authorization allowing them to make such a request on your behalf. We reserve the right to deny the agent’s request if we are not reasonably able to confirm proper authorization and/or verify your identity as the requestor.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Other California Privacy Rights. California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our Sites that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org or write us at: John Paul Mitchell Systems, 20705 Centre Pointe Parkway, Santa Clarita, CA 91350, Attn: Customer Service/Privacy Matters
For users residing in Colorado, Connecticut, Utah and Virginia, in addition to the rights that are available to residents of California, if you are a resident of one of these states, you may also have the right to:
- Opt out of the processing of your personal data for the purposes of targeted advertising and for profiling in furtherance of decisions, including, for residents of Connecticut, solely automated decisions, that produce legal or similarly significant effects; and
- Appeal any decision or indecision related to the exercise of any right the consumer is granted under the applicable state law.
To make such a request, please send an email to email@example.com, contact us at https://www.paulmitchell.com/contact-us and 1-800-793-8790.
If you are a resident of Nevada, you also have the right to request that a company not sell your personal data for monetary consideration to certain other parties. This right applies even if your personal data is not currently being sold.
If you would like to exercise any of your rights under applicable law (including the right to appeal), please use our contact details provided below.
- ADVERTISING/TARGETED ADVERTISING; HOW TO OPT-OUT
We may disclose your personal data to our marketing agency and other suppliers or subcontractors insofar as reasonably necessary for the provision of their services. JPMS licenses technology to serve advertisements on its own Sites and within its content as that content is served across the Internet. In addition, JPMS may use third parties to serve advertisements on the Sites and around the web, measure the performance of the Sites and the viewing of our content and provide analytics services. These ad network providers, advertisers, sponsors and/or analytics service providers may set and access their own cookies, pixel tags and similar technologies on your Device and they may otherwise collect or have access to information about you, including Usage Information. We and our network advertisers may target advertisements for products and services in which you might be interested based on your visits to both the Sites and other websites or based on location data, from your Device. We may use a variety of companies to serve advertisements.
Consumers may opt-out of future sales at any time.
To exercise the right to opt-out, you (or your authorized representative) may submit a request to us using our contact details below or by visiting the following Internet Web page link:
["Do Not Sell My Personal Information"]
If you prefer to not receive targeted advertising, you can also opt out of certain network advertising programs through the Network Advertising Initiative (NAI) Opt-Out Page. Options are Device-specific, so if you use multiple Devices, you may need to opt out on each one. The NAI Opt-Out Page provides a tool that identifies its member companies that have cookies on your browser and provides links to those companies.
John Paul Mitchell Systems
20705 Centre Pointe Parkway
Santa Clarita, CA 91350
Attn: Customer Service/Privacy Matters
Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. However, you may change your mind and opt back in to personal information sales at any time by opting back in DO NOT SELL MY PERSONAL INFORMATION
8. CONTACT INFORMATION
If you have any questions or comments about this notice, the ways in which we collect and use your information described here, your choices and rights regarding such use, or wish to exercise your rights, please do not hesitate to contact us at:
20705 Centre Pointe Parkway
Santa Clarita, CA 91350
Attn: Customer Service/Privacy Matters