Last Updated: April 21, 2022
This Privacy Policy describes how Tower 28 Beauty, Inc and our brands and subsidiaries (“Tower 28”, “we”, “us”, or “our”) collect, use and share information about you. This policy applies to information we collect when you use our websites, apps, shop in our online stores or otherwise interact with us as described below (collectively, the “Site”). We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy, and in some cases, we may provide you with additional notice (such as adding a statement to the homepages of our websites or sending you an email notification). We encourage you to review the Privacy Policy whenever you interact with us to stay informed about our information practices and the ways you can help protect your privacy. Capitalized terms not defined herein shall have the meanings ascribed thereto in our Terms of Service.
Acceptance Of These Terms
By using this Site, you signify your acceptance of this policy and any changes to this policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.
Collection Of Information
Information You Provide to Us. We collect information you provide directly to us. For example, we collect information when you use our websites, shop in our online stores, call us on the phone, create an online account, join our subscription and loyalty programs, sign up to receive our emails, request a catalog, participate in a sweepstakes, contest, promotion or survey, communicate with us via third party social media sites, request customer support, apply for a job or otherwise communicate with us. This Site collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“Personal Information”). The types of Personal Information we may collect includes your name, email address, zip code, billing address, shipping address, phone number, payment card information, product preferences, demographic information and any other information you choose to provide. In some cases, we may also collect information you provide about others, such as when you purchase a gift card for someone and request that we deliver it electronically, create and share a “wish list” or decide to purchase and ship products to someone. We will use this information to fulfill your requests and may also use that information to send marketing communications to your contact, unless he or she has previously opted out of marketing communications from Tower 28.
Information We Collect Automatically. We automatically collect certain information about you when you access or use our websites or transact business with us, including: (i) information about your use of our websites, such as the type of browser you use, access times, pages viewed, your IP address and the referring link through which you accessed our websites; (ii) information about the transaction, such as product details and the date and location of the purchase/return; and (iii) we may use cookies, web beacons, also known as “tracking pixels”) and other tracking technologies to collect information about you when you interact with our websites or emails, including information about your browsing and purchasing behavior. We may combine this information with other information we collect about you and use it for various purposes, such as improving our websites and your online experience, understanding which areas and features of our sites are popular, counting visits, understanding campaign effectiveness, tailoring our communications with you, determining whether an email has been opened and links within the email have been clicked and for other internal business purposes.
Retention and Transfer of Personal Information. We retain Personal Information that you provide us as long as we consider it potentially useful in contacting you about our products and services, or as needed to comply with our legal obligations, resolve disputes and enforce our agreements. We will delete this information from the servers at an earlier date if you so request by unsubscribing, opting-out, or emailing us at hey@tower28beauty.com. Personal Information may be transferred and stored to secure servers in the United States.
Use Of Information
We may use information about you for various purposes, including to: (i) facilitate and improve your online shopping experience; (ii) provide the products and services you request, process transactions and send you related information, including confirmations and receipts; (iii) respond to your comments, questions and requests and provide customer service; (iv) communicate with you about products, services, offers, promotions, rewards and events and provide news and information we think will be of interest to you; (v) manage your online account(s) and send you technical notices, updates, security alerts and support and administrative messages; (vi) personalize your online experience and provide advertisements, content or features that match your profile and interests; (vii) monitor and analyze trends, usage and activities; (viii) process and deliver contest, promotion and sweepstakes entries and rewards; (ix) link or combine with information we get from others to help understand your needs and provide you with better service; and (x) carry out any other purpose for which the information was collected. We are based in the United States and the information we collect is governed by U.S. law. By accessing or using our websites or otherwise providing information to us, you consent to the processing and transfer of information in and to the U.S. and other countries.
Your Information Choices and Control
Tower 28 respects your need to access and control your Personal Information, so we give you certain choices that you may exercise, including:
- You may correct, update, and delete your account.
- You may change your choices for subscriptions, newsletters, and alerts.
- You may choose whether to receive from us offers and promotions for our products and services, or products and services that we think may be of interest to you.
- You may request access to the Personal Information we hold about you and that we amend or delete it. Please note that we may be required to keep such information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete any information, it will be deleted from the active database, but residual copies may remain in our Site’s back-up systems due to the nature of those systems’ operations.
- We may also retain your information for fraud or similar purposes.
You can exercise these controls and choose to opt in or out of services and communications by visiting our data privacy portal here, contacting our customer service at hey@tower28beauty.com, or following the instructions directly provided in the communications we send you.
Sharing of Information
We may share information about you as follows: (i) with vendors, consultants and other service providers who need access to such information to carry out work on our behalf; (ii) with our business partners and other third parties for purposes of sending their own direct mail; (iii) in response to a request for information if we believe disclosure is in accordance with any applicable law, regulation or legal process or as otherwise required by any applicable law, rule or regulation; (iv) if we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property and safety of us or any third party; (v) in connection with, or during negotiations of, any merger, sale of company assets, financing or transfer of all or a portion of our business to another company; or (vi) with your consent or at your direction. We may also share aggregated or de-identified information, which cannot reasonably be used to identify you.
Advertising and Analytics
We engage third parties to serve advertisements on our behalf across the Internet and to provide analytics services. These entities may use cookies, web beacons and other technologies to collect information about your use of our websites, such as your IP address, web browser, pages viewed, time spent on pages, links clicked and conversion information. This information may be used by us and others to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our websites and other websites and better understand your online or offline activity. We may also work with third parties to serve ads to you as part of a customized campaign on other websites or platforms.
Cookies
Please see our Cookie Policy for more information regarding how we use cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our websites. In addition, many web browsers support Do Not Track technology. However, if you enable Do Not Track, some third-party companies may not recognize browser “Do Not Track” signals. If you would like to opt out of the collection and use of tracking data for ad targeting, please visit www.aboutads.info/choices/.
Links To 3rd Party Websites
Our Site may contain links to other websites. Our Privacy Policy does not apply to the practices of other websites and Tower 28 is not responsible for the actions and privacy policies of third parties. We encourage you to be aware of when you leave our Site and to read the privacy policies of each website that you visit.
Security
We take reasonable measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. We use organizational, procedural, and technical safeguards to secure data in our possession, consistent with the sensitivity level of such data. When sensitive information (such as a credit card data) is collected on our Site it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol and may be processed by third parties using similar levels of protection. Regardless of the precautions we take, no transmission of data over the internet is guaranteed to be completely secure. It may be possible for third parties not under our control to intercept or access transmissions or private communications unlawfully. While we strive to protect Personal Information, we cannot ensure or warrant the security of any information you transmit to us.
Other Data Protection Rights
You may have the following data protection rights:
- To access, correct, update or request deletion of Personal Information. We take reasonable steps to ensure that the data we collect is reliable for its intended use, accurate, complete and up to date. As a registered user, you can manage many of your individual account and profile settings within your account provided through the Site, or you may make your specific data requests here. We will consider your request in accordance with applicable laws.
- In addition, individuals who are residents of the European Economic Area (“EEA”) can object to processing of their Personal Information, ask to restrict processing of their Personal Information or request portability of their Personal Information. You can exercise these rights here.
- Similarly, if Personal Information is collected or processed on the basis of consent you can withdraw consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.
- EEA residents have the right to complain to a data protection authority about the collection and use of Personal Information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA are available here.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection law. We may ask you to verify your identity in order to help us respond efficiently to your request.
Children
We do not knowingly collect any Personal Information from children under the age of 13. We do not sell products for purchase by children and all children’s products we sell are for purchase by adults only. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at hey@tower28beauty.com.
California Privacy Notice For California Residents
Consumers residing in California are afforded certain additional rights with respect to their Personal Information under the California Consumer Privacy Act or (“CCPA”) (California Civil Code Section 1798.100 et seq.). If you are a California resident, these terms and conditions apply to you.
Tower 28 uses and collects your information for the purposes described in this Privacy Policy, which include “business purposes” under the CCPA. We do not and will not sell your Personal Information. However, the CCPA’s definition of “sale” is very broad, and may include situations where browsing data is sent to referral advertisers (when you click on an ad that sends you to Tower 28, we may send a hashed identifier to the referring site so they can receive credit for the referral). We, along with millions of other sites, may use these services from time to time. While we limit the information sent to what is needed to properly record the referral, the fact that you clicked on the link and visited Tower 28 may be added to your profile by the ad publisher. This is all done on the Site primarily through targeted advertiser cookies, and if you opt out of the sale of your Personal Information, we will turn them off. You may opt out of all “sales” of your Personal Information on the Do Not Sell my Personal Information page.
Information We Collect
Our Site collects Personal Information, which is information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device. In particular, the Site has collected the following categories of Personal Information from its consumers within the last 12 months:
Category |
Examples |
Collected |
A. Identifiers |
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. |
Yes |
B. Personal Information Categories – as listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). |
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories. |
Yes |
C. Protected classification characteristics under California or federal law. |
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). |
No |
D. Commercial information. |
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
Yes |
E. Biometric information. |
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. |
No |
F. Internet or other similar network activity. |
Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. |
Yes |
G. Geolocation data. |
Physical location or movements. |
No |
H. Sensory data. |
Audio, electronic, visual, thermal, olfactory, or similar information. |
No |
I. Professional or employment-related information. |
Current or past job history or performance evaluations. |
Yes |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). |
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. |
No |
K. Inferences drawn from other Personal Information. |
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
No |
L. Equipment information. |
Information about your internet connection, the equipment you use to access our Site, and usage details. |
Yes |
Personal Information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
Information excluded from the CCPA’s scope, like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
Information You Provide to Us
Tower 28 obtains the categories of Personal Information listed above from the following categories of sources:
- Directly from you. For example, from forms you complete or products and services you purchase.
- Indirectly from you. For example, from observing your actions on our Site.
How We Use Your Information
We may use or disclose the Personal Information we collect for one or more of the following business purposes:
- To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to ask a question about our products or services, we will use that Personal Information to respond to your inquiry. If you provide your Personal Information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns. If you submit a story about your experience with Tower 28, we may post that story on our Site without identifying you by name or address.
- To provide, support, personalize, and develop our Site, products, and services.
- To create, maintain, customize, and secure your account with us.
- To process your requests, purchases, transactions, and payments and prevent transactional fraud.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To personalize your Site experience.
- For testing, research, analysis, and product development, including to develop and improve our Site, products, and services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your Personal Information or as otherwise set forth in the CCPA.
Tower 28 will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Disclosure of Your Information
We do not sell, trade, or rent Users Personal Information to others and we have not done so during the preceding twelve (12) months.
We may disclose your Personal Information to a third party for a business purpose. When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.
We share your Personal Information with the following categories of third parties:
- Subsidiaries and affiliates.
- Contractors and service providers.
- Data aggregators.
- Third parties with whom we partner to offer products and services to you.
We may also disclose your Personal Information:
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- To enforce or apply our Terms of Service and other agreements, including for billing and collection purposes.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Tower 28, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection.
We may share aggregated information about our users without restriction.
Disclosures of Personal Information for a business purpose
In the preceding 12 months, Tower 28 has disclosed the following categories of Personal Information for a business purpose: (A) Identifiers, (B) California Customer Records Personal Information categories, (D) Commercial information, (F) Internet or other similar network activity, (G) Geolocation data, (H) Sensory data, (K) Inferences drawn from other Personal Information, (L) Equipment information.
Access to Information
You have the right to request that we disclose information about our collection and use of your Personal Information over the past 12 months, including:
- Categories of Personal Information we collected;
- Categories of sources for the Personal Information we collected;
- Our business purpose for collecting Personal Information;
- The categories of third parties with whom we share that Personal Information; and
- The specific Personal Information we collected about you.
Deletion
You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.
We may deny a deletion request where retaining the information is necessary for us or our service providers. For example, data may need to be kept to:
- Complete a sales transaction for which we collected the Personal Information (such as the sale of our beauty products to you);
- Track consumer complaints or product issues;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity;
- Debug products to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.)
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
- Comply with a legal obligation; and
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Submitting a Request
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.
The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative of a California resident who wishes to make a request.
We may not be able to respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will ask you for the email information that you used to interact with us or sign up for a loyalty, email or to make purchases to help verify your identity or authority to make the request and confirm that your information is in our system. Information provided to submit a request will only be used for request purposes.
California consumers may make requests by either:
- Visiting our CCPA data request page here.
- Emailing your request to hey@tower28beauty.com. In the subject line of your email, please write “CCPA Rights Request”; or
- Calling the toll-free number listed below in our Contact Us section.
Timing
We will use best efforts to respond to a verified consumer request within 45 days. If we require more time, we will inform you of the reason and extension in writing. You may only make a request for access or data portability twice within a 12-month period.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Other California Privacy Rights
California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our Site that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email to hey@tower28beauty.com; or write us at: Tower 28 Beauty, Inc., 2633 Lincoln Blvd., Suite 108, Santa Monica, CA 90405.
Contact Us
If you have any questions about this Privacy Policy, the practices of this Site, or your dealings with this Site, please contact us at: (i) by mail at Tower 28 Beauty, Inc., 2633 Lincoln Blvd., Suite 108, Santa Monica, CA 90405; (ii) by email at hey@tower28beauty.com; or (iii) by phone at (833) 217-2685.