Privacy Policy

LAST UPDATE

May 13, 2020

CONTACT INFORMATION

If you have any questions about this Privacy Policy you can contact BUHA’s Privacy Team by email at privacy@buha.com If we need to contact you concerning any event that involves your information we may do so by e-mail, telephone or mail.

INTRODUCTION

BUHA International, LLC (“BUHA,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy describes the types of personal information we collect, how we use that information, with whom we share it, and the choices available to you regarding our use of that information. We also describe the steps we take to protect the security of the information we collect and how to contact us regarding our privacy policy and procedures, as well as some other important information.  By using this site, you consent to the terms of this Privacy Policy as well as the site’s Terms and Conditions. BUHA products are available for sale in many places—which may include, but are not limited to: online at www.buha.com, on third-party online stores, and at third-party retail locations as well as other locations. This Privacy Policy applies to the personal information collected on www.buha.com, any website, mobile application or process operated by BUHA. Any personal information collected by third parties who are not doing so for the purposes discussed in the paragraph of this Privacy Policy entitled HOW WE COLLECT INFORMATION, is not provided to us, and is not subject to this Privacy Policy. 

INFORMATION WE COLLECT

We may collect information about you from the following categories. In some cases, the information we collect may fall within more than one category. Contact information and personal identifiers, such as your name, shipping address, billing address, birthday, email address, telephone number, site or app username, or social media handle.We may collect information about you from the following categories. In some cases, the information we collect may fall within more than one category. Device identifiers, such as information about your device like your MAC address, IP address, or other online identifiers. Demographic information, such as your age, sex, and gender (some of which may be protected by applicable law). Physical characteristics, such as your hair type and color, skin type, and eye color. Commercial information, such as the products or services you have purchased, returned or considered, and your product preferences. Payment information, such as your method of payment and payment card information (including payment card number, expiration date, delivery address and billing address). Biometric information, such as facial images (for example, if you use product try-on applications or programs). Identity verification information, such as loyalty member ID, account number, and other authentication information like passwords. Online or network activity information, such as information regarding your interaction with our website or mobile applications, other digital properties, and advertisements, information about your browsing and search history on our website or mobile applications, and log file information which includes, but may not be limited to, your browser type, webpages you visit, links you click on, and other electronic network activity. Geolocation information, such as information that can help identify your physical location like your GPS coordinates or the approximate location of your mobile device. Audio and visual information, such as recordings of your voice when you call our customer service and images we record through CCTV in BUHA owned retail stores or at BUHA-hosted events. Professional or employment-related information, such as information from your resume, employment history, Social Security Number, education information and professional licenses or certifications if you apply to work for us, or to become a vendor or distributor of BUHA products, for example. User Content, such as your communications with us and any other content you provide (including photographs, videos, reviews, articles, survey responses and comments). Inferences drawn from or created based on any of the information identified above.

HOW WE COLLECT INFORMATION

Directly from you, such as when you make a purchase on our website, from us through our account on a website such as Amazon.com or in one of our BUHA owned retail stores or events, contact us with a question or complaint, use one of our mobile applications, create an account on our website, register for one of our loyalty or professional programs, respond to a survey, participate in a contest or other promotion, make an appointment, sign up to attend an event, apply for employment, or sign up to receive marketing communications. From your friends or family members, such as when your friend or family member sends you a gift or makes a referral. Cookies and automatic collection methods. When you visit our website or use one of our mobile applications, and when you open or click on emails we send you, we, and third parties we work with, may automatically collect information from your browser or device using technologies such as cookies, web beacons, pixel tags, and similar technologies. Cookies are small text files that websites send to your computer or other Internet-connected device to uniquely identify your browser or to store information or settings in your browser. Web beacons or pixel tags are small images which are embedded into our website or emails that provide us with information about your browser or device, or whether you open or clicked on the emails we send you. These technologies enable us, or the third parties who place such technologies, to collect information such as device identifiers and online or other network activity information. Through in-store and other offline technologies, such as video surveillance and Geolocation technology in and around BUHA-owned retail stores or events, and call recording technology when you speak to our customer service representatives. From our business partners and service providers, such as demographic companies, analytics providers, advertising companies and networks, and other third parties that we choose to collaborate or work with. From social media platforms and networks, such as Facebook, Twitter, Pinterest, and Instagram. For example, we may obtain your information from a social media platform or network if you interact with us on social media or choose to log in to our website using your social media  credentials. From other BUHA brands or affiliates with which you interact.  

HOW WE USE INFORMATION

We may use the information you provide: To provide products and services to you, such as fulfilling orders and processing payments, creating, servicing and/or maintaining your account or any loyalty program or membership you may have with us, assisting with product selection and replenishment, and managing current or past  purchases. To communicate with you, including to respond to your inquiries or complaints, or to help you place an order. To administer your participation in special events, contests, sweepstakes, surveys, promotions and our loyalty or professional programs. For marketing and advertising, such as to send you marketing and advertising materials via postal mail, text message or email, and to show you advertisements for products and/or services tailored to your interests on social media and other websites. For analytics purposes, such as to understand how you use our website and mobile applications, understand your preferred method of purchasing with us, determine which browser and devices you use to visit our website or mobile applications, and to evaluate and improve our products, services, advertisements, website and mobile applications. To operate and improve our business, including to respond to employment applications, provide quality assurance, conduct research and development, to develop new products and services, and perform accounting, auditing and other internal business functions. For legal and security purposes, such as to detect, prevent, and prosecute harmful, fraudulent, or illegal activity, loss prevention, identify and repair bugs on our website or mobile applications, and to comply with applicable legal requirements, relevant industry standards and our own policies. We also may use the information in other ways for which we provide specific notice at the time of collection.

SHARING INFORMATION

We do not sell, rent, or otherwise share your data  to any third party for a business or commercial  purpose under any circumstances. However, we may share your personal information with: Our corporate brands, affiliates and service providers. We may share personal information with our other corporate brands and affiliated companies. We may transfer personal information to service providers who perform services on our behalf based on our instructions. We do not authorize these service providers to use or disclose the information except as necessary to perform services on our behalf or comply with legal requirements. Examples of these service providers include entities that process credit card payments, fulfill orders and provide web hosting, advertising, and marketing services. Parties to a corporate transaction. We also reserve the right to transfer personal information we have about you in the event we sell or transfer all or a portion of our business or assets. Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use personal information you have provided to us in a manner that is consistent with this Privacy Policy. Following such a sale or transfer, you may contact the entity to which we transferred your personal information with any inquiries concerning the processing of such information. Other third parties. In addition, we may disclose personal information about you (i) if we are required to do so by law or legal process, (ii) to law enforcement authorities or other government officials, (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity, (iv) when disclosure of your personal information is otherwise required or permitted by law, or (v) with your  consent.

HOW LONG WE KEEP YOUR INFORMATION

We will retain your information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or allowed by law, including to allow us to comply with our legal obligations, resolve disputes, and enforce our agreements.

HOW TO CONTROL INFORMATION WE GET

Accessing, Updating and Modifying Your Information Subject to applicable law, you may have the right to request access to and receive details about the personal information we maintain about you, update and correct inaccuracies in your personal information, and have the personal information deleted, as appropriate. These rights may be limited in some circumstances by local law. We may take reasonable steps to verify your identity before granting access or making corrections. You may request to access, change or delete your personal information through information in the paragraph entitled CONTACT INFORMATION. Email Opt-Out You may opt-out from receiving marketing communications by email by following the instructions within the emails you receive from us or by contacting us through our Privacy Request Portal. Please note that your opt-out request is specific to the particular type of email communication you receive from us. For example, if you opt-out marketing email communications, we may still send you transactional or operational emails. Examples of transactional or operational emails include, purchase or shipping confirmations, password resets, profile updates or other account related messages. Postal Mail Opt-Out You may opt-out from receiving marketing communications by postal mail by following the instructions that may be included in a particular promotion. You also can request that we refrain from sending you promotional postal mail by contacting us through the information in the paragraph entitled CONTACT INFORMATION. Text Message Opt-Out You may opt-out from receiving text messages from us by replying STOP to the text message you receive from us or make a request through the paragraph entitled CONTACT INFORMATION. Please note that this will only opt you out of the specific text messaging program associated with that number. Push Notifications Opt-Out When you download one of our mobile applications, we may provide you with the option to opt-in to receive push notifications. You may, after downloading one of our mobile applications, opt-out of receiving push notifications by adjusting the settings on your mobile device. Geo-Location Information When you use one of our mobile applications, we may ask you to share your location. You may choose not to share your geolocation details by adjusting your mobile device’s location services settings. Device Fingerprinting Device fingerprinting is the process of analyzing and combining sets of information elements from your device’s browser, such as JavaScript objects and installed fonts, in order to create a “fingerprint” of your device and uniquely identify your device and applications. In-app tracking methods There are a variety of tracking technologies that may be included in mobile apps, and these are not browser-based like cookies and cannot be controlled by browser settings. Some use device identifier, or other identifiers such as “Ad IDs” to associate app user activity to a particular app and to track user activity across apps. With respect to our mobile apps, you can stop all collection of information via an app by uninstalling the app. Cookies Cookies are small text files that websites send to your computer or other Internet-connected device to uniquely identify your browser or to store information or settings in your browser. We use different types of cookies on our website, including performance cookies, functional cookies and targeting cookies. Please note that a cookie opt-out only applies to the browser you use to submit your opt-out, and the device you are using to submit your opt-out, so if you use multiple browsers or devices, you must opt-out on each browser, on each device. Your opt-out is enabled using cookies so once you opt-out, if you delete your browser’s saved cookies on a device, you will need to opt-out again on that browser on that device. Targeted Advertising We may work with third party advertising companies to serve advertisements for us. These advertising companies may use cookies and other technologies to collect device identifiers and online or network activity information, such as information about the websites you visit over time and the advertisements you click on, in order to deliver advertisements that are targeted to you. You may opt-out of this form of targeted advertising from the companies we work with by changing your cookie settings on your PC or device. Please note that even if you opt-out of this form of targeted advertising, you may still see ads from us, but the ads may not be targeted based on behavioral information about you. We also work with third-party platforms, including platforms operated by social networks, such as Google, and Facebook, to show you advertisements. We may convert your email address, telephone number, or other information into a unique value and have these third-party platforms match this unique value with a user on their platform or with other data they may have collected about you. This matching enables us to deliver advertisements to you and others on these platforms. You also can request that we refrain from using your personal information in this way by contacting us through the information in the paragraph entitled CONTACT INFORMATION. Do Not Track Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, we do not monitor or take action with respect to “Do Not Track” signals or other mechanisms. For more information on “Do Not Track,” visit http://www.allaboutdnt.com Analytics Services We may use analytics services, such as Google Analytics, on our website, our social media pages, or our mobile applications to help us evaluate and analyze how visitors use these platforms. For specific details on how Google collects and uses information on our website,  our social media pages, or our mobile applications, please visit: https://marketingplatform.google.com/about/analytics/terms/us/ Ad Services We may also work with third parties to serve ads to you as part of a customized campaign on third-party platforms (such as Facebook or Google). As part of these ad campaigns, we or third-party platforms may convert information about you, such as your email address, into a unique value that can be matched with a user account on these platforms to allow us to learn about your interests and to serve you advertising that is customized to your interests. Note that the third-party platforms may offer you choices about whether you see these types of customized ads. International Transfers We may transfer the information we have about you to countries other than the country in which the information was originally collected, and your information may be processed and stored outside of your country of residence. information may be stored in the cloud, on our servers, on the servers of our affiliates or the servers of our service providers.

OTHER IMPORTANT INFORMATION

Children's Policy This website is not intended for or directed to children under the age of thirteen (13) years of age and we do not knowingly collect personal information from children under the age of thirteen (13) on the website or otherwise. Children under the age of thirteen (13) should not use this site. If you are a parent or guardian and believe we have collected information from your child, please contact us via the Contact Information section of this Privacy Policy. If we become aware that a child under the age of thirteen has provided us with personal information, we will delete the information from our records. Links to other websites Our website or mobile applications may provide links to other websites for your convenience and information. These websites may operate independently from us. Linked websites may have their own privacy notices or policies, which we strongly suggest you review if you visit any linked websites. To the extent any linked websites or applications you visit are not owned or controlled by us, we are not responsible for such websites’ content, your use of the websites, or the privacy practices of the websites. Updates to our Privacy Policy This Privacy Policy may be updated periodically to reflect changes in our personal information practices. We may post a prominent notice on our website to notify you of any significant changes to our privacy practices and indicate when it was most recently updated at the top of the Privacy Policy. Any changes to this Privacy Policy will become effective when we post the revised Privacy Policy on www.buha.com. If any of these changes regarding your information are material and retroactively applied, we may provide you additional notice to your e-mail address. Your interaction with us following such changes means that you accept the revised Privacy Policy.

Residents of Europe

IF YOU ELECT NOT TO SHARE PERSONAL DATA

You may choose not to provide BUHA with your Personal Data as defined by the General Data Protection Regulation 2016/679 (GDPR). However, if you choose not to provide your Personal Data, you may not be able to enjoy the full range of services offered by BUHA.

HOW TO EXERCISE YOUR RIGHTS


BUHA takes steps to keep your Personal Data accurate and up to date. If you reside in the European Economic Area, you have certain rights to the Personal Data that we have collected about you. To exercise your rights to your Personal Data, please contact us through information in the paragraph entitled CONTACT INFORMATION. Subject to applicable law and in exceptional circumstances only, we may charge for this service and we will respond to reasonable requests as soon as practicable, and in any event, within the time limits prescribed by law. You have the following rights: Right of access to your Personal Data (Art. 15 GDPR): You have the right to ask us for confirmation on whether we are processing your Personal Data, and access to the Personal Data and related information on that processing (e.g., the purposes of the processing, or the categories of Personal Data involved). Right to correction (Art. 16 GDPR): You have the right to have your Personal Data corrected, as permitted by law. Right to erasure (Art. 17 GDPR): You have the right to ask us to delete your Personal Data, as permitted by law. This right may be exercised among other things: (i) when your Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed; (ii) when you withdraw consent on which processing is based according to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and where there is no other legal ground for processing; (iii) when you object to processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or when you object to the processing pursuant to Art. 21 (2) GDPR; or, (iv) when your Personal Data has been unlawfully processed. Right to restriction of processing (Art. 18 GDPR): You have the right to request the limiting of our processing under limited circumstances, including: when the accuracy of your Personal Data is contested; when the processing is unlawful and you oppose the erasure of your Personal Data and request the restriction of the use of your Personal Data instead; or when you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of BUHA override your grounds. Right to data portability (Art. 20 GDPR): You have the right to receive the Personal Data that you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible. Right to object (Art. 21 GDPR): You have the right to object to our processing of your Personal Data, as permitted by law. This right is limited to processing based on Art. 6 (1) (e) or (f) GDPR, and includes profiling based on those provisions, and processing for direct marketing purposes. After which, we will no longer process your Personal Data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

HOW WE MAY DISCLOSE YOUR PERSONAL DATA

The GDPR and national laws of European Union member states implementing the Regulation permit the sharing of Personal Data relating to users who are residents of the European Economic Area with third parties only under certain circumstances. If you reside in the European Economic Area, we will only share your Personal Data as described in our Privacy Policy under the heading HOW WE USE INFORMATION if we are permitted to do so under applicable European and national data protection laws and regulations.

HEALTH DATA

We do not collect health data or other sensitive data. The information we collect may include data about eye color, skin type, etc. which is collected solely for the purposes of discussing cosmetic products.  This data should not be considered health data, and any discussion thereof it should not, under any circumstances, be considered professional medical advice and is not intended to be used for diagnostic purposes.

MARKETING COMMUNICATIONS

Where we are legally required to do so, we ask you for your prior consent before providing you with promotional materials or information. When required by local law, when marketing consent is obtained, we use the double-opt-in method (confirmation of your email address by email before sending you promotional messages) in order to verify your consent. You may revoke your consent at any time (this will not affect the processing of your Personal Data undertaken until the revocation). If you want to stop receiving promotional materials, etc., you can do so at any time as outlined in the  section HOW YOU CAN CONTROL INFORMATION WE COLLECT.

ADDITIONAL USE OF PERSONAL DATA

Additional use of your Personal Data that is not described in this Privacy Policy will only take place as required by statute or when we have obtained your consent.

LEGAL BASE FOR PROCESSING UNDER THE GDPR

In this section we provide information on the legal basis for our processing of your Personal Data as required by Art. 13 and 14 of the GDPR: When you register for an account or interact with our services, such processing is necessary for the performance of our services, Art. 6 (1) (b) GDPR. For non-sensitive Personal Data which we need in order to perform the services, such processing is necessary for the performance of our services, Art. 6 (1) (b) GDPR. With regard to other non-sensitive Personal Data, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to enhance our services. When we collect precise Location Data following your prior consent, we process such data on the basis of your prior consent, Art. 6(1)(a) GDPR. In other cases where we process your Location Data without consent, for example in order to provide our services, such processing is necessary for the performance of our services, Art. 6 (1) (b) GDPR. When you communicate with us or sign up for promotional materials, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to provide you with our promotional messages. Where we are required under applicable local law to obtain your consent for sending you marketing information, the legal basis is your consent, Art. 6(1)(a) GDPR. When you participate in special activities, offers, or programs. For non-sensitive Personal Data, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to provide you with our promotional messages or to allow you to participate in our special activities, offers or programs. When you engage with our online communities or advertising and we actively collect your Personal Data in this context, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to provide you with our promotional messages. When you access third party products and services and we obtain Personal Data about you from such third party sources: For Personal Data that we need in order to perform the services (e.g. if you pay for third party products through our services), (e.g. if you pay for third party products through our services), such processing is necessary for the performance of our services, Art. 6 (1) (b) GDPR. With regard to other Personal Data, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to enhance your experience and to improve our services. When you connect with us through social media: Where we collect your consent in such case, for instance for marketing purposes, we process such data on the basis of your prior consent, Art. 6 (1) (a) GDPR. Where we do not collect your consent in such case, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is providing you with better services and to enable you to use the full range of our services (Art. 6 (1) (f) GDPR). When we collect data from third parties or publicly-available sources: For Personal Data which we need in order to perform the services (e.g. for email verification purposes), such processing is necessary for the performance of our services, Art. 6 (1) (b) GDPR. With regard to other Personal Data, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is providing you with better services and to enable you to use our services more efficiently. When we leverage and/or collect cookies, device IDs, Location Data, data from the environment, and other tracking technologies, we process such data on the basis of your consent, Art. 6 (1) (a) GDPR, and based on our legitimate interest, Art. 6 (1) (f) GDPR, where we do not obtain your consent and our legitimate interest is to provide you with better services or marketing. When we track you in a  store, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest in enhancing your shopping experience as well as loss or crime prevention. When we use coarse location and data from sensors, we process such data for strictly necessary purposes in order to perform our services, Art. 6 (1) (b) GDPR); and for our legitimate interest in marketing and improving our services, Art. 6 (1) (f) GDPR). When we aggregate or centralize data, such processing is either necessary for the performance of our services, Art. 6 (1) (b) GDPR, or we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to provide you with better or customized services and marketing. When you sign up for our services that consist of social sharing and communication with others (including linking you to friends across platforms: Where we collect your consent in such case, we process such data on the basis of your prior consent, Art. 6 (1) (a) GDPR. Where we do not collect your consent in such case, such processing is necessary for the performance of our services, Art. 6 (1) (b) GDPR. When we provide you geographically relevant services, offers, or advertising: Where we collect your consent in such case, we process such data on the basis of your prior consent, Art. 6 (1) (a) GDPR. Where we do not collect your consent in such case, for such data that we need in order to perform the services, such processing is necessary for the performance of our services, Art. 6 (1) (b) GDPR. Where we do not collect your consent in such case and where we do not need such data in order to perform the services, we process such data for our legitimate interest in offering you marketing and improving our services, Art. 6 (1) (f) GDPR). When we disclose Personal Data to our affiliates and partners, and to our service providers and vendors: Where we collect your consent in such case, we process such data on the basis of your prior consent, Art. 6 (1) (a) GDPR. Where we do not collect your consent in such case, such processing is necessary for the performance of our services, Art. 6 (1) (b) GDPR, or we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to provide you with better services and marketing. When we process or share Personal Data in the event of an actual or contemplated sale, we process such data for our legitimate interest in offering, maintaining, providing, and improving our services, Art. 6 (1) (f) GDPR). When we conduct analytics, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to enhance your experience and to develop and improve our services. When we investigate suspected illegal or wrongful activity, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to ensure compliance with legal requirements and law enforcement requests and for public safety purposes.

RIGHT TO LODGE A COMPLAINT BEFORE THE DATA PROTECTION AUTHORITY

We encourage you to contact us directly and allow us to work with you to address your concerns. Nevertheless, you have the right to lodge a complaint with a competent data protection supervisory authority, in particular in the EU Member State where you reside, work or the place of the alleged infringement. You have the right to do so if you consider that the processing of Personal Data relating to you infringes applicable data protection laws.

CHANGES TO THESE PRIVACY POLICIES

In order to enhance our services, it might be necessary to change this Privacy Policy from time to time. We therefore reserve the right to modify this Privacy Policy in accordance with the applicable data protection laws. Please visit our Website from time to time for information on updates to this Privacy Policy.

HOW TO CONTACT US OR OUR PRIVACY OFFICE

In case of questions about the processing of your Personal Data please contact us through information in the paragraph entitled CONTACT INFORMATION. If we are required under applicable law to appoint a data protection officer (DPO), you can contact the DPO that is responsible for your country/region through information in the paragraph entitled CONTACT INFORMATION.  BUHA International, LLC. is the data controller for BUHA.