Privacy Policy
Updated on January 9, 2024
This privacy policy (“Policy”) explains how NuNorm(“NuNorm,” “we,” or “us”) collects, uses, and discloses your personal data when you visit our website located at [NuNorm] (the “Site), contact our customer service team or otherwise interact with us, engage with us on social media, attend one of our events, or use any services made available through our Site (collectively with the Site, the “Services”).
This Policy applies to “Personal Data,” which is information that can be used to identify you. Personal Data does not include information that has been de-identified and aggregated and that cannot reasonably be used to identify you. We may use, share, transfer, or sell de-identified or aggregated information for any lawful purpose.
By accessing or using our Services, you agree to the terms of this Policy. If you do not agree with this Policy, you may not access or use our Services.
BIOMETRIC NOTICE: PLEASE CAREFULLY REVIEW THE BIOMETRIC PRIVACY NOTICE CONTAINED AT THE BOTTOM OF THIS POLICY.
INFORMATION COLLECTION AND USE
Categories of Personal Data We Collect
- Identifiers, such as first and last name, email address, birth date, mailing address, telephone number, social media username(s), and internet protocol address, that you may provide when accessing our Services or contacting us through our Services.
- Demographic information, such as gender or age range, that you may provide when accessing our Services or contacting us through our Services.
- Commercial information, such as makeup color and other product preferences, product details, purchase price, charitable donation information, and date and location of purchases, that you may provide when making a purchase or return through, or leaving a product review on, our Services. If you make a purchase through our Services, we work with third party payment processors and financial companies to collect and process your payment information.
- Internet or other similar network activity, including data about the device and network you use, operating system information, hardware information, network and browser information, app version, language settings, data about items placed in your shopping cart, data related to your browsing activities on the Site, and information automatically collected through cookies, web beacons, and other tracking technologies, including regarding your interactions with our Sites or Services.
- Textual, Photographic, and Video information, including text, photos, and videos that you may provide when making a purchase or return through, or leaving a product review on, our Services.
- Inferences, including inferences that we derive about you based on the information collected through your access or use of our Services, including your approximate location, browsing behavior, and purchasing history.
- Geolocation data, including internet protocol address, that may be collected when you access our Services.
Purpose for Collecting Personal Data
Personal Data is collected for the following purposes:
- To provide, maintain, personalize, and improve our Services.
- To notify you about changes to our Services.
- To allow you to participate in interactive features of our Services.
- To provide customer support and to communicate with you regarding technical notices, security alerts, and other support and administrative messages.
- To host and promote events related to our Services.
- To process transactions, returns, and orders through our Services.
- To send you information concerning orders, returns, or purchases through our Services, as well as information regarding customer experience surveys and recall notices.
- To process donations you may choose to make in connection with purchases on our Services.
- To communicate with you about our Services, including products, events, and promotions offered by us or our partners.
- To facilitate, analyze, and improve our marketing, advertising, and targeted advertising practices.
- To facilitate contests, sweepstakes, rewards, and other marketing promotions.
- To monitor the usage and security of our services.
- To detect, prevent, and address technical issues.
- To comply with legal and financial obligations or laws.
Sources For Personal Data We Collect
We receive Personal Data from the following sources:
- We receive Personal Data from individuals through their direct interactions with and access to our Services, including when contacting us directly or applying for employment opportunities with us through the Sites.
- We receive Personal Data, such as technical data, usage data, and internet and other similar network activity, through automated technologies, such as cookies, web beacons, and other interactions with our Site.
- We receive Personal Data from our service providers, partners, including international fulfillment partners, and other third parties that help us provide the Services.
- We receive Personal Data from other third party sources, including social media networks, identify verification services, advertising networks, and data analytics providers.
Disclosure of Personal Data
We may disclose Personal Data about you to the following entities:
- We make Personal Data available to our employees, affiliates, companies under our common control, vendors, service providers, consultants, and contractors who perform services on our behalf, such as companies that assist us with web hosting, shipping and delivery, financing and payment processing, charitable donations, fraud prevention, customer service, marketing, advertising, analytics, customer service, or otherwise assist us in providing the Services.
- We may disclose Personal Data to third parties to expand the reach and effectiveness of our own marketing campaigns.
- We may disclose Personal Data publicly on our Services or through our social channels, such as if you submit a product review or attend one of our events.
- We may disclose Personal Data to government authorities or other third parties as required or permitted by applicable law, regulations, or legal process, including responding to court orders and subpoenas.
- We May disclose Personal Data to our legal, financial, insurance, and other professional advisors where necessary to obtain advice or otherwise protect and manage our business interests.
- We may disclose Personal Data to other third parties when we have your consent or you intentionally direct us to do so.
In addition, where consistent with applicable laws and regulations, we may disclose Personal Data in all categories above:
- To prepare, negotiate, or perform a contract with you.
- To perform a service on your behalf;
- To respond to subpoenas, court orders, or other legal processes or otherwise as required by law or the competent government or judicial authorities;
- To establish or preserve a legal claim or defense;
- As part of corporate restructuring, sale of assets, merger, or divestiture; or
- To prevent fraud or other illegal or prohibited activities, such as willful attacks on our information technology systems.
COOKIES, TARGETING ADVERTISING, AND ANALYTICS
We, or service providers acting on our behalf, use cookies, pixels, web beacons, and other technologies and other identifiers (collectively, "Cookies"). Cookies are used to:
- Enable our systems to recognize your browser or device and provide the Services. If you block or otherwise reject our cookies, you may not be able to access certain Services.
- Recognize you when you re-visit our Services, which allows us to provide you with product recommendations, personalized content, and other customized features and services.
- Deliver targeted or customized advertising.
- Track, improve, and analyze our sales and marketing efforts.
- Track your specified preferences.
- Prevent harm or injury to or interference with our, or another’s, rights or property.
- Improve the security of our Services and prevent fraudulent activities.
- To measure and analyze the performance of our Services.
To learn more about cookies, visit http://www.allaboutcookies.org.
THIRD PARTY LINKS & LINKS TO OTHER SITES
Our Services may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. You should review the privacy policies and practices of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
DATA SECURITY AND RETENTION
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
We will retain your Personal Data only for as long as is necessary for the purposes set out in this Policy. We will also retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
CHILDREN’S PRIVACY
Children under the age of 13 are prohibited from using or accessing the Services. Our Services are not intended for or directed at anyone under the age of 13 (or such other age as may be restricted under local law). If we are made aware that we have received Personal Data in violation of our Policy, we will use reasonable efforts to locate and remove that information from our records.
If parents or guardians believe that we have unintentionally collected their child’s Personal Data, they should contact us for the deletion of the information at Hello@NuNorm.com.
YOUR DATA PRIVACY RIGHTS
Sale of Personal Data
We do not sell Personal Data collected on our Sites to third parties for their direct marketing purposes. We do not disclose Personal Data collected on our Sites to third parties for their direct marketing purposes.
Choice and Access Concerning Your Personal Data
We give you certain choices regarding our use and disclosure of your Personal Data for promotional or advertising purposes. You may opt out from receiving electronic communications, text messages, phone calls, and promotional related emails by following the opt out or unsubscribe instructions contained in those communications or emails. Please note that if you opt out of receiving marketing-related messages, we may still send you important administrative messages and alerts.
California Shine the Light Law
Under California law, California residents have the right to request in writing from businesses with whom they have an established business relationship certain information pertaining to third parties to which the business discloses Personal Data for marketing purposes. We do not disclose Personal Data to third parties for their direct marketing purposes. To request further information regarding the California Shine the Light Law, please contact us using the contact information provided below
Residents of Other Jurisdictions
Residents of other jurisdictions may also have certain rights regarding their Personal Data. To the extent applicable law provides you with the right to review, correct, update, or delete Personal Data that you previously have provided to us, please contact us should you wish to do so. We will respond to your request consistent with applicable law.
FINANCIAL INCENTIVES
We offer various financial incentives. For example, we may provide discounts, coupons, or other benefits to customers who sign up to receive our marketing emails or text notifications. When you participate in a financial incentive, we collect Personal Data from you, such as identifiers (like your name and email address) and commercial information (like your purchase history). You can opt into a financial incentive by following the sign-up instructions, and you have the ability to opt-out of the incentive at any time by contacting us at hello@nunorm.com. In some cases, we may provide additional terms and conditions for a financial incentive, which we will provide to you when you sign up. The value of your Personal Data provided in the context of a financial incentive is reasonably related to the value of the offer or discount presented to you.
BIOMETRIC PRIVACY NOTICE
Our Services include a virtual try-on feature that allows you to virtually “try-on” our products through technology that uses your facial image and data provided by your facial image, including face geometry (“Facial Recognition Technology”). The Facial Recognition Technology is provided by our third party technology vendor, Perfect Corp. (“Perfect”). The Facial Recognition Technology processes data that may be considered biometric data or biometric information (collectively, “Biometrics”) under certain states’ laws.
Consent for Biometrics
In order to use the Facial Recognition Technology, you must provide your prior express written consent. Prior to accessing the Facial Recognition Technology, you will receive a prompt to provide consent, which you acknowledge constitutes your prior express written consent. By checking the box in the prompt, you acknowledge that you are providing your prior express written consent for Perfect’s processing of your Biometrics for each and every time you access the Facial Recognition Technology to virtually try on our products.
Processing and Use of Biometrics
Your use of the Facial Recognition Technology is entirely voluntary and is not necessary to view or purchase our products. NuNorm will not receive, collect, use, access, or otherwise obtain your Biometrics when you use the Facial Recognition Technology. Instead, this information is processed by Perfect for purposes of providing the virtual try-on feature. Please review Perfect’s privacy policy available here for more information regarding Perfect’s processing and use of your Biometrics.
Sharing of Biometrics
NuNorm does not sell, lease, trade, or otherwise profit from Biometrics. NuNorm does not authorize Perfect or any other party to sell, disclose to third parties, lease, trade, or otherwise profits from Biometrics. Please review Perfect’s privacy policy available here for more information regarding Perfect’s sharing and disclosure of Biometrics, including any sharing by Perfect with its affiliates, service providers, or in connection with a legal or financial obligation.
Retention of Biometrics
NuNorm does not retain Biometrics. According to its privacy policy, Perfect will only retain Biometrics for as long as necessary to provide you the services/features you request when using the Facial Recognition Technology, and in no event will Perfect retain the Biometrics for longer than two (2) years after your requested services have been completed. Please review Perfect’s privacy policy available here for more information regarding Perfect’s retention of Biometrics.
Storage of Biometrics
NuNorm does not store Biometrics. According to its privacy policy, Perfect utilizes a reasonable standard of care to store, transmit, and protect Biometrics from unwarranted disclosure. Please review Perfect’s privacy policy available here for more information regarding Perfect’s storage of Biometrics.
MODIFICATIONS TO THIS POLICY
We reserve the right to change or update this Policy from time to time. Continued use of the platform will indicate your acceptance of any changes made. You should review this page regularly for any updates to our Policy.
By using the online and mobile resources, you signify that you agree with this Policy and the information may be used and/or disclosed for purposes of fulfilling the business purpose.
SMS Privacy Policy
This SMS Privacy Policy explains how we collect, use, and share information when you opt-in to receive text message notifications from us. We are committed to protecting your privacy and handling your data responsibly, in accordance with applicable regulations, including the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR).
- Information Collection
When you opt-in to our SMS service, we may collect the following information:
- Your mobile phone number
- Interaction data with our SMS (e.g., message open rates, response times)
- Location data, if shared through SMS interactions
- Any additional information you provide directly through SMS communications
- Use of Information
We may use the collected information to:
- Send you marketing, promotional, and transactional text messages related to our products and services
- Personalize and improve our SMS communications based on your preferences and interactions
- Provide customer support and respond to inquiries
- Conduct analysis and research to enhance our services
- Legal Basis for Processing Your Data (GDPR)
For individuals in the European Economic Area (EEA), we process your personal data based on the following legal grounds:
- Your consent to receive SMS communications
- Our legitimate interests in improving and marketing our services (e.g., sending you promotional messages)
- Compliance with legal obligations
- Sharing of Information
We only share your data with service providers such as Sakari & Active Campaign who assist in delivering SMS messages and reviewing analytics.
- Consumer Rights (CCPA and GDPR)
As a California resident, you have the following rights under the CCPA:
- Right to know what personal information we collect, use, disclose, or sell
- Right to request deletion of your personal data
- Right to opt-out of the sale of your personal information
- Right to non-discrimination for exercising your rights
For individuals in the EEA, under the GDPR, you have the right to:
- Access your data and receive a copy of it
- Rectify inaccuracies in your personal data
- Delete your data, under certain conditions
- Object to the processing of your data or withdraw consent
- Data portability, allowing you to move your data to another service provider
- Opt-Out Policy
You may opt out of receiving SMS communications at any time by texting "STOP" to [specific number]. Once opted out, you will no longer receive marketing SMS messages, except for necessary transactional communications (e.g., order confirmations). We may send a final confirmation message to confirm your opt-out request.
- Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy unless a longer retention period is required by law. If you request the deletion of your personal data, we will securely erase it in accordance with applicable regulations.
- Security
We take reasonable and appropriate technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction.
- International Transfers of Data
If you are located outside the United States, please be aware that your information will be transferred to and processed in the U.S. We ensure that such data transfers comply with relevant data protection laws and offer appropriate safeguards to protect your data.
- Changes to This Policy
We may update this SMS Privacy Policy from time to time. Any changes will be posted on this page with the updated effective date. We encourage you to review this policy periodically.
If you are interested in learning more, check out our Term of Service.
CONTACT US
If you have questions regarding this Policy or our treatment of your Personal Data, or If you have any questions or wish to exercise your rights under the CCPA or GDPR, please contact us at hello@nunorm.com.