Exclusive Updates
×

Privacy Policy LAST UPDATED: 25 March 2024

Your privacy is important to us at eSalon.com, LLC, 1910 E. Maple Ave., El Segundo, CA 90245 USA ("eSalon", "we" or "us"). When we refer to "personal data" or "personal information" in this Privacy Policy, which we use interchangeably, we mean information that identifies, or which could reasonably be used to identify, an individual.

In this Privacy Policy, we provide information about how we collect, use and transfer personal information about any user or visitor to our website at eSalon.com, eSalon.ca, eSalon.co.uk, eSalon.eu.com, eSalon.de, eSalon.es, eSalon.fr, eSalon.at, eSalon.ch, eSalon.co.nz, eSalon.com.au, eSalon.co.nl, Colorsmith.co, Colorsmith.at, Colorsmith.ch, Colorsmithco.ca, Colorsmithco.it, Colorsmith.co.nz, Colorsmith.de, Colorsmith.eu, Colorsmith.ie, Colorsmith.uk, Colorsmith.co.uk, Colorsmith.com.au, Colorsmith.es, Colorsmith.fr, Colorsmith.nl, AuraHairCare.com, AuraHairCare.at, AuraHairCare.co.uk, AuraHairCare.es, AuraHairCare.fr, AuraHairCare.de, AuraHairCare.eu, AuraHairCare.it, AuraHairCare.ca, AuraHairCare.com.au, AuraHairCare.co.nl, AuraHairCare.ie, AuraHairCare.uk, AuraHairCare.co, HairColorForWomen.com, ShadeAndTone.com, CouleursGlamour.com, CouleursGlamour.fr, DIYhaircolors.com, EverydayMensHair.com, Farbeundton.de, GlamourHair.de, Macouleur.fr, Micolordecabello.com, MorePepperLessSalt.com, Mujeresglam.com, SubtleTones.co, TheHairSource.com, Todosobrecabello.com, VibeAndShine.co, or any successor website (collectively, the "Site"), any user of our hair color and hair care products and services (collectively, "Products"), and any other personal information that we process (collect, use or store) about an individual (collectively, "you" or "your"), and what rights you have regarding your personal information. This Privacy Policy also describes the choices available to you regarding our use of your personal data and how you can access and update this information.

If you are resident (1) of California (and a natural person: a "consumer"), please also see the Supplemental Privacy Statement for California consumers below; and (2) in the European Economic Area, please also see the Supplemental Privacy Statement for EEA Residents below. As required in the jurisdictions where consumers access the Site or where we have employees, eSalon complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom to the United States in reliance on Privacy Shield. eSalon has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. In general, "personal data" and "personal information" as defined by applicable law resides on our secure servers in the United States, and if transferred to the US from Europe, has been done in accordance with the Privacy Shield Framework referenced above. This Privacy Policy is effective upon posting.

This Privacy Policy complies with the Australian Privacy Act 1988 and the Australian Privacy Principles set out therein and equivalent state legislation in each relevant state.

This Privacy Policy complies with the New Zealand Privacy Act 1993 and the Principles set out therein.

What Personal Information/Data Do We Collect?

We collect various types of personal information so that we can provide you with our Products via the Site, as follows:

How Do We Use Your Personal Information/Data?

We use your personal information to provide you with our Products and optimize our Products and services. In particular, we use:

What Personal Information Do We Share or Disclose?

eSalon will not disclose your personal data to third parties, except in the following circumstances and in accordance with applicable laws:

What Service Providers Do We Use for Processing Your Data?

As part of operating procedure, eSalon may share personal information about end users with some or all of the following service providers in order to operate the Site and carry out the purposes described above:

What Security Measures and Care Do We Apply regarding Personal Information?

eSalon takes reasonable and appropriate precautions — including administrative, technical, and physical measures — to safeguard your personal information against loss, theft, and misuse, as well as against unauthorized access, disclosure, alteration, and destruction.

In order to assure you that the webpages where you provide personal information are trustworthy and secure, such transmission of information will be encrypted and the webpages where such information is collected, such as your account pages, will be SSL-certified by a reputable Internet certification organization such as DigiCert. We strive to process and store your personal information securely until such time as it is no longer required or has no further use, as set forth in applicable law. We encourage you to communicate with us should you wish to know what personal information we store about you, or should any of your personal information need modification, or in the event that you wish it to be removed, at [email protected].

Service providers acting on eSalon's behalf shall be obliged to adhere to confidentiality requirements no less protective than those set forth herein and will only receive access to your personal data as necessary to perform their functions.

We also perform statistical analyses of the users of the Site and Products to improve the content, design and navigation of the Site and to further improve our Products and services, and our offerings. In these cases, we use aggregate or statistical data that cannot be used to identify you.

We will not display your personal information on the Site unless you choose to display it. If you post any content on the Site (such as comments or other text, testimonials, photos or videos), you can associate any "display name" you choose with your content or activity, as long as it is available. We recommend that you choose a user name that protects your own privacy online.

Third-Party and External Websites

The Site (and any affiliated websites) may include links to third-party applications, products, services, or external websites for your convenience and information. If you access those links, you will leave our Site. eSalon does not control these third-party websites or their privacy practices, which may differ from eSalon's practices. The eSalon Privacy Policy does not cover the personal information you choose to provide to or that is collected by these third parties. You are encouraged to review the privacy policies of any third-party site you interact with and use reasonable prudence before you allow them to collect and use your personal information. eSalon shall not be liable for any damages or harm suffered while visiting or using an external website.

In some cases the Site may frame, mask or include components of third-party websites or content within our interface so that it may appear that you have not left the Site. In such cases, eSalon will review the privacy practices of such websites, and will include such components or webpages only after determining that such websites maintain a comparable commitment to privacy as eSalon.

eSalon may also provide "Follow Us" links to social media websites, such as Facebook, Instagram, Twitter and Pinterest, and social media features, such as the Facebook or Twitter buttons that enable you to share information with your social networks to interact with eSalon on various social media websites. Your use of these features may result in the collection or sharing of information about you depending on each specific social media website. This may include your IP address, which page you are visiting on the Site, and a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on the Site. Your interactions with these features are governed by the privacy policy of the company providing it.

Persons under 18

We do not knowingly collect personal information from minors under the age of 18. If we learn that we have collected the personal information of a minor under 18 years old, we will take steps to delete the information as soon as possible.

Cookies and Similar Technologies

eSalon and our partners (e.g., marketing partners, analytics, advertising, or service providers) use various tracking technologies such as cookies, beacons, tags and scripts to analyze trends on the Site and regarding our Products and services, and to gather demographic information about our user base. We receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis. For more information, please see our Cookies Policy here. The Site currently does not respond to "Do Not Track" signals from browsers.

Integrity and Retention of Personal Information

eSalon provides procedures for you to keep your personal information accurate, complete, and up-to-date. We will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Policy and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Access to Personal Information

You can help ensure that your contact information and preferences are accurate, complete, and up-to-date by contacting us using the information below. For other personal information, we make good faith efforts to provide you with access so you can request that we correct the data if it is inaccurate or delete the data if eSalon is not required to retain it by law or for legitimate business purposes. We will attempt to respond to your request within 30 days or sooner where required by law. As permitted by applicable law, we may decline to process requests where the data is required to be retained by law, required for legitimate business purposes, or jeopardizes the privacy of others.

Privacy Policy Updates and Notification

eSalon may update its Privacy Policy from time to time to reflect changes to our information management practices. Changes would become effective 48 hours from the time the modifications are announced on the Site. If we make material changes to this Policy, we will notify you here, by email, or by means of a notice on our homepage. In addition, please check the "Last Updated" date at the top of this Policy, which will indicate when the last changes have been made to this Policy. To the maximum extent permitted by applicable law, your continued use of the Site after such modifications are announced on the Site constitutes your acceptance of such modifications. For European residents, please see the Supplemental Privacy Statement for EEA Residents below, which will govern rather than the prior sentence. We encourage you to periodically review this page for the latest information on our privacy practices.

Governing Law

eSalon is based in California, and our servers are also US-based. If you are not located in the UK or the European Union, then accessing or using the Site, or any of eSalon's services, or by purchasing Products on the Site, you agree that your use of the Site is governed by the laws applicable in the State of California, and you expressly consent to the processing of personal information/data in, and transfer of your personal information/data to, the United States (and any other countries where eSalon may in the future hold such data, subject to the security representations set forth in this Policy). While we accept orders from outside of the United States, and we treat your personal information with great care, we do not purport to comply with all applicable laws in all other jurisdictions where our users may be located. However, if you are resident and located in the EEA, please see the Supplemental Privacy Statement for EEA Residents with respect to your use of the Site.

Contacting Us

We value your opinions. If you have any general questions or comments for eSalon, please contact us at:

eSalon.com, LLC
Attention: Privacy c/o Legal Dept.
1910 E. Maple Ave
El Segundo, CA 90245
USA
Or via e-mail at [email protected]

SUPPLEMENTAL PRIVACY STATEMENT FOR CALIFORNIA CONSUMERS

In light of California's new privacy legislation, the California Consumer Privacy Act of 2018, eSalon wishes to make the following clear to the many California-based consumers who use eSalon Products and services: similar to the rights of European residents as detailed in the Supplemental Privacy Statement for EEA Residents below, California consumers (natural persons resident in California) have the following five categories of data privacy rights with respect to their personal information:

  1. The right to know what personal information we collect about you if you are a California consumer, and the purposes for which such information will be used, the categories of personal information that were collected in the 12 months preceding a consumer's request, and what categories of consumer personal information were sold or disclosed for business purposes, and to whom, in the 12-months preceding such a request for your information. Please request our online disclosure form at [email protected], or call us at our toll-free number if you wish to request this information: +1 (866) 550-2424. We will respond to you within 45 days, and will not charge for your request provided that you make no more than two data requests per year.
  2. The right to access a copy of the specific pieces of personal information that we have collected about you, which we will deliver by mail or electronically.
  3. The right to deletion: you can have your personal information deleted from our servers and service providers, unless we are required to retain the data for data security, legal or other purposes enumerated in the law.
  4. The right to equal service: you will not be discriminated against in any way by virtue of your exercise of your rights under the California Consumer Privacy Act.
  5. The right to opt out of a sale of your personal information to third parties: eSalon does not exchange any of the Personal Information you provide on this Site to any other business or party for payment of money, and we have no present plans to do so. However, the definition of "sell" in the California Consumer Privacy Act is broad. Since we do sometimes use personal information collected from this Site to help create more personalized products and services, we may share personal information with advertising partners for a more targeted approach to our customers and prospective customers. It is possible that this would be considered a sale under CCPA, even though they do not pay us. If you are a California resident and you do not want us to share your personal information, please select that setting below. We will then make sure that we do not share your personal information with third parties for this browser, device, and property.

SUPPLEMENTAL PRIVACY STATEMENT FOR EEA RESIDENTS

As of May 25, 2018, European Union Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, known as the General Data Protection Regulation ("GDPR"), requires eSalon.com LLC as a data controller of the Site and related services to provide additional and/or different information about our data processing practices to data subjects resident in the European Economic Area ("EEA"). If you are accessing the Site from a member state of the EEA, this Supplemental Privacy Statement for EEA Residents applies to you in addition to the Privacy Policy above.

Name and address of the responsible party:

eSalon.com, LLC
Attention: Privacy c/o Legal Dept.
1910 E. Maple Ave
El Segundo, CA 90245
USA

Cookies

With respect to web cookies and similar technologies that are not strictly necessary for our provision of the Site, Products and related services, eSalon seeks consent from users of the Service in the EEA based on a separate Cookies Policy.

Legal Basis of Processing.

Personal Data Transfers outside of the EEA.

eSalon may transmit personal data you provide to the United States, and process it in the United States, where the European Commission has determined that the data protection laws may not provide a level of protection equivalent to the laws in your jurisdiction. As required by applicable law, eSalon is committed to providing an adequate level of protection for your personal data using various means, including, where appropriate:

Any onward transfer is subject to appropriate onward transfer requirements as required by applicable law.

Data Security.

We process your personal data in a manner that ensures appropriate security of such data, including protection against unauthorized or unlawful processing, and against accidental loss, destruction or damage, using appropriate technical and organizational measures.

Data Retention.

eSalon keeps personal data as required to provide our Products and services to you and comply with applicable laws. It has been our experience that many customers make purchases intermittently, returning to the Site to initiate a purchase of Products after periods of absence, and so we act in a commercially reasonable manner when we attempt to determine when personal data is no longer of use to us. In addition, if you register for an account on the Site, we retain your personal data for as long as you have an account with us and then for as long as we believe it is necessary and appropriate for us to comply with applicable laws, discharge our contractual obligations to you, or defend our legal interests in connection with any claim or defense we could face before any formal dispute resolution body. We take reasonable measures to ensure that personal data is deleted, erased or de-identified/anonymized once the purposes for which personal data was collected have been fulfilled, and that we keep such data for no longer than is necessary for the purposes for which the personal data is processed.

Data Subject Rights.

You have a right to request from eSalon access to and rectification or erasure of your personal data. You also have the right to request that processing concerning you be restricted, in which case such personal data would be marked and processed by us only for certain purposes. We will not charge a fee for this, provided the request is not excessive or unreasonable. In addition, you have the right to data portability, which allows you to receive from us personal data about you which you have provided to us; we will provide your data in a structured, commonly used and machine-readable format, such as a CSV file, and the right to transmit such personal data to another entity without hindrance from us if it is technically feasible. We will respond to the request within 30 days, unless the request is complex or you send us multiple requests, in which case we can extend our response by another two (2) months upon notice to you.

You also have the right to object to various data processing activities, including processing activities that are based exclusively on your consent or processing for the purposes of direct marketing. You can exercise such rights by accessing the information in your account and/or by emailing us at [email protected]. If you have provided consent for data processing or cookies that are not strictly necessary or that are primarily for promotional purposes, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. You have the right to lodge a complaint with a supervisory authority.

We may choose not to fulfill any request that we determine is illegal or incorrect, where we need to maintain the personal data because of our contractual or legal obligations (e.g., personal data in case files), where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy, or where the rights of persons other than the individual would be violated, but our intention is to comply with opt-out requests, and other requests that seek to correct, update or delete your personal data, as fully as possible in accordance with applicable law. You will also be given notice should we use your personal data for a purpose other than that for which it was originally collected or processed. We do not ask for, collect or knowingly receive sensitive personal data, i.e., personal data specifying medical or health conditions, racial or ethnic origin, political opinions, religious beliefs, or information relating to sex life.

Your Choices.

You are not required to provide any personal data to eSalon, but if you do not provide any personal data to eSalon, you may not be able to use the Site effectively or make purchases from us.

HR Data and Privacy Shield:

With respect to HR-related personal data about employees located in the United Kingdom, access to such data will be provided to such associates either directly or through eSalon's wholly owned subsidiary. Should any such employees not be satisfied with internal review procedures or applicable grievance procedures by law or contract regarding any complaint about data protection rights, their recourse would be to the national data protection authority in the jurisdiction where such employees work, primarily the Information Commissioner's Office (ICO) in the United Kingdom. We will cooperate with any such authority. Most personal data that originates in the United Kingdom, including HR-related personal data, will be maintained at eSalon's secure data centers in the United States, via a transfer between data controllers within a controlled group of entities, from the UK to eSalon's data centers in accordance with the EU-US Privacy Shield Framework (to the extent it continues to be applicable with respect to transfers from the UK), and the intercompany data protection compliance and control protocols.

Profiling:

eSalon does not use in connection with the Site automated decision-making in a way that produces legal effects concerning you or which significantly affects you.

Complaints and Dispute Resolution in the EU:

If you are an EU resident and have any complaint or concern regarding your personal data under this Privacy Policy, or arising under the Privacy Policy, please contact us at [email protected]. We suggest that you put in the subject line of any email or communication "Privacy Policy" or "Privacy Complaint." We will respond within 30 days. If this does not resolve your concern, you have several escalating options.

  1. If you have an unresolved privacy or data use dispute or concern that we have not addressed satisfactorily, you can raise the issue with the local Data Protection Authority in the UK (Information Commissioner’s Office) or EU as applicable regarding customer data, and you must choose this route concerning your Human Resources personal data that is the subject of your complaint (that is, personal data transferred from the UK/EU to the United States relating to your employment status), which will then be taken up by the UK Information Commissioner’s Office or relevant EU Data Protection Authority with the US Department of Commerce to resolve the issue. The Information Commissioner's Office in the United Kingdom, which is the local Data Protection Authority, at https://ico.org.uk/concerns or call its helpline in the UK at 0303 123 1113.
  2. If you still believe that your complaint or dispute has not been resolved, you can invoke binding arbitration as a last resort (if permitted with respect to your complaint), by providing notice to us in the manner indicated in Annex I to the EU – U.S. Privacy Shield Principles, available online if it or a successor framework is applicable either regarding transfers from the UK or from the European Union, and following the procedures set forth in such Annex. The location of the arbitration will be in the United States. You may choose video or telephone participation, which will be provided at no cost to you. In-person participation will not be required. eSalon commits to follow up in its verification that the attestations and assertions made in this Privacy Policy are true, and to remedy any problems that may arise if we fail to comply with the Privacy Shield Principles.

Independent Recourse Mechanism.

As a US-based company that self-certifies compliance under the EU-U.S. Privacy Shield Framework, eSalon is required to name an independent recourse mechanism available to investigate unresolved complaints, including a system of alternative dispute resolution (ADR) by such mechanism, which is available at no cost to you. We have designated JAMS as our ADR provider to assist in resolving disputes under the Privacy Shield Framework up to the point of any final arbitration. If you are a consumer based in the European Union and wish to open a case, you can do so at https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim. However, if the claim relates to human resources data transferred from the EU or UK, we will cooperate and comply with the EU data protection authorities (DPAs) in connection therewith.

Mediation.

You also agree that, in the event any dispute or claim arising out of or relating to your use of the Site or eSalon Products/services or this Privacy Policy that does not relate to your personal data (personal data), or that is not covered by the previous paragraph, you and eSalon will attempt in good faith to negotiate a written resolution of the matter directly between the parties. You agree that if the matter remains unresolved for forty-five (45) days after notification (via certified mail or personal delivery) that a dispute exists, all parties shall join in mediation services in Los Angeles, California with a mutually agreed mediator in an attempt to resolve the dispute. Should you file any arbitration claims, or any administrative or legal actions without first having attempted to resolve the matter by mediation, then you agree that to the maximum extent permitted by applicable law, you will not be entitled to recover attorneys' fees, even if you would otherwise be entitled to them.

Verification.

eSalon self-assesses its compliance to the Privacy Shield Framework. eSalon's Privacy Policy regarding personal data received from the EU is accurate, comprehensive and conforms to the Privacy Shield Principles.

Cookies Policy

A cookie is a small text file that is stored on your device when you visit a website or other online service. Cookies allow a web page to store and retrieve information about the browsing habits of a user and may also be used to recognize the user. Most browsers accept cookies as a standard practice and offer controls to allow or block cookies in security settings. We use cookies to personalize content, to provide social media features, and to analyze the traffic at the Site. We also share information about your use of the Site with our social media, advertising and analytics partners who may combine it with other information that you've provided to them or that they've collected from your use of their services. If you are a resident of the EEA we will ask for your consent to store any non-essential cookies on your device, provided that if you are logged-in to your eSalon account, the cookies that enable you to share content on social media are deemed necessary and they do not require your consent unless they also enable tracking. If you are located outside of the EEA, you consent to our Cookies Policy if you continue to use the Site.