Privacy Policy

LAST UPDATED: June 26, 2024

United States Privacy Policy

Rest of World Privacy Policy

United States

I. Introduction

This Privacy Policy (or “Policy”) tells You how BUXOM US Buyer LLC (“Buxom”, “we,” “us,” or “our”) collects, uses, shares, secures, and eventually deletes, information collected from and about visitors to our Website, and from our Customers. We respect Your privacy and are committed to protecting the Personal Information that You may share with us.

If You are applying for a job with us, You can find our privacy policy for our job applicants here.

Some of the countries in which we operate require that we include additional information about our privacy practices for our customers in those countries. If You are not a resident of the United States, please refer to the list below for additional disclosures about our privacy practices specific to the location in which You reside.

 II. Scope of this Policy

This Policy covers both our online and offline data collection activities, including information that we collect through our Website, as well as our offline in-person events and events.

By continuing to visit and use our Website, You are agreeing to the terms of this Policy. If You do not agree, then please exit this Website and close Your browser.  

Additionally, if You participate in one of our in-person events or programs, in which You share Your Personal Information with us directly offline, You are consenting to the terms of this Policy as well.  If You do not consent to share Your Personal Information with us via our in-person events and programs, please do not participate in the same and do not share any of Your Personal Information with us.

 

 III. Definitions

“Consumer Health Data” means personal information that is linked or reasonably linkable to a Customer and that identifies the Customer’s past, present, or future physical or mental health status. This includes a natural person’s individual health condition(s), genetic and biometric data, as well as their reproductive or sexual health information,

“Customer” means a natural person that purchases our products via our Website or at one of our offline in-person events or programs.

Please note that we sell our products via independent retailers as well. When You purchase our products from an independent retailer, You may be considered that retailer’s customer and not our Customer. That retailer may be collecting Your Personal Information in connection with the sale as well. We do not share or receive Your Personal Information with or from these independent retailers, and thus, You should review that retailer’s privacy policy for more details on the Personal Information that they are collecting from You.

“Personal Data” means Personal Information.

“Personal Information” means any information relating to an identified or identifiable individual that is collected from our Customers and Users via our Website or offline at one of our in-person events or programs. Personal Information may include a Customer’s or a User’s: full name, physical address, email address, IP address, or other identifier such as from a Cookie.  

Personal Information does not include any aggregate or anonymized data that may have been created from Personal Information but can no longer be used to identify, relate to or could reasonably be linked to a Customer or a User.

“Sensitive Personal Information” means any information collected from our Customers and Users that reveals a racial or ethnic origin, political opinion, religious belief, philosophical belief or trade union membership. It also may include a natural person’s genetic and biometric data, financial information, and data concerning their health, sex life or sexual orientation.

“User” means a natural person that visits and interacts with our Website. 

“You” or “Your” means a Customer or User.  

“Website” means https://www.buxomcosmetics.com/.

 IV. Buxom’s Information Collection Practices Overview

Buxom offers a range of products and services, both via our Website, and offline at our in-person events and programs. It is our policy to only obtain the Personal Information that is absolutely necessary to provide our products and services to You and to limit the access to customer Personal Information to only those individuals who need it to serve our Customers’ and Users’ needs.

To provide You with the most comprehensive and personalized Customer experience possible, and in connection with Your preferences, we may combine information collected via one method (e.g., a Buxom website) with information collected via another method (e.g., a Buxom in-person event or program). Additionally, as we strive to provide the best service and experience, certain information may also be used to maintain and improve our customer service to You; be used to create and develop new products, offerings, and events; and otherwise support the provision of our products and services to our Customers. We have outlined all of the different ways that we share and use Your information in this Policy.

 V. Information that We Collect from You When You Visit Our Website

We collect certain Personal Information from You in order to operate our Website effectively and provide You with the best experiences when You visit and use it.

     a. Information Provided by You

When You register for a Customer account online or sign up for a subscription with us, we will collect certain Personal Information about You such as Your name, address, e-mail address, date of birth or age range, telephone number, general geographic location (such as Your zip code or city and state), favorite products, hobbies and interests, or other lifestyle information. We may also collect Your Sensitive Personal Information, such as Your gender, facial attributes (e.g., hair color, eye color, skin type, skin tone, skin shade, etc., which may allow us to infer Your race and ethnic identity), and possibly financial information. You have the option to modify certain demographic information stored under Your account profile and if You choose, You can have Your payment information stored as well (along with Your purchase history and other related preferences). Please note that we utilize a third-party payment processor to facilitate all online payments and if You choose to store Your payment information on Your account, such information will be stored by the Payment Processor, not with us directly. Please see our Payment Processing section below for more information. To review or edit Your demographic or financial information, go to the relevant “My Account” section of our site or contact Customer Service.

We will also collect certain Personal Information about You when You sign up to receive a promotional discount from us or to receive our marketing communications about new product launches, exclusive offers and more. Additionally, if You fill out one of our surveys about our products or provide us with a review or feedback about our products, we may collect certain Personal Information from You along with that feedback and in certain cases Your Sensitive Personal Information as well too.

When You make a purchase with us directly online, we also need to collect Your financial information, which is also considered Sensitive Personal Information. We would also need to collect any information that You use to make a purchase, such as Your credit card details (cardholder name, card number, expiration date, etc.), gift card information, check, or other forms of payment (if such are made available). This also includes the billing name and address associated with Your form of payment.

 

       i. Beauty Profile

    If You create a Beauty Profile in Your customer account with us, we will collect Your Personal Information such as Your age range, and general information regarding Your product preferences, such as favorite lipstick color. We will also collect Your Sensitive Personal Information, such as Your facial attributes (e.g., hair color, eye color, lip color, skin type, skin tone, skin shade, etc., which may allow us to infer Your race and ethnic identity).

           ii. Verified Student and Teacher Discounts

    When You sign up to be verified as a student or teacher in order to receive our sitewide discount, You will be directed to a webform operated by SheerID, which will then collect certain Personal Information about You such as Your name, e-mail address, date of birth, and name of the school You attend or work for in order to verify that You are eligible to receive the discount. You may learn more about SheerID’s privacy practices here: https://www.sheerid.com/global-privacy-policy/

         b. Information Collected on Our Website

    We also may use various technologies and methods to collect information directly from You or from Your computer or device and about Your activities on our Website.

           i. Information collected automatically: We may automatically collect information from You when You visit Our Website. This information may include Your IP address, location data, Your browser type and language, access times, the content of any undeleted cookies that Your browser previously accepted from us, referring or exit website address, internet service provider, date/time stamp, operating system, locale and language preferences, and system configuration information.

    We use Google Analytics to collect information about Your use of Our Website as well.).  To disable Google Analytics, please download the browser add-on for the deactivation of Google Analytics provided by Google at https://tools.google.com/dlpage/gaoptout?hl=en, To learn more about privacy and Google Analytics, please see:  https://policies.google.com/technologies/partner-sites.

    We may also collect information from You automatically through any site or web application that we may develop and run on a third party social network such as Facebook. This could also include any site or application that we specifically design for use on a cell phone or other mobile device, such as a mobile-enabled site (i.e., WAP site) or mobile application (e.g., iPad/iPhone app).

           ii. Cookies: When You visit our Website, we may assign Your device one or more cookies to facilitate access to our site and to personalize Your online experience. Through the use of a cookie, we also may automatically collect information about Your online activity on our site, such as the web pages You visit, the links You click, and the searches You conduct on our site. Most browsers automatically accept cookies, but You can usually modify Your browser setting to decline cookies.

    A cookie is a small text file that is stored on a user’s computer for record keeping purposes. Cookies can be either session cookies or persistent cookies. A session cookie expires when You close Your browser and is used to make it easier for You to navigate our website. A persistent cookie remains on Your hard drive for an extended period of time.

    We use cookies to personalize content and ads, to provide social media features and to analyze our traffic. We also share information about Your use of Our site with Our social media, advertising and analytics partners, who may combine it with other information that You’ve provided to them or that they’ve collected from Your use of their services.

    When You first visit our site, we provide You with a choice to either accept or deny certain cookies. If You choose to decline cookies please note that some of the features and services of our Website may not function as well as intended. Even if You choose to accept cookies, You are always free to change Your mind and revoke that consent.

    Also, to opt-out from third-party cookies that are used for advertising purposes, You can do so on the NAI website at https://www.networkadvertising.org/managing/opt_out.asp.

    Please also note that certain portions of our Website are hosted on the Shopify platform and Shopify has their own cookies that are essential to the functioning of our Website, and thus You cannot opt out of those cookies. You can find more information on Shopify’s cookies and their privacy policy here: (https://www.shopify.com/legal/privacy).

    Technical computer information is not typically associated with Your personal contact information.

             iii. Customer Surveys and Feedback Forms

    We may ask You to voluntarily share with us comments on and aspects of Your experience in using our products or services, including our beauty products and Website, via customer surveys online and feedback forms that we may e-mail or mail to You. We may also collect comments and suggestions about our products and Website, testimonials, or other feedback You send us about what You may have liked (or disliked) about Your experience in using our products or services.

    Additionally, we use a third-party provider, Bazaarvoice, to collect certain feedback, such as testimonials or reviews about our products. Bazaarvoice may collect Your Personal Information and Your Sensitive Personal Information directly from You in order to obtain these testimonials or reviews from You. We do not receive Your Personal Information or Your Sensitive Personal Information from Bazaarvoice, unless You include the same within the text of the review or testimonial. You can review Basaarvoice’s privacy policy here: https://www.bazaarvoice.com/legal/privacy-policy/.

    Please note that we welcome and appreciate Your feedback and suggestions. But if You send the same to us, we reserve the right to use the same freely without any restrictions, credit to You, or compensation to You. Additionally, we are under no obligation to keep any such suggestions confidential.

           iv. Other technologies: We may use standard Internet technology, such as web beacons, pixels, and other similar technologies, to track Your use of our Website. We also may include web beacons in promotional e-mail messages or newsletters to determine whether messages have been opened and acted upon. The information we obtain in this manner enables us to customize the services we offer to Customers and Users of our Website, to deliver targeted advertisements, and to measure the overall effectiveness of our online advertising, content, programming, or other activities. Web beacons (also known as clear gifs, pixel tags or web bugs) are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of web users or to access cookies. Unlike cookies, which are stored on Your device, web beacons are embedded invisibly on the web pages (or in emails) and are about the size of the period at the end of this sentence. Web beacons may be used to deliver or communicate with cookies, to count visitors to certain pages, and to understand usage patterns. We also may receive an anonymous identification number if You come to our Website from an online advertisement displayed on a third-party website.

    VI. Information Collected from You at an In-Person Event, Contest, Promotion, or Giveaway

    When You attend or participate in an in-person event, contest, promotion or giveaway, we may collect certain Personal Information about You such as Your name, address, e-mail address, date of birth or age range, telephone number, general geographic location (such as Your zip code or city and state), favorite products, hobbies and interests, or other lifestyle information. We may also collect Your Sensitive Personal Information, such as Your gender, facial attributes (e.g., hair color, eye color, skin type, skin tone, skin shade, etc., which may allow us to infer Your race and ethnic identity), and possibly financial information.

    If You make a purchase with us directly at one of our in-person events or programs, we need to collect Your financial information, which is also considered Sensitive Personal Information. We would also need to collect any information that You use to make a purchase, such as Your credit card details (cardholder name, card number, expiration date, etc.), gift card information, check, or other forms of payment (if such are made available). This also includes the billing name and address associated with Your form of payment.

    VII. Information Collected from You Over via Phone, Live Chat, E-Mail, Regular Mail, and Fax

         a. The Buxom Text Messaging Program

    If You have signed up to receive text messages from us, we may collect information from You through one of our inbound text messaging programs. These programs might be advertised by an independent retailer in their store, or on our Website. In addition to the message itself, we may also collect Your geolocation information as well and use that information to send You personalized marketing messages. We do not share Your mobile telephone number with any third parties to use for their own promotional/marketing purposes. We may also keep a copy of Your text messages for our business purposes and as needed for any follow-ups You may have about the issue You contacted us about. If You do not consent to the same, please contact us via email at contact customerservice@buxomcosmetics.com or via phone at (888) 383-3643 instead. Additionally, if You provide us with Your picture as part of the text communication, we will review the picture as discussed and it may be kept as part of the transcript of Your live chat as noted above, but we do not scan any pictures for Your facial geometry or use Your picture(s) for any other purpose besides to address the issue as to why You sent it to us. 

         b. Live Chat with Customer Care Team

    If You use the Live Chat feature on our Website, we will collect certain information from You such as Your name, email address, and information about why You are chatting with us. Some of that information may be considered Sensitive Personal Information as it may reveal Your gender and race. We only collect this information in order to communication with You, address why You are chatting with us, and ensure that You have a great customer experience. We may also record the live chat and/or keep a transcript of the same for our business purposes and as needed for any follow-ups You may have about the issue You contacted us about. If You do not consent to the recording of Your live chat conversation, please contact us via email at contact customerservice@buxomcosmetics.com or via phone at (888) 383-3643 instead. Additionally, if You provide us with Your picture(s) during the live chat for any reason, we will review the same as part of addressing or responding to the reason why You sent the picture(s) and such picture(s) may be kept as part of the transcript of Your live chat as noted above. We do not scan any picture(s) provided for Your facial geometry though and/or will use Your picture(s) for any other purpose besides to address the issue as to why You sent it to us.

         c. Call Center and Customer Service

    If You contact us over the phone to place an order, speak to our Customer Service department or send a fax or postal mail to our customer service department, we will collect certain Personal Information from You, such as Your name, home address, e-mail address, financial information, and phone number. We may also need to use Your Personal Information to place and send You the order, or further contact You to respond to Your inquiry or request. These methods of ordering are available in the U.S. and in some locations outside the U.S.

    VIII. Information Collected about You from Our Affiliated Brands and Companies

    We may collect Your Personal Information that You shared with one of our corporate affiliates, including our parent company, or other brands in the Orveon Global portfolio. For additional information regarding our corporate affiliates or other brands, please visit our parent company’s website at: https://www.orveonglobal.com.

    IX. Information Collected about or from You from Social Media

         a. Customer Generated Content

    We may collect Personal Information from content that You create and then share with us (and perhaps others) by uploading it to our Website, such as our Facebook fan pages or other related applications. Such Personal Information may include photos, videos, personal stories, or other similar media or content. This information may be considered or reveal Sensitive Personal Information too, as it could reveal Your race, gender, and depending on the type of content could also potentially reveal sexual orientation, political opinion, and health information. Generally, such customer-generated content is collected in connection with any contests and promotions we are running, and also from the third-party website’s community features, customer engagement information, and other social networking information.

         b. Directly from Your Social Media Account

    If You have consented on a third-party social media site to sharing Your Personal Information with other third-parties, then we may collect Your Personal Information that is part of Your profile or that You post publicly. Examples may include Your basic account information (e.g., name, email address, profile picture, gender, birthday, current city, user ID, list of friends, etc.) and any other additional information or activities that You permit the third-party social network to share with application developers or that You post publicly on a Buxom social networking page. For example, we may receive Your social network information (or parts of it) when You download or interact with a Buxom Application on a social networking site (such as Facebook) or use a third-party social networking feature that is integrated within our Website (such as Facebook Connect). This is Personal Information that is shared with us, and You should consult the third-party social media site that You use for more information on how they collect Your Personal Information and how to opt out of such collection and otherwise exercise Your rights.

    X. Information Collected about You from Third Parties

    Occasionally, we may obtain information about You from third-parties, such as a data aggregator or vendor to provide us with additional information about our existing Customers (this is known as “data appending”), which may include information from Your Buxom Account profile or Your postings on a third-party social network. We may also receive information from third-party co-sponsors who we may partner with occasionally to run special promotions or giveaways, such as when You sign up to receive a free sample of our products, and we may use that information to contact You directly. We may also receive information about Customers from other companies that we may acquire.

    We may also receive information about You from Rakuten Advertising (“Rakuten”), which may collect Personal Information from You when You use their services and when You interact with their digital property.  This information may include Your address digital identifiers, information about Your web browsing and app usage, and how You interact with Rakuten’s properties and ads for a variety of purposes, such as personalization of offers or advertisements, analytics about how You engage with websites or ads and other commercial purposes. For more information about Rakuten’s data collection and privacy practices, please review their privacy policy here: https://rakutenadvertising.com/legal-notices/services-privacy-policy/  and for information on how to exercise Your privacy rights with Rakuten, please click here: https://rakutenadvertising.com/legal-notices/services-privacy-rights-request-form/.

    We may also receive information about You from other sources online, such as push notifications You may receive on Your web browser or mobile phone.

    XI. Why We Collect Your Information

    We collect Your Personal Information and Sensitive Personal Information for various reasons, which are described below:

         a. To Service Our Website

    We use information collected to ensure that our Website is working as intended and for analytics purposes, to understand how our Website are operating and learn how they can be improved. We also use this information as needed for auditing purposes.

         b. To Fulfill Your Order and Provide Our Products to You and Facilitate any Exchanges and Returns

    We use information collected to process and ship Your order(s), to inform You about the status of Your order(s), facilitate any exchanges or returns, and to follow up with You about Your satisfaction with the ordered products.

         c. To Maintain Your Account

    We may use information collected to maintain Your accounts with us, including administering any programs associated with such accounts.

         d. To Make Personalized Product Recommendations to You

    We may use information collected to provide You with Buxom product recommendations, offers, and rewards that are tailored to Your interests and profile.

         e. For Our Marketing Purposes

    If You have filled out a contact form with us, signed up to receive our alerts or newsletter, or have otherwise signed up to receive our direct communications, we may use this information to send You marketing communications, such as email communications, mobile messages (including text and/or push notifications), and postal mailings. These communications may inform You about new products, store events, special discounts and coupons, beauty tips, and other news and special offers. On occasion, these communications may also contain information or offers about third party products. In some instances (such as for mobile messages), we may use technical information or precise geo-location information obtained from Your mobile device to send You messages directly to Your mobile device, including offers and coupons based on Your location.

    We may also use collected information to show You ads that are targeted to reach people (or people similar to people) who have visited our website or are identified in one or more of our databases ("Matched Ads"), including Buxom’ ads on our sites or on other sites. This is done by Buxom uploading a customer list to the third-party ad network or incorporating a pixel from the third-party ad network on our website, and the third-party ad network matching common factors between our data and their data. Some of these ads may try to entice You to come back and revisit our site for new offers and promotions. This type of advertising typically involves an ad network collecting and tracking certain technical information (such as Your IP address) and website usage information (such as Your browsing history) on our sites and across many other sites on the Internet.

         f. To Evaluate and Improve our Customer Service

    We may use this information to ensure we are providing the highest level of customer service, and to identify any potential gaps or potential improvements to the same. Customer service may be provided through various forms of communication, such as email correspondence and call center support.

         g. To Evaluate, Improve, and Customize Our Products

    We may use information collected to improve our products, tailor them to Your needs, and come up with new product ideas.

         h. To Administer Contest and Promotions

    We may use information collected to administer a contest, sweepstakes, giveaway, competition, or other similar marketing campaign or promotion. To comply with sweepstakes laws, we may publish or share limited information about promotion winners (such as name and city of residence). For more information about our contests and other promotions, please see the official rules or details that will be posted with each promotion.

         i. In Order to Respond from Requests from You

    If You have requested further information or in any other way requested that we contact You, we will use Your Personal Information to respond to such a request.

         j. To Provide a Personalized and Convenient Website Experience for You

    We may use information collected to personalize Your experience and save You time when You visit our Website. For example, we might remember Your login ID or username so You can quickly login the next time You visit our site or so You can easily retrieve the items You previously placed in Your shopping cart. Based on this type of information, we might also show You specific Buxom content or offers that are more relevant to Your interests.

         k. To Facilitate and Support Our Website Community Features

    We may use information collected to give You access to our website community features, such as features that may allow You to upload and share ratings, reviews, questions/answers, stories, pictures, videos, or other content. Because these types of features are “communal” in nature, information You post in these areas may be visible to others. Please use caution when using these features or uploading content to a Buxom Website. For some community features, You may have the ability to control whether some parts of Your profile can be seen by others and whether we send You notifications about certain community activities (like the fact that one of Your questions has been answered). To access these settings, go to the “My Account” section of our site and login to the relevant community account. For community features that are integrated with third party social networks such as Facebook, see separate section on “Third party social networking” below.

         l. To Facilitate and Support Our Website’s Viral Features

    Where permissible under applicable law, we may request and use collected  information so You can use our website viral features, such as tell-a-friend. These features allow You to easily share certain Buxom’s news, product information, promotions, wish list items, or other content with family members and friends. These features typically require the collection and use of certain personal contact information (such as email addresses and names) so that the selected message or content can be delivered to the proper recipients. In some instances, this information may be stored in our records so we can track and reward our customers for their referrals. For tell-a-friend or other viral features offered by third-party social networks (such as Facebook “Share” and “Like” features), there may be additional privacy concerns for the information collected by these third-party sites. You should review the individual third-party social media provider’s privacy policy for more information.

         m. To Facilitate and Enable Your Interactions with Third-party Social Media Providers

    We may use information collected to support and run contests, to allow You to share content (such as beauty tips, articles, stories, etc.), and to allow You to sign up for certain Buxom accounts, or for other stated purposes as disclosed via the relevant advertisement or promotion.

         n. For Our Other General Purposes

    We may use information collected for other general business purposes, such as to maintain the day-to-day operation and security of our Website, and to conduct internal marketing and demographic studies.

         o. For Our Legal Purposes

    We also collect information in order to comply with certain legal rules and regulations that we are subject to.

    XII. How Long Do We Store and Maintain Your Personal Information?

    We only store and maintain Your Personal Information for as long as is necessary to fulfill the purpose for which it was collected. For example, if You sign up to receive Our newsletters or to receive job alerts, We will store and maintain Your Personal Information to continue to send You these materials until You opt out of receiving such communications. With regards to Your Personal Information collected for our analytics purposes and used to help maintain and improve Our Website, We only store and maintain that information until it is aggregated and used to create a new anonymous data set that no longer contains Your Personal Information, and then delete the underlying Personal Information once that new data set has been created. If You are one of our valued Customers and have created an account with us, we store Your Information as long as Your account remains active, and then delete it when You delete the account, with the exception of any information that we are legally required to maintain longer. If You are a Customer and You do not have an account, we only store Your information as long as needed to support Your purchase and relationship with us.  When we no longer have a legal need, or You close or delete Your account with us, or otherwise ask us to delete Your account, we will do so securely in accordance with our document retention policy.

    XIII. We Do Not Sell Your Personal Information

    Buxom does not sell Your Personal Information that it has collected via Our Website to any third parties. We do not sell Your Sensitive Personal Information to any third parties and only use Your Sensitive Personal Information to provide our products and services to You. We do share Your Personal Information for cross-contextual advertising.

    XIV. Who We Share Your Personal Information With

    Generally, we share Your Personal Information as necessary to provide the services or products You request, including sharing information with certain third parties, such as service providers. We also may share Your Personal Information when required to by law; to protect Your rights and safety, and with Your consent.

                Specifically, we may share Your Personal Information with third parties, including:

    1. Authorized Service Providers: We may share Your Personal Information with our authorized service providers that perform certain services on our behalf. These services may include relationship management software; website hosting; evaluators, contractors and auditors; email marketing providers; customer service providers; providers that perform business and operations analysis for us; and providers that support and maintain our Website, including providing analytics services for us.
    2. Payment Processors: We need to share Your Personal Information and Your Sensitive Personal Information with our third-party payment processor in order to complete Your purchases both on-line and if applicable, at one of our in-person events. You may also be able to store Your payment information with these providers via Your profile with us. We do not store any of Your financial information directly and any such storage or remembering of the same will be facilitated by our third-party payment processor.
    3. Our Advertising Partners: We may also allow third parties through an advertising network to target custom content and ads to You on our Website, and other websites. The information provided to these service providers is limited to only that which we deem appropriate for these service providers to carry out their functions, such as offering You certain promotions or customizing certain advertisements for You, and enable Buxom to market to You.
    4. For a Legal Reason: We may have to share Your Personal Information in response to a subpoena or similar investigative demand, a court order, or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases, we may raise or waive any legal objection or right available to us.
    5. To Prevent Fraud or Illegal Conduct: We may have to share Your Personal Information in situations where we believe disclosure is appropriate in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property, or safety of our company, our consumers, our employees, or others; or to enforce our Terms of Service or other agreements or policies.
    6. With Our Affiliated Brands and Companies: We may share Your Personal Information with our corporate affiliates, including our parent company, or other brands in the Orveon Global portfolio. For additional information regarding our corporate affiliates or other brands, please visit our parent company’s website at: https://www.orveonglobal.com.
    7. For Corporate Reasons: We may also share Your Personal Information as part of a sale, merger, or change in control or ownership of Buxom or our Parent Company Orveon Global, or in the unlikely event of bankruptcy, or in preparation for any of these events. If such an event should happen, the new entity would have the right to continue to use Your information, but only in the manner that is set out in this Policy, unless You otherwise agree.
    8. With Your Consent: To other third parties that You provide consent to share Your information with or that You have requested that we share Your information with.

    XV. How do we Secure and Protect Your Personal Information

    Buxom maintains a comprehensive Information Security Program that employs commercially available physical and IT securitization tools, including but not limited to:

    1. Commercially available and sufficient firewalls;
    2. Segmented Data Storage;
    3. Encryption;
    4. Multi-factor authentication; and
    5. Policies providing for least privileged access to data across our organization.

    Unfortunately, however, there is no way to completely eliminate the risk of a data security incident. If we do suffer one that affects any of Your Personal Information, we will report the same to You as per applicable data breach notification laws.

    We also ask that You do Your part to keep Your account information safe and secure, by asking that You create a sufficiently complex password for Your account and not share it with third parties, as outlined in our Terms and Conditions here. If You have any questions about the cybersecurity for our Website, You can send an email to privacy@orveonglobal.com.

    XVI. California Residents Legal Notice

         a. Categories of Personal Information that we collect:

    Categories of Personal Information

    Categories of Sources of This Information

    Identifiers (i.e., a legal name, nickname, physical home address, internet protocol address, email address, phone number, an online identifier, driver’s license number, etc.)

    Information You provide directly to us or collected from our Website.    

    Biometric Information (i.e. photographs and video)

    Information that may be  collected by our Website or that You provide directly to us.  

    Internet Activity (i.e., browsing history, WiFi use, and internet search history)

    Information You provide directly to us, collected from You from our data analytics providers, or allow us to collect and use from Your devices.

    Geolocation Data (i.e. data describing Your current and past whereabouts)

    Information You provide directly to us or is collected from Your use of our Website.

    Financial Information (i.e., Your bank account number, or Your retirement account information).

    Information You provide directly to us or is collected when You purchase our products on our Website.

    Other Sensitive Personal Information (i.e., Your health information, social security number, race, and potentially Your sexual orientation information)

    Information You provide directly to us or is collected in connection with a sale of our products on our Website.    

     

         b. Sale or Sharing of the Personal Information and Sensitive Personal Information of Persons Under the Age of 16

    Our website and products are not made for, marketed to, or directed at, children under the age of 16 years of age. We do not sell or share the Personal Information of persons under 16 years of age.

         c. Use and Disclosure of Sensitive Personal Information

    We do not use or disclose Your Sensitive Personal Information for any other purpose other than to perform business services, including to provide our products and services to You.

         d. Sale or sharing of Your Personal Information for Our Business Purposes

    As noted above, we do not sell Your Personal Information. We do need to share Your Personal Information with third parties for our business purposes, as noted above.

    We do share Your Personal Information for cross-contextual advertising and You can opt out of the same by clicking here.

    The categories of third parties that we need to share Your Personal Information with and the Categories of Personal Information that we share with those parties are:

    Categories of Third Parties 

    Categories of Personal Information Shared with the Third Party

    Our service providers in order to facilitate Your purchase of our products.

    Identifiers, Geolocation Data, Internet Information, and Financial Information.

    Data Service Providers

    We do not share Your Personal Information or Sensitive Personal Information directly with these providers, but they may receive records that may contain Identifiers, Geolocation Data, Biometric Information, Internet Information, Financial Information, and Other Sensitive Personal Information.  

    Legal Representatives

    Depending on the need, we may need to share Your Identifiers, Geolocation Data, Biometric Information, Internet Information, Financial Information, and Other Sensitive Personal Information.  

    IT Service Providers

    Identifiers, Geolocation Data, and Internet Information.

    Law Enforcement, Courts, or other related Legal third parties that are not our legal representatives

    Depending on the need and related law, we may need to share Your Identifiers, Geolocation Data, Biometric Information, Internet Information, Financial Information, and Other Sensitive Personal Information.  

    Auditors

    Depending on the need, we may need to share Your Identifiers, Geolocation Data,  Biometric Information, Internet Information, Financial Information, and Other Sensitive Personal Information.  

    Accounting Representatives

    Depending on the need, we may need to share Your Identifiers, Financial Information, and Other Sensitive Personal Information.  

    Our Affiliated Brands and Companies

    We may need to share Your Identifiers, Geolocation Data, Biometric Information, Internet Information, Financial Information, and Other Sensitive Personal Information.  

         e. Why We Collect This Information From You

    We use this information from You to provide our services and offer our products to You and for our business purposes as outlined above in Section XI.

         f. Categories of Our “business purposes” that are Used to Share Your Personal Information:

    1. As noted above, we share Your Personal Information and Sensitive Personal Information as needed in order to provide our services and products to You and for our business purposes. Specifically, these categories of “business purposes” are:
      1. Auditing – We may share this information with our third-party vendors, partners and service providers, and our own auditors related to an audit of our business.
      2. Service Improvements – We may share this information with our third-party vendors, other partners, and service providers in order to improve our services and products, create new services and products, offer new products, and to ensure that our Website is working as intended (to identify bugs and errors, and repair them).
      3. Service Partners – We may share this information our third-party vendors, other partners, and service providers in order to have them perform their services for us, pursuant to a written contract that includes the notified purposes permitted by the CPRA.
      4. Security and Legal Issues – We may share this information with law enforcement or other individuals pursuant to a valid subpoena or other legal obligation, our third-party vendors, other partners, and service providers in order to detect, prevent, and investigate security incidents.

         g. Notice of Financial Incentive for Promotions

           i. Overview

    From time to time, we may offer certain promotions both on our Website, and also at our in-person events. These promotions will vary and may include free samples of our products, free make-overs or trying on of our products, and other promotional giveaways. You can also sign-up to receive discounts and coupon codes from us on our Website as well. We are excited to offer these services to our Customers and potential Customers like You. All You have to do is follow the included instructions for the offered promotion.   

           ii. What You are Agreeing To

    If You choose to participate in one of our promotions, You are agreeing to provide us with some of Your personal information (such as Your name, email address and possibly home address) and depending on the promotion, possibly also Your Sensitive Personal Information (such as Your gender, race, and possibly sexual orientation). You will also be given the opportunity to sign up to receive marketing and other communications from us.  

           iii. How You Can Opt Out

    You can opt out of our communications and marketing emails at any time, by clicking the opt out link included in each email or by clicking here.

           iv. The Relationship Between Our Promotions and Your Information

    With regards to promotions that offer discounts to You in exchange for You signing up to receive our communications, including marketing communications. Because our discounts involve the collection of Personal Information, they might be interpreted as a “financial incentive” program under California law. The value of your personal information to us is related to the value of the free or discounted products or services, or other benefits that You obtain or that are provided as part of the applicable promotion, less the expense related to offering those products, services, and benefits to promotion participants.

         h. Your Rights Under the CCPA

           i. You, or Your authorized agent, can request the specific pieces of Personal Information we have collected about You by emailing privacy@orveonglobal.com. You can also request that we disclose how we have collected, used and shared Your personal information over the past 12 months, including the categories of personal information we collected and our purposes for doing so. You may also request the categories of the sources of that information, the categories of the third parties with whom we have shared this information with for a business purpose, and our business purpose for doing so.

           ii. You have the right to correct inaccurate Personal Information that we have collected or maintain about You. In fact, we ask that You do so as soon as You realize any Personal Information that we have collected is inaccurate as it could impact our provision of the Services.

           iii. You have the right to opt out of Sale of Your Information, but as noted above, We do not sell Your information.

           iv. You have a right to be notified when we collect information from You, and we cannot collect new categories of information from You without notifying You first.

           v. You have the right to limit our sharing of Your Personal Information.

           vi. You have the right to not be discriminated against for exercising these rights.

           vii. You have the right to ask us to delete Your Personal Information.

         i. How to Exercise Your Rights

    If You would like to exercise any of the rights listed above with regards to Your Personal Information, then please contact us, or have Your registered agent contact Us, at privacy@orveonglobal.com.

    If You want to review and request changes to Your Personal Information, You may also email or call us as noted below, and we will then provide You with detailed instructions on how to do so.

    XVII. Virginia Consumer Data Protection Act (“VCDPA”) Privacy Notice and Colorado Privacy Act (“CPA”) Privacy Notice

         a. Categories of Personal Information That We Process:

    Categories of Personal Data

    Identifiers (i.e., a legal name, nickname, physical home address, internet protocol address, email address, phone number, an online identifier, driver’s license number, etc.)

    Biometric Information (i.e. photographs, and video)

    Internet Activity (i.e., browsing history, WiFi use, and internet search history)

    Geolocation Data (i.e. data describing Your current and past whereabouts)

    Financial Information (i.e., Your bank account number, or Your retirement account information).

    Other Sensitive Personal Information (i.e., Your health information, social security number, race, and potentially Your sexual orientation information)

     

         b. Purposes for Processing Your Personal Data

    We use Your Personal Data to provide our services and products to You and for our business purposes as described above.     

         c. Categories of Third Parties that we share Your Personal Data With

    We may need to share Your Personal Data with the following Categories of Third Parties:

    1. Our Service Providers;
    2. Data Service Providers;
    3. Legal Representative;
    4. IT Service Providers;
    5. Law Enforcement, Courts, or other related Legal third parties that are not our legal representatives;
    6. Auditors; and
    7. Accounting Representatives.
    1. We Do Not Sell Your Personal Data for Targeted Advertising
    2. How to Exercise Your Privacy Rights under the VCDPA and CPA

    If You would like to exercise any of Your rights under VCDPA and the CPA, then please contact Us at privacy@orveonglobal.com. You can also Opt Out of our Marketing Communications and otherwise exercise Your privacy rights here.

    XVIII. Connecticut Data Privacy Act (CTDPA) Privacy Notice

         a. Categories of Personal Information That We Process:

    Categories of Personal Data

    Identifiers (i.e., a legal name, nickname, physical home address, internet protocol address, email address, phone number, an online identifier, driver’s license number, etc.)

    Biometric Information (i.e. photographs, and video)

    Internet Activity (i.e., browsing history, WiFi use, and internet search history)

    Geolocation Data (i.e. data describing Your current and past whereabouts)

    Financial Information (i.e., Your payment information).

    Other Sensitive Personal Information (i.e., Your race, and potentially Your sexual orientation information)

          b. Purposes for Processing Your Personal Data

    We process Your Personal Data to provide our services and products to You and for our business purposes as described above.     

         c. Categories of Third Parties That We Share Your Personal Data With and the Categories of Data That We Share With Them

    Categories of Third Parties 

    Categories of Personal Information Shared with the Third Party

    Our service providers in order to facilitate Your purchase of our products.

    Identifiers, Geolocation Data, Internet Information, and Financial Information.

    Data Service Providers

    We do not share Your Personal Information or Sensitive Personal Information directly with these providers, but they may receive records that may contain Identifiers, Geolocation Data, Biometric Information, Internet Information, Financial Information, and Other Sensitive Personal Information.  

    Legal Representatives

    Depending on the need, we may need to share Your Identifiers, Geolocation Data, Biometric Information, Internet Information, Financial Information, and Other Sensitive Personal Information.  

    IT Service Providers

    Identifiers, Geolocation Data, and Internet Information.

    Law Enforcement, Courts, or other related Legal third parties that are not our legal representatives

    Depending on the need and related law, we may need to share Your Identifiers, Geolocation Data, Biometric Information, Internet Information, Financial Information, and Other Sensitive Personal Information.  

    Auditors

    Depending on the need, we may need to share Your Identifiers, Geolocation Data,  Biometric Information, Internet Information, Financial Information, and Other Sensitive Personal Information.  

    Accounting Representatives

    Depending on the need, we may need to share Your Identifiers, Financial Information, and Other Sensitive Personal Information.  

    Our Affiliated Brands and Companies

    We may need to share Your Identifiers, Geolocation Data, Biometric Information, Internet Information, Financial Information, and Other Sensitive Personal Information.  

         d. How to Exercise Your Privacy Rights Under the CTDPA

    If You would like to exercise any of Your rights under CTDPA or have Your designated agent access Your rights for You, then please contact us at privacy@orveonglobal.com.  You can also Opt Out of our Marketing Communications and otherwise exercise Your privacy rights here.

    We will respond to Your request without undue delay and generally within 45 days of receiving the request. If we need to extend the response period, we will inform You of the need for such an extension and the reasons why we need to extend. If we deny Your request, You will have the right to appeal as noted below. We will also include these instructions on how to appeal with any denial of your request.

         e. How to Appeal a Denial of Your Request Under the CTDPA

    If we have denied Your request under the CTDPA, You have the right to appeal our decision. In order to appeal, please email us at privacy@orveonglobal.com and in the subject line list Your reference number and the word “appeal.” In the body of the email, please state the reasons why You are appealing and any additional information that we should consider that was not presented or You feel wasn’t properly considered with the initial request. We will respond to Your appeal via email to the same email address within 60 days from our receipt of Your appeal.

    If we deny Your appeal, You can choose to submit a complaint to the Connecticut Attorney General regarding such denial.  

    XIX. Washington’s My Health My Data Act (“MHMDA”) Privacy Notice

         a. Categories of Personal Information That We Process:

    Categories of Consumer Health Data

     

    Categories of Sources of This Information

    Use of Data

    Biometric Information (i.e. photographs and video)

    Information that may be  collected by our Website or that You provide directly to us.  

    You may choose to upload a photograph when You contact customer service with a question or concern about our products and/or services. We do not scan Your picture to obtain Your facial geometry, but as technological changes modify what can be considered to be biometric information, we are including this collection accordingly. We only collect Your picture with Your consent and in order to provide our services and products to You, and for our business purposes as described above.

    Other Sensitive Personal Information (i.e., Your health information, gender, race, and potentially Your sexual orientation information)

    Information You provide directly to us or is collected in connection with a sale of our products on our Website.

    This information may be collected when You sign up for an account with us, upload a photograph or video to our social media or other community platforms, or when You contact customer service. This information is used to maintain Your account, enable us to provide our services to You, and to facilitate Your use of our services including in connection with a sale of our products on our Website.

         b. Purposes for Processing Your Personal Data

    We process Your Personal Data to provide our services and products to You and for our business purposes as described above.    

         c. Categories of Third Parties That We Share Your Personal Data With and the Categories of Data That We Share With Them

     

    Categories of Third Parties 

    Categories of Personal Information Shared with the Third Party

    Data Service Providers

    We do not share Your Consumer Health Data directly with these providers, but they may receive records that may contain Identifiers, Geolocation Data, Biometric Information, and Other Sensitive Personal Information.  

    Legal Representatives

    Depending on the need, we may need to share Your Identifiers, Geolocation Data, Biometric Information, Internet Information, Financial Information, Consumer Health Data, and Other Sensitive Personal Information.  

    Law Enforcement, Courts, or other related Legal third parties that are not our legal representatives

    Depending on the need and related legal obligations, we may need to share Your Identifiers, Geolocation Data, Biometric Information, Internet Information, Financial Information, Consumer Health Data, and Other Sensitive Personal Information.  

    Auditors

    Depending on the need, we may need to share Your Identifiers, Geolocation Data,  Biometric Information, Internet Information, Financial Information, Consumer Health Data, and Other Sensitive Personal Information.  

    Accounting Representatives

    Depending on the need, we may need to share Your Identifiers, Financial Information, Consumer Health Data, and Other Sensitive Personal Information.  

    Our Affiliated Brands and Companies

    We may need to share Your Identifiers, Geolocation Data, Biometric Information, Internet Information, Financial Information, Consumer Health Data, and Other Sensitive Personal Information.  

         d. How to Exercise Your Privacy Rights Under MHMDA

    If You would like to exercise any of Your rights under MHMDA or have Your designated agent access Your rights for You, then please contact us at privacy@orveonglobal.com. Specifically, You have the right to confirm whether we are collecting, sharing, or selling Your Consumer Health Data, and You also have the right to access the same. You May request a list of all third parties and affiliates with whom we have shared or sold Your Consumer Health Data to by emailing privacy@orveonglobal.com.

    You also have the right to withdraw consent from our collection of Your Consumer Health Data, and You may do so by emailing us at privacy@orveonglobal.com. If You ask us to delete Your data, we will do so in accordance with the procedures set forth in Washington’s My Health My Data Act.

    We will respond to Your request(s) without undue delay and within 45 days of receiving the request(s). If we need to extend the response period, we will inform You of the need for such an extension and the reasons why we need to extend. If we do not take action on Your request, You will have the right to appeal as noted below. We will also include instructions on how to appeal with any denial of Your request.

         e. MHMDA Appeal Procedures

    If we refuse to take action on Your request, You have the right to appeal our decision within a reasonable period of time after Your receipt of our decision.  In order to appeal, please email us at privacy@orveonglobal.com and in the subject line list Your reference number and the word “appeal.” In the body of the email, please state the reasons why You are appealing and any additional information that we should consider that was not presented or You feel wasn’t properly considered with the initial request. We will respond to Your appeal via email to the same email address within 45 days from our receipt of Your appeal, and we will inform You of any action taken or not taken in response to the appeal, including a written explanation of the reasons for our decision.

    If we deny Your appeal, You can choose to submit a complaint to the Washington Attorney General regarding such denial.  

    XX.  Children’s Personal Information

    Our website and products are not made for, marketed to or directed at children under the age of 16 years of age. We do not sell the Personal Information of persons under 16 years of age. In the event that we learn that the Personal Information of a person under 16 years of age has been collected, we will delete it immediately from our system.

    XXI. California Shine the Light Law

    Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of personal information the business shares with third parties for direct marketing purposes by such third party and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. However, we do not sell, rent, or otherwise share Your data to any third party in exchange for monetary or other valuable consideration under any circumstances. If You are a California resident and want a copy of this notice, please submit an email request to privacy@orveonglobal.com. In Your request, please specify that You want a “Your Buxom California Privacy Rights Notice.” Please allow 30 days for a response. 

    If You are a minor under 18 but older than 16 years of age and have a profile on buxomcosmetics.com You may ask us to remove reviews or other content that You posted on the site by writing to privacy@orveonglobal.com. We will begin to process Your request within 30 days. Please note that processing Your request does not ensure complete or comprehensive removal of content that You posted.

    XXII. Do Not Track (“DNT”) Settings

    DNT is a setting on some web browsers or mobile devices that can be turned on to instruct websites to disable tracking of Your web browsing activities. DNT is not currently widely adopted  and does not have clear standards or guidelines as to how websites are to interpret it. Additionally, its signals can affect the functioning of certain websites. As such, Buxom does not generally respond to these signals.

    XXIII. Third-Party Tracking on Our Website

    Third-parties may be using Cookies or other technologies to collect Your personal information as You navigate through the internet including from Our Website. As described above, You may decline these third-party Cookies by changing Your browser settings.

    XXIV. Third Party Applications and Sites

    Our Website may provide links to, or features from, other third party sites (such as third party social networks) that we do not own or control. Although we choose our business partners carefully, when You visit these third-party sites and decide to share Your Personal Information with them, You are assuming the risk of doing so. Buxom is not responsible for nor assumes any liability for the privacy practices of websites operated by any third parties, including those that may be linked to our Website, and including the content of those sites. You should check the applicable privacy notice and/or policy of the third party website or application to understand how it collects and manages any information they collect from You.

    As noted in our Terms and Conditions, Buxom does not endorse or control any other websites or applications besides Our Website, nor does the act of providing a link to a third party website or application constitute an endorsement, promotion or approval of such website or application.  

    XXV. NEVADA PRIVACY RIGHTS

    We do not sell, rent, or otherwise share Your data to any third party in exchange for monetary or other valuable consideration under any circumstances unless You specifically consent to such disclosure. Pursuant to Section 603A of the Nevada Revised Statutes, residents of Nevada may, at any time, submit a request to an operator of a website in Nevada directing the operator not to make any sale of any personal information the operator has collected or will collect about the consumer. If You are a Nevada resident and want to opt-out of the sale of any personal information, please submit an email request to privacy@orveonglobal.com. In Your request, please specify that You want to “Opt-Out of Sale of Personal Information in Nevada.” Please allow 60 days for a response.

    XXVI. How to Opt Out

    In general, You may receive our advertisements via Matched Ads from other third party websites and applications that You may visit and interact with, such as, but not limited to: Pinterest, Spotify, Google, TikTok, and Meta. These are advertisements that we place with these providers and we do not share any of Your Personal Information or Sensitive Personal Information when we place the advertisement. To opt-out of receiving Matched Ads, please contact the applicable third party ad network, or You can opt-out from this type of third party tracking at any time by going to: https://www.networkadvertising.org/managing/opt_out.asp. For Meta, if we use Facebook Custom Audiences to serve Matched Ads on Facebook services, You should be able to hover over the box in the right corner of such Facebook ads and find out how to opt-out. Please note that we can only respond to and comply with opt out requests that are made directly to us, and cannot facilitate any opt out requests sent to such third-party ad networks, and are not responsible for such third-party ad network’s failure to comply with Your opt-out request.

    You can always opt-out from receiving marketing communications by following the unsubscribe instructions provided in each communication. If You have an online account with us, You may be given the option to change some of Your communication preferences under the relevant “My Account” section of our site or by calling Customer Service. Please note that even if You opt-out from receiving marketing communications, You may still receive other communications from us, such as order confirmations, notifications about account activities (e.g., account confirmations, password changes, website community postings, etc.), and other important announcements (e.g., product recalls, privacy policy changes, etc.).

    You can also Opt Out of our Marketing Communications and otherwise exercise Your privacy rights here.

    XXVII. Changes to This Policy

    Any changes to the Policy will be posted directly on our Website and reflected with a new Effective Date at the top of this Policy. We encourage You to review the Policy each time You visit our Website to see if it has been updated since Your last visit.

    XXVIII. Contact Us

    If You have any questions or concerns about this Policy, please email us at: privacy@orveonglobal.com.

     

    Rest of World

    EU/UK:

    A. Data Controller

    BUXOM US Buyer LLC is the joint data controller for all data collected through this Website, along with its parent company Orveon Global, a Delaware corporation with offices at 579 Fifth Avenue, 10th Floor, New York, NY 10017. You can contact both Buxom and Orveon via email at privacy@orveonglobal.com.

    B. What Data do we collect and why?

    As outlined in Sections V, VI, VII, VIII, IX, and X above, we collect various information from and about You when You visit our Website. 

    We may collect, use and disclose your Data as outlined in Section XI and for the main following purposes:

    For what purpose do we use your Data?

    What Data do we use?

    On which ground?

    Create and manage your online account

    · Identification and contact information

    · Order and product information

    · Habits and preferences

    · Connection data

    Your prior consent

    Manage your product orders (made online, by phone, etc.).

    · Identification and contact information

    · Order and product information

    · Payment and transaction-related information

    · Connection data

    Performance of the sales contract with you

    Manage your participation in one of our promotional operations (game-contests, sample operations, promotional offers, etc.)

    · Identification and contact information

    · Order and product information

    · User-generated content

    Your prior consent

    Offer you quality services in-store, including:

    ·        providing personalised services and advice in store, according to your preferences, and

    ·        managing your appointments with us (with your beauty consultants, make-up sessions, tutorials and events, etc.)

    · Identification and contact information

    · Order and product information

    · Habits and preferences (might include information related to your allergies)

    Your prior consent

    Interacting with you, including by:

    ·        managing promotional communications (via email, SMS or phone);

    ·        replying to you when you contact us via our customer service or any other communications channel;

    ·        managing your comments and reviews on our products.

    · Identification and contact information

    · Order and product information

    · Habits and preferences

    · Technical information

    · Connection data

    · Data relating to your use of our Sites and applications

    · User-generated content

    Your prior consent

    Providing you access to a virtual try-on feature for our products.

    · Identification and contact information

    · Facial attribute data

    · Technical information

    Your prior consent

    Assess your satisfaction and carry out market surveys

    · Identification and contact information

    · Order and product information

    · Habits and preferences

    · User-generated content

    Our legitimate interest. When we carry out market survey, we always ask for your consent.

    Manage email notifications, including back-in-stock and adverse events notifications

    · Identification and contact information

    · Order and product information

    · Habits and preferences

    · Information on adverse events including health-related information and pictures of you and those you might send us

    Your prior consent, or in case of adverse events notifications -compliance with a legal obligation applicable to us

    Offering you online content adapted to your preferences and online behaviour

    · Habits and preferences

    · Connection data

    · Data related to your use of our Sites and applications

    · Technical information

    Your prior consent

    Performing analysis and statistics, including managing and following traffic on our Sites

    · Order and product information

    · User-generated content

    · Habits and preferences

    · Connection data

    · Data related to your use of our Sites and applications

    · Technical information

    Our legitimate interest (or, where necessary, your prior consent)

    Exercise our legal rights in case of litigation or legal proceedings

    · Identification and contact information

    · Order and product information

    · Information on adverse events

    · User-generated content

    Our legitimate interest

    Ensuring our Sites security

    · Identification and contact information

    · Technical information

    · Data related to your use of our Sites and applications

    · Connection data

    Our legitimate interest

    Managing video surveillance in our shops

    · CCTV images

    Our legitimate interest

     

    C. Data Enrichment and Profiling

    To have a better overall understanding of you as a customer, we may combine information about you gathered across various channels. For example, data collected in the course of your online activity (e.g. shopping, account creation, etc.) may be combined with data we collect when you visit one of our stores (if you have consented).

    This Data enrichment may also occur between different brands of the Orveon Group. For example, if you make an online purchase on the BUXOM website and then create an online account with the same email address on the website of another Orveon Group brand (e.g., bareMinerals or Laura Mercier), the data collected through these two websites may be combined to enrich your customer profile. This helps us to propose products and advice that is most relevant to your interests at particular times, by email (where we have your consent) or when you visit one of our stores.

    Under no circumstances will this enrichment allow us to send you communications relating to another brand of the Orveon Group if you have not consented to it.

    You can object to these “profiling” operations at any time by contacting us. Please refer to the “Your rights and choices” section below. 

    D. Where may we transfer your Data?

    Orveon is a multinational organization with affiliates, vendors and partners located in many countries around the world. For that reason, we may need to share your Data with entities located in jurisdictions which may not be regarded as providing the same level of protection as yours.

    In all cases, we ensure that adequate safeguards, as required under the applicable data protection legislation, are in place. Such safeguards may include:

    • adequacy decisions issued by the European Commission (with respect to transfers out of the EEA) or the UK Government (with respect to transfers out of the UK) that determine the data protection legislation in the recipient jurisdiction provides an ‘adequate’ level of protection for personal data;
    • Standard Contractual Clauses approved by the EU Commission (with respect to transfers out of the EEA) and the UK Government (with respect to transfers out of the UK); or
    • our providers’ Binding Corporate Rules (often known as ‘BCRs’)

    For more information about the transfer of your Data, you can contact our Data Protection Officer (please refer to the “Your rights and choices” section below).

    E. How long do we retain your Data?

    In addition to Section XII, we will retain your data for the period necessary to fulfil the purposes outlined in this Policy (see section B above).

    The criteria used to determine such retention periods include:

    • the length of time we have an ongoing relationship with you;
    • whether there is a legal obligation to which we are subject imposing or authorizing us to keep you Data.
    • whether a longer retention period is required or permitted by law. 
    F. Your rights and choices under the GDPR and UK GDPR

    In accordance with the applicable data protection law, you have the right to request:

    • Access to the Data we hold about you, which means that you can ask us to provide you information regarding the personal data we have about you;
    • The correction of your Data if they are incomplete or inaccurate;
    • The erasure of your Data, in the cases provided by law. Please note that in some cases, we may be obliged to retain your Data anyway, for legal or legitimate reasons;
    • The interruption of the use of your Data by withdrawing your consent at any time where our “lawful basis” is consent, or by objecting to the use of your Data where our “lawful basis” is our legitimate interests and that we have no legitimate overriding interest;
    • The restriction of the use of your Data, in the cases provided by law (e.g., for us to stop carrying out the data enrichment and profiling activities described in Section 5); and/or.
    • To obtain a copy of the Data you provided us, in a commonly used format, to transmit it to another data controller, in the cases provided by law.
    G. How to Exercise Your Rights under the GDPR and UK GDPR

    To exercise your rights or for any further questions related to the use of your Data, please contact our Data Protection Officer:

    • Via email: privacy@orveonglobal.com.
    • Via our postal address: 12 Henrietta Street, 2nd Floor, Covent Garden, London, WC2E 8LH

    Please note that to process your request, we may ask you for proof of identity. We do this to avoid data breaches, e.g. because an unauthorized person pretends to be you and exercises a right in your name.

    If you feel that your Data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your Data, you have the right to lodge a complaint with your local data protection authority:

    For the UK You may contact the Information Commissioner’s Office (ICO) - https://ico.org.uk/.

    For the EU, You may contact Your local Data Protection Authority which may be found here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

     

    Brazil:

    In addition to the information provided above about what information we collect from you, why we collect it, how we protect it and who we share it with, this section also provides you with additional information specific with regards to our privacy practice for our customers in Brazil.

     

    Data Controller

    BUXOM US Buyer LLC is the joint data controller for all data collected through this Website, along with its parent company Orveon Global, a Delaware corporation with offices at 579 Fifth Avenue, 10th Floor, New York, NY 10017. You can contact both Buxom and Orveon via email at privacy@orveonglobal.com.

     

    Purpose of Processing Your Data

    In addition to the reasons noted in section XI above, we only process Your data as needed to provide our services to You, including fulfilling any orders that You make with us, for our business purposes, and as needed with Your consent.

     

    Type and Duration of Processing

    We only process Your data as needed to provide You with our services. We only process Your data for as long as needed to provide You with our services.

     

    Your Rights under the Brazil General Data Protection Law (“LGPD”)

    1. You own Your personal data and are guaranteed the fundamental rights of freedom, intimacy, and privacy guaranteed under the LGPD.
    2. You or Your legal representative on Your behalf, have the right to request that we:
      1. Confirm the existence of the processing of Your Personal Data;
      2. Provide You with access to Your Personal Data;
      3. Correct any incomplete, inaccurate or out-of-data data;
      4. Delete, anonymize, or block any unnecessary or excessive data or data that has not be processed in compliance with the LGPD;
      5. Transfer Your data to another provider;
      6. Delete Your Personal Data;
      7. Provide information to You about who we shared Your data with;
      8. Allow you to revoke Your consent to our processing of Your data.
    3. You have the right to petition the National Authority about our processing of Your data.
    4. You have the right to oppose processing of Your data that is based on a situation relying on a waiver of consent, if such processing is not in compliance with the LGPD.

    Data Transfers out of Brazil

    Your personal data may be transferred, stored, or processed in the United States. When we need to transfer your personal data out of Brazil: if it is to our parent company we rely on our internal policies and procedures to comply with the principles and rights of data subjects in Brazil as per the mandates of the LGPD; or if it is to a third party, we rely on contractual clauses to comply with the principles and rights of data subjects in Brazil as per the mandates of the LGPD.

     

    Canada:

    In addition to the information provided above about what information we collect from you, why we collect it, how we protect it and who we share it with, this section also provides you with additional information specific with regards to our privacy practice for our customers in Canada.

     

    Data Transfers out of Canada

    Your personal data may be transferred, stored, or processed in the United States. As noted above, we take care to ensure that Your Personal Information is only processed as noted in this Policy, and that if we need to share it with a third party, they secure it with at least the same level of security that we employ. 

     

    Mexico:

    In addition to the information provided above about what information we collect from you, why we collect it, how we protect it and who we share it with, this section also provides you with additional information specific with regards to our privacy practice for our customers in Mexico.

     

    Data Controller

    BUXOM US Buyer LLC is the joint data controller for all data collected through this Website, along with its parent company Orveon Global, a Delaware corporation with offices at 579 Fifth Avenue, 10th Floor, New York, NY 10017. You can contact both Buxom and Orveon via email at privacy@orveonglobal.com.

     

    Data Transfers out of Mexico

    Your personal data may be transferred, stored, or processed in the United States. As noted above, we take care to ensure that Your Personal Information is only processed as noted in this Policy, and that if we need to share it with a third party, they secure it with at least the same level of security that we employ. 

    United Arab Emirates

    In addition to the information provided above about what information we collect from you, why we collect it, how we protect it and who we share it with, this section also provides you with additional information specific with regards to our privacy practice for our customers in Canada.

     

    Data Controller

    BUXOM US Buyer LLC is the joint data controller for all data collected through this Website, along with its parent company Orveon Global, a Delaware corporation with offices at 579 Fifth Avenue, 10th Floor, New York, NY 10017. You can contact both Buxom and Orveon via email at privacy@orveonglobal.com.

     

    Data Transfers out of the United Arab Emirates

    Your personal data may be transferred, stored, or processed in the United States. As noted above, we take care to ensure that Your Personal Information is only processed as noted in this Policy, and that if we need to share it with a third party, they secure it with at least the same level of security that we employ. 

     

    Contact Us

    If You have any questions or concerns about this Policy, or wish to exercise any of your rights, please email us at: privacy@orveonglobal.com.