What is PII?
PII is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not PII. This includes, for example, the number of users of a website.
The person responsible within the meaning of the CCPA and GDPR is:
Address: Brighton Salon, 9409 Brighton Way, Beverly Hills, CA 90210
Scope of the processing of PII
As a matter of principle, we only collect and use PII from you insofar as this is necessary to provide a functional website and our content and services, e.g., when you register on our website or log in to an existing customer account or when you place an order with us.
Relevant legal basis
In accordance with the CCPA and GDPR, the following legal basis, unless specifically described below apply to the processing of your PII:
to fulfil our services and carry out contractual,
to fulfil our legal obligations, and
to protect our legitimate interests.
You have the following rights with regard to PII concerning you, which you can assert against us:
Right of access,
Right to rectification or erasure,
Right to restriction of processing,
Right to object to processing.
Right to withdraw your consent,
Right to complain, and
Right to receive the data in a structured, common, machine-readable format (“data portability”)
You can assert your rights by notifying us using the contact details provided.
a) Log files
In principle, you can use our website for purely informational purposes without disclosing your identity. However, our website collects a series of general data and information with each visit and this data is temporarily stored in log file. A log file is created in the course of an automatic protocol of the processing computer system. The following can be recorded:
browser type/browser version
Operating system used
language and version of the browser software
host name of the accessing end device
Website from which the request comes
Content of the request (specific page)
Date and time of the server request
Access status/HTTP status code
Referrer URL (the previously visited page)
Amount of data transferred
Time sone difference to Greenwich Mean Time (GMT)
The temporary processing of the IP address by the system is necessary to technically enable delivery of the website to your computer. Processing your IP address for the duration of the session is necessary for this. The legal basis for this processing is our legitimate interest.
The access data is not used to identify individual users and is not merged with other data sources. The access data are deleted when they are no longer required to achieve the purpose of their processing. In the case of the collection of data for the provision of the website, this is the case when you end your visit to the website. The data is generally deleted after seven days at the latest; processing beyond this is possible in individual cases. In this case, the IP address is deleted or alienated in such a way that it is no longer possible to assign your device to it.
To provide our web shop, we use the WooCommerce service developed and operated , Inc.. WooCommerce provides us with their online e-commerce platform through which we can offer our goods for sale to you. Both your inventory data and your usage data are stored on WooCommerce’s servers.
a) Contacting us
When you contact us using via email or social media, the data you provide will be stored by us based on your consent and the preparation or initiation of a contract, insofar as it is necessary to answer your questions. Your inquiry is logged in order to be able to prove the contact in accordance with the legal requirements. We delete the data accruing in this context when the respective conversation with you has ended and your inquiry has been conclusively clarified.
On our website, we offer you the opportunity to register by providing PII. The data is entered in the registration form is transmitted to us and stored and includes your full name, your e-mail address, and your password. We will also send you a verification e-mail to ensure that the account creation is made for the intended person. The processing of the data for this registration thus serves the fulfilment of the contract of use or the implementation of pre-contractual measures. You can delete your account at any time either by using the delete function in your account or by contacting us.
c) Storage of data in your account
For the conclusion and processing of contracts, we require contact details, such as name, delivery and billing address and e-mail address, as well as information on the type of payment method you have chosen. You can store this data in your account. In addition, we use your data to maintain our customer database so that only accurate data is stored by us. In order to avoid typing errors and to ensure that the items you have ordered reach you, we check the completeness and accuracy of your address when you enter it.
Following your order, you will receive a corresponding order confirmation as well as further documents, which we are obliged to provide in order to fulfil our legal information obligations for an effective conclusion of a contract with you.
d) Guest order
You have the option to place your orders as a guest. If you choose this order type, you do not have to register before placing an order. Please note that you will have to enter your data again for each subsequent order.
We collect, process, and use the information you provide in the context of a guest order for the purpose of executing the contract. We store the information you provide for the period of processing and handling your order. Afterwards, your data will be deleted unless you decide to activate your customer account within 14 days after placing your order. Data that we are required to store due to legal, statutory, or contractual retention obligations will be blocked instead of being deleted to prevent it being used for other purposes. The processing of the data serves the fulfilment of the contract with you.
e) Order confirmation/dispatch confirmation
In order to process the contract and provide you with our services, for example the web shop or to send you your order, we use your contact details to send you registration confirmations, customer service information, order confirmations, contract documents or payment processing information. We are obliged to send you these documents in order to comply with our legal information obligations for an effective conclusion of a contract with you. The processing of your data is therefore necessary to fulfil our legal information obligations for an effective conclusion of a contract with you.
Based on our legal obligation and our legitimate interest, we use and store your PII and technical information to the extent necessary to prevent or prosecute misuse or other illegal behavior on our website, e.g., to maintain data security in the event of attacks on our IT systems. This also takes place insofar as we are legally obliged to do so, for example due to official or court orders, and for the exercise of our rights and claims as well as for legal defense.
We do not transfer or disclose your information to third parties unless there is a legal basis for such disclosure. Example of such a basis is typically consent from you or a legal basis that requires us to disclose the data.
For the operation and optimization of our website and our shop and for the processing of contracts, various service companies work for us, e.g., for central IT services or the hosting of our website, for the payment and delivery of products, or order fulfilment, to whom we pass on the data required for the fulfilment of the task (e.g., name, address).
Some of these companies act for us by way of commissioned processing and may therefore use the data provided exclusively in accordance with our instructions. In this case, we are legally responsible for appropriate data protection measures at the companies we commission. We therefore agree on specific data security measures with these companies and monitor them regularly.
In contrast, order processing, in these cases we transmit data to third parties for their own use in order to process the contract:
In the case of delivery of goods and the necessary logistics companies and the postal service provider specified when the order was placed.
In the case of payment for goods to the payment service provider as specified when the order was placed (currently ). Please Note: We do not collect or store any payment transaction information such as credit card numbers or bank details during the payment process. You provide this information directly to the respective payment service provider.
If we use service providers in third countries, we take additional measures to ensure an adequate level of data protection for the transfer of PII and thus ensure that the transfer is generally permissible and that the special requirements for a transfer to a third country are met (e.g., by concluding standard contracts and additional guarantees, supplementary technical and organizational measures such as encryption or anonymization).
We will disclose your data to third parties or government agencies within the framework of existing data protection laws if we are legally obliged to do so, e.g., due to official or court orders, or if we are entitled to do so, e.g., because this is necessary for the prosecution of criminal offenses or for the exercise and enforcement of our rights and claims.
We use your data for sending information ordered by you about our offer and other promotions from us to the e-mail address provided by you. If you purchase goods on our website or forget something in your shopping cart or sign up for our newsletter, we may send you information on our own similar goods to your specified e-mail address even without your consent. The legal basis for this data processing is our legitimate interest because advertising related products by way of direct advertising represents a legitimate interest for us as a business and the provider of this website. You may object to the processing of your PII for the purpose of direct advertising at any time without giving reasons by unsubscribing via the unsubscribe link at the end of each e-mail or by contacting us.
Insofar as you have also given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.
You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.
Direct Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe (or opt out).
Based on our legitimate interest, we are present in various “social media” platforms in order to communicate with our customers, interested parties and users registered there and to be able to inform them about our offers there. We would like to point out that you use these platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating).
Access and correction
Applicable Data Protection Law gives you the right to access your Personal Information. Your right of access can be exercised at any time without detriment. Any access request may be subject to a fee of an administrative fee at our rates then in force to meet our costs in providing you with details of the information we hold about you.
In the event that you wish to correct and/or update your Personal Information in our records, you may inform us in writing of the same by contacting us. In certain cases, Personal Information may also be corrected or updated via the website.
We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Information or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under applicable Data Protection Law).
We endeavor to ensure that all decisions involving your Personal Information are based upon accurate and timely information. However, we rely on you to disclose all relevant information to us and to inform us of any changes in your Personal Information. As such, please disclose all relevant information necessary for us to provide services to you and ensure all information submitted to us is up-to-date, complete, and accurate. Kindly inform us promptly if there are any changes in your Personal Information.
We will take steps to inform the third party of any requests, complaints or questions that you may have regarding such Personal Information.
Links to other providers
Our website contains links to the online services of other providers. We hereby point out that we have no influence on the content of the linked online services and the compliance with data protection regulations by their providers.
PII and children
Our website is not intended for children, and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal information, without parental consent, please contact us and we take the necessary steps to remove that information from our server.
Databases or data sets that include PII may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose PII may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.
Questions or Comments