Privacy Policy
At RoC Opco LLC ("RoC," the "Company," "we," or "us"), we value your privacy and want you to understand how we collect, use, and disclose information. Please read this Privacy Policy to familiarize yourself with our practices regarding the information we collect through our website or application (referred to as the "Service"). By providing personal information to us or using the Service, you acknowledge that you have read and understood this Privacy Policy.
IMPORTANT FACTS:
- The Service is not intended for individuals under the age of 18. We request that minors do not provide personal information through the Service.
- We may collect personal and financial information from you to set up an online user account, access certain features, or participate in activities offered through the Service.
- We may combine the information you submit with other information we have collected from you or other sources.
- Please refrain from sending or disclosing sensitive personal information through the Service, unless specifically requested or invited.
- We collect automatic information through various technologies, such as cookies, pixel tags and IP addresses, to enhance your experience and improve our services.
- We use and disclose information to fulfill your requests, for business purposes, and to provide personalized services. We may also share information with our affiliates, service providers, and third parties as necessary or permitted by law.
- You have choices regarding how we use and disclose your personal information for marketing purposes. You can also access, correct, update, or delete your personal information by contacting us.
- Your personal information may be stored and processed in countries where we have facilities or service providers.
- We implement reasonable security measures to protect your personal information, opt-in data and SMS consent status, but no method of transmission or storage is 100% secure.
- We retain your personal information for as long as necessary and in accordance with applicable laws.
- Our Privacy Policy does not apply to third-party sites or services linked to our Service.
- California residents, Canadian residents, and users from the European Union have additional rights and privacy protections.
- Certain users have certain legal rights to obtain confirmation of whether RoC holds personal data about them and to obtain its correction, update, amendment, or deletion in appropriate circumstances.
DETAILS OF OUR PRIVACY PRACTICES:
- USE BY MINORS
- INFORMATION COLLECTION
- SENSITIVE INFORMATION
- AUTOMATIC INFORMATION COLLECTION AND USE
- HOW WE USE AND DISCLOSE INFORMATION
- CHOICES AND ACCESS
- CROSS-BORDER TRANSFER
- SECURITY
- RETENTION PERIOD
- THIRD-PARTY SITES AND SERVICES
- CCPA RAKUTEN DISCLOSURE
- SKIN AI BIOMETRIC INFORMATION DISCLOSURE
- YOUR PRIVACY RIGHTS AND INTERNATIONAL PRIVACY PRACTICES
- CONTACTING US
- UPDATES TO THIS PRIVACY POLICY
USE BY MINORS
The Service is not directed to individuals under the age of 18, and we request that these individuals not provide personal information through the Service. If your child has submitted Personal Information and you would like to request that such Personal Information be removed, please contact us.
INFORMATION COLLECTION
We may collect personal and financial information to set up an online user account, access features, or participate in activities offered through the Service. The information requested may be required or optional. If you provide personal data relating to another individual, you represent that you have the authority to do so.
SENSITIVE INFORMATION
Please avoid sending or disclosing sensitive personal information through the Service unless specifically requested or invited.
AUTOMATIC INFORMATION COLLECTION AND USE
We and our service providers may automatically collect and use information in the following ways as you navigate around the Service:
- Through your browser: Certain information is collected by most browsers, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, and Internet browser type and version. We may collect similar information, such as your device type and identifier, if you access the Service through a mobile device. We use this information to ensure that the Service functions properly.
- Using cookies: Cookies are pieces of information stored directly on the computer you are using. Cookies allow us to collect information such as browser type, time spent on the Service, pages visited, when a customer’s cart has been abandoned and, language preferences. We and our service providers use the information for security purposes, to facilitate navigation, display information more effectively, and to personalize your experience while using the Service. We also use cookies to recognize your computer or device, which makes your use of the Service easier, by, for example, remembering what is in your shopping cart. In addition, we use cookies to gather statistical information about Service usage in order to continually improve the Service’s design and functionality, understand how individuals use the Service, and to assist us with resolving questions regarding the Service. Cookies further allow us to select which of our advertisements or offers are most likely to appeal to you and display them while you are on the Service. We may also use cookies in online advertising to track consumer responses to our advertisements.
- You can refuse to accept these cookies by following your browser's instructions; however, if you do not accept them, you may experience some inconvenience in your use of the Service. You may also not receive advertising or other offers from us that are relevant to your interests and needs. Learn more about cookies here.
- Using Flash cookies: Our use of Adobe Flash technology (including Flash Local Stored Objects ("Flash LSOs")) allows us to, among other things, serve you with more tailored information, facilitate your ongoing access to and use of the Service, and collect and store information about your use of the Service. If you do not want Flash LSOs stored on your computer, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel. You can also control Flash LSOs by going to the Global Storage Settings Panel and following the instructions. Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications.
- Using pixel tags, web beacons, clear GIFs, or other similar technologies: These may be used in connection with some Service pages and HTML formatted e mail and SMS messages to, among other things, track the actions of users and e mail recipients, measure the success of our marketing campaigns, and compile statistics about Service usage.
- Interest-based advertising: We may use third-party advertising companies to serve advertisements regarding goods and services that may be of interest to you when you access and use the Service and other online services, based on information relating to your access to and use of the Service and other online services on any of your devices. To do so, these companies may place or recognize a unique cookie on your browser (including through the use of pixel tags). They may also use these technologies, along with information they collect about your online use, to recognize you across the devices you use, such as a mobile phone and a laptop. Find out more about interest-based advertising, and learn how to opt out of it in desktop and mobile browsers. You may download the AppChoices app to opt out in mobile apps.
- IP address: Your IP address is a number that is automatically assigned to your computer by your Internet Service Provider. An IP address is identified and logged automatically in our server log files whenever a user visits the Service, along with the time of the visit and the pages visited. Collecting IP addresses is standard practice and is done automatically by many online services. We use IP addresses for purposes such as calculating Service usage levels, diagnosing server problems, and administering the Service. We may also derive your approximate location from your IP address or mobile device. You may control whether location information is shared with us through your mobile device, application or browser settings, provided that certain features on our Website may not function properly if your location information is disabled.
- Device Information: We may collect information about your mobile device, such as a unique device identifier, to understand how you use the Service.
HOW WE USE AND DISCLOSE INFORMATION
We use and disclose the information you provide as described in this Privacy Policy and obtain consent where applicable law requires. We use the information to provide the Service, business purposes, analysis, and personalization. We may disclose information to our affiliates, third-party partners, and service providers. We may also disclose information as required by law or to protect our rights and interests.
We may also rely on other legal bases, specifically for:
- Providing the functionality of the Service and fulfilling your requests.
- to provide the functionality of the Service to you and provide you with related customer service.
- to create Accounts to utilize the Services.
- to respond to your inquiries and fulfill your requests, such as by sending you documents you request or e-mail alerts.
- to send you important information regarding our relationship with you or regarding the Service, changes to our terms, conditions, policies, and/or other administrative information.
We will engage in these activities to manage our contractual relationship with you and/or to comply with a legal obligation.
- Accomplishing our business purposes.
- for data analysis, for example, to improve the efficiency of the Service.
- for processing sales transactions.
- for audits to verify that our internal processes function as intended and are compliant with legal, regulatory, or contractual requirements.
- for fraud and security monitoring purposes, for example, to detect and prevent cyberattacks or attempts to commit identity theft.
- for developing new products and services.
- for enhancing, improving, or modifying our website or products and services.
- for identifying Service usage trends, for example, understanding which parts of our Service are of most interest to users.
- for determining the effectiveness of our promotional campaigns so that we can adapt our campaigns to the needs and interests of our users.
We will engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or because we have a legitimate interest.
- Analysis of Personal Information to provide personalized services.
- to better understand you so that we can personalize our interactions with you and provide you with information and/or offers tailored to your interests.
- to better understand your preferences so that we can deliver content via the Service that we believe will be relevant and interesting to you.
We will provide personalized services with your consent or because we have a legitimate interest.
We also disclose information collected through the Service:
- Third-Party Partners to provide personalized services
- to our affiliates for the purposes described in this Privacy Policy.
- to our third-party partners with whom we offer a co-branded or co-marketed promotion.
- to our third-party service providers who provide services such as website hosting and moderating, mobile application hosting, data analysis, payment processing, order fulfillment, infrastructure provision, IT services, customer service, e-mail and direct mail delivery services, auditing, and other services, to enable them to provide services; and
- as permitted by applicable law, to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
In addition, we may use and disclose your information as we believe to be necessary or appropriate: (a) to comply with legal process or applicable law, which may include laws outside your country of residence; (b) as permitted by applicable law to respond to requests from public and government authorities, which may include authorities outside your country of residence; (c) to enforce our terms and conditions; and (d) to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others. We may also use and disclose your information in other ways after obtaining your consent.
We may use and disclose the information we automatically collect under "Automatic Information Collection and Use." If we combine information that is not in personally identifiable form with information that is identifiable (such as combining your name with your geographical location), we will treat the combined information as personal information.
CHOICES AND ACCESS
You have choices regarding our use and disclosure of your personal information for marketing purposes. You can opt out of receiving marketing communications and manage your personal data through your account profile. To the extent you are receiving text messages us, you may opt out of receiving text messaging by replying to any message we send you with the word "STOP" or contacting us at the phone number: 1-800-762-1964. Our team is here to help Monday through Friday, 9am-5pm EST. You can also access, change, or delete your personal information by contacting us via e-mail at roc@rocskincare.com.
CROSS-BORDER TRANSFER
Your personal information may be stored and processed in countries where we have facilities or service providers. By using our Service or by providing consent to us (where required by law), your information may be transferred to countries outside of your country of residence, which may provide for different data protection rules than in your country. We employ appropriate measures to protect personal information when transferred to other countries.
SECURITY
We implement reasonable organizational, technical, and administrative measures to protect personal information, opt-in data and SMS consent status. All payment transactions will be encrypted using SSL technology. However, no method of transmission or storage is entirely secure. If you have reason to believe that your interaction with us is no longer secure or has been compromised, please contact us immediately.
RETENTION PERIOD
We retain personal information for as long as necessary and in accordance with applicable laws. Retention periods are determined based on the purpose of collection and legal obligations
THIRD-PARTY SITES AND SERVICES
This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any site or online Service (including, without limitation, any application) that is available through this Service or to which this Service contains a link. The availability of, or inclusion of a link to, any such site or property on the Service does not imply endorsement of it by us or by our affiliates.
The information you submit to any other website is governed by the privacy policies of those websites and we recommend that you review those policies carefully. We are not responsible for the privacy and security practices of those other websites or social media platforms or the information they may collect (which may include IP address). Links to any other website’s or content do not constitute or imply an endorsement or recommendation by us of the linked website, social media platform, and/or content.
CCPA RAKUTEN DISCLOSURE
Rakuten Advertising may collect personal information when you interact with our digital property, including IP addresses, digital identifiers, information about your web browsing and app usage, and how you interact with our properties and ads for a variety of purposes, such as personalization of offers or advertisements, analytics about how you engage with websites or ads and other commercial purposes. For more information about the collection, use, and sale of your personal data and your rights, please use the below links.
SKIN AI BIOMETRIC INFORMATION DISCLOSURE
In addition to the information we provide you in our Privacy Policy, we want to help you better understand how RoC collects and treats Biometric Information. Where permitted by law, RoC and our service providers use facial recognition technology to provide you with customized skincare solutions. This Policy more specifically describes our collection and use of Biometric Information.
Definition of Biometric Information
As used in Biometric Information Privacy Policy (“Policy”), “Biometric Information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual, including a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry.
Collection of Biometric Information
When you consent to RoC’s use of your Biometric Information, RoC (or service providers, such as technology vendors, working on our behalf) collects facial scan information necessary to accomplish the purposes stated in the Policy, at points of collection, and/or in our Privacy Policy. RoC does not collect, use, store, or disclose your Biometric Information without your consent.
Disclosure of Biometric Information
Unless otherwise required by law, your Biometric Information is accessible only to us and our service providers, which process your data only on our behalf to accomplish the purposes above. We do not share Biometric Information with any other third parties unless required by law. We do not sell, lease, trade or otherwise profit from Biometric Information. We may disclose your Biometric Information to our authorized service providers or other third parties if:
- you or your authorized representative consent to the disclosure;
- the disclosure is required pursuant to a valid warrant, subpoena, or court order issued by a court of competent jurisdiction; or
- the disclosure is required by law.
Retention and Storage
RoC will collect, store, transmit, and protect your Biometric Information using a reasonable standard of care that is at least as protective as the way RoC collects, stores, transmits, and protects other confidential and sensitive personal information.
Unless otherwise required by an order from a court of competent jurisdiction or applicable law, RoC will only retain Biometric Information until: (i) the initial purpose for collecting the Biometric Information has been satisfied, or (ii) for three years following your last interaction with RoC, whichever occurs first, unless legally required to keep it for a different period.
YOUR PRIVACY RIGHTS AND INTERNATIONAL PRIVACY PRACTICES
Depending on your jurisdiction, you may have additional privacy rights. California residents, Canadian residents, and users from the European Union have specific rights and protections. Please refer to the applicable laws and regulations for more information. Please contact us if you feel this list does not cover your rights.
- California Residents: California law may provide you with additional rights regarding our use of your personal information. Learn more about your California privacy rights
- Canadian Residents: Canadian law may provide you with additional rights regarding our use of your personal information. To learn more about your Canada privacy rights.
- If you are a resident of the European Union/European Economic Area (the "EU"), the General Data Protection Regulation 2016/679 and EU Directive 95/46/EC (collectively, the "GDPR") may provide you with additional rights regarding our use of your personal information. Learn more about your GDPR privacy rights
CONTROLS AND CHOICES
MANAGING YOUR INFORMATION
Certain users (such as users in the EU) have certain legal rights to obtain confirmation of whether RoC holds personal data about them, to access personal data RoC holds about them (including, in some cases, in portable form), and to obtain its correction, update, amendment or deletion in appropriate circumstances. Those users may also object to RoC's uses or disclosures of personal data, request a restriction on its processing, or withdraw any consent. However, such actions typically will not have retroactive effect. They also will not affect RoC's ability to continue processing data in lawful ways (for example, if a user opts out of the use of such a user's e-mail or SMS for direct marketing, RoC might still decide to contact such user by e-mail regarding potential fraud on such user's account).
Please note that while text messaging opt out/unsubscribe requests are processed immediately upon our receipt, we are not responsible for any carrier delays. Carriers are not liable for delayed or undelivered messages.
Additionally, please allow up to 10 business days to process marketing email opt out/unsubscribe requests. If you make a purchase through our Website or stores, you may opt back in to marketing communications from us until you opt out/unsubscribe once again. You may opt back in to receiving text messaging by providing us with explicit permission to send you text messages during the order checkout or other sign-up process.
Notwithstanding the above, we may need to retain limited information about you in order to fulfill any order requests made by you, for business, tax, retention and litigation purposes or to fulfill other legal or regulatory obligations. As such, we may still continue to send you non-marketing communications by email, such as transactional or operational communications, even if you have opted out/unsubscribed from our marketing communications.
The rights and options described above are subject to limitations and exceptions under applicable law, including, without limitation, the GDPR. In situations in which RoC processes personal data on behalf of a user, RoC may refer the request to the relevant user and cooperate with their handling of the request, subject to any special contractual arrangement with that user.
The Company is committed to the free exercise of these rights without fear of being denied the opportunity to use the Service. To exercise any right or make any request, please contact us at roc@rocskincare.com. We will respond to your request per the applicable law governing the collection, use, and deletion of your data and information. The requested deletion will be as comprehensive as possible but is always subject to issues outside our control, including applicable regulations and laws, your actions, and third parties' actions. It is important to note that we may retain a copy of the information for archival purposes and to avoid identity theft or fraud.
You also have the right to lodge a complaint with the supervisory authority of your habitual residence, place of work, or place of alleged infringement, if you consider that processing your personal data infringes applicable law. However, RoC encourages any such user to contact RoC first at roc@rocskincare.com. RoC will do its best to promptly address such user's issue(s) and resolve the concern(s).
SERVICE PROVIDERS
Below is a list of our service providers with whom we may share user information and the services they generally provide.
PROVIDER | SERVICES PROVIDED |
---|---|
Shopify | E-commerce services |
Rewind | Data security and archival services |
Klaviyo | Email services |
Stripe |
Payment processing |
PayPal | Payment processing |
Apple Pay | Payment processing |
Google Analytics |
Data science; user and product research |
Other Cookies | Data science; user and product research |
CONTACTING US
If you have any questions about this Privacy Policy, please contact us via e-mail at roc@rocskincare.com or by mail at Roc Opco LLC, 261 Madison Avenue, 16th Floor, New York, NY 10016.
UPDATES TO THIS PRIVACY POLICY
We may update this Privacy Policy and any material changes will be communicated to you. Please review the Privacy Policy periodically. This policy was last edited on August 13, 2023.
© RoC Opco LLC