Privacy Policy
At RoC Opco LLC ("RoC," the "Company," "we," or "us"), we value your privacy and want you to understand how we collect, use, and disclose information that uniquely identifies, relates to, describes, or is reasonably capable of being associated with or linked to you (“Personal Information”). Please read this Privacy Policy to familiarize yourself with our practices regarding the Personal Information we collect through our website or application, and generally in the course of providing our products and services to you (collectively referred to as the "Services"). Certain features of our Services may have additional privacy notices that apply, so if you are using those features, please be sure to read those sections below. For example, if you use AI Skin Insight, our AI Skin Biometric Information Disclosure below will apply. By Providing personal Information to us or using our Services, you acknowledge that you have read and understood this Privacy Policy.
This Privacy Notice is available to consumers with disabilities. To access this Privacy Notice in an alternative downloadable format, please click here.
DETAILS OF OUR PRIVACY PRACTICES:
PERSONAL INFORMATION COLLECTION
AUTOMATIC INFORMATION COLLECTION AND USE
HOW WE USE AND DISCLOSE INFORMATION
THIRD-PARTY SITES AND SERVICES
NOTICE TO CALIFORNIA RESIDENTS
YOUR PRIVACY RIGHTS AND HOW TO EXERCISE THEM
UPDATES TO THIS PRIVACY POLICY
SKIN AI BIOMETRIC INFORMATION DISCLOSURE
USE BY MINORS
Our Services are not directed to individuals under the age of 18, and we request that these individuals not provide Personal Information through the Service. If your child has submitted Personal Information and you would like to request that such Personal Information be removed, please contact us.
PERSONAL INFORMATION COLLECTION
We may collect Personal Information from you in connection with your use of our Services, such as to set up an online user account, access features, contact us, or participate in activities offered through the Services. The information requested may be required or optional. If you provide Personal Information relating to another individual (for example, if you place an order on someone else’s behalf or send a gift to someone), you represent that you have the authority to do so. We also may collect Personal Information in the ways described below in the section titled “Automatic Information Collection and Use.”
AUTOMATIC INFORMATION COLLECTION AND USE
We and our service providers may automatically collect and use Personal Information in the following ways as you navigate and use our Services:
· Through your browser: Certain information is collected by most browsers, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, and Internet browser type and version. We may collect similar information, such as your device type and identifier, if you access the Services through a mobile device. We use this information to ensure that the Services function properly.
· Using cookies: Cookies are pieces of information stored directly on the computer you are using. Cookies allow us to collect information such as browser type, time spent on the Services, pages visited, and language preferences. We and our service providers use the information for security purposes, to facilitate navigation, display information more effectively, and to personalize your experience while using the Services. We also use cookies to recognize your computer or device, which makes your use of the Services easier, by, for example, remembering what is in your shopping cart. In addition, we use cookies to gather statistical information about Service usage in order to continually improve the Services’ design and functionality, understand how individuals use the Services, and to assist us with resolving questions regarding the Services. Cookies further allow us to select which of our advertisements or offers are most likely to appeal to you and display them while you are using the Services. We may also use cookies in online advertising to track consumer responses to our advertisements.
· You can refuse to accept these cookies by following your browser's instructions; however, if you do not accept them, you may experience some inconvenience in your use of the Services. You may also not receive advertising or other offers from us that are relevant to your interests and needs. To learn more about cookies, please visit http://www.allaboutcookies.org.
· Using Flash cookies: Our use of Adobe Flash technology (including Flash Local Stored Objects ("Flash LSOs")) allows us to, among other things, serve you with more tailored information, facilitate your ongoing access to and use of the Services, and collect and store information about your use of the Services. If you do not want Flash LSOs stored on your computer, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel. You can also control Flash LSOs by going to the Global Storage Settings Panel and following the instructions. Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications.
· Using pixel tags, web beacons, clear GIFs, or other similar technologies: These may be used in connection with some Service pages and HTML formatted e mail messages to, among other things, track the actions of users and e mail recipients, measure the success of our marketing campaigns, and compile statistics about Service usage.
· Interest-based advertising: We may use third-party advertising companies to serve advertisements regarding goods and services that may be of interest to you when you access and use the Services and other online services, based on information relating to your access to and use of the Services and other online services on any of your devices. To do so, these companies may place or recognize a unique cookie on your browser (including through the use of pixel tags). They may also use these technologies, along with information they collect about your online use, to recognize you across the devices you use, such as a mobile phone and a laptop. If you would like more information about this practice, and to learn how to opt out of it in desktop and mobile browsers on the particular device on which you are accessing this Privacy Policy, please adjust your third-party advertising cookie preferences on our website or visit http://optout.aboutads.info/#/ and http://optout.networkadvertising.org/#/. You may also download the AppChoices app at www.aboutads.info/appchoices to opt out in mobile apps. Examples of the third-party service providers we engage to serve interest-based advertisements include Google Ads (including DoubleClick) and Meta Ads (including Meta Pixels and Facebook advertising services). The Services also use TikTok Business Products that involve TikTok's access to or storage of information on your device, including but not limited to the TikTok Pixel or other similar tracking technologies (such as access to data using pixels, cookies, APIs, SDKs, etc.) to collect information about how users use the Services. Information collected through such tools is used to provide measurement services and/or to target ads. Additionally, third parties, including Google (through, for example, our use of Google Analytics Advertising Features, including Dynamic Remarketing), may place and read cookies on your browser, or use web beacons to collect information in connection with ad serving on or through the Services, including for the purposes of showing our ads on sites across the internet. Our partners will collect personal information for personalization of ads and may use first-party cookies or other first-party identifiers and third-party cookies and other third-party identifiers for personalized and non-personalized advertising and measurement. Ad serving may be based on users’ visits to our Services or other websites on the Internet, and your activity may be tracked over time and across websites. For information about how Google collects, shares, and uses data, please visit: https://policies.google.com/technologies/partner-sites. You can opt out of Google’s use of cookies or device identifiers by visiting the Google Ads Settings web page at: https://www.google.com/ads/preferences/. For more information, please visit Google’s privacy policy at: https://policies.google.com/privacy?hl=en&fg=1. You can opt out of a third-party vendor’s use of cookies by visiting the Network Advertising Initiative opt-out page or control the use of device identifiers by using your device’s settings.
· IP address: Your IP address is a number that is automatically assigned to your computer by your Internet Service Provider. An IP address is identified and logged automatically in our server log files whenever a user visits the Services, along with the time of the visit and the pages visited. Collecting IP addresses is standard practice and is done automatically by many online services. We use IP addresses for purposes such as calculating Service usage levels, diagnosing server problems, and administering the Services. We may also derive your approximate location from your IP address.
· Device Information: We may collect information about your mobile device, such as a unique device identifier, to understand how you use the Services.
· Website Delivery and Appearance: We may use third-party providers to enable certain customer interaction opportunities, content delivery (like video), or other service capabilities. Examples include, but are not limited to, the following functionality:
o Content Delivery: We partner with service providers to host our Services and deliver specific content in support of our Services. For example, we partner with companies like YouTube and Vimeo to deliver specific content delivery like video. For more information about how YouTube collects and uses your data, visit Google’s Privacy Policy.
o Customer Interaction: We enhance our customer interactions by offering features like Mapbox. Your Personal Information will be collected and used in accordance with the Mapbox Product Terms, the Mapbox DPA, and Mapbox Privacy Policy.
· Website Analytics and Session Replay: We use analytics and session replay services, that use cookies and other technologies that collect your Personal Information, to assist us with analyzing our traffic and Services usage to optimize, maintain, and secure our Services and inform subsequent business decisions (including, e.g., advertising). These include, but are not limited to, the following third-party services:
o Google Analytics: To learn more about how Google uses data, visit Google’s Privacy Policy and Google’s page on “How Google uses data from sites or apps that use our services.” You may download the Google Analytics Opt-out Browser Add-on for each web browser you use, but this does not prevent the use of other analytics tools. To learn more about Google Analytics cookies, visit Google Analytics Cookie Usage on Websites.
o Meta Pixels: We use Meta pixels to track user activity on our Services and improve downstream offerings, including interest-based advertising for our services and those of our partners and service providers.
o Crazy Egg: We use Crazy Egg on the Services to analyze and obtain information about how visitors to our Services interact with the Services. Please note that the Crazy Egg script may store cookies on computers used by visitors to our Services. The cookies may contain a cookie value that allows Crazy Egg to detect if you are a returning visitor or a first-time visitor. Crazy Egg’s use of cookies is further described in its Privacy Policy and Cookie Policy. If you do not wish to be tracked by Crazy Egg, please visit Crazy Egg’s opt-out feature, available at: https://www.crazyegg.com/opt-out. You will be required to comply with those provisions of the Crazy Egg Privacy Policy and Terms of Use regarding Client Site Visitors, Visitor Submitted Content, any disclaimers of liability by Crazy Egg, the limitation of liability set forth in Section 10 (Limitation of Liability) and the terms of Section 15 (Arbitration; Dispute Resolution). Crazy Egg and its affiliates are third-party beneficiaries of such provisions.
· Cookie Choices – To manage your preferences with respect to these technologies, you can:
o Visit our preferences page, or customize your browser settings to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable certain cookies, please note that some parts of our Services may not function properly. These settings may be lost and require reconfiguration if you delete your cookies.
o Block the collection and use of your information by online platforms and ad tech companies for the purpose of serving interest-based advertising by visiting the opt out pages of the self-regulatory programs of which those companies are members: National Advertising Initiative and Digital Advertising Alliance (or the European Interactive Digital Advertising Alliance, if you are located in the European Economic Area). Please note that even if you opt out of interest-based advertising, you may still see “contextual” ads which are based on the context of what you are looking at on the websites and pages you visit.
o Review and execute any provider-specific instructions to customize your preferences or opt-out of certain processing, including interest-based advertising, by third-party service providers. For example, to opt-out of this type of advertising by Google, customize your ad preferences, or limit Google’s collection or use of your data, visit Google’s Safety Center and Google’s Ad Settings and follow Google’s personalized ad opt-out instructions. Meta also offers an Ad Preferences center to customize your settings, as well as a Privacy Policy with additional information on how you can exercise your rights.
HOW WE USE AND DISCLOSE PERSONAL INFORMATION
We use and disclose the Personal Information you provide as described in this Privacy Policy and obtain consent where applicable law requires. We use Personal Information to:
· To provide and personalize our Services, such as processing or fulfilling orders and transactions, processing payments, providing customer service, maintaining or servicing accounts, creating and maintaining business records, and undertaking or providing similar services.
· To optimize, improve, and maintain our Services, including understanding how users interact with our Services, gauging user interest in certain Services or Site functionality, and troubleshooting problems.
· For internal research and development, such as testing, verifying, and improving the quality of our Services.
· For marketing and advertising, including using your information to send you messages, notices, newsletters, surveys, promotions, or event invitations about our own or third parties’ goods and services that may be of interest to you. We also use Personal Information to conduct interest-based advertising as discussed in the “Automatic Information Collection and Use” section above. You can unsubscribe from any marketing emails or text messages that we may send you by following the instructions included in the email or text correspondence or emailing us at roc@rocskincare.com.
· For communicating with you, such as responding to your questions and comments.
· For legal, security, or safety reasons, such as protecting our and our users’ safety, property, or rights; complying with legal requirements; enforcing our terms, conditions, and policies; detecting, preventing, and responding to security incidents; and protecting against malicious, deceptive, fraudulent, or illegal activity.
· As part of a corporate transaction, such as in connection with the sale of part or all of our assets or business, the acquisition of part or all of another business or another business’ assets, or another corporate transaction, including bankruptcy.
We may disclose Personal Information in the following circumstances:
· Service Providers – We disclose your Personal Information with third-party service providers as necessary to enable them to support our Services or other aspects of our business.
· Affiliates and Subsidiaries – We may disclose your information to our affiliates and subsidiaries for their and our business purposes and for marketing purposes, including to provide you information about the products or services we think may interest you.
· Business Partners – We may disclose Personal Information with trusted business partners. For example, we may disclose your Personal Information with a company whose products or services we think may be of interest to you or who we co-sponsor a promotion or service with.
· Legal Obligation or Safety Reasons – We may disclose Personal Information to a third party when we have a good faith belief that such disclosure of Personal Information is reasonably necessary to (a) satisfy or comply with any requirement of law, regulation, legal process, or enforceable governmental request, (b) enforce or investigate a potential violation of any agreement you have with us, (c) detect, prevent, or otherwise respond to fraud, security or technical concerns, (d) support auditing and compliance functions, or (e) protect the rights, property, or safety of RoC, its employees and customers, or the public against harm.
· Merger or Change of Control – We may disclose Personal Information to third parties as necessary if we are involved in a merger, acquisition, or any other transaction involving a change of control in our business, including but not limited to, a bankruptcy or similar proceeding. Where legally required, we will give you notice prior to such disclosure.
CROSS-BORDER TRANSFERS
Please note that our Services are hosted in the United States. Where permitted by applicable law, we may transfer the Personal Information we collect about you to the United States and other jurisdictions that may not be deemed to provide the same level of data protection as your home country, as necessary for the purposes set out in this Notice. Sending Personal Information to other jurisdictions outside your home country may increase the risk of disclosure of information because the laws in the destination country dealing with protection of information may not be as strict as in your home country. By agreeing to this Notice, you consent to allow your Personal Information to be transferred outside of your home country to RoC and third parties working on its behalf for processing. While your information is in another jurisdiction, it may be accessed by courts, law enforcement, and national security authorities.
We will only transfer Personal Information to third parties located outside of these regions when we have ensured appropriate safeguards for such Personal Information through use of the standard contractual clauses or other lawful and approved methods. To request a copy of applicable cross-border data transfer agreements, please reach out using the information in the Contact Us section.
SECURITY
We implement reasonable organizational, technical, and administrative measures to protect Personal Information. However, no method of transmission or storage is entirely secure and we cannot guarantee the security of Personal Information during its transmission or its storage on our systems.
RETENTION PERIOD
We retain Personal Information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless otherwise required by applicable laws. Criteria we will use to determine how long we will retain your Personal Information include whether we need your Personal Information to provide you with our Services; you have requested information from us; we have a legal right or obligation to continue to retain your Personal Information; we have an obligation to a third party that involves your Personal Information; our retention or recordkeeping policies and obligations dictate that we retain your Personal Information; or we have another business purpose for retaining your Personal Information.
THIRD-PARTY SITES AND SERVICES
This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any site or online service (including, without limitation, any application) that is available through our Services or to which the Services contain a link. The availability of, or inclusion of a link to, any such site or property by us does not imply endorsement of it by us or by our affiliates.
In some cases, we offer links to social media platforms (like Facebook, Instagram, Pinterest, TikTok, and YouTube) that enable you to easily connect with us or share information on social media. Any content you post via these social media pages is subject to the Terms of Use and Privacy Policies for those platforms.
NOTICE TO CALIFORNIA RESIDENTS
This section applies to our collection and use of Personal Information if you are a resident of California, as required by the California Consumer Privacy Act of 2018 and its implementing regulations, as amended by the California Privacy Rights Act (“CCPA”), where “Personal Information” has the definition set forth in the CCPA.
RoC makes the following disclosures regarding the Personal Information it has collected within the 12-month period preceding the date this Privacy Policy was last updated:
Sources of Personal Information
We collect Personal Information from directly from you and automatically as you use our Services, as detailed in the “Personal Information Collection” and “Automatic Information Collection and Use” sections above.
Use of Personal Information
We collect Personal Information for the business and commercial purposes detailed in the “How We Use and Disclose Personal Information” section above.
Disclosure of Personal Information
The categories of third parties to whom we disclose Personal Information for a business or commercial purpose are detailed in the “How We Use and Disclose Personal Information” section above. The categories of third parties to whom we sell or share Personal Information are summarized in the chart below. We do not knowingly sell or share the Personal Information of minors under the age of 16.
|
Categories of Third Parties to Whom We Sell or Share Personal Information |
|
|
Identifiers |
Third-party marketers Analytics providers Other third parties that set cookies and other online tracking technologies on our Services. |
|
Personal information, as defined in the California customer records law
|
We do not sell or share this category of Personal Information. |
|
Commercial Information |
We do not sell or share this category of Personal Information. |
|
Biometric Information |
We do not sell or share this category of Personal Information. |
|
Internet or other similar network activity
|
Third-party marketers Analytics providers Other third parties that set cookies and other online tracking technologies on our Services. |
|
Inferences drawn from other Personal Information
|
We do not sell or share this category of Personal Information. |
INTERNATIONAL USERS
This section provides additional information regarding RoC’s processing of Personal Information of people located in Australia, the European Union, and the United Kingdom in accordance with applicable data protection laws.
Legal Basis for Processing
Our legal basis for processing Personal Information depends on the Personal Information concerned and the context in which we process it. We process Personal Information from you where we need it to perform a contract with you, where the processing is in our legitimate interests (including the purposes described in this Privacy Notice), where the processing is necessary for us to meet our applicable legal obligations, or if we otherwise have your consent.
Special Category Data
Where we collect Personal Information that is considered “Special Category Data” (e.g. biometric information), we will only do so where we have obtained your prior express consent.
Automated Decision Making
RoC does not make any automated decisions on your behalf or about you without first obtaining your express, opt-in consent. In the event we secure your consent to do so, you have the right to object to the processing of Personal Information via automated decision making at any time by contacting us at roc@rocskincare.com.
Transfers to Third Parties and Countries
Personal Information that we collect or receive may be transferred to and/or processed by third parties that are located outside of the European Union, Australia, or the United Kingdom, some of which applicable authorities may not consider to have an adequate level of protection for Personal Information. RoC will only transfer Personal Information to third parties located outside of the European Union, Australia, or the United Kingdom when it has ensured appropriate safeguards for such Personal Information through use of the standard contractual clauses or other lawful and approved methods.
Your Privacy Rights
To exercise any rights you have with respect to your Personal Information, please see the section below titled “Your Privacy Rights and How to Exercise Them.”
NOTICE OF FINANCIAL INCENTIVE
This Notice of Financial Incentive is to provide you with additional information regarding financial incentives or price differences that we may provide in exchange for your Personal Information as required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”) and Colorado Privacy Act (“CPA”), as the foregoing laws pertain to “Financial Incentives” as defined by the CCPA or “Bona Fide Loyalty Programs” as defined by the CPA.
To participate in our loyalty program, you can sign up online at this link by providing your first name, last name, and e-mail address. No other information is necessary to sign up, and we do not sell or share your Personal Information for targeted advertising with any third parties, including data brokers. We utilize Yotpo, our retention marketing platform, and Klaviyo, our email service provider, as a “Bona Fide Loyalty Program Partners,” as such term is defined under the CPA, to administer our loyalty program benefits, including, in the case of Yotpo, to administer the program, and in the case of Klaviyo, to send loyalty program and tier updates.
Upon sign-up, you will receive 50 bonus points towards rewards. When you sign up for SMS/email, you will receive a percentage discount off of your order. For additional information about the terms of our loyalty program, please see our Loyalty Program Terms and Conditions. Participation in our loyalty program is entirely optional and you may opt out at any time by any of the following methods:
· Direct Opt-Out: you may access your account settings and choose to opt out of the loyalty program directly or delete your account; or
· Contact Support: you may contact RoC’s customer support to request removal from the loyalty program.
Please note that by opting out of our loyalty program, you will no longer have access to your rewards account, but you can otherwise continue to make purchases and use our website and/or mobile application to place orders. All rewards you have earned until the time of withdrawal will no longer be available. In addition, you may not be able to participate in our rewards program if you make a request to delete your Personal Information. This is because we need your name and email address to administer the loyalty program. Therefore, if you request that we delete your Personal Information, we will do so, subject to legal exceptions, however without that information it will not be possible to provide you with our loyalty program (for example, to communicate with you regarding your rewards, or collect and retain your information which rewards are based on).
We treat the value of your Personal Information collected through our promotional programs as equivalent to our total program expenses (excluding the value of benefits). The value of each program is the value of the program benefits, including discounts and coupons, the value of which will depend on individual customer participation. By participating in our promotional programs, you agree that the benefits are reasonably related to the value of the Personal Information collected and retained.
YOUR PRIVACY RIGHTS AND HOW TO EXERCISE THEM
Depending on where you live and your relationship with us, you may have the following rights with respect to your Personal Information under applicable data protection laws:
· Access – The right to know what Personal Information we have collected about you and to access such Personal Information.
· Data portability – The right to receive a copy of your Personal Information in a portable and readily usable format.
· Deletion – The right to delete your Personal Information, subject to certain exceptions.
· Correction – The right to inaccuracies in your Personal Information.
· Opt out of certain processing – The right to: (a) opt out of the processing of your Personal Information for purposes of targeted advertising, (b) opt out of the sale or sharing of your Personal Information; (c) limit the use of your Sensitive Personal Information (if applicable), and (d) opt out of the processing of your Personal Information for profiling in furtherance of decisions that produce legal or similarly significant effect concerning you.
· Objection/Restriction of Processing – The right to object or restrict us from processing your Personal Information in certain circumstances.
· Automated Decision-Making – The right to know when you are subject to automated decision-making, the Personal Information used to render the decision, the principal factors and parameters involved in the decision, and human review or correction of the decision (or its underlying data, where appropriate). You may also have the right to consent or opt out of this automated decision-making, depending on your location.
· Withdraw Consent – The right to withdraw your consent where we are relying on your consent to process your Personal Information.
· Lodge a Complaint – The right to lodge a complaint with a supervisory authority or other regulatory agency if you believe we have violated any of the rights afforded to you under applicable data protection laws. We encourage you to first reach out to us so we have an opportunity to address your concerns directly before you do so.
To opt out of marketing emails, please email us at roc@rocskinscare.com or follow the instructions included in the email correspondence. Please note that, even if you unsubscribe from certain correspondence, we may still need to contact you with important transactional or administrative information, as permitted by law. Additionally, if you withdraw your consent or object to processing of your Personal Information, or if you choose not to provide certain Personal Information, we may be unable to provide some or all of our Services to you.
To exercise any of the privacy rights afforded to you under applicable data protection laws, please submit a request to us by email us at roc@rocskincare.com.
You may also initiate any opt outs by visiting our preferences page or broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (GPC). We honor Opt-Out Preference Signals, including GPC. If you choose to use an Opt-Out Preference Signal, you will need to turn it on for each supported browser or browser extension you use.
You will not be discriminated against in any way by virtue of your exercise of the rights listed in this Privacy Policy which means we will not deny our Services to you, provide different prices or rates for our Services, or provide a different level or quality of our Services. Only you, or an authorized agent that you authorize to act on your behalf, may make a request related to your Personal Information.
We must verify your identity before fulfilling your requests, and if we cannot verify your identity, we may request additional information from you. If you are an authorized agent making a request on behalf of another person, we will also need to verify your identity, which may require proof of your written authorization or evidence of a power of attorney. We endeavor to respond to requests within the time period required by applicable law. If we require more time, we will inform you of the reason and extension period in writing.
We do not charge a fee to process or respond to your requests unless they are excessive or repetitive. If we determine that a request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. We may deny certain requests, or only fulfill some in part, as permitted or required by law. If you are not satisfied with the resolution of your request and you are afforded a right to appeal such decision, you will be notified of our appeal process in our response to your request.
Shine the Light
Under California Civil Code Section 1798.83, individual customers who reside in California and who have an existing business relationship with us may request information about our disclosure of certain categories of Personal Information to third parties for the third parties’ direct marketing purposes, if any. To make such a request, please contact us using the information in the Contact Us section below. Please be aware that not all information sharing is covered by these California privacy rights requirements and only information on covered sharing will be included in our response. This request may be made no more than once per calendar year.
CONTACTING US
If you have any questions about this Privacy Policy, please contact us via e-mail at roc@rocskincare.com or by mail at Roc Opco LLC, 261 Madison Avenue, 16th Floor, New York, NY 10016.
UPDATES TO THIS PRIVACY POLICY
We may update this Privacy Policy and any material changes will be communicated to you. Please review the Privacy Policy periodically. This policy was last edited on December 3, 2024.
© RoC Opco LLC
SKIN AI BIOMETRIC INFORMATION DISCLOSURE
In addition to the information we provide you in our Privacy Policy, we want to help you better understand how RoC collects and treats Biometric Information. Where permitted by law, RoC and our service providers use facial recognition technology to provide you with customized skincare solutions. This Policy more specifically describes our collection and use of Biometric Information.
Definition of Biometric Information
As used in Biometric Information Privacy Policy (“Policy”), “Biometric Information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual, including a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry.
Collection of Biometric Information
When you consent to RoC’s use of your Biometric Information, RoC (or service providers, such as technology vendors, working on our behalf) collects facial scan information necessary to accomplish the purposes stated in the Policy, at points of collection, and/or in our Privacy Policy. RoC does not collect, use, store, or disclose your Biometric Information without your consent.
Disclosure of Biometric Information
Unless otherwise required by law, your Biometric Information is accessible only to us and our service providers, which process your data only on our behalf to accomplish the purposes above. We do not share Biometric Information with any other third parties unless required by law. We do not sell, lease, trade or otherwise profit from Biometric Information. We may disclose your Biometric Information to our authorized service providers or other third parties if:
· you or your authorized representative consent to the disclosure;
· the disclosure is required pursuant to a valid warrant, subpoena, or court order issued by a court of competent jurisdiction; or
· the disclosure is required by law.
Retention and Storage
RoC will collect, store, transmit, and protect your Biometric Information using a reasonable standard of care that is at least as protective as the way RoC collects, stores, transmits, and protects other confidential and sensitive personal information.
Unless otherwise required by an order from a court of competent jurisdiction or applicable law, RoC will only retain Biometric Information until: (i) the initial purpose for collecting the Biometric Information has been satisfied, or (ii) for three years following your last interaction with RoC, whichever occurs first, unless legally required to keep it for a different period.