Privacy Policy

1. Scope of this Policy

Thank you for visiting ColourPop Cosmetics, owned and operated by , ColourPop Cosmetics, LLC (referred to as “ColourPop,” “us,” “our,” “we”). We are committed to respecting privacy rights and concerns and have established and implemented this Privacy Policy to inform users of our website and our customers, of what personal information we collect, and how we use, share, and protect such information. If you have any questions regarding this information or our privacy practices, please see the section entitled Contact Us at the end of this Privacy Policy.

2. Agreement to Terms

If you do not agree with the terms of this Privacy Policy or our Terms of Use, then you should immediately discontinue use of the ColourPop website (the “Site”) and/or our services without providing us any personally identifiable information.

3.  Effective Date and Changes to this Policy

This Privacy Policy is effective as of the date above and will remain in effect until a new policy supersedes it. We may choose to update this Privacy Policy at our discretion, so you should check this page periodically as the terms may change from time-to-time. The most recent version of the Policy will be reflected by the “Effective” date noted at the top of the page. In the event of a material change to this Privacy Policy, we will provide a conspicuous message either through the Site or via an email address associated with your account informing you of the change. Your affirmative consent or continued use of the Site and/or our services will constitute your acknowledgment of this Policy in its current version and your understanding of the terms of this Policy.

Minor changes to our Privacy Policy

Where we make minor changes to our Privacy Policy, we will update our Privacy Policy with a new effective date stated at the beginning of it. Our processing of your information will be governed by the practices set out in that new version of the Privacy Policy from its effective date onwards.

Major changes to our Privacy Policy or the purposes for which we process your information

Where we make major changes to our Privacy Policy or intend to use your information for a new purpose or a different purpose than the purposes for which we originally collected it, we will notify you by email (where possible) or by posting a notice on our website.

We will provide you with the information about the change in question and the purpose and any other relevant information before we use your information for that new purpose.

Wherever required, we will obtain your prior consent before using your information for a purpose that is different from the purposes for which we originally collected it.

4.  The Information We Collect

We collect the following categories of personal information directly from you, as you visit our website, reach out to us, create an account with us, or place an order with us:

  • Personal details: Such as your name, email address, telephone number, shipping address, company name (if applicable).
  • Account information: Such as your order history, wishlist, birthday, preferences, beauty profile (including hair, eye, and skin color, skin type etc.), and any other information you provide to us when you complete the registration form, in addition to personal details.
  • Log information: Such as your IP address, geolocation, webpages accessed, information requested along with the date and time of the request, the source of your access to our website (e.g. the website or URL (link) which referred you to our website), browser version, operating system.
  • Marketing information: Such as your marketing preferences, the level of engagement our emails receive, such as the delivery rates, open rates and click through rates which our emails achieve.
  • Billing information: Such as credit, debit, or other payment card information, billing name, billing address.
  • Communications you send us: Such as survey responses, correspondence, any other information you provide to us.
  • Visual information: Such as photographs and videos from social media platforms and/or submitted directly.

We collect what is commonly referred to as “sensitive personal information” if you choose to provide your skin tone preferences. Providing this information is completely optional, is collected only with your explicit and freely given consent, and is securely stored on our web servers for use in personalizing our correspondence with you via email or on site. Any information stored can be viewed on your account page. This information can be deleted using the same mechanism that it is provided to us in your account page or by emailing us at privacy@colourpop.com. Please do not submit other sensitive personal information about you to us.

We may also receive certain categories of personal information from third parties, such as partner companies involved in any joint promotions. Information we obtain from third parties will generally be your name and contact details.

What are the consequences of not providing personal information?

You are not required to provide all personal information identified in this Privacy Policy to use our website or to interact with us offline, but certain functionality will not be available if you do not provide certain personal information.  For example, we may not be able to respond to your requests, create an account for you, perform a transaction or enter into a contract, or provide you with marketing we believe you may find valuable.  

5.  Cookies

A cookie is a small string of information that a website that you visit transfers to your browser for identification purposes. Cookies can be used to follow your activity while using a website or across websites, and that information helps companies understand your preferences and tendencies, as well as improve and personalize your website experience. Some cookies are necessary to operate a website, while others can be functional, analytical, or used for targeted advertising (as discussed in more detail below). Cookies are data files which are sent from a website to a browser to record information about users for various purposes.

We use cookies and similar technologies on our website, including essential, functional, analytical and advertising cookies and web beacons. For further information on how we use cookies, please see our cookies policy which is available here: https://colourpop.com/pages/cookie-policy.

You can reject some or all of the cookies we use on or via our website by changing your browser settings or non-essential cookies by using our cookie control tool, but doing so can impair your ability to use our website or some or all of its features. For further information about cookies, including how to change your browser settings, please visit www.allaboutcookies.org or see our cookies policy.

Device Information

Similar to cookies, we may automatically collect certain information about the device you use to access the Site. For example, we may collect and analyze information such as IP addresses, geolocation information, unique device identifiers, browser types, browser language, operating system, the state or country from which you accessed the Site, and other information about your mobile phone or other device(s). In addition to analytical purposes, this information helps us diagnose problems with our server, administer the Site, and display the content according to your preferences.

Do Not Track

ColourPop respects your privacy, but we do not alter the information we collect or change the Site upon receiving “do-not-track” signals, as the term appears in Cal. Bus. & Prof. Code §§ 22575(b)(5). For more information about DNT signals, visit http://allaboutdnt.com.

6. Children's Privacy

The Site is not intended for users under the age of 16. We do not knowingly or intentionally gather personal information about visitors who are under the age of 16. If you are aware of, or suspect that, someone under the age of 16 is using the Site without permission, please notify us immediately by contacting us as detailed below. If you have questions or concerns about the Internet and privacy for your child, we encourage you to check out the FTC Guidelines for protecting your child’s privacy online.

7. How We Use Your Personal Information

We use the above categories of personal information for the following purposes:

Purpose of Use

Legal basis for processing

Categories of personal information

Perform transactions

- Necessary for legitimate interests

- Necessary for compliance with a legal obligation

- Necessary to perform a contract or to take steps at your request to enter into a contract

- Consent (where you have provided consent as appropriate under applicable law)

Personal details, Account information, Log information, Marketing information, Billing information

Respond to inquiries and messages we receive and keep records of correspondence

 

- Necessary for legitimate interests

- Necessary to perform a contract or to take steps at your request to enter into a contract

Personal details, Account information, Log information, Billing information, Communications you send us

Manage your accounts and generally facilitate the running and operation of our business.

 

- Necessary for legitimate interests

- Necessary for compliance with a legal obligation

 

Personal details, Account information, Log information, Marketing information, Billing information, Communications you send us, Visual information

Make our website more intuitive and easier to use and conduct research regarding opinion of customer services

- Necessary for legitimate interests

- Consent (where you have provided consent as appropriate under applicable law)

Personal details, Account information, Log information, Marketing information, Communications you send us, Visual information

Protect the security and effective functioning of our website and information technology systems. This includes analyzing log files to help identify and prevent unauthorized access to our network, the distribution of malicious code, denial of services attacks and other cyber attacks, by detecting unusual or suspicious activity.

- Necessary for legitimate interests

- Necessary for compliance with a legal obligation

Personal details, Account information, Billing information, Log information

Provide relevant marketing

- Necessary for legitimate interests

- Consent (where you have provided consent as appropriate under applicable law)

Personal details, Account information, Log information, Marketing information, Visual information

Address our compliance and legal obligations and exercise our legal rights

- Necessary for compliance with a legal obligation

Personal details, Account information, Log information, Marketing information, Billing information, Communications you send us


8. How We Share Your Personal Information

We may share personal information, for the purposes outlined above, with the following categories of recipients:

  • Group companies, including Seed Beauty, LLC and our affiliates.
  • Service providers: We share personal information with service providers, acting as data processors, to enable such parties to perform functions on our behalf and under our instructions in order to carry out the purposes identified above (e.g., information technology services, information storage, payment processing, fraud detection, marketing management and communications, customer service functions, statistical analysis). We require such parties by contract to provide reasonable security for personal information and to use and process such personal information only on our behalf, and in compliance with applicable law. A limited number of service providers will act as data controllers (e.g., fraud detection, statistical analysis) and will be contractually obligated to comply with applicable data protection laws, rules, and regulations.
  • Auditors, advisors, and financial institutions: We share personal information with auditors for the performance of audit functions, and with advisors for the provision of legal and other advice, and with financial institutions in connection with payment and other transactions.
  • Site visitors, such as when your profile name is chosen for display as part of the social media news feed on the Site;
  • Business reorganization: We may share personal information with any corporate purchaser or prospect to the extent permitted by law as part of any merger, acquisition, sale of company assets, or transition of service to another provider, as well as in the event of insolvency, bankruptcy, or receivership in which personal information would be transferred as an asset of Company.
  • Mandatory disclosures and legal rights: We may share personal information in order to comply with any subpoena, court order or other legal process, or other governmental request. We also share personal information to establish or protect our legal rights, property, or safety, or the rights, property, or safety of others, or to defend against legal claims or prevent fraud.

If you have questions about the parties with which we share personal information, please contact us as specified below.

9. Your Privacy Choices

At checkout and upon first arriving to the site you will have the option to receive marketing communications from us, by ticking a box indicating that you would like to receive such communications during checkout or at any time while browsing the site by entering your email address into our newsletter sign-up form.  You may sign-up for our e-newsletter on our website or opt-in to receive news, offers, or updates on out-of-stock items.

You have control regarding our use of your personal information for direct marketing.  If you no longer wish to receive any marketing communications, remain on a mailing list to which you previously subscribed, or receive any other marketing communication, you can choose to not receive such communications at any time.  Please follow the unsubscribe link in the relevant communication (e.g., ticking a box to opt-out, clicking “unsubscribe” in email from us, or replying STOP to a text message) or contact us as detailed below.

10. How We Store and Safeguard Your Information

We maintain reasonable technical and organizational measures to protect personal information from loss, misuse, alteration, or unintentional destruction. However, no security measure can guarantee against compromise. Except to the extent that liability cannot be excluded or limited due to applicable law, we assume no liability or responsibility for disclosure of your information due to errors in transmission, unauthorized third party access, or other causes beyond our control. 

You also have an important role in protecting your personal information. You should not share your username and password with anyone, and you should not re-use passwords across more than one website. If you have any reason to believe that your username or password has been compromised, please contact us as detailed below.

11. Additional Disclosures for California Residents

This section describes how we collect, use, process, and disclose personal information of California consumers and the rights you may have under California law. These disclosures are intended to supplement this Privacy Policy with information required by the California Consumer Privacy Act. We note that the definition of “personal information” in California is expanded to include information that identifies, relates to, or could reasonably be linked with a particular person or household.

To understand what personal information we may have collected about you in the past 12 months, and from where we collected it, please see the section The Information We Collect above.

We collect this personal information, as further described in the How We Use Your Personal Information section above, to operate, manage, and maintain our business, to provide our products and services, and to accomplish our business purposes and objectives.

We may share such personal information with the third parties listed in the above section How we share your personal information. California law also requires that we provide you with information about certain disclosures to such third parties, where the disclosure involves monetary or other consideration. California treats these disclosures are “sales” of information, even where no money is exchanged. Some of the disclosures we make constitute “sales” under California law and involve the disclosure of the following types of personal information:

  • Identifiers, such as contact information, IP address, and other online identifiers;
  • Personal information, as defined in the California customer records law, such as contact information;
  • Internet or network activity information, such as browsing history and interactions with our website; and
  • Geolocation data, such as IP location.

We do not sell, or have actual knowledge of any sale of, the personal information of minors under 16 years of age.

We also disclose the following personal information to third parties for our operational “business purposes” as defined by California law:

Identifiers, such as name, contact information, IP address and other online identifiers;

Service providers; Business reorganization; Group companies; Mandatory disclosures and legal rights

Personal information, as defined in the California customer records law, such as name and contact information, and payment card number;

Service providers; Auditors, advisors, and financial institutions; Business reorganization; Group companies; Mandatory disclosures and legal rights

Characteristics of protected classifications under California or federal law, such as skin tone or color;

Service providers; Business reorganization; Group companies

Commercial information, such as transaction information and purchase history;

Service providers; Auditors, advisors, and financial institutions; Group companies; Business reorganization, Mandatory disclosures and legal rights

Internet or network activity information, such as browsing history and interactions with our website;

Service providers; Business reorganization; Group companies; Mandatory disclosures and legal rights

Geolocation data, such as IP location;

Service providers; Business reorganization; Group companies; Mandatory disclosures and legal rights

Electronic and similar information; and

Service providers; Business reorganization; Group companies; Mandatory disclosures and legal rights

Inferences drawn from any of the personal information listed above to create a profile about, for example, an individual’s preferences and characteristics.

Service providers; Business reorganization; Group companies; Mandatory disclosures and legal rights

 

Your Rights

You have a right to notice, upon collection, of the categories of personal information collected and for which purposes the data will be used. You have the right to access a copy of the categories and specific pieces of personal information that the company collects, uses, and shares about you, and the right to ask the company to delete/anonymize your personal information, with limited exceptions.  You also have the right to opt-out of the “sale” of your personal information. Finally, you have the right to be free from discrimination for exercising your rights.

You may exercise your right to opt-out of data “sales” by managing your preferences here.

If you wish to exercise any of these other rights or have any questions or concerns regarding the processing of your personal information, please complete the applicable form; CCPA or GDPR.  You may also email us at privacy@colourpop.com. We will respond to your request consistent with applicable law.

Please note, however, before we will be able to process your request for access or deletion of personal information, we will need to properly verify your identity for security purposes. Where we possess appropriate information about you on file (e.g., name, phone number, email, or physical address), we will attempt to verify your identity using that information. We will be able to confirm the precise information we require to verify your identity in your specific circumstances if and when you make such a request.

To use an authorized agent to make a request on your behalf, you will need to directly confirm with us that you provided the authorized agent permission to submit the request, provide the company with signed permission for the authorized agent to act on your behalf, and you will need to verify your identity, directly with the company.

This CCPA Notice does not apply to our job applicants, employees, contractors, owners, directors, or officers where the personal information we collect about those individuals relates to their current, former, or potential role with us.

12. For Our European Users (including the United Kingdom)

International data transfer. 

We take steps to ensure that we handle your personal information subject to appropriate safeguards. As a US company, most of our operations are conducted in the United States and in order to provide the Site, personal information may be processed in the United States and Canada, where laws regarding processing of personal information may be less stringent than the laws in your country. We provide appropriate protections for cross-border transfers as required by applicable law for international data transfers. Where required by such laws, you may request a copy of the suitable safeguards we have in place by contacting us as detailed below.

Retention of your personal information. 

We typically retain personal information related to marketing activities for as long as you accept marketing communications from us, and no longer than six [6] years from your last contact with us. In any event, upon request, we will securely delete such data in accordance with applicable law.  For personal information that we collect and process for other purposes, as described above, we typically retain such personal information for no longer than the period necessary to fulfill the purposes outlined in this Privacy Policy, and as otherwise needed to address tax, corporate, compliance, employment, litigation, and other legal rights and obligations. 

Lawful bases for handling your data. 

Where required, we have several different legal grounds on which we collect and process your personal information for the purposes set out in the section above, How We Use Your Personal Information, including: (i) as may be necessary to perform a contract (such as when you choose to purchase ColourPop products); (ii) as necessary to comply with a legal obligation (such as when we use personal information for recordkeeping to substantiate tax liability); (iii) consent (where you have provided consent as appropriate under applicable law, such as for direct marketing or certain cookies); and (iv) as necessary for our legitimate interests (such as when we act to maintain our business generally, including maintaining the safety and security of the Site).

Automated decision-making.

We do not use automated decision-making without human intervention, including profiling, in a way that produces legal effects concerning you or that otherwise significantly affects you.

Your Rights

To the extent required under applicable law, you have the right of:

  • Access. You have the right to request a copy of the personal information we are processing about you, which we will provide to you in electronic form.
  • Rectification. You have the right to require that any incomplete or inaccurate personal information that we process about you is amended.
  • Deletion. You have the right to request that we delete personal information that we process about you, unless, for example, we are required to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
  • Restriction. You have the right to request that we restrict our processing of your personal information where: (i) you believe such data to be inaccurate; (ii) our processing is unlawful; or (iii) we no longer need to process such data for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not want us to delete it. 
  • Portability. You have the right to request that we transmit the personal information we hold with respect to you to another data controller.
  • Objection. Where the legal justification for our processing of your personal information is our legitimate interest, you have the right to object to such processing on grounds relating to your situation (e.g., direct marketing).  We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defense of a legal claim.
  • Withdrawing Consent.  If you have consented to our processing of your personal information, you have the right to withdraw your consent at any time, free of charge. Please note that if you withdraw your consent, this will not affect the lawfulness of our use and processing of your information on the basis of your consent before the point in time when you withdraw your consent.

Some rights may be limited, and we may need to retain certain personal information, as required or permitted by applicable law. To inquire about or exercise the rights listed above, at any time, contact us at privacy@colourpop.com with the subject line “Privacy” so that we can get your email to the right team, or log-in to your account. We will respond to your request consistent with applicable law.

If you feel that your request or concern was not satisfactorily resolved by us, you have the right to lodge a complaint with your local data protection authority.

More on the right to object

You may exercise your right to object to us using or processing your information for direct marketing purposes by: clicking the unsubscribe link contained at the bottom of any marketing email we send to you and following the instructions which appear in your browser following your clicking on that link.

For more information on how to object to our use of information collected from cookies and similar technologies, please see the section entitled How to accept or reject cookies in our cookies policy, which is available here: https://colourpop.com/pages/cookie-policy, or manage your settings below.

Your consent applies to the following domains: colourpop.com
Your current state: Allow all cookies (Necessary, Preferences, Statistics, Marketing). 
Your consent ID: OMHLiq71papjJp53JwIUCsZGIl4foo+OE56w6m3NxKcGBd1xiT9JFg==

change your consent  |  withdraw your consent

Some rights may be limited, and we may need to retain certain personal information, as required or permitted by applicable law. Please contact us, as detailed below, for more information about your rights or to make a request to exercise your rights, as applicable. We will respond to your request consistent with applicable law.

European GDPR Representative: 

To comply with Article 27 of the GDPR, we have appointed a representative which can accept communications on behalf of Seed Beauty, in relation to personal data processing activities falling within the scope of the GDPR. If you wish to contact them, their details are as follows:

Bird & Bird GDPR Representative Services SRL
Avenue Louise 235
1050 Bruxelles
Belgium

Email address:

EURepresentative.SeedBeauty@twobirds.com

13. For Our Canadian Users

We retain Personal Information for as long as you have an account with us in order to meet our contractual obligations to you and for seven years after that and/or purchase of services to identify any issues and resolve any potential legal proceedings.

Please contact us at privacy@colourpop.com:

  • If you wish to access, update, and/or correct inaccuracies in your Personal Information or change your consent preferences (note: we may need to collect additional Personal Information for the purposes of verifying your identity before responding to your request);
  • For information about how our foreign-based service providers process your Personal Information; or

If you have any questions or complaints about the manner in which we treat your Personal Information.

15. Contact Us

If you have questions or comments regarding this Privacy Policy or our privacy practices, please contact us in writing by using our online contact form; CCPA or GDPR, or by sending an email to privacy@colourpop.com.

For Residents of the EEA: The data controller in respect of our website is ColourPop Cosmetics, LLC of 1400 Stellar Dr. Oxnard, CA 93033. You can contact the data controller by writing to ColourPop Cosmetics, LLC C/O Data Controller 1400 Stellar Dr. Oxnard, CA 93033 or sending an email to privacy@colourpop.com.

For California Residents: If you wish to exercise any of your rights or have any questions or concerns regarding the processing of your personal information, please submit a request using the CCPA form, or email us at privacy@colourpop.com. We will respond to your request consistent with applicable law.