Last Updated: June 26, 2023
This Privacy Policy describes how Kosas Cosmetics, LLC, a Delaware limited liability company, and our brands, affiliates and subsidiaries (“Kosas” or “us”) collect, use, process, and disclose Personal Information about you. This policy applies to Personal Information we collect when you use our websites, apps, shop in our online stores or otherwise interact with us as described below (collectively, the “Site”). We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy, and in some cases, we may provide you with additional notice (such as adding a statement to the Site or sending you an email notification). We encourage you to review the Privacy Policy whenever you interact with us to stay informed about our information and data privacy practices. Capitalized terms not defined herein shall have the meanings ascribed thereto in our Terms of Use.
Depending on where you reside, you may have certain data privacy rights. California residents may access the Notice of Collection of Personal Information and Privacy Policy with further information and rights required by the California Privacy Rights Act (“CPRA”) below. European Union and United Kingdom residents may access the Notice of Collection of Personal Information and Privacy Policy with further information and rights required by the U.K. and E.U. General Data Protection Regulations (“GDPR”) below.
Acceptance Of These Terms
By using this Site, providing us with Personal Information, or purchasing our products, you consent to the collection, use, processing and disclosure of your Personal Information as set forth in this policy, as it may be updated from time to time. If you do not agree to this Privacy Policy and our Terms of Service, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.
Personal Information
“Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an identified or identifiable natural person. Personal Information does not include publicly available information or information that is de-identified or aggregate consumer information.
Collection Of Personal Information
Information You Provide to Us. We collect information that you voluntarily provide directly to us. For example, we collect Personal Information when you use our Site, shop in our online store, call us on the phone, create an online account, join our loyalty program, sign up to receive our emails, opt-in to our text marketing and notifications program, request information on our products, participate in a sweepstakes, contest, promotion, review, quiz or survey, request customer support, provide us with a photograph to help with your cosmetic selections, or otherwise communicate with us. The types of Personal Information we may collect include your name, email address, zip code, billing address, shipping address, phone number, payment card information, product preferences, demographic information, birthday and any other information you choose to provide. In some cases, we may also collect information you provide about others, such as when you purchase a gift card for someone or share a credit and request that we deliver it electronically, create and share a “wish list,” or decide to purchase and ship products to someone. We will use this information to fulfill your requests and may also use that information to send marketing and other communications to your contact. You may opt out of marketing communications from Kosas at any time by contacting us at the contact information below or clicking the unsubscribe link on the communication. When you provide us with Personal Information to send gifts or provide credits to another individual, you agree that you have the consent of the individual to provide us with that individual’s information for these purposes.
Information We Collect Automatically. We automatically collect certain information about you when you access or use our Site or transact business with us, that may include: (i) information about your use of our Site, such as the type of browser you use, access times, pages viewed, your IP address, your network connection and the referring link through which you accessed our websites; (ii) information about the transaction, such as product details and the date and location of the purchase/return; and (iii) we may use cookies, web beacons, pixels and other similar tracking technologies to collect information about you when you interact with our Site, including information about your browsing and purchasing behavior. We may combine this information with other information we collect about you and use it for various purposes, such as improving our Site and your online experience, understanding which areas and features of our Site are popular, counting visits, understanding marketing campaign effectiveness, determining whether your purchase was completed, tailoring our communications and advertising to you, determining whether an email has been opened and links within the email have been clicked and for other internal business purposes.
Retention and Transfer of Personal Information. We retain Personal Information that you provide us for the length of the customer relationship, or as needed to fulfill the purpose for which you provided the information, comply with our legal obligations, resolve disputes and enforce our agreements, including retaining your Personal Information for the length of applicable statutory limitations periods. You may request to delete your Personal Information from our information systems by contacting us at the contact information below. Personal Information may be transferred and stored to secure servers in the United States. All debit or credit card transactions are processed by our debit or credit card processing payment vendors. We do not collect, store or maintain any credit card or debit card information on or through our Site after the transaction is processed and verified. Instead, it is transiently collected, disclosed to and processed through these payment vendors using their platforms. If you elect to use Catch to process your payment, all information you provide to Catch is controlled by Catch, and subject to Catch’s privacy and other policies. This Privacy Policy does not apply to any Personal Information you choose to provide to Catch.
Use Of Personal Information
We may use Personal Information about you for various business purposes, including to: (i) facilitate and improve your online shopping experience; (ii) provide the products and services you request, process transactions and send you related information, including confirmations and receipts; (iii) respond to your comments, questions and requests and provide customer service; (iv) communicate with you about products, services, checkout reminders, webhooks, offers, promotions, rewards and events and provide news and information we think will be of interest to you, including via text message if you opt-in to the Kosas text message program; (v) manage your online account(s) and send you technical notices, updates, security alerts and support and administrative messages; (vi) personalize your online experience and provide advertisements, content or features that match your profile and interests; (vii) monitor and analyze trends, usage and activities on our Site; (viii) process and deliver contest, promotion and sweepstakes entries and rewards; (ix) link or combine with information we get from others to help understand your needs, provide you with better service and monitor our advertising campaign effectiveness; and (x) carry out any other purposes for which the information was collected. We are based in the United States and the information we collect is governed by U.S. law. By accessing or using our Site or otherwise providing information to us, you consent to the processing and transfer of information in and to the U.S. and other countries.
Text marketing (if applicable): With your permission, we may send text messages about our store, new products, and other updates. Updates include Checkout Reminders. Webhooks will be used to trigger the Checkout Reminders messaging system.
Disclosure of Personal Information
We may disclose Personal Information about you as follows: (i) with our consultants, contractors and other service providers who need access to such information to carry out work on our behalf; (ii) to third party advertisers and other outside organizations; (iii) in response to a request for information if we believe disclosure is in accordance with any applicable law, regulation or legal process or as otherwise required by any applicable law, rule or regulation; (iv) if we believe your actions are inconsistent with our user agreements, terms of service or policies, or to protect the rights, property and safety of us or any third party; (v) in connection with, or during negotiations of, any merger, sale of company assets, financing or transfer of all or a portion of our business to another company; or (vi) with your consent or at your direction. For example, if you view a video on our Site, otherwise click on webpages or interact with our Site, or chat with us, you consent to your Personal Information being shared with the outside organizations we use to enable videos, analyze Site usage or to provide a chat feature on our Site. We may also disclose aggregated or de-identified information, which cannot reasonably be used to identify you.
Advertising and Analytics
We engage third parties to serve advertisements on our behalf across the Internet and to provide analytics services. These entities may use cookies, web beacons, pixels and other similar tracking technologies to collect information about your use of our Site, such as your IP address, web browser, pages viewed, time spent on pages, links clicked and conversion information. This information may be used by us and these third parties to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our Site and other websites and better understand your online activity. We may also work with third parties to serve ads to you as part of a customized campaign on other websites or platforms.
Cookies
We use functional and performance cookies to provide for the best user experience and improve our Site. We, as well as third parties, also use tracking cookies and similar technology on our Site to show you customized advertisements and offers on our Site, as well as on third party websites and apps. Most web browsers are set to accept cookies by default. If you prefer, you can usually set your browser to remove or reject certain cookies. Please note that if you choose to remove or reject functional cookies, this could affect the availability and functionality of our websites.
We will only lodge non-essential cookies, such as targeting, performance and functional cookies, with your consent if you reside in California, Virginia, EEA, UK, Brazil, Thailand, Japan or Canada. We currently recognize Global Privacy Controls or Do Not Track signals as to advertising/targeting cookies if you access our website from a computer located in one of these geographic areas.
Links To 3rd Party Websites
Our Site may contain links to other websites. Our Privacy Policy does not apply to the practices of other websites and Kosas is not responsible for the actions and privacy policies of third parties. We encourage you to be aware of when you leave our Site and to read the privacy policies of each website that you visit. For example, when you establish an account with a social media, a payment processor or other company, the collection and use of your information is governed by the third party’s terms and conditions.
Security
We take commercially reasonable risk-based measures to help protect information about you and others from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. We use reasonable organizational, procedural, and technical safeguards to secure data in our possession, consistent with the sensitivity level of such data. Regardless of the precautions we take, no transmission of data over the internet is guaranteed to be completely secure. It may be possible for third parties not under our control to intercept or access transmissions or private communications unlawfully. While we use reasonable measures to protect Personal Information, we cannot ensure or warrant the security of any information you transmit to us.
Your choices regarding your Personal Information
You have choices about how we use your Personal Information to communicate with you and send you marketing information. You can opt out from receiving future marketing communications from us at any time by:
- Using the unsubscribe function in the email or marketing information you receive from us; or
- Contacting us as set forth under “How to Contact us” below.
In addition, you have choices available to you through the device or browser you use to access the Site regarding your cookies and other browser settings. For information about privacy settings on your browser, see, for example, Google Chrome. You may also change the settings on your mobile device, which lets you choose how and whether your location is shared with us. See, for example, Apple.
Other Data Protection Rights
Depending on where you reside, under certain international data privacy laws, including the General Data Protection Regulation (GDPR), the Personal Information Protection and Electronic Documents Act (PIPEDA), and/or the Protection of Personal Information (APPI), you may have one or more of the following data protection rights or similar rights:
- To access, correct, update or request deletion of Personal Information. We take reasonable steps to ensure that the data we collect is reliable for its intended use, accurate, complete and up to date. If you are a registered user, you can manage many of your individual account and profile settings within your account provided through the Site, or you may contact us directly by emailing us at letschat@kosasus.com or through the applicable link below. We will consider your request in accordance with applicable laws.
- In addition, individuals who are residents of the European Economic Area (“EEA”) or U.K. can object to processing of their Personal Data, ask to restrict processing of their Personal Information or request portability of their Personal Information. You can exercise these rights by contacting us at letschat@kosasus.com or clicking the applicable link below.
- Similarly, if Personal Information is collected or processed on the basis of consent you can withdraw consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.
- EEA residents have the right to complain to a data protection authority about the collection and use of Personal Data. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA are available on the ec.europa.eu website.
For further information and requests under GDPR, please view our GDPR page, and see the Notice of Collection of Personal Information and Privacy Policy with further information and rights required by the U.K. and E.U. General Data Protection Regulations (“GDPR”) below
For further information and requests under PIPEDA, please view our PIPEDA page.
For further information and requests under APPI, please view our APPI page.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection law. We may ask you to verify your identity (generally through an email address) in order to help us respond efficiently to your request.
Children
We do not knowingly collect or use any Personal Information from children under the age of 13. We do not sell products for purchase by children and all children’s products we sell are for purchase by adults only. Our Site is not intended for use by children under 13 years of age. No one under age 13 may provide any information to us through the Site. We have no actual knowledge that we sell or share the personal information of any children under 13 years of age. If you are under 13, do not access, use or provide any information on the Site or on or through any of its features. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us.
How to Contact Us
If you have any questions about this Privacy Policy, the practices of this Site, or your dealings with this Site, please contact us at: (i) by mail at Kosas Cosmetics, LLC, 137 N Larchmont Bl #457, Los Angeles, CA 90004 USA; or (ii) by email at letschat@kosasus.com. CCPA Rights request can also contact us via phone at 1-844-559-0003.
- KOSAS NOTICE OF COLLECTION OF PERSONAL INFORMATION AND PRIVACY POLICY UNDER THE CALIFORNIA PRIVACY RIGHTS ACT (CPRA)
Last Updated: June 26, 2023
Kosas is committed to maintaining the privacy and security of your Personal Information in compliance with California law and our Privacy Policy.
This Notice of Collection Of Personal Information and Privacy Policy (“CPRA Privacy Notice”) applies to the collection of Personal Information from California residents on and after January 1, 2023. This CPRA Privacy Notice supplements our “Privacy Policy” set forth above to provide California residents with information and rights required by the California Privacy Rights Act (“CPRA”). The CPRA Privacy Notice applies only to individuals residing in the State of California who are considered “consumers” under the CPRA and from whom we collect “Personal Information” as described in the CPRA.
This CPRA Privacy Notice describes the types and categories of Personal Information we collect, the business purposes for which we collect, use, store, disclose and share your Personal Information, with whom we share it, and your rights in Personal Information under the CPRA. We “share” your Personal Information with third party advertisers for cross-context behavioral advertising within the meaning of the CPRA (i.e., targeting of advertising based on Personal Information obtained across businesses, websites, applications or services, other than the Company’s website or services). We do not sell your Personal Information.
For purposes of this CPRA Privacy Notice, we refer to Personal Information according to the following definition given in the CPRA: “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. Personal Information does not include publicly available information, information that is de-identified or aggregate consumer information, or information or rights that are outside the scope of the CPRA.
By accessing our Site or social media pages, submitting Personal Information to us, communicating with us, or purchasing our products, you consent to the collection, use, processing, sharing and disclosure of such information as set forth in this CPRA Privacy Notice, as it may be updated from time to time. To opt out of sharing of your Personal Information with third parties, you may access our “California Notice of Right to Opt Out of Sale or Sharing” link. https://kosasus.com/pages/do-not-sell-my-personal-information
What categories of Personal Information do we collect about you?
- We may collect Personal Information from you in various ways including:
- when you provide us with information (e.g., through your communications with us by email, chat, or telephone);
- when you communicate with us concerning our products;
- when you purchase one of our products; and
- through automated means when you use our Site including by use of “cookies,” pixels and other similar tracking technologies.
We collect the following categories of Personal Information. This table also sets out Personal Information we may have collected over the last twelve (12) months:
Categories | Examples | Share with Third Parties |
---|---|---|
A. Identifiers | This information may include your name and contact details (including mailing addresses, telephone numbers, email addresses, IP address, browser or device identifier, and other identifying information you provide to us). For example, we may collect your name and email address when you join our mailing list to receive information on our Products or to receive discounts. | Yes |
B. Customer Information under California Civil Code §1798.80(e) | This information comprises any information that identifies, relates to, describes or is reasonably capable of being associated with you or your household in our records. Examples include your orders and payment related information that we use to charge for our Products, including debit or credit card numbers. All debit or credit card transactions are processed by our debit or credit card processing payment vendors. We do not collect, store or maintain any credit card or debit card information on or through our website after the transaction is processed and verified. Instead, it is transiently collected, disclosed to and processed through these payment vendors using their platforms. Your credit or debit card information will be stored with our payment vendors if you elect our subscription services so that we may periodically charge your card according to the subscription period you elected. We do not disclose your credit or debit card information with any vendors, other than our payment vendors. Some Personal Information in this category may overlap with other categories. | Yes |
C. Commercial Information | This category includes information concerning the Products you purchased and your purchasing history and tendencies. | Yes |
D. Internet and other electronic history | This category comprises electronic information concerning your use of the Site. This information may include information we automatically collect as you browse the Site, including your IP address, device type or client/user identifier, browser type/identifier, operating system, pages visited, network connection, UTM parameters, and other similar information. We may use services provided by third parties using third party cookies or tracking technology to provide us with information concerning your website activity and market products to you. We may collect information concerning your website usage through cookies and pixels. | Yes |
E. Geolocation data. | We may determine your approximate geographic location through your IP address. We use this information to show you nearby stores selling our Products. | Yes |
F. Inferences drawn from information you provide to create a personal profile concerning your consumer preferences, characteristics, predispositions, behavior, and attitudes | We may accumulate the information you provide to develop a consumer profile concerning your behavior and interests, including for our marketing and advertising purposes, and to improve our Products. | Yes |
We do not collect sensitive Personal Information for purposes of inferring characteristics.
Retention Periods
We retain your Personal Information for the length of the customer relationship, plus the length of applicable statutory limitations periods, or as necessary to fulfill the purposes set out in this disclosure or as required by applicable law. Internet and geolocation data is generally retained for as long as one year.
Our Business Reasons For Collecting And Using Your Personal Information
Depending on the individual circumstances, we collect and use Personal Information for the legitimate business purposes of Kosas. These purposes include to provide you with products, to fulfill the purpose for which you provided us with your Personal Information, to communicate with you, to perform on a contract between you and the Company, to market our products to you, to process payment and shipping and for account management, to improve the functionality and effectiveness of our Site, to gauge the effectiveness of our marketing, to protect the security of our Site, to protect against fraud, and to comply with applicable law, rules or regulations.
What are our categories of sources of personal information
The Company collects personal information from the following categories of sources:
- directly from you;
- service providers providing services on our behalf. We require our service providers who we provide your Personal Information to in order to provide services to maintain the privacy and security of your Personal Information (this category includes for example, our ecommerce platform providers); and
- third parties, including advertisers.
Who we disclose or share your Personal Information with
We do not sell your Personal Information to third parties.
With your consent, we do share your Personal Information with third party advertising vendors for cross-contextual behavioral advertising purposes. We use information from cookies and tracking technologies (e.g., pixels, web beacons) in order to improve and customize your browsing experience, for analytics and metrics about your visits to our Site (e.g. the information concerning the length of your visit to our Site, where your visit originated from) and for marketing our products to you. Other cookies are necessary for the Site to function properly or enhance the Site’s performance and functionality.
Third party advertising vendors use cookies and other technologies to serve ads based on your visits to the Site. Those third party cookies enable those advertisers to serve ads to our users based on previous visits to our Site and other sites on the Internet. These technologies are able to link your other Internet activity with our Site for purposes of providing you with advertising that you may be interested in.
If you do not want your Personal Information shared for advertising purposes, including through third party cookies placed in your browser or other tracking technologies, please see our “California Notice of Right to Opt Out of Sale or Sharing.” https://kosasus.com/pages/do-not-sell-my-personal-information. We also recognize Global Privacy Controls (“GPCs”) if you access our Site from a computer we identify as located in California.
You may also be able permit or limit certain types of cookies by changing the settings on your browser. Please consult your Internet browser’s documentation for information on how to do this. However, if you decide not to accept functional cookies through your browser settings, the Site may not function properly and some features may not work as they were intended.
If you wish at any time to change your cookie preferences with our Site, you may do so by viewing our Cookie Consent and Declaration page. https://kosasus.com/pages/cookie-consent-and-declaration
In some instances we may retain other companies and individuals to perform functions on our behalf as service providers or contractors, including, but not limited to, Information Technology and software providers, shipping or direct mail organizations, credit and debit card, website analytics providers, and payment processing companies, and e-commerce and web hosting platforms. Such service providers or contractors may be provided with access to your Personal Information to perform the functions for which they have been retained. For example, if you view a video on our Site, you consent to your Personal Information being shared with the outside organization we use to enable videos on our Site. Similarly, if you chat with us or fill out contact forms, you consent to your Personal Information being shared with the outside organizations we use to provide a chat and form features on our Site. We require our contractors and service providers, who provide services on our behalf (such as our e-commerce platform) to maintain the privacy and security of your Personal Information.
We may disclose any information, including Personal Information, we deem necessary, in our sole discretion, to comply with any applicable law, regulation, legal process or governmental request, to protect ourselves from fraudulent or illegal activity, and to defend against legal claims.
In the past twelve (12) months, depending on the individual circumstances, we have “shared” the categories of personal information collected in Categories [A-F] with the following categories of third parties: advertisers.
In the past twelve (12) months, depending on the individual circumstances, we have not disclosed the categories of Personal Information collected in Categories [A-F] with outside organizations or entities who are not service providers or contractors providing services on our behalf, except where required by law.
Your rights regarding your personal information
Under the California Privacy Rights Act, you have the following rights in Personal Information held by us:
- You have the right to request that the Company disclose the Personal Information that the Company collects, uses and discloses about you. You may “request to know”: (i) the categories of Personal Information that the Company has collected about you; (ii) the categories of sources from which the Personal Information is collected; (iii) the business or commercial purpose for collecting or sharing your Personal Information; (iv) whether any categories of Personal Information were disclosed for a business purpose to third parties and the categories of third parties with whom the Company discloses your Personal Information; and (v) the specific pieces of personal information that the Company has collected about you. Your request may pertain to the Personal Information collected about you on or after January 1, 2022. If your request covers a time period beyond twelve [12] months from the date of your request, the Company may deny your request as to that time period where it would be impossible for the Company to provide you with the information or involve disproportionate effort. The Company may deny your request to search for certain information under certain circumstances (e.g., where the Company retains the information solely for legal and compliance purposes).
- You have the right under certain circumstances to receive specific pieces of your Personal Information in a format that is understandable, and to the extent technically feasible, in a structured, commonly used, machine readable format that allows you to transmit the information to another entity.
- You have the right to correct inaccurate Personal Information.
- You have the right to request deletion of Personal Information under certain circumstances. For example, we may not be required to delete Personal Information if we need to retain the information to complete the transaction for which the Personal Information was collected, perform on a contract with us, or to comply with a legal obligation. In addition, we may delay deletion with respect to data stored on an archived or backup system, until the archived or backup system relating to that data is restored to an active system or next accessed or used for a sale, disclosure, or commercial purpose.
- You have the right to know what information is shared with third parties, and to whom and to opt out of sharing. We do not sell your Personal Information.
- You have the right not to receive discriminatory or retaliatory treatment for the exercise of any of these rights. We will not discriminate or retaliate against you or refuse to provide you Products or Services because you have exercised your rights.
You may submit verifiable requests concerning any of your rights by contacting us by e-mail to letschat@kosasus.com, by mail at the address below or by telephoning us at 1-844-559-0003. We will use reasonable methods for verifying that the person making a request to know, data portability, request to correct or a request to delete is the individual about whom we have collected Personal Information.
This may involve, depending on the nature of the request, confirming that the email address provided corresponds with our records concerning the individual. Additional reasonable measures may also be required to verify the identity of the person making the request depending on the circumstances. For requests to delete made electronically, you may be required to submit the request to delete, and then separately confirm that you want your personal information deleted. We will maintain a record of your request to delete. To the extent that you wish to use an authorized agent to make requests concerning the rights set forth above, you will need to provide us either with a power of attorney or, alternatively, with signed authorization to communicate with your authorized agent, and directly confirm that you provided the authorized agent with permission to submit the request.
We will (i) confirm receipt of requests to know, data portability, to correct inaccurate information or to delete within ten [10] business days of the request; and (ii) generally respond to requests to know, data portability, to correct inaccurate information or to delete within forty-five [45] calendar days of the request. If we need additional time to respond to your request beyond the forty-five [45] calendar days, we will provide you with notice explaining the reasons we need more time, and we will then take up to an additional forty-five [45] calendar days to respond to your request.
Reasonable Safeguards To Protect Your Personal Information
We are committed to maintaining the security of your Personal Information in compliance with all applicable laws and our policy. We take commercially reasonable steps to protect personal information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction.
Access By Persons With Disabilities
Persons with disabilities who need assistance accessing this CPRA Privacy Notice may contact us as provided for above, and depending on your individual needs, the Company will grant reasonable requests to furnish this policy in an alternative format.
Children
We do not sell any Personal Information, including the personal information of minors under 16 years of age.
Notice of Financial Incentive to California Consumers
We may, at times, offer you various financial incentives such as loyalty programs, discounts and special offers when you provide us with contact information and identifiers such as your name and email address. When you sign-up for our loyalty program, email list or other discounts and special offers, you opt-in to a financial incentive. You may withdraw from a financial incentive at any time by opting out from our email or closing your loyalty member account, or contacting us at the contact information below. Generally, we do not assign monetary or other value to Personal Information, however, California law requires that we assign such value in the context of financial incentives. In such context, the value of the Personal Information is related to the estimated cost of providing the associated financial incentive(s) for which the information was collected.
California Shine the Light Law/Online Privacy Protection Act
California Civil Code §1798.83 provides that California residents may request certain information concerning the disclosure of Personal Information to third parties for direct marketing purposes. If you permit us to share your Personal Information, such third parties may serve you content based on tracking you across different websites. Pursuant to California Business Code §§22575-22579, you may review and request changes to any of your personal information that we have collected. Should you wish to request this information or exercise these rights, please reach us at the contact information provided below.
Revisions to This CPRA Privacy Notice
We may update this CPRA Privacy Notice at any time, by posting the amended version on this Site including the effective date of the updated version. By accessing the Site or purchasing products after we make any such changes to this CPRA Privacy Notice, you are deemed to have accepted such changes. Please check this CPRA Privacy Notice regularly, and before you submit additional Personal Information via the Site.
Contact Us
If you have questions or comments regarding this CPRA Notice and Privacy Policy or if you would like to exercise your rights, please contact us at:
Mail: Kosas Cosmetics, LLC, 137 N Larchmont Bl #457, Los Angeles, CA 90004 USA
Email: letschat@kosasus.com
Telephone: 1-844-559-0003
Last Updated: June 26, 2023
This Notice of Collection of Personal Data and Privacy Policy (“GDPR Privacy Notice”) applies to the collection of Personal Data from residents of the European Union and United Kingdom. This GDPR Policy Notice supplements our “Privacy Policy” above to provide European Union and United Kingdom residents with information and rights required by the General Data Protection Regulation (“GDPR”).
This GDPR Privacy Notice describes the types and categories of Personal Data we collect, the business purposes for which we collect and process your Personal Data, to whom we disclose it, the lawful basis for processing and your rights in Personal Data under the GDPR.
For purposes of this GDPR Privacy Notice, we refer to Personal Data according to the following definition given in the GDPR: “Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
When we refer to “processing” in this GDPR Privacy Notice, we mean any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
By submitting Personal Data to us, or purchasing our products or using our Site, or communicating with us, you consent to the collection, use, processing and disclosure of such information as set forth in this GDPR Privacy Notice, as it may be updated from time to time.
What categories of Personal Data do we collect about you?
- We may collect Personal Data from you in various ways including:
- when you provide us with information (e.g., through your communications with us by email or telephone or through our Site);
- when you communicate with us concerning our products;
- purchase one of our products; and
- through automated means when you use our website including by use of “cookies” and other similar tracking technologies.
We collect the following categories of Personal Data:
- Identifiers: this information may include your name and contact details (including mailing addresses, telephone numbers, email addresses, IP address, browser identifier, geolocation data and other identifying information you provide to us). For example, we may collect your name and email address when you join our mailing list to receive information on our products.
- Customer Information: this information comprises any information that identifies, relates to, describes or is reasonably capable of being associated with you or your household in our records.
Special Categories of Personal Data: This includes demographic information, such as age, race, gender or ethnicity, or medical information related to our products, that you may voluntarily provide to us. (Note, we never request or require that you provide us with any special categories of Personal Data. If you decide to disclose this information to us, we may maintain a copy of the communication for the purposes for which you provided the information to us (e.g., to answer your cosmetics question, resolve a complaint, make a refund).
- Internet and other electronic history: this category comprises electronic information concerning your use of the Site. This information may include information we automatically collect as you browse the Site, including your IP address, device type or client/user identifier, browser type/identifier, operating system, pages visited, links you clicked to access our Site and other similar information. We use first party cookies and services provided by third parties using third party cookies or tracking technology to provide us with information concerning your website activity and to provide you with advertising. We use information from cookies and tracking technologies (e.g., pixels, web beacons) in order to improve and customize your browsing experience, for analytics and metrics about your visits to our Site (e.g. the information concerning the length of your visit to our Site, where your visit originated from) and for marketing our products to you. Other cookies are necessary for the Site to function properly or enhance the Site’s performance and functionality.
- If you click “Accept” to the cookie banner, you consent to all cookies, including third party cookies. You may click “Decline” if you do not want cookies placed in your browser. You may change your preferences on our Site by viewing our Cookie Policy page. https://kosas.com/pages/cookie-policy You may also consult your Internet browser’s documentation for information on how to change your browser’s settings. However, if you decide not to accept essential or functional cookies, the Site may not function properly and some features may not work as they were intended.
- Geolocation data: we may determine your approximate geographic location through your IP address in order to market our products at physical locations, such as retailers, that are nearby to you. Geolocation information is provided to us for use for marketing purposes based on third party marketers and e-commerce platforms that monitor usage of our Site. If you do not want us to collect geolocation data, you may change the settings on your mobile device, which lets you choose how and whether your location is shared with us.
Our Business Reasons For Collecting And Processing Your Personal Data
We collect and process Personal Data for the legitimate business purposes of Kosas. These purposes include to provide you with products, to fulfill the purpose for which you provided us with your Personal Data, to communicate with you, to perform on a contract between you and the Company, to market our products to you, to process payment and shipping and for account management, to improve the functionality and effectiveness of our Site, to gauge the effectiveness of our advertising, to protect the security of our Site, to protect against fraud, and to comply with applicable law, rules or regulations.
Who we disclose or share your Personal Data with
We do not sell your Personal Data to third parties.
With your consent, we do lodge non-essential cookies and share your Personal Information with third party advertising vendors for cross-contextual behavioral advertising purposes. We use information from cookies and tracking technologies (e.g., pixels, web beacons) in order to improve and customize your browsing experience, for analytics and metrics about your visits to our Site (e.g. the information concerning the length of your visit to our Site, where your visit originated from) and for marketing our products to you. Other cookies are necessary for the Site to function properly or enhance the Site’s performance and functionality.
Third party advertising vendors use cookies and other technologies to serve ads based on your visits to the Site. Those third party cookies enable those advertisers to serve ads to our users based on previous visits to our Site and other sites on the Internet. These technologies are able to link your other Internet activity with our Site for purposes of providing you with advertising that you may be interested in.
If you do not want your personal information shared for advertising purposes, including through third party cookies placed in your browser or other tracking technologies, please view our GDPR compliance page. https://kosasus.com/pages/gdpr-compliance We also recognize Global Privacy Controls (“GPCs”) if you access our Site from a computer that we identify as being located in the U.K. or EEA.
You may also be able permit or limit certain types of cookies by changing the settings on your browser. Please consult your Internet browser’s documentation for information on how to do this. However, if you decide not to accept essential or functional cookies through your browser settings, the Site may not function properly and some features may not work as they were intended.
In some instances we may retain other companies and individuals to perform functions on our behalf as service providers or contractors, including, but not limited to, Information Technology and software providers, shipping or direct mail organizations, credit and debit card, and payment processing companies, web analytics providers, and e-commerce and web hosting platforms. Such service providers or contractors may be provided with access to your personal information to perform the functions for which they have been retained. We require our contractors and service providers, who provide services on our behalf (such as our e-commerce platform) to maintain the privacy and security of your personal information.
We may disclose any information, including Personal Information, we deem necessary, in our sole discretion, to comply with any applicable law, regulation, legal process or governmental request, to protect ourselves from fraudulent or illegal activity, and to defend against legal claims.
What are Kosas’s lawful basis for processing your Personal Data
Kosas is committed to processing Personal Data only where there is a lawful basis:
- where you have given consent to the processing of your Personal Data for one or more specific purposes. Where the sole basis for our use of the Personal Data is your consent, you have the right to withdraw your consent at any time;
- where processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
- where processing is necessary for compliance with a legal obligation to which Kosas is subject;
- where processing is necessary for the purposes of the legitimate interests pursued by Kosas or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of Personal Data. Kosas’s legitimate interests are to effectively manage our business and customers, market, sell and deliver our products, including providing you with advertising content and opportunities, manage your account, improve our services and products, maintain the security of our Site, and comply with our legal obligations.
- processing of special category Personal Data shall only occur where you have given explicit consent to the processing of the Personal Data for one or more specified purposes or where permitted by applicable law. (Note, that we do not ever request or require that you provide us with special category data)
Your rights regarding your Personal Data
Under the GDPR, you have the following rights in Personal Data held by us:
- the right to access your Personal Data and request certain information concerning our use of your Personal Data, such as an explanation of the purpose of the processing, categories of Personal Data processed and disclosure of outside organizations to who Kosas has disclosed your Personal Data;
- the right to rectify inaccuracies in your Personal Data or to ensure that it remains up to date;
- the right to erasure of your Personal Data under certain circumstances. For example, you may request erasure if the data is no longer needed in connection with the reasons it was collected or processed or if you withdraw your consent to further processing. Kosas may deny your request where it is required or permitted by law to retain your Personal Data or when we need to retain your information in connection with the exercise or defense of legal claims;
- right to restrict processing where you contest the accuracy of the data in order to permit time to rectify the inaccuracies and in other circumstances;
- the right to data portability by requesting a copy be provided in a structured, commonly used and machine-readable format and/or requesting that Kosas transmit your Personal Data to a third party where technically feasible;
- the right to object to our use of your Personal Data where you contest that the processing is necessary for the purposes of Kosas’s legitimate interests. Kosas may deny your request because it has compelling legitimate business interests or in connection with the exercise or defense of legal claims. You also have the right to advise us at any time that you no longer wish to receive direct marketing materials from Kosas and we will no longer use your Personal Data for marketing purposes; and
- the right to bring a complaint before the applicable governmental privacy regulator. Contact details for data protection authorities in the EEA are available on the ec.europa.eu website
We will take action on your requests concerning any of your rights without undue delay and in any event within one month of receipt of the request. We may extend that time period by two further months where necessary, taking into account the complexity and number of the requests. If we need more time, we will inform you of any such extension within one month of receipt of the request, together with the reasons we need more time. The information you requested shall be provided by electronic means where possible, unless you request otherwise.
In addition, regardless of where you live, you have choices available to you through the device or browser you use to access the Site. For example:
- The browser you use lets you control cookies or other types of privacy settings.
- Your mobile device lets you choose how and whether your location is shared with us.
Revisions to This GDPR Privacy Notice
We may update this GDPR Privacy Notice at any time, by posting the amended version on this Site including the effective date of the updated version. By accessing the Site or purchasing products after we make any such changes to this GDPR Privacy Notice, you are deemed to have accepted such changes. Please check this GDPR Privacy Notice regularly, and before you submit additional personal information via the Site.
How Long Do We Retain Your Data
We retain your Personal Data for the length of the customer relationship, plus the length of applicable statutory limitations periods, or as necessary to fulfill the purposes set out in this disclosure or as required by applicable law. Internet and geolocation data is generally retained for as long as one year.
Contact Us
If you have questions or comments regarding this GDPR Notice or if you would like to exercise your rights, please telephone us at 1-844-559-0003 or send us an email to letschat@kosasus.com.