MakeupFX and its subsidiaries and corporate affiliates (collectively, "MakeupFX," "our," "us," or "we") operate websites, provide products and services through mobile and other applications, and develop software. We refer to these as "site(s)," "service(s)," or "our sites and services."
Personal information is information that can be used to identify, locate, or contact an individual, and includes other information that may be associated with personal information. When you interact with our sites and services, depending on the site or service, we may ask for the following personal information directly from you:
In each of the above instances, you will know what personal information we collect through our sites and services because you voluntarily and directly provide it.
We may use information collected from you in one or more of the following ways:
In addition to the uses described above, we may use personal information that we collect for other purposes that are disclosed to you at the time we collect the information, or with your consent.
We may share personal information about you with third parties in the following circumstances:
We may also collect certain technical information when you use our sites and services. For example, our servers receive and automatically collect information about your computer and browser, including, for instance, your IP address, browser type, domain name from which you accessed the site or service, and other software or hardware information. If you access our sites and services from a mobile or other device, we may collect a unique device identifier assigned to that device (UDID), type of device, general GPS location, or other transactional information for that device in order to serve content to it.
In addition, we may collect information about how you use our sites such as the date and time you visit the sites, the areas or pages of the sites that you visit, the amount of time you spend viewing the sites, the number of times you return to the sites, visits to sites outside our network, and other click-stream data. Some of this data may be shared with partners who referred you to our site(s) and who will use the data to optimize who else they refer to our site(s). Sometimes this data can be shared with partners who help us deliver ads to you on websites not controlled by us, for instance, when we put a pixel on a conversion page on our site and a marketing partner uses that to optimize what traffic they send to us, or using another example, when we create a re-targeting list through DFP Small Business by Google or placing a partners. pixel on our sites, and then delivering targeted ads across the Internet.
We do not currently actively respond to "Do Not Track" browser signals or mechanisms that indicate a request to disable online tracking of individual users who use our sites and services.
We encourage you to keep your personal information updated and accurate. We provide you reasonable access to your personal information and the ability to review, correct, or delete it. For instance, some of our sites and services give you the ability to view and/or edit your personal information online. The methods for accessing your personal information will depend on which sites or services you use and their features. You have several choices; for instance:
Protecting your privacy and security is important and we also take reasonable steps to verify your identity before granting access to your data.
We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup tapes).
Our sites and services may allow us or other users to communicate with you or other users through our in-product instant messaging services, service-branded emails, SMS and other electronic communication channels.
Requested communications include, for instance, email newsletters or software updates that may be expressly requested by you or which you consented to receive. After you request such communications, you may "opt out" of receiving them by using one of the following methods:
Communications that are sent by or on behalf of a user are indicated as being "From" that user. Communications that are sent by us are indicated as being from us or one of our account or support specialists assigned to assist you. Either type of communication may be "real time" communications or communications triggered automatically upon the occurrence of certain events or dates, such as appointment reminders. Email communications received from users and our administrative announcements are often transactional or relationship messages, such as appointment requests, reminders and cancellations. You may not be able to opt out of receiving certain messages although our services may provide a means to modify the frequency of receiving them.
General communications provide information about products, services, and/or support and may include special offers, new product information, or invitations to participate in market research. You may opt out of receiving these general communications by using one of the following methods:
The security of our sites and services and the information they store, process and transmit is a top priority. To prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of the information we collect, we deploy a wide range of technical, physical and administrative safeguards, including: Secure Socket Layer (SSL) encryption, firewalls, system alerts and other information system security technologies; housing health data in secure facilities that restrict physical and network access; and regular evaluation and enhancement of our information technology systems, facilities, and information collection, storage and processing practices. Under applicable law, we are required to apply reasonable and appropriate measures to safeguard the confidentiality, integrity and availability of individually identifiable health information (as such term is defined by HIPAA) residing on and processed by our sites and services.
We use third-party service providers to manage credit card and payment processing. These service providers are notpermitted to store, retain, or use billing Information except for the sole purpose of credit card and payment processingon our behalf. When you enter payment information we encrypt the transmission of that information using SSLtechnology and do not store it on our systems.
It is important to remember, however, that no system can guarantee 100% security at all times. Accordingly, wecannot guarantee the security of information stored on or transmitted to or from our services. We cannot assumeresponsibility or liability for unauthorized access to our servers and systems. When disclosing any personal orprotected health information, you should remain mindful of the fact that it is potentially accessible to the public and,consequently, can be collected and used by others without your consent. Accordingly, you should consider carefullyif you want to submit sensitive information that you would not want disclosed to the public and should recognize thatyour use of the Internet and our sites and services is solely at your risk. You are ultimately responsible for maintainingthe secrecy for all your personal information, including your protected health information. Except as provided in aBusiness Associate Agreement between us and a healthcare provider, we have no responsibility or liability to anyonefor the security of your personal or protected health information transmitted via the Internet.
We may also provide social media features on our sites and services that enable you to share personal information with your social network(s) and to interact with our sites and services. Depending on the features, your use of these features may result in the collection or sharing of personal information about you. We encourage you to review the privacy policies and settings on the social media site(s) with which you interact.
Our sites and services may include collection, transmission and storage of protected health information you submit for healthcare providers or that healthcare providers submit to us and is subject to special rules under the Health Insurance Portability and Accountability Act of 1996 or "HIPAA". Our use and disclosure of your protected health information or a healthcare providers data that you or the healthcare provider submits with certain sites and services, is governed by HIPAA.
When you use certain services (for example, appointment request) all protected health information that you submit is used and disclosed by us as a Business Associate (as defined by HIPAA) according to the terms of a Business Associate Agreement between us and that healthcare provider. This means that we may only use and disclose your protected health information on behalf of, or to provide services to, the healthcare provider according to the Business Associate Agreement. There are three exceptions to this use and disclosure rule. We may use and disclose your protected health information (i) for our internal management and administration; (ii) to carry out our legal responsibilities; and (iii) to perform certain data aggregation services for the healthcare provider and other healthcare providers; provided that, any disclosures for our internal management and administration or to carry out our legal responsibilities are either required by law or made after we obtain reasonable assurances from the person to whom the protected health information is disclosed that it will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to that person.
Some of the services for a particular healthcare provider may be provided by our subcontractors. The subcontractor must comply with the same terms and conditions for the protected health information that apply to us as a Business Associate of the healthcare provider.
To comply with HIPAA, your healthcare provider must provide you with rights in certain circumstances with respect to your protected health information. Very generally described, these rights are a right to restrict the uses and disclosures of, a right of access to, a right to amend, and a right to receive an accounting of, the disclosures of your protected health information. These limited rights will be described in detail in the healthcare provider's notice of privacy practices. If you wish to restrict the uses and disclosures of your protected health information, amend, or receive an accounting of the disclosures of your protected health information, then you must do so through your healthcare provider.
Upon termination of our Business Associate Agreement with a particular healthcare provider, we generally must return or destroy all protected health information received on behalf of or created for that particular healthcare provider and then maintained in any form by us or a subcontractor. If you engaged in our sites and services with that healthcare provider, any protected health information that you submitted with our sites and services or otherwise maintained by us or a subcontractor in connection with our sites and services will be returned to the healthcare provider or destroyed by us or such subcontractor. This means that until the Business Associate Agreement is terminated with that healthcare provider, we or a subcontractor can use and disclose your protected health information as described in the "Use and Disclosure of Your Protected Health Information" section above.
Our sites and services are intended for general audiences and are not targeted to children under 13. We do notknowingly collect personal information from children under the age of 13 or utilize plug-ins or ad networks that collectpersonal information through child-directed third party websites or online services. If you are under 13, please do notdisclose or provide any information. If we learn that we have collected personal information from a child under 13,we will take steps to promptly delete the information. Should this policy change, we would comply with the Children's Online Privacy Protection Act, which requires us to notify and obtain consent from a parent or guardian before wecollect, use and disclose the personal information of children who are under 13 years of age.
Unless our sites and services contain the "Privacy Rights for California Minors in the Digital World" supplemental terms, our sites and services do not collect age from users under 18. If you reside in California and are a minor (youare under 18 years of age) and you are using a site or service that collects your age as a registration requirement andyou submit content, please follow the instructions on the supplemental terms to request removal of public content.Please note that this removal does not ensure complete or comprehensive removal of the content or informationposted on our sites and services if the content you posted has been shared or reposted. We are only obligated toremove content that you post, where you posted it. There are certain circumstances in which we do not have toremove your content, including if any other state or federal law requires us to maintain the information, we anonymizethe content by removing identifying characteristics, or we paid you for the content you posted. Without limiting thegenerality of the foregoing, our services may allow users above the age of 18 (such as healthcare providers, parentsand guardians) to submit personal information about others, including minors. Such users assume full responsibilityover their submission, use and transmission of such information.
We are headquartered in the United States. Our sites and services are hosted and administrated in the United Statesor hosted with cloud service providers who are headquartered in the United States and are intended for users in theUnited States. If you are located outside the United States, be aware that information you provide to us or that weobtain as a result of your use of our sites and services may be processed in, transferred to and stored in the UnitedStates and will be subject to U.S. law. U.S. privacy and data protection laws may not be equivalent to the laws ofyour country of residence. By using our sites and services or providing us with your information, you consent to thecollection, transfer, storage, and processing of information to and in the United States.
We do not share personal information with third parties for their direct marketing purposes unless you affirmatively agree to such disclosure, typically by "opting in" to receive information from a third party that is participating in a sweepstakes or other promotion on one of our sites, for example. If you ask us to share your personal information with a third party for its marketing purposes, we will only share information in connection with that specific promotion since we do not share information with any third party (other than our service providers) on an ongoing basis. To prevent disclosure of your personal information for use in direct marketing by a third party, do not "opt in" to such use when you provide personal information on one of our sites.
Users residing in certain jurisdictions, like California, have a right to access personal information held by us about them and their right of access can be exercised in accordance with applicable law. California law requires certain businesses to respond to requests from California residents asking about the business's practices related to disclosing personal information to third parties for the third parties' direct marketing purposes. Alternately, such businesses may have in place a policy not to disclose personal information of customers to third parties for the third parties' direct marketing purposes if the resident has exercised an option to opt-out of such information-sharing. We have such a policy in place.
California residents may request further information about our approach to this law by writing to us. When writing to us, you must put the statement "Your California Privacy Rights" in the body or subject line of your request, and include (i) the name of the site about which you are contacting us, (ii) any unique site identifier associated with you (like member number or forum handle), (iii) your name, and (iv) your contact information. We will not accept requests via the telephone, mail, or by facsimile, and we are not responsible for notices that are not labeled or sent properly, or that do not have complete information.
Last Updated: June 18, 2015