MERLE NORMAN COSMETICS
PRIVACY POLICY

Last Update: January 15, 2021

At Merle Norman Cosmetics, Inc. (“Merle Norman”), we value our relationship with our customers and respect your privacy rights.  This Privacy Policy (“Policy”) describes how we collect, use, and share personal information when you use our website at www.merlenorman.com (“Site”) or otherwise communicate with us.

Please note that our retail stores are owned and run by franchisees which are independent businesses.  This Policy does not apply to our franchisees.  Please review their privacy notices for information on how they use personal information.
 

IF YOU ARE A CALIFORNIA RESIDENT, PLEASE SEE THE SECTION TITLED “CALIFORNIA RESIDENTS” BELOW FOR ADDITIONAL PROVISIONS THAT MAY APPLY TO YOU.

1. INFORMATION WE COLLECT

We may collect personal information about you when you visit our Site or otherwise communicate with us. We collect the following types of personal information and other data from you:

A. Identifying Information. When you visit our Site or otherwise communicate with us, we collect contact information you provide including your name, email, postal address, zip code, IP address or phone number. If you choose to create an on-line account, you must submit your name and email address, and create a password. We will also automatically collect your IP address if you visit our Site.

B. Customer Records and Commercial Information

1. Purchases. We may collect personal information when you make purchases through the Site.  This personal information includes account user name and passwords, information regarding your purchases, credit or debit card type, number, expiration date, security code, and billing address.  All credit and debit card data is provided directly to our PCI-compliant third-party payment processors, which may include Apple Pay, Google Pay, BAMS, PayPal and Avalara.  If you elect to use third-party payment platforms for your purchase, you understand that your payment and purchase information is provided to such third-party platform, which we do not control.  We encourage you to review the terms and privacy policies of third-party payment platforms that you may elect to use.  We do not directly access, handle, or store your credit or debit card data.  We store your payment card’s last four digits to facilitate future orders.

2. Franchise Inquiries. We may collect personal information when you make franchise inquiries.  You will be redirected to our www.merlenormanfranchise.com website, which collects information pursuant to its own terms of use and privacy policy.

C. Geolocation Data. We may collect personal information about your approximate location when you use our studio finder functions on our Site.

D. Professional or Employment Related Activity. We may collect personal information when you submit a job application or provide other materials regarding job opportunities.

E. Internet or other electronic network activity. We collect the following personal information and other data automatically when you use (i) your online account, and (ii) or the Site browsing history, search history, and information regarding your use of our Site.  We describe how we collect and use such information in the Cookies and Analytics section set forth in Section 4 below.

2. HOW WE USE PERSONAL INFORMATION WE COLLECT

Merle Norman Cosmetics uses personal information and other data we collect, as described below.

A. To communicate with you, respond to your requests and contract with you. We use your personal information to:

  • Allow you to create online accounts.
  • Respond to your request to join our community.
  • Assist you in purchasing products or services.
  • Process your orders and returns.
  • Provide you with order status.
  • Provide customer support or assistance.
  • Process a job application.
  • Notify you of Site Changes.
  • Process your requests to opt-out of marketing communications or similar requests.
  • Allow you to use certain features of our Site.
  • Contact us via email, phone, or our Contact Us form.
  • Send newsletters or information about new products and stores.
  • Provide and respond to surveys.
  • Tell you about promotions.
  • Tell you about changes to this Privacy Policy or other terms on our Site.
  • To tell you about changes to our business.
  • Help you locate one of our studios.

B. To market to you. We use your personal information for marketing purposes including to:

  • Offer products and services directly to you or on behalf of our Franchisees.
  • Tell you about sales.
  • Serve targeted advertisements tailored to you.
  • Personalize your experience.
  • Contests and sweepstakes.
  • Contact you with promotional and related communications.
  • Send you e-mails or text messages about our products and services, competitions, offers, promotions or special events that we believe may interest you.
  • Deploy cookies and similar technologies.
  • Provide location based services for you.

Marketing Communications Opt Out. If you opt in to receive marketing communications from us, you must submit your name, email, mailing address, and phone number. We use this personal information to send you promotional and other electronic and hardcopy communications.  We may use third-party providers to deliver communications to you. You may opt out of such emails by using the unsubscribe link in the email or contacting us at unsubscribe@merlenorman.com with “Unsubscribe” in the subject line. To opt out of other communications (e.g., postal marketing and telemarketing) please contact us.  Opting out of marketing communications does not opt you out of communications about your account or purchases.

C. To operate our business. We use your personal information for our internal business purposes including to:

  • Develop new products and services.
  • Improve our products and services.
  • Maintain and improve our promotions, online services and technologies.
  • Conducting consumer and operations research.
  • Assessing the effectiveness of our sales, marketing, and advertising.
  • Operate our Site.
  • Diagnose technical and service issues.
  • Administer our online services and in-store technologies.
  • Identify users of our online services.
  • Fraud prevention.
  • Gather demographic information about our customers.
  • Determine usage patterns of our services.
  • Provide security for our networks and systems.

D. Job Applications. We collect personal information when you apply for a job with us.  Submission of materials does not require us to review them or consider you for employment.

E. Legal compliance. We collect personal information for legal and risk management purposes including to:

  • Protect our legal rights.
  • Protect the privacy of our customers.
  • Deter crime.
  • Reduce legal risk.
  • Comply with legal obligations and our policies.
  • Establish, exercise or defend a legal claim.

3. HOW WE SHARE THE INFORMATION WE COLLECT

We may share personal information and other information we collect with the following categories of persons and entities.

In the last 12 months, we disclosed the following categories of personal information for our Business Purposes.

A. Franchisees and Affiliates. We may share personal information with our franchisees and affiliates to assist them in providing products and services to you. We require that those entities comply with the terms of this Privacy Policy when utilizing that personal information.

B. Service Providers. We share personal information with service providers, suppliers, consultants, agents, distributors, and other partners who provide business services for us to assist us in operation of our business.  For instance, we provide personal information and other information we collect to companies that provide website hosting and management services, payment processing services, marketing and public relations companies, third party shipping companies, inventory management and post-purchase processing companies, and email service providers.  The providers assist us in facilitating sales and delivery of your orders, provide functionality for our Site, help to enhance the security of the Site, improve our products and services and market to you.  These third parties are not permitted to use that personal information other than to assist us in performing our business.

C. Advertisers. We share your personal information with companies that provide targeted advertising and other providers for marketing purposes.

D. Law Enforcement, Security & Protection of Rights. We may share personal information with third parties, including law enforcement and government officials, if we believe it is needed to operate the Site or to protect our rights or the rights of others, including sharing data needed to identify, contact, or bring legal action if our contracts, terms, or policies are violated or if required by law.

E. Business Transactions. We may share personal information in connection with certain business transactions.  For example, if we undergo a change or contemplated change in control, acquisition, merger, reorganization, or asset sale, we may share, sell, or transfer your personal information with potential and actual successors.

F. With Your Consent. With your consent, we may use or share your personal information in ways not specifically described in this Policy.

4. USE OF COOKIES AND TARGETED ADVERTISING

A. IP Addresses, Cookies, & Similar Tracking Technologies. When you use the Site, we may use technologies such as cookies (i.e., small pieces of data stored on your device’s hard drive by your browser), web beacons, pixel tags, and other storage technologies. In addition, third parties, including Facebook, may use those same technologies to collect or receive information from our Site and elsewhere on the Internet and use that information to provide measurement services and target ads.These cookies and other technologies collect the IP address assigned to your computer or other electronic devices, your internet service provider, device ID number, approximate geographic location, browser type, Site pages visited, websites you access before and after visiting the Site, and data related to how and when you use the Site (e.g., date and time stamps, clickstream data, and data about search terms and websites that direct you to the Site). We may combine this data with other data (including personal information) and data obtained from third parties.

The Site may use session, persistent, and flash cookies (local stored objects) to collect and store data about your preferences and navigation to, from, and on our Site. Session cookies are used to complete transactions and for other purposes, such as counting visits to certain webpages. Session cookies are eliminated when you exit your browser. Persistent cookies may be stored on your computer by your browser. When you log in, persistent cookies tell us if you have visited the Site before or if you are a new visitor.

Flash cookies differ from browser cookies regarding the amount and types of data collected and how the data is stored. Cookie management tools provided by your browser will not remove and cannot manage Flash cookies. To learn about managing your Flash cookie settings, visit the Flash player settings page on Adobe’s website here.

Most browsers automatically accept cookies.  You can disable this function, but disabling cookies may impact your use and enjoyment of the Site.

B. Analytics Tools. We may enable and implement various analytics tools, such as Google Analytics. Google Analytics is an analytics tool which allows us to collect and process personal information and other data consisting of certain telematics about your use of the Site. Google sets and reads cookies to collect such personal information and other data and your web browser will automatically send such data.  Google uses this data to provide us with reports that we use to improve the Site’s structure and content.

We may occasionally enable and implement additional add-on services to Google Analytics, such as Demographics and Interest Reporting. Demographics and Interest Reporting uses cookies to collect data about our Site traffic by tracking users across websites and across time to provide us with analytics on our user base.

To learn more about how Google uses data, visit Google’s Privacy Policy and Google’s page on “How Google uses data when you use our partners’ sites or apps.” You may download and install the Google Analytics Opt-out Browser Add-on for each web browser you use. Using the Google Analytics Opt-out Browser Add-on does not prevent the use of other analytics tools. To learn more about Google Analytics cookies, visit Google Analytics Cookie Usage on Websites.

C. Targeted Advertising. Advertising network services gather data about consumers who view advertisements to make inferences about a consumer’s interests and preferences, which enables the delivery of advertisements directly targeted to the consumer’s specific interests. This practice is often referred to as “targeted advertising.”

We use advertising network services that collect data about your visits to the Site and other websites across the internet. These advertising network services use such data to target personal content and advertisements to you about our products. The data collected may be associated with your personal information. The targeted advertisements may appear on the Site and on other websites and may be sent to you via email.

For example, we may use Google Ads and Facebook Pixel to serve ads on our behalf across the internet and on the Site. Google Ads and Facebook Pixel use cookies, web beacons and other storage technologies to collect data about your visits to the Site and your interaction with our products and services to provide us measurements and generate targeted advertisements to you on other websites that you visit across the internet. To opt out of remarketing advertising provided through Google, to customize your ad preferences, or to limit Google’s collection or use of such data, visit Google’s Safety Center and Google’s Ad Settings and follow Google’s personalized ad opt-out instructions. Opting out will not affect your use of the Site. To opt of remarketing advertising provided through Facebook, you can use the following mechanism for exercising such a choice.https://youradchoices.com/control.

To change your preferences with respect to certain online ads and to obtain more information about third-party ad networks and online behavioral advertising, visit the National Advertising Initiative Consumer opt-out page or the Digital Advertising Alliance Self-Regulatory Program. Changing your settings with individual browsers or ad networks will not necessarily carry over to other browsers or ad networks. As a result, depending on the opt-outs you request, you may occasionally still see our ads.

D. Social Media. We are active on social media, including Facebook, Twitter, YouTube, Pinterest, and Instagram (“Social Media”). You may comment on Social Media regarding Merle Norman Cosmetics and our products and services.

The Site allows you to connect and share data with Social Media. These features may require us to use cookies, plug-ins, and APIs provided by such Social Media to facilitate those communications and features.

Anything you post on Social Media is public information and will not be treated confidentially. We may post (or re-post) on the Site and our Social Media pages any comments or content that you post on our Social Media pages. YOU AGREE TO HOLD MERLE NORMAN COSMETICS, INC., ITS AFFILIATES AND FRANCHISEES HARMLESS AND WITHOUT LIABILITY FOR THE RESULTS OF ANY AND ALL CONTENT YOU POST ON OUR SOCIAL MEDIA PAGES.

Your use of Social Media is governed by the privacy policies and terms of the third parties that own and operate those websites and not by this Policy. We encourage you to review those policies and terms.

The Site may use advertising networks and services offered by Social Media to deliver advertising content. Use of these services requires Social Media to implement cookies or pixel tags to deliver ads to you while you access the Site.

E. Videos; Embedded Content. The Site may contain videos and embedded content provided by Merle Norman Cosmetics or third parties, including visible content and/or feeds scripts embedded in the Site’s code.  Merle Norman Cosmetics and such third parties may collect data about how you interact with such content (e.g., YouTube may collect usage data on videos embedded on the Site as described in YouTube’s Policy).  By watching the videos and interacting with such content, you agree to the collection and use of such data.

F. Data from Other Sources. We obtain data about individuals from various third-party companies and public sources, which data may be personal information, and we may combine that data with personal information. This enhances our existing data about our users and customers (e.g., adding address data) and improves our marketing efforts.

5. MARKETING COMMUNICATIONS; OPT OUT

If you opt in to receive marketing communications from us, you must submit your name, email, mailing address, and phone number. We use this personal information to send you promotional and other electronic and hardcopy communications.  We may use third-party providers to deliver communications to you. You may opt out of such emails by using the unsubscribe link in the email or contacting us at unsubscribe@merlenorman.com with “Unsubscribe” in the subject line. To opt out of other communications (e.g., postal marketing and telemarketing) please contact us. Opting out of marketing communications does not opt you out of communications about your account or purchases.

6. CHILDREN’S PRIVACY

We are committed to protecting children’s privacy. The Site is not directed at children under 13 years of age. We do not knowingly collect, use, or share data from children under 13. If a parent or legal guardian learns their child provided us with personal information without his or her consent, please contact us.

7. DATA SECURITY

We use commercially reasonable technical and organizational measures to help secure all data against loss, misuse, and alteration.  While we cannot guarantee it, we use industry-standard protections to help safeguard against such occurrences.  If a breach of our systems occurs, we will notify you of the breach only if, and, as required under applicable law.

YOU UNDERSTAND THAT NO DATA TRANSMISSION OVER THE INTERNET OR A MOBILE DEVICE CAN BE GUARANTEED TO BE 100% SECURE.  WHILE WE STRIVE TO PROTECT YOUR PERSONAL INFORMATION, WE DO NOT GUARANTEE THE SECURITY OF PERSONAL INFORMATION AND YOU PROVIDE PERSONAL INFORMATION AT YOUR OWN RISK.

8. ACCESS FROM OUTSIDE THE UNITED STATES

This Site is operated and maintained by Merle Norman Cosmetics from the United States and is intended solely for a United States audience. If you access the Site from outside the United States, please be aware that personal information will be transferred to, stored in, and processed in the United States. U.S. data protection and related laws may not be as comprehensive as those from where you access the Site.

9. THIRD-PARTY WEBSITES

The Site or communications from us may link to, or be linked to, websites not controlled by us.  We are not responsible for third parties’ privacy policies or practices.  This Policy does not apply to any third-party websites or to any data that you provide to third parties.  You should read the privacy policy for each website that you visit.

10. CHANGES TO OUR PRIVACY POLICY

We may modify this Policy at any time. All changes will be effective immediately upon posting to the Site. Material changes will be conspicuously posted on the Site or otherwise communicated to you.

11. CONTACT US

If you have questions or concerns regarding this Policy, contact us online, or by mail at:

Merle Norman Cosmetics, Inc.
9130 Bellanca Avenue
Los Angeles, California 90045
(800)788-1191

******************************************************************************

YOUR CALIFORNIA PRIVACY RIGHTS

This section provides additional provisions that apply to residents of California. In the event of a conflict between this section and the remainder of this Policy, this section shall take precedence for California residents.  In this section only, any capitalized terms not defined in this Policy have the meanings set forth in the California Consumer Privacy Act of 2018 (the “CCPA”) and its regulations.

Your Right to Opt-Out of the Sale of Personal Information. California residents have the right to opt out of the Sale of their personal information at any time.

In the last 12 months, we have not Sold your personal information and we currently do not Sell personal information.

Your Rights to Access and Deletion. California residents have certain rights under the CCPA, such as the right to request certain information or request deletion of their personal information.  Subject to certain limitations such as (a) exceptions permitted by applicable law and (b) verification of your identity, California residents may exercise the following rights with regard to their personal information:

Right to Request Access. You have the right to request access to any of the following which occurred in the prior 12-month period: (a) the categories of personal information we collected from you, (b) the categories of sources from which the personal information was collected, (c) the business or commercial purpose for collecting or Selling your personal information, (d) the categories of third parties with whom we shared your personal information, (e) the specific pieces of personal information we collected from you, and (f) a list of categories of personal information we Sold or disclosed for a Business Purpose in the last 12 months.

Right to Request Deletion. You have a right to request that we delete personal information we collected from or about you. We will comply with such request, and direct our service providers to do the same, subject to certain exceptions permitted by applicable law.

How to Exercise Your Rights of Access and Deletion. To exercise your California rights described in this section, you may submit your request to us by contacting us at any of the following:

(800) 788-1191
Privacy@merlenorman.com

Verifiable Consumer Request. In order to verify your request, you must provide sufficient information to allow us to reasonably verify you are the person about whom we collected personal information, and you must describe your request with sufficient detail to allow us to properly understand, evaluate, and respond to your request.

Response Process. When we receive your request to exercise your rights under the CCPA: (a) we will acknowledge receipt of your request; (b) we will try to match the information you provide in making the request with information we already maintain about you; (c) if required to verify your identity, we may ask you to provide additional information, including personal information; (d) we will consider various factors when determining how to verify your identity, such as the sensitivity and value of the data, the risk of harm, the likelihood of fraud, etc.

We will only use personal information we collect during the verification process for the purpose of verifying your identity. If you maintain an account with us, we may use that account to respond to your request and/or verify your identity. If we are unable to verify your identity as required by applicable laws and regulations, we will decline to comply with your request, and let you know why.

When We Will Respond. We will try to respond to your request for access or deletion within 45 days. If we require additional time, we will inform you of the reason and extension period. Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. We may charge a fee to process or respond to your request if it is excessive or repetitive.

Non-Discrimination. California residents have the right to not receive discriminatory treatment for exercising any of their rights under the CCPA. If we choose to offer a financial incentives program in the future, additional terms will apply which may be an exception to this Section.

Who May Exercise Your Rights? You may only make a request to exercise your rights on behalf of yourself. You also have a right to submit requests to exercise your rights under the CCPA through an authorized agent. If you choose to use an authorized agent, we may require that the authorized agent provide proof that you gave the agent signed permission to submit the request. We may also require you to verify your own identity directly with us and directly confirm with us that you provided the authorized agent permission to submit the request.

Shine the Light. Pursuant to California Civil Code Section 1798.83, if you are a California resident, you have the right to obtain: (a) a list of all third parties to whom we may have disclosed your personal information within the past year for direct marketing purposes, and (b) a description of the categories of personal information disclosed, by contacting us at the contact information above.

Do Not Track Requests. DUE TO THE AUTOMATIC COLLECTION OF DATA USING COOKIES, WE DO NOT HONOR “DO NOT TRACK” REQUESTS.