PRIVACY POLICY

Last Revised and Effective Date: January 19, 2024

Kendo Holdings, Inc. and our subsidiaries and affiliates (collectively, "Kendo", "we", "us" or "our") care about the processing, confidentiality, and safety of your personal data.

The aim of this Privacy Policy is to provide you with information about how we collect, use, share, and safeguard your personal data. This Privacy Policy also tells you about your rights and choices with respect to your personal data, and how you can reach us to get answers to your questions. You can jump to particular topics by going to the headings below:

  1.  What is personal data?
  2.  What personal data do we collect and when do we collect it?
  3.  For what purpose is your personal data collected and used?
  4.  Who are the recipients of your personal data?
  5.  International transfers of personal data
  6.  How do we protect your personal data?
  7.  How long do we retain your personal data?
  8.  What are your choices and how can you exercise them?
  9.  Cookies and Similar Tracking Technologies
  10.  Contact Details
  11.  Additional Information for California residents
  12.  Miscellaneous

 

I.   What is personal data?

The term “personal data” refers to any information about an identified physical person or a physical person that may be directly or indirectly identified.

 

II.   What personal data do we collect and when do we collect it?

We collect information about you in a variety of ways depending on how you interact with us and our products and services, including through our websites, media channels, online and mobile applications, advertisements, and in selected stores.

    • The following provides examples of the type of personal data that we collect from you and how we use that information.

 

Context Information We Collect Primary Purpose for Collection and Use of Information
Create a customer account If you create a customer account on one of our websites, apps, or in one of our stores, we collect your name, email address, and the month and day of your birthday, if you choose to provide it. Within your customer account, you can also store additional information such as mailing address, phone number, and payment methods. We also collect information relating to the actions that you perform while you are logged into your account. We have a legitimate interest in providing account related functionalities to our customers and managing access to customer accounts. Customer accounts can be used for faster and simpler checkout, to save your personal preferences and order history, and receive updates about your order details.
Order goods from our websites If you place an order on one of our websites, we collect your name, email address, phone number, shipping address, billing address and payment details (payment card number, expiration date, CVV/CVC, etc.). We use your information to perform our contract with you to process your orders and to provide you with the products or services you have requested.
Make purchases in our stores If you make a purchase in one of our stores, we may collect your name, email address, billing address and payment details (payment card number, expiration date, CVV/CVC, etc.). We use your information to perform our contract with you to provide you with the products you have requested.
Shade finder and other similar online beauty services
You may choose to upload a photo or video (via your webcam). Unless otherwise noted, we only use photographs to identify skin tone and/or make cosmetic recommendations. 
We have a legitimate interest in offering beauty related services, such as recommendations to match cosmetic products with skin tone.
Sign up for our mailing list When you sign up for one of our mailing lists, we collect your email address, phone number, or postal address, depending on your selection. We share information about our products, services, offers, news and events with those individuals that consent to receive such information. We also have a legitimate interest in sharing information about our products or services.
Participate in surveys If you choose to participate in a survey or satisfaction questionnaire, we collect information that you provide through the survey. If the survey is provided by a third party service provider, the third party’s privacy policy applies to the collection, use, and disclosure of your information. We have a legitimate interest in understanding your opinions, and collecting information relevant to our organization.
Contact us If you contact us, such as via our website, customer service center, or social network pages, we collect your name, contact information (email and/or phone number) as well as any other information you provide to us in order to reply. We have a legitimate interest in managing customer relations with respect to any requests for information or complaints that we receive. We also have a legitimate interest in responding to inquiries related to support, employment opportunities, and other requests.
Report potential adverse reactions If you contact us to notify us of an undesirable reaction concerning any of our products, we collect your name, contact information, as well as any other information you provide to us, including specific health data if you choose to provide it. We have a legitimate interest in receiving, processing, following up, and responding to, your reports as part of our cosmetic vigilance obligations. In some jurisdictions, we are also required by law to record information related to product safety and adverse event reports. We have a legitimate interest in complying with all legal requirements to collect information in the countries in which we operate.
Interact with us on social networks If you interact with us through our official page on social networks, or if you publish content on a social network or participate in online forums, we collect any content that you choose to provide, which may include your social media handle or account profile. We have a legitimate interest in communicating with you, understanding your opinions, and providing tailored services and products.
Take part in an event, sweepstakes, contest, or promotion If you take part in an event, sweepstakes, contest, or other similar promotion, we collect information about you including your name and contact information. We have a legitimate interest in operating and managing participation in our events, sweepstakes, contest, and other similar promotions. In some jurisdictions, we are also required by law to collect information about those that enter into our sweepstakes. We have a legitimate interest in complying with all legal requirements to collect information in the countries in which we operate.

 

    • We also use the following technologies to automatically collect personal data when you browse our websites, use our mobile applications, interact without our content, advertisements, and related features.

 

Context Information We Collect Primary Purpose for Collection and Use of Information
Cookies and First Party Tracking We use cookies and other technologies to understand how people use our websites. For more information about cookies, please see the “Cookies and Similar Tracking Technology” section below. We have a legitimate interest in making our websites operate efficiently. We also have a legitimate interest in serving you targeted advertisements.
Where required by law, we will obtain your consent for the deployment of cookies on our websites.
Cookies and Third Party Tracking We may place tracking technology on our website that collects analytics, records how you interact with our website, or allows us to participate in behavior-based advertising. This means that a third party uses technology (e.g., a cookie) to collect information about your use of our website so that they can report analytics to us or provide advertising about products and services tailored to your interests. That third party might also collect information over time and across different websites in order to serve advertisements on our website, or on other websites. For more information about cookies, please see the  “Cookies and Similar Tracking Technology” section below. We have a legitimate interest in engaging in behavior-based advertising and capturing website analytics.
Where required by law, we will obtain your consent for the deployment of cookies on our websites.
Web beacons, clear pixels, or pixel tags A “web beacon” (also called a pixel tag or a clear GIF) is a small graphic image placed on website pages, e-mails, advertising, and other marketing communications that can be used for such things as recording the pages and advertisements clicked on by users, or tracking the performance of e-mail marketing campaigns. This may also include information about your device or browser. We have a legitimate interest in understanding how you interact with our websites to better improve them, and to understand your preferences and interests in order to select offerings that you might find most useful. We have a legitimate interest in understanding the effectiveness of our features and advertising, as well as interactions with our e-mail and advertising. We also have a legitimate interest in detecting and preventing fraud.
Web logs We collect information, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the Internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors. We have a legitimate interest in monitoring our networks and the visitors to our websites. Among other things, it helps us understand which of our services is the most popular.

 

  • In addition to the information that we collect from you directly, we also receive information about you from other sources, including third parties, business partners, and our affiliates under contract, or publicly available sources. For example, if you submit a job application, or become an employee, we may conduct a background check.

 

III.   For what purpose is your personal data collected and used?

In addition to the purposes and uses described above, we use data in the following ways:

  • To identify you when you visit our websites or our stores.
  • To streamline the checkout process, to provide products and services, and to process returns.
  • To secure online transactions, prevent fraud and payment incidents, and manage debt collection (see our terms and conditions for more details).
  • To manage and optimize customer experience by improving our knowledge of our customers.
  • To propose appropriate, tailored services, particularly when we enhance our products and services.
  • To conduct statistical analyses to develop management, measuring and reporting tools in order to adjust and improve our sales, marketing and product manufacturing.
  • To send marketing and promotional materials, including information relating to our products, services, sales, or promotions.
  • To manage our relationships as well as for internal administrative purposes.

Although the sections above describe our primary purpose in collecting your personal data, in many situations we have more than one purpose. For example, if you complete an online purchase, we collect your personal data to perform our contract with you, but we also collect your personal data as we have a legitimate interest in maintaining your information after your transaction is complete so that we can quickly and easily respond to any questions about your order. As a result, depending on the requirements of applicable privacy laws, our collection and processing of your personal data is based in different contexts upon your consent, our need to perform a contract, our legal or regulator obligations, and/or our legitimate interest in conducting our business.

 

IV.   Who are the recipients of your personal data?

In addition to the specific situations discussed elsewhere in this Privacy Policy, we share personal data in the following situations:

  • Affiliates. We may share personal data with our corporate affiliates (e.g., parent company, subsidiaries, and brands) when those entities are processing personal data on our behalf.
  • Business Transaction. If another company acquires, or plans to acquire, our company, business, or our assets, we will share personal data with that company, including at the negotiation stage for the purposes of evaluating or completing the transaction. Personal data may also be included as a part of the purchased assets.
  • To Provide a Product or Service You Request. We may share your personal data to comply with your request for the shipment of products to or the provision of services by a third party intermediary.
  • Other Disclosures with Your Consent. We may ask if you would like us to share your personal data with other third parties who are not described elsewhere in this Privacy Policy.
  • Other Disclosures without Your Consent. We may share personal data with third parties in response to subpoenas, warrants, court orders, or other requests from legal or regulatory authorities; in connection with any legal process; or to comply with relevant legal, regulatory or treaty obligations. We may also share your personal data in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies.
  • Public Forums. Some of our websites provide the opportunity to post comments or reviews in a public forum. If you decide to submit information on these pages, that information may be publicly available.
  • Partner Promotion. We may offer contests, sweepstakes, or other promotions with third party partners. If you decide to enter a contest, sweepstakes, or promotion that is sponsored by a third party partner the information that you provide will be shared with us and with them. Their use of your information is not governed by this privacy policy.
  • Service Providers. We share your personal data with service providers. Among other things, service providers help us to administer and maintain our websites, send communications, provide technology solutions at counters in our stores, conduct surveys, assist with customer service, provide technical support, process payments, provide ant-fraud services, manage regulatory alerts or notifications, provide marketing solutions, assist in order fulfillment, and organize events.
  • Social Media Platforms and Other Third-Party Services. Some of our websites contain certain features such as widgets, buttons, content, or other similar services that are provided by third parties (e.g., YouTube, Facebook, Twitter, Instagram, and/or Pinterest). If you choose to use or interact with these features, certain information may be shared with or collected by those third parties. For more information about what information is shared or collected, and how it is used, see the applicable company’s privacy policy.

For a description of the categories of information we disclose for a “business purpose” and share for purposes of cross-context behavioral advertising (also referred to as “targeted advertising”)(as those terms are defined by applicable law), please click HERE. Please note that because this list is comprehensive, it may refer to types of information that we collect and share about people other than yourself. For example, while we transfer credit card or debit card numbers for our business purpose in order to process payments for orders placed with us, we do not collect or disclose credit card or debit card numbers of individuals that submit questions through our website’s “contact us” page. Note that we do not sell personal information for money. As discussed elsewhere in our Privacy Policy, we use cookies and similar tracking technologies for purposes of targeted advertising. For more information, please see the COOKIES AND SIMILAR TRACKING TECHNOLOGIES section of the Privacy Policy.

 

V.   International transfers of personal data

As a multi-national company, we transmit information between and among our affiliates and may also use service providers that are located outside of your country of residence. As a result, your personal data may be processed in a foreign country where privacy laws may be less stringent than the laws in your country. Nonetheless, where possible we take steps to treat personal data using the same privacy principles that apply pursuant to the law of the country in which we first received your information. By submitting your personal data to us you agree to the transfer, storage and processing of your information in a country other than your country of residence including, but not necessarily limited to, the United States.

All data transfers are subject to appropriate safeguards to ensure compliance with applicable regulations relating to the protection of personal data. For example, all transfers of personal data to our affiliates outside of the EEA are based on the EU Commission’s standard contractual clauses. If you would like more information concerning our attempts to apply the privacy principles applicable in one jurisdiction to data when it goes to another jurisdiction you can contact us using the contact information below.

 

VI.   How do we protect your personal data?

No method of transmission over the Internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal data from unauthorized access, use, or disclosure, we cannot guarantee the security of your personal data. In the event that we are required by law to inform you of a breach to your personal data we may notify you electronically, in writing, or by telephone, if permitted to do so by law.

Some of our websites permit you to create an account. When you do you will be prompted to create a password. You are responsible for maintaining the confidentiality of your password, and you are responsible for any access to or use of your account by someone else that has obtained your password, whether or not such access or use has been authorized by you. You should notify us of any unauthorized use of your password or account.

 

VII.   How long do we retain your personal data?

Typically, we retain your personal data for the period necessary to fulfill the purposes outlined in this Privacy Policy, including for the purposes of satisfying any legal, accounting, or reporting requirements, unless a longer retention period is required or permitted by law. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the information, the purposes for which we obtained the information and whether we can achieve those purposes through other means, as well as applicable legal requirements.

VIII.   What are your choices and how can you exercise them?

You may have the following choices regarding your personal data:

  • Access to Your Personal Data. You may request access to your personal data, including a copy of your personal data, by following the instructions described in the Contact Details section below. In certain limited circumstances, you may also request to receive access to your personal data in a portable, machine-readable format. If required by law, upon request, we will grant you reasonable access to the personal data that we have about you.
  • Changes to Your Personal Data. We rely on you to update and correct your personal data. Most of our websites allow you to modify or delete your account profile. Note that we may keep historical information in our backup files as permitted by law. If our website does not permit you to update or correct certain personal data, you may contact us at the address described in the Contact Details section below to request corrections to information that is inaccurate or incomplete.
  • Deletion of Your Personal Data. You may request that we delete your personal data by following the instructions described in the Contact Details section below. If required by law, we will grant a request to delete personal data, but you should note that in many situations we must keep your personal data to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes.
  • Objection to Certain Processing. You may object to our use or disclosure of your personal data by contacting us at the address described in the Contact Details section below.
  • Revocation of Consent. If you revoke your consent for the processing of personal data, then we may no longer be able to provide you services. You may revoke consent to processing (where such processing is based upon consent) by contacting us at the address described in the  Contact Details section below.
  • Right to Opt-Out of Targeted Advertising/Sharing. You may opt-out of targeted advertising/sharing of your personal data for purposes of cross-context behavioral advertising by clicking the Cookie Settings link on our website footer. Please note that if you change browsers or computers, or if you clear your browser’s cache, you may need to click the link again to apply your preference.
  • Online Tracking. We do not currently recognize the “Do Not Track” signal.
  • Promotional Emails. If, at any time, you no longer wish to receive details of our offers, news and events, you can unsubscribe using the hypertext link provided for this purpose in each mail we send you. If you decide not to receive promotional emails, we may still send you service-related communications.
  • Promotional Text Messages. If you receive a text message from us that contains promotional information you can opt-out of receiving future text messages by replying “STOP.”

Please note that not all of the rights described above are absolute, and they do not apply in all circumstances. In some cases, we may limit or deny your request if the law permits or requires us to do so, or if we are unable to adequately verify your identity. We will not discriminate against individuals who exercise any of their privacy rights under applicable law. If we deny or fail to take action on your request, you may appeal our decision by contacting us at the address described in the Contact Details section below with the subject line “Appeal.”

To protect your personal data, we must be able to verify your identity before we can process your request to exercise any of the choices described in this section. We may conduct the verification process by email or phone, and we will ask you to provide information such as your name, contact information, and any additional relevant information based on your relationship. We will then match this to the information we maintain in our records.

In some circumstances, certain individuals may designate an authorized agent to submit requests to access or delete personal data. We will require verification that the authorized agent has permission to make such a request.

 

IX.   Cookies and Similar Tracking Technologies

We use a variety of technologies such as cookies, web beacons, clear GIF, pixels, internet tags, and browser/web logs to gather information when you visit or interact with our websites, mobile apps, and email communications. Cookies are small text files that are placed on your computer or mobile device by websites you visit. We use this information for a variety of purposes, such as to make our websites work properly, to make a user’s experience more efficient, to understand how visitors interact with our websites, and to for advertising purposes. For more information about how our websites use cookies and to update your preferences, click the Cookie Settings link located in the footer of the website.

 

X.   Contact Details

You can exercise any of the rights described above in the “What are your choices and how can you exercise them?” section above directly with Kendo by sending an email to kvdprivacy@kendobrands.com, or by mailing a non-registered letter to the below address:

Kendo Holdings, Inc.
Legal Department, Privacy
425 Market Street, 19th Floor
San Francisco, CA 94105
1 415 284 6000

If you are submitting a request on behalf of another person, you must provide proof that you have been authorized by the individual to act on his or her behalf. In certain circumstances, we may ask the individual to verify his or her own identity directly with us. Please note, we may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf.

For all questions relating to the collection and processing of your data by Kendo, you can contact our Data Protection Officer at dpo@kendobrands.com. If you are not satisfied with our response and are in the European Union or Canada, you may have a right to lodge a complaint with your local supervisory authority or privacy commissioner, as applicable.

If you are a customer in Canada, Kendo Holdings Inc. controls your personal information.

 

XI.   Additional Information for California Residents

  • California Sensitive Information Disclosure. We collect the following categories of sensitive personal information (as defined under California law): Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; Precise geolocation; Racial or ethnic origin; and Information concerning health. This information is collected in order to process transactions, comply with laws, manage our business, or provide you with services. Note that we do not use such information for any purposes that are not identified within the California Privacy Rights Act Section 1798.121. We do not “sell” or “share” sensitive personal information for purposes of cross-context behavioral advertising.
  • Notice of Financial Incentive. We offer programs that provide certain perks, such as discounts and exclusive offers (collectively, the “Loyalty Programs”). When you sign up for a Loyalty Program, we typically ask you to provide your contact information (such as email address and/or telephone number). Because our Loyalty Programs involve the collection of personal information, they might be interpreted as a “financial incentive” program under California law. We do not assign a monetary value to the information we collect. Based on our reasonable estimate, the value of your personal information to us is related to the value of the free or discounted products or services, or other benefits that you receive as part of the applicable Loyalty Program. This value is based on the expense related to offering those free or discounted products or services. You may withdraw from participating in a Loyalty Program at any time by using the information in the Contact Details section above.
  • California Shine the Light. If you would like more information concerning the categories of personal data (if any) we share with third parties or affiliates for those parties to use for direct marketing, please contact us using the information in the Contact Details section above.

 

XI.   Miscellaneous

The following additional information relates to our privacy practices:

  • Third Party Applications/Websites. Our websites may include links to websites or applications that are owned or operated by third parties. Please note, we have no control over the privacy practices of websites or applications that we do not own. For example, some of our websites utilize the YouTube API Services to provide video content. When you interact with the YouTube functionality available through one of our websites, you will be subject to agree to the YouTube Terms of Service and Privacy Policy. We encourage you to review the privacy policies of any third-party website or application for details about what information is collected and how it is used and/or shared.
  • Changes To This Privacy Policy. We may change our privacy policy and practices over time. You can check the legend at the top of this page to see when this Privacy Policy was last revised. To the extent that our Privacy Policy changes in a material way, the policy that was in place at the time that you submitted personal data to us will generally govern that data unless we receive your consent to the new privacy policy.

INFORMATION SHARING DISCLOSURE

The following table describes the categories of personal data we disclose for business purposes, and “share” for purposes of cross-context behavioral advertising (also referred to as “targeted advertising”) (as those terms are defined by applicable law).

Category of Personal Data We Collect

Examples of Categories of Recipients

Disclosures for business purposes

Sharing for Cross-Context Behavioral Advertising

Identifiers— such as name, postal address, phone number, unique personal identifier, online identifier, device ID, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

  • Advertising Networks
  • Data analytics providers
  • Operating systems and platforms
  • Product and service fulfilment companies
  • Payment Processors and financial institutions
  • Social Networks
  • Government entities, law enforcement, lawyers, auditors, consultants and other parties as required by law
  • Advertising Networks

Financial Information — such as bank account number, credit or debit card number, or other financial information.

  • Payment Processors and financial institutions
  • Government entities, law enforcement, lawyers, auditors, consultants and other parties as required by law

None

Protected Characteristics — such as age, race, gender, physical or mental disability.

  • Data analytics providers
  • Government entities, law enforcement, lawyers, auditors, consultants and other parties as required by law

None

Commercial Information — such as information about products or services purchased, or other purchasing or consuming histories or tendencies.

  • Advertising Networks
  • Data analytics providers
  • Operating systems and platforms
  • Product and service fulfilment companies
  • Payment Processors and financial institutions
  • Social Networks
  • Government entities, law enforcement, lawyers, auditors, consultants and other parties as required by law
  • Advertising Networks

Network activity data — internet or other electronic network activity information, such as browsing history, search history, and information regarding an individual’s interaction with an internet website, application, or advertisement.

  • Advertising Networks
  • Data analytics providers
  • Operating systems and platforms
  • Advertising Networks

Geolocation information— such as your physical location.

  • Advertising Networks
  • Data analytics providers
  • Operating systems and platforms
  • Advertising Networks

Electronic and sensory data— such as audio, electronic, visual, thermal, olfactory, or similar information (e.g., pictures, a recording of a customer service call, security video surveillance footage).

  • Advertising Networks
  • Data analytics providers
  • Operating systems and platforms
  • Advertising Networks

Professional/employment information— such as occupation and professional references.

  • Data analytics providers
  • Government entities, law enforcement, lawyers, auditors, consultants and other parties as required by law

None

Inferences — drawn from any of the information identified above.

  • Advertising Networks
  • Data analytics providers
  • Advertising Networks