Drybar Privacy Policy

California Residents: Do Not Sell My Personal Information

California Residents: CCPA Opt-Out Choices

Non-California Residents: Opt-Out

 

Effective as of: January 30, 2020
A copy of our previous privacy policy is available here
Drybar is committed to providing our customers with exceptional service. As providing this service involves the collection, use and disclosure of some personal information about you, protecting and ensuring the privacy of your personal information is one of our highest priorities. One of the ways we do that is to have this Privacy Policy, which tells you why and how we collect, use and disclose your personal information.
This Privacy Policy describes the privacy practices of Drybar Holdings LLC and our subsidiaries and affiliates (collectively, “Drybar”, “we”, “us”, or “our”) in connection with our website, the Drybar mobile application, and any other website or mobile application that we own or control and which posts or links to this Privacy Policy (collectively, the “Services”), as well as certain offline services as described in this Privacy Policy, and the rights and choices available to individuals with respect to their information. 
Because Drybar is a U.S.-based company, our Services are controlled and offered from Drybar’s facilities in the United States.  The data protection rules and rights of government access to your data in your state, province or country may be different than those in the United States.  Drybar will continue to process your personal information as described in this Privacy Policy.

SECTION 1 - PERSONAL INFORMATION WE COLLECT
Personal information you provide to us.  Personal information you may provide to us through the Services or otherwise includes:

  • Information regarding potential COVID-19 exposure, such as your temperature and whether you have symptoms associated with or have been diagnosed with COVID-19.
  • Contact data, such as your first and last name, email and mailing addresses, postal code, phone number and social media alias.
  • Profile data, such as your username and password that you set to establish an online account with us, and other information you include in your account profile.
  • Haircare preferences, such as your hair type, hair concerns and the products and services you have received from us.
  • Communications that we exchange when you communicate with us, such as when you request support, contact us with questions or feedback or complete our surveys.
  • Content, such as comments, text, images, audio, video or other content you post to or provide through the Services.
  • Appointment information, such as your past and upcoming appointment dates and locations and the services you have requested.
  • Payment and transactional data, such as the information needed to complete your orders on or through the Services (including name, credit card information, billing and shipping information), information about your payment transactions, and your order history.
  • Marketing data, such as your preferences for receiving communications about our products, activities, events, and publications; details about how you engage with our communications; and information you provide when you participate in an event, contest or promotion.
  • Other information that we may collect which is not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Other sources. We may combine personal information we receive from you with personal information we obtain from other sources, such as:

  • Data providers, such as information services and data licensors.
  • Public sources, such as public social media platforms.
  • Business partners, such as joint marketing partners, licensors/licensees, joint venture partners and event co-sponsors.

Automatic collection.  We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your activity over time on the Services and other online services, including:

  • Device data, such as your computer or mobile device operating system type and version number, manufacturer and model, browser type, screen resolution, IP address, internet service provider, the website you visited before browsing to our website, and general location information such as city, state or geographic area.
  • Online activity data, such as what pages you visit, what products or files you view, referring/exit pages and the third-party sites that led you to our site or mobile application.
  • Precise geolocation data, such as when you authorize our mobile application to access your location.

Cookies and similar technologies.  Some of our automatic data collection on the Services is facilitated by:

  • Cookies, which are text files that websites store a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of tracking user activity and patterns, helping you navigate between pages efficiently, remembering your preferences and generally improving your browsing experience.
  • Flash cookies, or locally-stored objects, which are used for purposes similar to cookies but allow storage of a larger amount of data.
  • Web beacons, also known as pixel tags or clear GIFs, typically used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked, typically to compile statistics about usage of websites and the success of marketing campaigns.
  • Software development kits, or SDKs, which are used to incorporate third party computer code into our App that allows the third party service providers or advertising partners to collect data directly from it for a variety of purposes, including to provide us with analytics regarding the use of the Drybar mobile application, to integrate with social media, add features or functionality to our app, or to facilitate online advertising.

Information about others. You may have the opportunity to share personal information about others with us, such as when you book an appointment for them through the Services, purchase a gift card for a third party, or refer friends or other contacts to us. When you share the personal information of others with us, you are responsible for ensuring you have their permission to do so.

SECTION 2 – HOW WE USE YOUR PERSONAL INFORMATION
To provide the Services. We may use your personal information to:

  • provide, operate and improve the Services, such as when we use your personal information to schedule and confirm appointments with you and mail you the products or gift cards you order from us;
  • verify identity;
  • determine whether you may have, or have been exposed to, COVID-19;
  • prevent fraud and abuse;
  • identify your shopping preferences and your shopping;
  • open and manage an account;
  • deliver requested products and services or to respond to questions;
  • guarantee and process a reservation, as well as provide our services;
  • enroll you in a program;
  • send you our newsletters, coupons, updates, reminders, related email marketing, and other information;
  • ensure a high standard of service to you;
  • meet regulatory requirements;
  • send SMS updates, appointment reminders, and special marketing promotions;
  • respond to your queries and communicate with you about the Services, including by sending announcements, updates, security alerts, and support and administrative messages;
  • keep track of customer feedback, understand your needs and interests, and personalize your experience with the Service and our communications; and
  • improve our service to customers and to provide support and maintenance for the Services.

Research and developmentWe may use your personal information for research and development purposes, including to customize our Services, improve the online experience, and analyze and improve the Services and our business.  As part of these activities, we may create aggregated, de-identified or other anonymous data from personal information we collect.  We make personal information into anonymous data by removing information that makes the data personally identifiable to you.  We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Services and promote our business.
Marketing and advertising. We and our third party advertising partners may collect and use your personal information for marketing and advertising purposes:

  • Direct marketing.  We may send you Drybar-related or other direct marketing communications as permitted by law.  You may opt-out of our marketing communications as described below
  • Interest-based advertising.  We may contract with third-party advertising companies and social media companies to display ads on our Services and other sites. These companies may use cookies and similar technologies to try to tailor the ads you see online to your interests based on your activity over time across our Services and other sites, or your interaction with our emails. These ads are known as "interest-based advertisements." You can learn more about your choices for limiting interest-based advertising in the Advertising choices section, below.

Compliance and Operations.  We may use your personal information in the following circumstances:

  • When the collection, use or disclosure of personal information is permitted or required by law;
  • In an emergency that threatens your life, health, or personal security;
  • When the personal information is available from a public source (e.g., a telephone directory);
  • When we require legal advice from a lawyer;
  • For the purposes of collecting a debt or to protect ourselves from fraud;
  • To investigate an anticipated breach of an agreement or a contravention of law;
  • If our company is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to service or sell products to you.

For other purposes.  We may also use your personal information for other purposes described in this Privacy Policy or at the time we collect the information.

SECTION 3 – HOW WE SHARE YOUR PERSONAL INFORMATION
We may share your personal information with the following parties and as otherwise described in this Privacy Policy or at the time of collection. 
Other users and the public.  If at any time our Services offer any chat rooms, comments, notice board facilities, reviews, social media, newsgroups etc. information that you post or make available may be collected by other users or the public.  Please note that we cannot be responsible for other parties’ use of the personal information, which you may make available to such third parties through any chat room, comments, notice board, newsgroup etc. on the Services.  Please be careful about what personal information you disclose in this way.
Affiliates.  We may share your personal information with our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.
Service providers.  We may share your personal information with unrelated companies and individuals that provide services on our behalf or help us operate the Services or our business (such as customer support, hosting, payment processing, appointment booking, analytics, email delivery, marketing, and database management services). These third parties may use your personal information only as authorized under our contracts with them.
Business partners. We may share your personal information with our business partners, such as joint marketing partners, licensors/licensees, joint venture partners and event co-sponsors.
Advertising partners. We may sometimes share your personal information with our advertising partners, and may enable such partners to collect information directly via our Services for the purposes described in the Marketing and advertising section, above.
Professional advisors.  We may share your personal information with professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
Authorities and others. We may share your personal information with law enforcement, government authorities, and private parties, when we believe in good faith it is necessary or appropriate for the compliance and operations purposes described above. 
Business transferees.  We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, with relevant participants in business transactions (or potential transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Drybar or our affiliates (including, in connection with a bankruptcy or similar proceedings). 
For other purposes.  We may also share your personal information for other purposes described in this Privacy Policy or with your consent. 

SECTION 4 – YOUR CHOICES
In this section, we describe the rights and choices available to all users.
Opt out of marketing emails.  If you no longer wish to receive marketing-related emails from us, you may opt out by clicking the "unsubscribe" option in the email message, informing us at privacyofficer@thedrybar.com, or mailing us at: Drybar Privacy Officer / 125 Technology Drive, Suite #150 / Irvine, CA 92618
You may continue to receive service-related and other non-marketing emails.
If you consent to receive text messages, you will receive auto-dialed appointment confirmations and reminders in addition to marketing or promotional texts.  You may receive SMS or MMS messages.  Message and data rates may apply, check with your cellular or data carrier for information.  Up to 6 autodialed promotional messages per month.  Appointment confirmations and reminders will be based on the number of appointments you make.  Consent to get text messages is not required/not a condition for purchase of goods or services.  You can opt out of receiving text messages.  To stop receiving text messages, reply STOP or email buttercup@thedrybar.com with your phone number. 
Choosing not to share your personal information.  Subject to certain exceptions (e.g., the personal information is necessary to provide the service or product, or where we must use your personal information to perform a legal obligation), you can choose not to share your personal information with us. If you do not provide this personal information when requested it may restrict our ability to provide a particular service or product. If so, we will explain the situation to assist you making the decision by telling you what information you must provide to receive the Service by designating it as required at the time of collection or through other appropriate means.
Cookies & browser web storage.  We may allow service providers and other third parties to use cookies and similar technologies to track your browsing activity over time and across the Services and third party websites. Most browsers let you remove or reject cookies.  To do this, follow the instructions in your browser settings.  Many browsers accept cookies by default until you change your settings.  Please note that if you set your browser to disable cookies, the Services may not work properly.  Similarly, your browser settings may allow you to clear your browser web storage. 
Location data. Users of our mobile application also the choice whether to allow us to access your precise location data. Your device settings may provide the ability for you to revoke our ability to access location data.
Advertising choices. Some of the business partners that collect information about users’ activities on or through the Services may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior or mobile application usage for purposes of targeted advertising.
Users may opt out of receiving targeted advertising on websites through members of the Network Advertising Initiative by clicking here or the Digital Advertising Alliance by clicking here. Users of our mobile applications may opt out of receiving targeted advertising in mobile apps through participating members of the Digital Advertising Alliance by installing the AppChoices mobile app, available here, and selecting the user’s choices. Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked above.
In addition, your mobile device settings may provide functionality to limit our, or our partners’, ability to engage in ad tracking or targeted advertising using the Google Advertising ID or Apple ID for Advertising associated with your mobile device.
If you choose to opt-out of targeted advertisements, you will still see advertisements online but they may not be relevant to you. Even if you do choose to opt out, not all companies that serve online behavioral advertising are included in this list, so you may still receive some cookies and tailored advertisements from companies that are not listed.
Do Not Track.  Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit.  We currently do not respond to “Do Not Track” or similar signals.  To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

SECTION 5 – SECURITY
The security of your personal information is important to us.  We employ a number of organizational, technical and physical safeguards designed to protect the personal information we collect.  However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.

SECTION 6 – OTHER SITES, MOBILE APPLICATIONS AND SERVICES
The Services may contain links to other websites, mobile applications, and other online services operated by third parties.  These links are not an endorsement of, or representation that we are affiliated with, any third party.  In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions.  Other websites, mobile applications and services follow different rules regarding the collection, use and sharing of your personal information.  We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.

SECTION 7 – CHILDREN 
The Services are not intended for use by children under 16 years of age, and we do not intentionally collect personal information from children under 16. If we learn that we have collected personal information from a child under 16 without the consent of the child’s parent or guardian as required by law, we will delete it. 

SECTION 8 – CHANGES TO THIS PRIVACY POLICY
This Privacy Policy may be updated from time to time for any reason. If we make material changes to this Privacy Policy we will notify you by posting the new Privacy Policy on the Services and changing the “Last Updated” date above. If required by law we will also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail or another manner through the Services.  Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your continued use of the Service after the posting of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.

SECTION 9 – HOW TO CONTACT US
Please direct any questions or comments to:
Privacy Officer, 125 Technology Drive Suite # 150 Irvine CA 92618, or PrivacyOfficer@thedrybar.com

SECTION 10 –  IMPORTANT INFORMATION FOR CALIFORNIA RESIDENTS
Section effective as of: January 1, 2020
This section applies only to California residents and is effective as of January 1, 2020. For purposes of this section, “Personal Information” has the meaning given in the California Consumer Privacy Act of 2018 (“CCPA”) but does not include information exempted from the scope of the CCPA.
Personal Information that we collect, use and share.  We have created a table below which summarizes how we collect, use and share Personal Information by reference to the categories specified in the CCPA, and describes how we have collected, used and shared Personal Information during the preceding 12 months.

Category of Personal Information (PI) as specified in the CCPA
(Definitions are available here)

Details of PI we collect, if any
(See the “Personal Information We Collect” section above for more details)

Business/commercial purpose of collection
(See the “How We Use Your Personal Information” section above for more details)

Categories of third parties with whom we share PI for a business purpose
(See the “How We Share Your Personal Information” section above for more details)

Identifiers

  • Contact data
  • Profile data
  • Communications
  • Information about others (such as the name and address of gift card recipients)

 

  • To provide the Services
  • Research and development
  • Marketing and advertising
  • Compliance and operations
  • Other users and the public
  • Affiliates
  • Service providers
  • Business Partners
  • Advertising Partners
  • Professional advisors
  • Authorities and others
  • Business transferees

Financial Information

  • Payment and transactional data
  • To provide the Services
  • Compliance and operations
  • Affiliates
  • Service providers
  • Professional advisors
  • Authorities and others
  • Business transferees

Commercial Information

  • Haircare preferences
  • Communications
  • Appointment information
  • Payment and transactional data
  • Marketing data
  • Online activity data
  • To provide the Services
  • Research and development
  • Marketing and advertising
  • Compliance and operations
  • Affiliates
  • Service providers
  • Business partners
  • Advertising partners
  • Professional advisors
  • Authorities and others
  • Business transferees

Internet or Network Information

  • Marketing data
  • Device data
  • Online activity data
  • To provide the Services
  • Research and development
  • Marketing and advertising
  • Compliance and operations
  • Affiliates
  • Service providers
  • Business partners
  • Advertising partners
  • Professional advisors
  • Authorities and others
  • Business transferees

Online Identifiers

  • Contact data
  • Profile data
  • Device data
  • Online activity data
  • To provide the Services
  • Research and development
  • Marketing and advertising
  • Compliance and operations
  • Other users and the public
  • Affiliates
  • Service providers
  • Business partners
  • Advertising partners
  • Professional advisors
  • Authorities and others
  • Business transferees

Geolocation data

  • Precise geolocation data
  • To provide the Services
  • Research and development
  • Marketing and advertising
  • Compliance and operations
  • Affiliates
  • Service providers
  • Business partners
  • Advertising partners
  • Professional advisors
  • Authorities and others
  • Business transferees

Inferences

May be derived from your:

  • Haircare preferences
  • Appointment information
  • Payment and transactional data
  • Marketing data
  • Device data
  • Online activity data
  • To provide the Services
  • Research and development
  • Marketing and advertising
  • Compliance and operations
  • Affiliates
  • Service providers
  • Business partners
  • Advertising partners
  • Professional advisors
  • Authorities and others
  • Business transferees

Physical Description

  • Profile data
  • Haircare preferences
  • To provide the Services
  • Research and development
  • Marketing and advertising
  • Compliance and operations
  • Affiliates
  • Service providers
  • Business partners
  • Advertising partners
  • Professional advisors
  • Authorities and others
  • Business transferees

Sensory Information

  • Your content
  • Security data, such as security camera footage recorded at our salons or offices
  • To provide the Services
  • Compliance and operations
  • Other users and the public (when you post content or consent to our display of your content)
  • Affiliates
  • Service providers
  • Business partners
  • Professional advisors
  • Authorities and others
  • Business transferees

Protected Classification Characteristics

We do not intentionally collect this information but it may be revealed in other information we collect, such as profile data, haircare preferences and your content.

Not applicable

Not applicable

The sources from which we collect this Personal Information are you, public sources, business partners, automatic collection (including through the use of cookies and similar technologies), and existing users or others who may provide your Personal Information to us. For more details, see the Personal Information We Collect section above. 

The categories of third parties to whom we disclose this Personal Information include business partners (for marketing and advertising purposes) and advertising partners (to facilitate online advertising). For more details, see the How We Share Your Personal Information section above.
Your California privacy rights. If you are a California resident, you can request to exercise your privacy rights as detailed within CCPA and listed below.

  • Opt-out of sales. If we “sell” your Personal Information, you can opt-out. In addition, if you direct us not to sell your Personal Information, we will consider it a request pursuant to California’s “Shine the Light” law to stop sharing your personal information covered by that law with third parties for their direct marketing purposes.
  • Deletion. You can ask Drybar to delete the Personal Information that we have collected about you.
  • Access. You can ask Drybar for a copy of the Personal Information that we have collected about you.
  • Information.  You can request the following information about how we have collected and used your Personal Information during the past 12 months:
    • The categories of Personal Information that we have collected.
    • The categories of sources from which we collected Personal Information.
    • The business or commercial purpose for collecting and/or selling Personal Information.
    • The categories of third parties with whom we share Personal Information.
    • Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third party recipient.
    • Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third party recipient. 

You are entitled to exercise your CCPA privacy rights described above free from discrimination in the form of legally prohibited increases in the price or decreases in the quality of our Services.

How to exercise your rights. You may request to exercise your California privacy rights described above as follows:

Drybar is happy to process your privacy enactment request, once we have confirmed your identity and validated that you reside in California. As part of this process, government identification may be required.  Consistent with California law, you may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government-issued identification, and the authorized agent’s valid government issued identification.  We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.
If you are somehow affiliated to Drybar, in that perhaps you are an employee, vendor, contractor, or hold any other position for or within the company, and you reside in California, feel free to enact your CCPA rights using the methods detailed in this section. Unfortunately, we won’t be able to send you any human resource related information or other information in accordance with applicable law (examples may be; payroll, PTO, benefits, contract information), but we will process your privacy enactment request in the same manner that we would for any other California Resident. Requesting to exercise your CCPA privacy rights won’t change the affiliation you have with Drybar in any way.
Your California privacy rights are not absolute, and in certain cases we may decline your request as permitted by law.  For example, Drybar may reject privacy enactment requests if there is any suspected malice, including any which may be deceptive, fraudulent, illegal or pose a security threat. Drybar may also reject requests related to legal or criminal matters, or if they’re related to any in-progress transactions or purchases.

Last updated May 7, 2020