- Last Updated
- Policy Introduction
- Site Policies, Modification, and Severability
- Terms Used in this Document: We, Users, Third Parties
- General Data Protection Regulation (GDPR)
- What Personal Data We Collect and How We Collect it
- What We Do With the Collected Personal Data
- How Long Do We Keep Your Personal Data?
- What Do We Share, With Whom, and Under What Conditions?
- Important Rights of Our Users Regarding the Personal Data
- Third Parties That Have Access to Your Personal Data
- Promotions, Contests and Sweepstakes
- Other Information Collected
- Log Files
- Information Sharing
- Information From Third Party Sources
- Customer Service
- Service Providers
- Compliance With Legal Authorities
- Links to Other Web Sites
- Internet Fraud
- International Transfer
- Changes to this Statement
- Contact Information
Last updated: 2019.01.10
If, after review, you still have questions about any portion of this Policy, please use the contact information provided at the bottom of this page.
Site Policies, Modification, and Severability
Terms Used in this Document: We, Users, Third Parties
- Katherine Hayes Hair is the provider of the service, referred sometimes as we.
- By users we understand all the users of our tools, products, or services.
- Visitors are those who browse the web pages of our website. The logged in visitors are users of our service because they previously signed-up for an account on our website.
- Customers are the users that paid for any of our: tools, products, or services.
- Third parties are other companies and the services they provide us.
General Data Protection Regulation (GDPR)
The GDPR law is the European law that regulates the privacy rights of users from the European Economic Area (EEA). Our Declaration of Conformity can be found here.
GDPR’s main principle is that users own their personal data, and the companies have the obligation to make the right steps to facilitate the users’ rights:
- to know what personal data companies collect, how they store this info and for how long
- to know if the personal data is shared with third parties
- to get the personal data (data portability)
- to delete the personal data
- to correct the personal data
1. What Personal Data We Collect and How We Collect it
From the unlogged visitors of our site, we collect the following data: anonymized IPs, location, browser type, visited pages.
Logged in Visitors:
When the visitors of our site sign-up for an account, we collect their email address and username.
We also keep the personal data used in the financial transactions. The invoice details such as payment email, amount of money, name of the customer, company, addresses, and payment system, are not completely under the GDPR law, but due to the fiscal policy, we need to store them for tax records. If you have any questions or concerns, please use the contact information provided at the bottom of this page.
2. What We Do With the Collected Personal Data
In order to help our customers we need to use their personal data:
- Personal data needed for user identification: the email address used for registration.
- Personal data needed to communicate with the clients that need assistance: their email addresses.
- Personal data needed to fulfill sales and orders from invoices: payment email, amount of money, name of the customer, company, addresses, and payment system.
Running the Site
In order to maintain and optimize the site we need to user their personal data:
- Personal data needed to optimize site experience: anonymized IP’s, location, browser type, and visited pages.
3. How Long Do We Keep Your Personal Data?
We retain personal data only as long as is necessary and only for the purpose for which it was obtained. We restrict access to personal data to only those persons who need to use it for the relevant purpose.
Users of this site have the ability to delete their own personal data or their own account by visiting the Privacy Settings page for more information and directions. If you have any questions or concerns, please use the contact information provided at the bottom of this page.
4. What Do We Share, With Whom, and Under What Conditions?
Our users’ data is shared with third parties that help us run the service. Please check below a list of the services that have full or partial access to our users’ data, and their privacy and data policies.
We will tell our users if we intend to share their info with other third parties. We don’t sell personal data.
5. Important Rights of Our Users Regarding the Personal Data
You own your data. If you want to download the information we store about you and about your history with our site please visit our Privacy Settings page. If you have any questions, please use the contact information provided at the bottom of this page.
Personal data deletion and account removal:
Users that want their personal data to be deleted can send visit our Privacy Settings page. The deletion of personal data can lead to the termination of the your account and/or services we provide due to technical reasons. If you have any questions, please use the contact information provided at the bottom of this page.
Personal data errors:
You have the right to correct your personal data. If you have any questions, please use the contact information provided at the bottom of this page.
The right to fill a complaint:
For us, your personal data is important, and we try to take all the necessary steps to protect your personal data and to respect your rights.
6. Third Parties That Have Access to Your Personal Data
Zoho – zoho.com
Zoho is an email service provider. Our business emails are stored and sent using this service. Zoho can access all the personal data our users share with us via email communication.
Zoho’s documentation regarding their compliance with the General Data Protection Regulation: https://www.zoho.com/lp/gdpr.html
Cloudflare – cloudflare.com
CloudFlare is a web performance and security service. We use CloudFlare to ensure that our services are secure and operate quickly. Although we do not directly provide any personal data to CloudFlare, they may collect non personally identifiable information about you.
Digital Ocean – digitalocean.com
Digital Ocean is a hosting company base in the United States. We use their service for hosting our site.
Digital Ocean’s documentation regarding their compliance with the General Data Protection Regulation: https://www.digitalocean.com/security/gdpr/
RunCloud – runcloud.io
RunCloud is a Saas server manager for PHP servers based in Malaysia. We use their services to help manage: server provisioning, server settings, server security, and server optimization.
RunCloud’s documentation regarding their compliance with the General Data Protection Regulation: https://runcloud.io/legal/gdpr.html
Mailgun – Mailgun.com
Mailgun is a customer communication platform for transactional and marketing emails. We use this service for our transactional and marketing campaigns. Mailgun has access to our users’ email addresses, and it’s taking all the necessary steps to comply with the General Data Protection Regulation.
Mailgun’s documentation regarding their compliance with the General Data Protection Regulation: https://www.mailgun.com/gdpr
WordPress – wordpress.org
WordPress.org is the foundation that manages the WordPress content management system, WordPress themes, WordPress plugins. We use WordPress to run and manage this site.
WooCommerce – woocommerce.com
WoCommerce is an eCommerce platform for WordPress. We use WooCommerce to manage products, sales, customers, and invoicing.
Electronic Payment Processing Services
We use electronic payment processing services. We don’t keep any Credit Card data on our servers.
We use the following electronic payment processing services:
- Paypal – paypal.com
- Stripe – stripe.com
- Square – squareup.com
Disqus – disqus.com
Disqus is a blogging comment hosting service. The visitors of our site can comment on our articles using the Disqus platform.
Here is the Discus’s position on GDPR: https://blog.disqus.com/update-on-privacy-and-gdpr-compliance
ShortPixel – shortpixel.com
ShortPixel is a image and pdf optimization service. We use ShortPixel to compress any image or pdf that is uploaded to our site.
Google Analytics – analytics.google.com
We use the Google Analytics service to obtain statistics about our site’s visitor number, origin and behavior. We took the necessary steps to ensure that the information we gather through Google Analytics is anonymized and that we cannot identify a particular visitor.
For more information about Google Analytics, please visit https://www.google.com/analytics/
We are sure that Youtube and Video don’t access the information pertinent to your relation with the Company’s web site, like registered user email, payment details.
Transparency is important to us. It is the policy of Katherine Hayes Hair to disclose any affiliate or referral relatioships on our website, https://katherinehayeshair.com, and any other sites we own and operate. Please visit our Disclosure Policy page for more information.
Promotions, Contests and Sweepstakes
Other Information Collected
Some information may be collected automatically every time you visit the Company’s web sites, such as cookies and computer information. In addition, information may be collected from other independent, third-party sources. We also collect information about which pages you visit within this site. This site visitation data is identified only by a unique URL.
Information about how you use this website is collected automatically using “cookies”. A cookie is a small piece of data that a website stores on your device when you visit, typically containing information about the website itself, a unique identifier that allows the site to recognize your web browser when you return, additional data that serves the purpose of the cookie, and the lifespan of the cookie itself.
As it is true of most web sites, the Company gathers certain information automatically and stores it in log files. This information includes anonymized internet protocol (IP) addresses, browser type, internet services provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. The Company uses this information to analyze trends, to screen for fraud, to administer the Company’s sites, to track users’ movements around the web sites and to gather demographic information about the Company’s user base as a whole.
The Company does not sell or rent any of the information collected to third parties for any purposes, but it shares information with third parties as described in this policy.
Information From Third Party Sources
To improve services and enhance personalization, the Company may periodically obtain information about you from other independent third party sources and add it to our account information. For example, when you visit a site on which the Company advertises, and click through such advertisement, the Company may place cookies on your computer.
Verification, Billing, and Order Status:
The Company collects personal data to verify the accuracy of your name, billing address, shipping address, credit card number, and credit card expiration date provided, to screen for fraud, to bill you for the products and services purchased and to pay you for the products and services sold. The Company uses your e-mail address(es) to contact you regarding the status of your order when necessary and to send you a Receipt Purchase/Sale Confirmation and Order Shipping Notification. Generally, you may not opt-out of these communications since they are not promotional in nature. If you do not wish to receive them, you may have the option to deactivate your account.
We send newsletters to our users about deals and promotions. Our marketing campaigns could promote other services as well, if we believe that they are compatible with our service, and that they could be useful for our users. We try to keep these types of messages at a maximum of two emails per user/ each month. You may “opt-out” of receiving them by following the instructions included in each communication.
Special Offers and Updates:
The Company collects information about which sections of its web site you visit most often, so that it can send you our newsletter (if you choose to receive our newsletter) and the information about the offers, promotions, contests, and sweepstakes which may interest you. Accordingly, the Company will occasionally send you information on products, services, special deals, promotions and sweepstakes. You may “opt-out” of receiving them by following the instructions included in each communication.
Choice and Opt-Out:
If you no longer wish to receive the Company’s promotional communications, you may “opt-out” of receiving them by following the instructions included in each communication.
We also collect information for research purposes and to provide anonymous reporting for internal and external clients. The Company uses the information collected for its own internal marketing and demographic studies, to improve customer service and product offerings.
We will communicate with you in response to your inquiries, to provide the products and services you request, and to manage your account. We will communicate with you by e-mail, live chat or telephone, in accordance with your wishes and availability.
The Company stores information that it collects through cookies, log files, and third party sources, to create a profile of your preferences, in order to improve the content of the Company’s web site for you. Please refer to the Cookies section of this policy for more information on our usage and policies of cookies.
The Company discloses the information collected to external service providers, necessary to facilitate the following outsourced operations: address verification, credit card processing, fraud screening and order shipping.
Compliance With Legal Authorities
As required by law, and to enforce customers’ or the Company’s legal rights, and to comply with local, state, federal and international law, the Company may disclose information to law enforcement agencies.
Links to Other Web Sites
The Company protects the privacy and integrity of the information it collects by employing appropriate administrative protocols, technical safeguards, and physical security controls, designed to limit access, detect and prevent the unauthorized access, improper disclosure, alteration, or destruction of the information under its control. The Company transmits the information used by its external service providers for the specific outsourced operations listed above, across public and private networks via recognized encryption technologies, such as by using Secure Sockets Layer (SSL) software, which encrypts the information you input.
Although the Company follows the procedures set forth above to protect the personal data submitted to the Company, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Thus, while the Company strives to use commercially acceptable means to protect your personal data, the Company cannot guarantee its absolute security.
If you have any questions about the Company’s security on its web sites, please use the contact information provided at the bottom of this page.
The Company has a ZERO TOLERANCE policy for Internet fraud or any attempt to access or acquire customer or other information on its web sites via illegal or surreptitious means. The Company will work with local, national, and international fraud investigation agencies and employs a variety of electronic and other means to discourage, detect, and intercept fraudulent activities. The Company aggressively prosecutes, to the fullest extent of the law, those perpetrators apprehended conducting fraudulent activities on its web site.
The Agencies with which the Company can cooperates with are: state and local police authorities, the United States Federal Bureau of Investigation, US and International Customs Agencies, and Interpol.
personal data collected by the Company may be stored and processed in the United States or any other country in which the Company or its affiliates, subsidiaries or agents maintain facilities, and by using the Company’s web sites, you consent to any such transfer of personal data outside of your country.
The Company’s sites are not intended for or directed to persons under the age of 16. The Company does not buy or sell products or services from or to children. Any person who provides their information to the Company through the Company’s web sites attests that they are 16 years of age or older. If you are under 16, you may use the Company’s services only with involvement of a parent or guardian.
Changes to this Statement
You may contact the Company by using the Contact page on the site.