Privacy Notice

Last Updated: October 14, 2023

SONIA ROSELLI PRIVACY NOTICE

This privacy notice (“Privacy Notice”) describes how Sonia Roselli Beauty, Inc. (“Sonia Roselli,” “our,” “we,” or “us”) collects, uses, discloses, transfers, and protects your (“you” or your”) personal and personally identifiable information, along with how you can contact Sonia Roselli to request amendment, modification, or deletion of your personal and personally identifiable information, when you use the soniaroselli.com website and its associated services (“Website”).

What does this Privacy Notice cover?

This Privacy Notice covers Sonia Roselli’s collection, use, disclosure, transfer of, and protection of your personal and personally identifiable information. Sonia Roselli is located in the United States of America and may store and process your personal and personally identifiable information in the United States of America. When you agree to this Privacy Notice and use the Website, you agree to the collection and processing of your personal and personally identifiable information in the United States of America and subject to the terms of this Privacy Notice.

Our Website may include links to websites or may include the use of analytics tools that are owned, operated, and maintained by third parties. Sonia Roselli does not exercise control over the privacy practices such third party websites or analytics tools, and you are encouraged to review the privacy practices of all such third-party websites or analytics tools disclosed within this Privacy Notice.

Before using the Website or providing information to us, please carefully review this Privacy Notice. By using or accessing the Website, you agree that we may collect and use your personal and personally identifiable information in accordance with this Privacy Notice, as revised from time to time. Sonia Roselli may modify, amend, replace, or suspend this Privacy Notice at any time. If you have any questions or suggestions regarding our Privacy Notice, or if your personal information is not accurate or complete, please contact us at:

Privacy Officer

Sonia Roselli Beauty, Inc.
3024 N Ashland Ave. #578909
Chicago, IL 60657-3012
United States of America
privacy@soniaroselli.com

By providing Sonia Roselli with your personal or personally identifiable data and using the Website, you warrant that you are over the age of eighteen (18) or otherwise above the age of majority within your jurisdiction. If you are younger than eighteen (18) or the age of majority within your jurisdiction, please do not use the Sonia Roselli Website and please do not provide personal information to us.

What information do we collect?

When you use the Website, we may collect personal or personally identifiable information from you (“PII”). PII may include any information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual. It does not include anonymized data.

We may collect and process the following categories of PII about you:

  • Identification and Contact Data. Identification and contact data includes data that you submit to us or authorize to be submitted to us through our Website or e-mail, such as your name, address, country, phone number, and email address, data that you voluntarily provide when submitting customer support requests or other communications to Sonia Roselli, and identification data that is collected automatically when you use our Website, such as data stored in persistent cookies when you login to our Website or analytics data that is collected from you when you use our Website. We collect and process identification and contact data to respond to your requests for products, services, or customer support, to operate our Website, to authenticate you as a user of our Website, to ensure that timely and relevant content is provided to you, to secure our Website, to ensure that our Website operates in a fast and efficient manner, and to maintain backups of our Website and any submissions that you may have made to it. Sonia Roselli’s lawful grounds for processing this data are (1) its legitimate business interests in administering and offering its Website and products, (2) to comply with legal obligations to which Sonia Roselli is subject, (3) to utilize user data as necessary for the performance or administration of a contract, such as a contract related to the sale of Sonia Roselli’s products, and (4) your explicit consent. Where our collection and processing of your identification and contact data is based on your explicit consent, you have the right to revoke your consent at any time.
  • Communication Data. Communication data includes any communication that you may send to us through the Website, email, or social media. We process this data to communicate with you by email, direct message through a social media platform, or other means, to provide you with customer support, to record logs of our communication, and to store information to respond to legal claims. Sonia Roselli’s lawful ground for collecting and processing communication data is to respond to communications sent by you to us, to keep records of our communication, and to pursue or defend against legal claims.
  • User Data. User data includes data that you voluntarily submit to Sonia Roselli when you create a user account and data about how you use the Website, such as your name, address, country, phone number, and email address. This includes data stored in persistent cookies when you login to the Website and analytics data that is collected when you use the Website. We collect and process this data to operate the Website, to authenticate you as a user of the Website, to ensure that timely and relevant content is provided to you, to secure the Website, to ensure that the Website operates in a fast and efficient manner, and to maintain backups of the Website. Sonia Roselli’s lawful ground for processing this user data is its legitimate business interests in administering and offering the Website and to fulfill your orders for products through the Website.
  • Technical Data. Technical data includes data about your use of the Website, such as your IP address, your login data, your phone number, your mobile device model, your operating system, your geolocation, and your time zone. We may collect this data from your use of the Website and from advertising IDs, including from Meta’s pixel, Google Analytics IDs, Attentive analytics pixels, TikTok conversion tracking pixels, and other analytics providers. A full list of our analytics providers and links to their respective privacy policies are provided below in this Privacy Notice. Sonia Roselli processes this data to analyze your use of the Website, to route Website traffic, to administer and secure the Website, to provide location-relevant content, and to troubleshoot problems with the Website. Sonia Roselli’s lawful ground for collecting and processing this technical data is its legitimate interests in administering and offering the Website and to grow its business and marketing strategy.
  • Marketing Data. Marketing data includes data about your preferences in receiving and interacting with Sonia Roselli’s advertisements on third party platforms or content on the Website. We collect this data from your use of the Website and from advertising IDs created through advertising programs, such as Google Advertising IDs, TikTok conversion tracking pixels, and Meta pixels. Sonia Roselli does not connect advertising identifiers to persistent device identifiers, such as MAC addresses or mobile device IDs. Sonia Roselli’s lawful ground for collecting and processing this marketing data is its legitimate interests in administering and offering the Website and to grow its business and marketing strategy by providing advertisements, including remarketing advertisements, to you.
  • Personally Sensitive Data. Personally sensitive data includes data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, union membership, or information about your health. Sonia Roselli does not collect personally sensitive data.

Sonia Roselli will only use your PII for the purpose for which it was collected. If Sonia Roselli needs to use your PII for an unrelated new purpose, Sonia Roselli will provide you with notice of this new use and will explain the lawful ground for such processing. Sonia Roselli may process your PII without your knowledge or consent where required or permitted by law.

Sonia Roselli does not use your PII to automatically make any decisions or to create an automated profile about you.

How do we collect this information?

Sonia Roselli collects PII from you through a variety of different means:

  • Direct Collection. Sonia Roselli may collect PII from you when you make a purchase, register for a user account on the Website, contact us, respond to a survey, participate in a contest, or when you opt-in to receive marketing emails, text messages, or mailings from us.
  • Third Party Tracking Tools. Sonia Roselli uses third party tracking tools, such as pixels, web beacons, and cookies, to automatically collect PII from you when you open, view, or click Sonia Roselli’s Website pages or links, emails, or advertisements. Sonia Roselli discloses these third party tracking tools below in this Privacy Notice in its disclosure of PII that it collects from third parties.
  • Business Partners and Service Providers. Sonia Roselli may, from time to time, obtain PII from its business partners or service providers. When Sonia Roselli obtains PII from its business partners and service providers, it ensures that all such business partners and service providers have obtained consent from you to transfer all such PII to Sonia Roselli for its intended uses.
  • Social Media Networks and Other Platforms. Sonia Roselli may obtain PII from you when you interact with our social media accounts or content or accounts or content posted on other third-party platforms, such as Facebook, TikTok, or YouTube. For more information on how your PII may be disclosed by a particular social media network or platform, you are encouraged to review the privacy notices and policies of those platforms.
  • Analytics Providers. Sonia Roselli may also obtain PII from you through its use of third-party analytics providers, such as Attentive, HotJar, Klaviyo, Google Analytics, or Facebook. Sonia Roselli may create user profiles based on PII obtained through its use of PII from third-party analytics providers to better understand your wants and needs as a customer.   

What information do we collect from third parties and how do we use it?

Sonia Roselli may collect PII about you through cookies, web beacons, analytics trackers, and other technologies. This helps Sonia Roselli understand how you use the Website, interact with our content and advertisements, and to understand any patterns that may be associated with your use of the Website. This aids Sonia Roselli in developing or improving its Website, advertising, and marketing communications in response to your needs or wants.

Sonia Roselli may use session or persistent cookies. Session cookies are only stored on your computer or mobile device during your use of the Website and are automatically deleted when you close your web browser. Session cookies may be used to direct internet traffic to a server that is closer to you or to allow us to identify you as you move between pages of the Website. Persistent cookies are stored as a file on your computer or mobile device that remains on your computer or mobile device even after you close your web browser. Persistent cookies can be read by the website that created the cookie when you revisit it again. Sonia Roselli may use persistent cookies to authenticate you when you return to the Website so that you do not have to login again or when it utilizes Google Analytics or other analytics providers, which is intended to track the origin and behavior of traffic to the Website. Sonia Roselli may use the following analytics providers, and you are directed to review their respective cookie policies and privacy notices:

Attentive: https://www.attentive.com/legal/privacy

Carro: https://www.getcarro.com/privacy-policy

Digital Window: https://ui.awin.com/documents/legal/privacypolicy.pdf

Gatsby: https://gatsby.ai/privacy

Google Analytics: https://policies.google.com/privacy?hl=en-US

HotJar: https://www.hotjar.com/legal/policies/privacy/

Klaviyo: https://www.klaviyo.com/legal/privacy

Meta: https://www.facebook.com/policy/cookies/

Mouseflow: https://mouseflow.com/legal/company/privacy-policy/

Pinterest: https://policy.pinterest.com/en-gb/privacy-policy

Rebuy: https://www.rebuyengine.com/legal/privacy-notice

TikTok: https://www.tiktok.com/legal/page/us/privacy-policy/en

Tolstoy: https://www.gotolstoy.com/cookie-policy

Cognito Forms: https://www.cognitoforms.com/legal/privacy

GoAffPro: https://goaffpro.com/privacy

Kendall: https://kendall.ai/

Loop: https://loopworks.com/privacy-policy/

Meta API: https://developers.facebook.com/terms/dfc_platform_terms/#privacypolicy

NinjaForms: https://ninjaforms.com/privacy-policy/

PostPilot: https://www.postpilot.com/privacy-policy

Retention.com: https://retention.com/privacy-policy/

Shop: https://shop.app/legal-and-policies

Stamped: https://stamped.io/privacy

You may opt-out of the use of these online tracking technologies by discontinuing your use of the website or by downloading a browser addon, such as the Google Analytics Opt-Out Browser Add-on, to block their collection and use of PII. You may also request that Sonia Roselli delete any PII collected from you by contacting Sonia Roselli’s Privacy Officer through the contact information contained within this Privacy Notice.

How do we use your information for marketing communications? 

As stated above, Sonia Roselli’s lawful ground for sending you marketing communications is either consent or its legitimate business interests, such as to grow its business by advertising products to you. Sonia Roselli may send you marketing communications if you have asked for information concerning its goods or services or if you have agreed to, and have not opted out from, receiving marketing communications. You may ask Sonia Roselli to stop sending you marketing messages at any time by logging into the Website to adjust your marketing preferences within your user account (when available) or by following the opt-out link in any marketing message sent to you. If you opt out of receiving marketing communications, your opt-out does not extend to PII provided for other purposes.

When do we disclose your information?

Sonia Roselli may share your PII with the following parties:

  • Service providers that provide Sonia Roselli with information technology, software as a service, cloud storage, advertising, marketing, or other administrative services;
  • Service providers, such as distributors, wholesalers, or 3PLs that provide Sonia Roselli with products for sale to you in order to fulfill your product orders;
  • Sonia Roselli’s accountants, auditors, insurers, or attorneys;
  • Law enforcement agencies upon the receipt of a subpoena or court order or where necessary to protect Sonia Roselli’s personnel or property; and
  • Government bodies that require Sonia Roselli to report its processing activities.

Sonia Roselli may also transfer PII to third parties when it sells, transfers, or merges any part of its business or assets.

Sonia Roselli requires all third parties that receive a transfer of PII from Sonia Roselli to maintain the same level of respect for the protection of PII as Sonia Roselli and Sonia Roselli only allows third parties to process your personal data for the specific purposes listed in this Privacy Notice.

How do we handle international transfers of PII?

Your PII may be transferred to or processed by entities in the United States. As stated below, we adhere to the EU-US Data Privacy Framework Principles, and we may transfer data between the United States and the European Union consistent with the Data Privacy Framework Principles. When we do so, we enter into contracts with our third-party data processors that provide that such data may only be processed for the limited and specific purposes outlined in this Privacy Notice and consistent with the same level of protection provided under the Data Privacy Framework Principles. We require that our third-party processors must notify us if they can no longer meet the obligations of the Data Privacy Framework Principles. Upon such notification, we will require that our third-party processors must either remediate their failure to comply with the Data Privacy Framework Principles or cease their processing of PII.

How do we protect your information? 

We implement a variety of security measures to maintain the safety of your personal information, such as the implementation of industry standard encryption, including when you place an order. However, no security measures are impenetrable and there are always security risks. Sonia Roselli will notify you and any regulatory body of any breach of your PII or Sonia Roselli security measures if it is legally required to do so.

Sonia Roselli has put into place data security measures to protect your PII. Sonia Roselli allows access to your PII only by employees and service providers who have a need to know or access your PII on Sonia Roselli’s instructions. Sonia Roselli will notify you and any regulatory body of any breach of your PII or Sonia Roselli’s security measures if it is legally required to do so.

Do we use cookies or other online tracking tools? 

Yes, as stated above, we do use persistent and session cookies. We use cookies to help us remember and process the items in your shopping cart, understand and save your preferences for future visits, and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

For how long do we retain your data?

We will only retain your PII for so long as necessary to fulfill the purposes for which it is collected under this Privacy Notice or for the purposes of satisfying any legal, accounting, or reporting requirements. With respect to identification and contact data, technical data, and marketing data, we may retain this data for so long as it is relevant to the uses disclosed in this Privacy Notice. We may retain user data and communications data for so long as you maintain a user account with Sonia Roselli, and we may retain this data for longer periods where there is a need to retain this data to comply with Sonia Roselli’s legal obligations, such as the preservation of electronic evidence or compliance with a preservation order.

Childrens’ Online Privacy Protection Act Compliance 

Sonia Roselli complies with the requirements of COPPA (Childrens’ Online Privacy Protection Act). Sonia Roselli does not knowingly collect any information from anyone under 13 years of age, and its products and services are to individuals 13 years of age or older. If you believe that Sonia Roselli has collected PII from someone under the age of 13, you are directed to notify Sonia Roselli immediately at privacy@soniaroselli.com.

YOUR PRIVACY CHOICES: Right of Access, Rectification, Correction, Erasure, Transfer, and Withdrawal

Under the law, you may have a right to request access to your PII for rectification, correction, erasure, transfer, or restriction, or to object to its processing or withdraw your consent. If you wish to exercise any of these rights, please contact Sonia Roselli’s Privacy Officer as disclosed in this Privacy Notice.

You do not need to pay a fee to access your PII or to exercise your rights. However, Sonia Roselli may charge a reasonable fee if your request is unreasonable or excessive.

To confirm your request, Sonia Roselli may need to request specific information from you as a security measure to ensure that PII is not disclosed to an unauthorized third party. Sonia Roselli will attempt to respond to all legitimate requests within thirty (30) days.

Rights of European Citizens

Sonia Roselli adheres to the EU-U.S. Data Privacy Framework (“DPF”) Principles, including the DPF’s Supplemental Principles, and complies with the Principles in handling all data from EU-citizens. Sonia Roselli is subject to the enforcement powers of the United States Federal Trade Commission (“FTC”) in relation to its handling of PII.

If you are a European citizen, you are entitled to certain rights regarding the protection of your Personally Identifiable Information and Personal Data, which are subject to limitations set forth in the EU GDPR and its applicable case law. These rights are:

  • The right to access and correct the information that Sonia Roselli processes about you;
  • The right to transfer all or a part of the information collected about you to another data controller, where it is technically feasible;
  • The right to the erasure of data concerning you, subject to Sonia Roselli’s rights of retention under the law;
  • The right to object to the processing of Personally Identifiable Information and Personal Data where you dispute the accuracy of the data, the processing is not lawful, Sonia Roselli no longer needs the information for the purposes of processing, or you have raised an objection for personal reasons;
  • The right to revoke your consent to data processing;
  • The right to object to the processing of your Personally Identifiable Information and Personal Data for marketing purposes;
  • The right to object to the processing of Personally Identifiable Information and Personal Data for direct marketing or for personal reasons that arise from your particular situation; and
  • The right to file a complaint with a data protection authority.

To exercise these rights, you may either opt out of receiving communications from Sonia Roselli by unsubscribing to its e-mails or by sending an e-mail to privacy@soniaroselli.com. You do not need to pay a fee to exercise these rights, however, Sonia Roselli reserves the right to charge a reasonable fee if your request is unreasonable or excessive. To confirm your request, we may need to request specific information from you as a security measure to ensure that personal data is not disclosed to an unauthorized third party. We will attempt to respond to all legitimate requests within thirty (30) days.

For further information regarding your privacy rights as a citizen of the EU, please visit the U.S. Department of Commerce’s Services at https://www.commerce.gov/ and the DPF overview webpage at https://www.dataprivacyframework.gov/s/program-overview.

You can find a list of DPF certified organizations here: https://www.dataprivacyframework.gov/s/

Beyond filing a complaint directly with Sonia Roselli using the mechanisms described above, you may also file a complaint with a third-party, neutral arbitrator who will provide appropriate recourse free of charge. If you are looking for an alternative dispute settlement provider, please visit https://www.jamsadr.com/eu-us-data-privacy-framework. JAMS is a US-based arbitration service provider. You are not required to use JAMS to arbitrate a dispute with Sonia Roselli.

As a citizen of the EU you may, under certain conditions, invoke binding arbitration against Sonia Roselli and Sonia Roselli may be held liable in cases of onward data transfers to third parties as described more fully in DPF overview page linked above. Sonia Roselli may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Your California Privacy Rights

The following rules apply solely to visitors, users, and others who are residents of the State of California. California residents have the right to be notified which categories of PII are being collected and the purposes for which the PII is being used. In particular, we collected the following categories of PII (A, B, D, E, and F) as defined in the California Consumer Privacy Act within the last twelve months. Our uses of this PII are detailed above in this Privacy Notice:

Category

Examples

Collected

A. Identifiers

Real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.

YES

B. Personal information categories listed in the California Consumer Records statute (Cal. Civ. Code § 1798.80(e))

Name, signature, address, telephone number, bank account number, credit card number, debit card number, or any other financial information.

YES

D. Commercial

Records of products purchased.

YES

F. Internet or other similar network activity

Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

YES

G. Geolocation data

Physical location or movements.

YES

K. Inferences

Inferences drawn from any of the above-identified information to create a profile about a consumer.

YES

We obtain these categories of PII directly from California residents when they complete forms through our Website or provide it to us as a part of a transaction or inquiry concerning our products. We also obtain these categories of PII indirectly from California residents while observing their actions on our Website and from third parties or service providers that they have authorized to receive and share PII.

California residents have a right to request that we disclose what PII we collect from you and whether, and how, we disclose or sell that PII. California residents may also request that we delete any personal information collected or maintained by us from you.

California residents may also have the right to opt out of the sale of their personal information by contacting us or, where available, by clicking a link or icon associated with an advertisement. Specifically, this link or icon may state “Do Not Sell My Personal Information” or “Do Not Sell My Info.” By selecting this link or icon, you “Opt Out,” which means that you have opted out of the sale of your personal information as set forth in the California Consumer Privacy Act. However, even though you may have opted out, you may still see interest-based advertisements. To learn more about interest-based advertising across websites and additional opt-out choices, you can visit http://optout.aboutads.info. If you opt-out of the sale of your personal information but do not opt out of interest-based advertising more generally, you may still receive ads tailored to your interests based on PII that was not sold by us, personal information that was sold to downstream participants at least 90 days before you opted out, or personal information that was sold by other sources from which you have not opted out.

To submit a request for a list of the categories of personal information collected from you or to request that Sonia Roselli delete your personal information, please email us at privacy@soniaroselli.com or send a letter to us at the following address:

Privacy Officer

Sonia Roselli Beauty, Inc.
3024 N Ashland Ave. #578909
Chicago, IL 60657-3012
United States of America
privacy@soniaroselli.com

To verify your request, we may request certain information from you to confirm that you are a Sonia Roselli user, such as your phone number, email address, city, state, or geographic location. You may also designate an authorized agent to make a request to Sonia Roselli to disclose or delete your personal information. To do so, you must provide Sonia Roselli with proof that the individual or business has been appointed as your agent, such by providing a signed power of attorney form, and provide accurate responses to any information requested by Sonia Roselli that may be necessary to confirm that you are a Sonia Roselli user, such as your phone number, username, email address, city, state, or geographic location. California residents have a right not to receive discriminatory treatment by Sonia Roselli for their exercise of these rights conferred under California law.

Connecticut Residents

During the preceding calendar year, we did not control or process the personal data of at least 100,000 consumers or derive more than 25% of our gross revenue from the sale of personal data. 

Nevada Residents

If you are a resident of Nevada, you may provide notice to us to limit the sale of your PII to third parties for resale or licensing purposes. However, we do not sell your PII for such use. To notify us that you wish to limit the sale of your PII to third parties for resale or licensing purposes, you may send us an email to privacy@soniaroselli.com with the subject line, “Nevada Do Not Sell Request,” along with your name, address, and user account information.

Virginia Residents

Sonia Roselli does not control or process the personal data of at least 100,000 Virginia residents or control or process the personal data of at least 25,000 Virginia residents and derive more than 50% of its gross revenue from the sale of personal data. For these reasons, the Virginia Consumer Data Protection Act (VCDPA) does not apply to Sonia Roselli’s collection and use of PII.

Third Party Links

Sonia Roselli’s Website may include links to third party websites and applications. By clicking on third party links, you may allow third parties to collect or share data about you. Sonia Roselli does not control these third-party links and you are advised to review their respective privacy policies.

Responding to Do Not Track Signals

You can generally opt-out of receiving personalized ads from third party advertisers and ad networks who are members of the Network Advertising Initiative (NAI) or who follow the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising by visiting the opt-out pages on the NAI website and DAA website. Our Website is not currently set up to respond to browser do-not-track signals because there is no consensus within the advertising industry as to what “do not track” means in this context, but you can configure your browser settings to reject all cookies or prompt you before a cookie is set.

Changes to our Privacy Notice 

Whenever Sonia Roselli changes its Privacy Notice, we will post those changes to this Privacy Notice on the Website and other places that we deem appropriate. Your use of the Sonia Roselli Website following these changes indicates your consent to the practices described in the revised Privacy Notice.

Contacting Us 

If you have any questions about this Privacy Notice or the manner by which we collect or use Personal Information about you, email us at privacy@soniaroselli.com.