Privacy Notice for California Residents

This Privacy Notice for California Residents (“Notice”) was last updated on June 22, 2023. If you are a California resident, please read the following Privacy Notice for California Residents (“Notice”).

This Notice describes how information obtained from California consumers, employees, and businesses, including visitors to dekalash.com (“website”), our mobile application (“application” or “app”), and our company-owned and franchise-owned locations, where applicable is collected, used, and disclosed. This Notice also describes how you can make requests to know about your personal information and delete your personal information. Please note that this Notice applies to information collected by DL Franchising, LLC d/b/a Deka Lash (“us,” “we,” “our,” “Franchisor”) and/or independently owned and operated franchised locations.

Terms included in this Notice, including but not limited to, personal information and service provider, carry the same meaning in this Notice as they do in the California Consumer Privacy Act of 2018, Cal. Civ. Code Section 1798.100, et. seq., as may be amended from time to time, including but not limited to those amendments enacted by the California Privacy Rights Act of 2020 (“CPRA”).

California’s Shine the Light Law

Subject to certain limitations under California Civil Code Section 1798.83, California residents may ask us to provide them with: (i) a list of certain categories of personal data that we have disclosed to certain organizations for their direct marketing purposes during the immediately preceding calendar year; and (ii) the identity of those organizations. California residents may make one request per calendar year.

Except with respect to the limited exceptions described in the Privacy Policy, we do not share your personal information with any organizations for direct marketing purposes. To make this request, you may contact us at the mail or email address listed in the “Contact Us” section below. In your request, please state that you are a California resident and provide a current California address for our response. Please allow up to thirty (30) days for a response. We reserve our right not to respond to such requests submitted to addresses other than those specified in the “Contact Us” section below.

California’s Privacy Rights Act

California Residents’ Rights

If you are a California resident, you have certain rights regarding information that is treated as personal information under the CPRA, which are outlined below.

1. The right to know what categories of personal information are being collected or disclosed and the categories of sources of that personal information.

You have the right to know what categories of personal information we collect, sell, or disclose about you, as well as the categories of organizations who received your personal information and the categories of sources of that personal information. These categories are described below, in the “Categories of California Consumer Personal Information Collected or Disclosed” section. We are also required to provide you, before or at the point of collection, with a general notice about the categories of personal information collected by us and how we intend to use the collected personal information.

2. The right to access collected personal information.

You have the right to request a copy of your personal information that we collected or disclosed in the preceding twelve (12) months. Only you, or someone you have legally authorized to act on your behalf, may make a request related to your personal information. You may submit a maximum of two (2) requests in a twelve (12) month period.

You must provide sufficient information for us to reasonably verify your identity or that of your authorized representative. We will only use the personal information provided in your request to verify your identity or that of your authorized representative. Please note that we cannot provide any personal information in response to a request if we are unable to verify the identity of you or your authorized representative, or your authorized representative’s authority to make the request on your behalf, and/or if we cannot confirm that the collected personal information relates to you.

You are not required to create an account with us before submitting a verifiable request. Please submit your request via email at legal@dekalash.com or via phone at 724-271-8121. After receiving or verifying your request, we will provide the following information (depending on your request):

The categories of personal information collected about you in the preceding twelve (12) months.
The sources of that personal information by category.
The business/commercial purpose(s) for collecting that personal information.
The categories of service providers and other organizations with whom we shared that personal information (if applicable).
The specific pieces of personal information collected about you.
If we disclosed your personal information for a business/commercial purpose, we will provide:
- The categories of personal information disclosed for a business/commercial purpose in the preceding twelve (12) months; and
- If applicable, the categories of service providers and other organizations to whom the personal information was disclosed.

Please see the “Methods for Submitting Requests” section below for information on how you can exercise your right to access personal information.

3. The right to request deletion of your personal information.

While there are certain exceptions, you have the right to request that we and our service providers (if applicable) delete your personal information that we or our service providers collected or maintained. Once we receive and verify your request, we will delete and instruct any applicable service providers(s) to delete your personal information from our records, unless an exception is applicable.

We and our service providers may deny a verified request for deletion if we must maintain your personal information to:

Complete a transaction or provide a good or service requested by you for which we collected the personal information, or otherwise perform a contract between us.
Comply with any and all legal obligation.
Execute a legal right provided for by law.
Comply with the California Electronic Communications Privacy Act.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity.
Identify and repair errors that impair the existing and intended functionality of our systems.
Otherwise use your personal information internally in a lawful manner that is compatible with the context in which you provided the information.

4. The right to be free from discrimination

You have the right to equal service, and we will not discriminate against you if you exercise your rights under the CPRA.

Categories of California Consumers’ Personal Information Collected or Disclosed

We collect a variety of categories of personal information about California consumers, their household, and/or their devices from both online and offline (such as paper forms) sources. We will not collect additional categories of information or use the personal information that we collect for materially different or unrelated purposes without providing advanced written notice.

We collected information from you when you sign up with us. We also collect information if you inquire about a franchise. Below, we have listed the types of personal information that we may have collected within the last twelve (12) months and the reason for collection. This list is not exhaustive.

Name;
Home address;
Billing address;
Payment information;
Membership information;
Date of birth;
Age;
Gender;
Email address;
Phone number ;
Transaction history (including product purchases and services booked and received);
Computer data or files (“Cookies”), which may be sent by your web browser and stored on an individual device to allow our server to recognize you through the navigation of our website and for us to credit your account for various online transactions;
Computer data or files (“Web Beacons”) that are collected from emails or links on certain sites that allow our server to evaluate the popularity of those links or the information contained in emails or on those sites; and
Log information when you use our website, including your Internet Protocol (“IP”) address, browser type, computer type, mobile device, service provider of your mobile device, navigation on our website, time(s) and date(s) that you used our website, and other similar information.

The information that we may collect through your use of our apps may depend on the version of the app or the country you are in, but this information may include, but is not limited to:

Information to register for your account, such as name, email address, and any membership information related to Deka Lash, including username and password;
Your activity history regarding your use of the apps, such as your visits to studios, purchases, and utilization of Deka Lash services or products;
Membership-related information, such as address, Deka Lash studio location, and membership type; and
Certain location and geolocation information pulled directly from your mobile device, your wireless carrier or certain other providers, to allow tracking of your activity. This collection and tracking may occur even when the apps or other related applications are not actively open and running.

We also collect information from direct communications and correspondence with staff and team members of Deka Lash.

Copies of correspondence if you contact us;
Information provided by you if you participate in a survey;
Communication provided by you during any services received at a Deka Lash;
Various account information, including your membership, credit card number;
Computer data or files (“Cookies”), which may be placed on your mobile device to allow our server to recognize you through the navigation of the app and for us to link the activity on the app with your membership.

We may also collect information from your social media accounts, where applicable.Specifically:

Should you interact with our social media accounts, we may collect information such as your profile information and email address. We will use this information to provide you with more personalized content.

We may have shared the following categories of information with the categories of service providers for business purposes only:

Personal identifiers. Recipients may include affiliates, franchise owners, cloud hosting providers, email platform providers, and marketing business partners.

Methods for Submitting Requests

You have the right to submit a verifiable request to us via the following methods:

Email: You may submit a request by emailing us at legal@dekalash.com.
Phone Number: You may submit a request by calling 724-271-8121.
Mail Correspondence:You may submit a request by writing to us at 20 South Main Street, #248, Bountiful, UT 84010.

Verification Process

Once we receive a privacy request from you, we must verify your identity before we can respond. You may be required to provide the following information:

First and last name
Email address
Telephone number
Primary Deka Lash studio (if applicable)

If you submit a request to know specific pieces of personal information collected or a request to delete sensitive personal information, you (or your authorized representative, if applicable) will be required to sign a signed declaration affirming your identity (or your authorized representative’s identity, if applicable).

Authorized Representatives

An authorized representative is either a natural person or business entity registered with the California Secretary of State that a consumer has authorized to act on their behalf. You may use an authorized representative to submit a request to know or a request to delete. You may make such a designation by providing the representative with written permission to act on your behalf. We will require the authorized representative to provide either (i) a power of attorney, or (ii) proof of your written permission. In addition to proof of your written permission, we may require you to verify your own identity and directly confirm that you provided the agent permission to submit the request.

Response

1. Acknowledgment of Receipt of Request

We will confirm receipt of a request within ten (10) days. This confirmation will provide information about how we will process the request, including a description of our verification process and an approximation of when we will send you a substantive response.

2. Substantive Response

We will respond to a verifiable request from you within forty-five (45) days. If we cannot respond in that time, we will notify you in writing that we need an additional forty-five (45) days and explain the reason for the needed additional time.

Any disclosures we provide will only cover the twelve (12) month period preceding our receipt of your verifiable request. If we cannot comply with your request, we will explain why. If you have requested to know specific personal information we collected, we will provide that information to you.

We do not charge a fee to process or respond to a verifiable request unless it is excessive, repetitive, or unfounded. If we determine that the request warrants a fee, we will tell you why and provide you with a cost estimate before completing the request.

Sale or Sharing of Personal Information

California residents have the right to opt out of the sale or sharing of their personal information, including sharing personal information for cross-context behavioral advertising. You may opt out by contacting us at legal@dekalash.com or 724-271-8121.

Cookies and Online Tracking Technologies

Financial Incentive Offers

We may offer financial incentives or price of service differences related to our collection, retention, or use of your personal information. As part of the financial incentive, we will provide a written description of the material terms of the financial incentive or price of service difference to you in a written Notice of Financial Incentive and you will be enrolled as a participant if you affirmatively opt-in to the program. You may opt-out or revoke your consent at any time. The Notice of Financial Incentive will explain the processes of opting in and opting out. Each financial incentive or price of service difference related to the collection and use of personal information is based upon our good faith determination of the estimated value of such information to our business. We calculate the value of the offer and financial incentive by using the expense related to the offer.

Metrics Regarding CPRA and Responses During the Previous Calendar Year

At the end of each calendar year, we will report, as applicable, regarding the number of requests to know or requests to delete that we received, complied with in whole or in part, or denied, and the median length of our response time.

The Rights of California Consumers Under the Age of 16

Under California law, consumers who are under the age of 16 must provide affirmative authorization, or a parent or guardian of a consumer under the age of 13 must provide affirmative authorization, before a business may sell their personal information. We do not have any knowledge that we sell the personal information of California consumers who are under the age of 16.

For avoidance of doubt, our website is not intended for children under the age of 16. No one under the age of 16 may provide any personal information on the website. If you are under the age of 16, do not use this website or provide any information on this website. If we learn that we have collected or received personal information from a child under the age of 16 without verification of parental consent, we will delete the information. If you believe we might have any information from or about a child under the age of 16, please contact us at legal@dekalash.com.

Contact Us

California consumers who have questions or concerns about our privacy policies and practices may contact us via one of the following methods:

Email: legal@dekalash.com
Phone: 724-271-8121
Mail Correspondence: 20 South Main Street, #248, Bountiful, UT 84010.

When contacting us, please include in the communication, or have available, the information listed under the “Verification Process” section above. If using an authorized representative, please include in the communication, or have available, proof of authorization.