Information
Privacy Policy
LAST UPDATED: February 2, 2023
Your privacy is a very important to us. Our privacy policy spells out Power Beauty Co. dba MERIT (“we”, “us” or “our”) commitment to respecting the privacy of our customer sand visitors to our website. This Privacy Policy (“Policy”) describes how we collect and use the personal information that directly or indirectly identifies you (“Personal Information”) we about our customers, whether in-store, online, social media or via one of our mobile applications and online visitors (“you”, “your” or “yours”). It also describes the choices available to you regarding our use of your Personal Information and how you can access and update this information.
We reserve the right to change this policy at any time, which we'll do through online posting or an email message sent directly to you. Our products are available for sale in many stores. This Privacy Policy does not address any data collection by those stores or any of our retail partners.
By accessing the Services or https://meritbeauty.com/ (the “Site”) you agree to our collection and use of Personal Information as described in this Privacy Policy and our Terms of Service. However, this does not equate to consent for the processing of your Personal Information for purposes of European data protection laws.
This Policy does not apply to Personal Information we collect about employees, job applicants, and independent contractors, or individuals when acting as representatives (e.g., employees, contractors) of entities with which we do business.
PERSONAL INFORMATION WE COLLECT – SOURCES AND CATEGORIES
In the 12 months preceding the date of this Privacy Policy, we may have obtained Personal Information about you when you provided it on our Sites, at one of our stores, via our social media pages, when you downloaded one of our mobile applications (either via Apple iOS or Android) onto your mobile devices, at one of our events, or when you joined or applied for any membership or loyalty program. We will continue to collect Personal Information from the same sources.
The categories of Personal Information we may have collected from these sources during the 12 months preceding the date of this Policy, and will continue to collect, include the following:
- Personal identifiers: Name, address, email address, postal address, billing address, social media handle, mobile and other phone numbers, username and password, nickname/screen name, contact information of friends you provide to us or who are accessible when you visit our social media pages, and IP address
- Protected class information: Gender, age and date of birth
- Commercial information: Products purchased; products considered; product preference information such as product wish lists, order history, marketing preferences, and reminder and notification preferences; information that informs product selections such as physical characteristics and skincare information; survey responses and product review; comments made or articles written about our products; credit or payment card information
- Internet or other electronic activity information: Device and browser type and information regarding your interaction with our website, details about your browser, operating system or device
- Geolocation information: When you allow us to collect your location
- Audio and visual information: Customer help line recordings; photographs and videos you provide to us or post on social media sites
Inferences drawn from any of the above information to create a profile about a consumer
Cookies and Other Technologies
We collect some of the above information through our use of cookies. For detailed information on the cookies we use and the purposes for which we use them, please see our Cookie Policy.
We use Google Analytics to evaluate the use of our website. Google Analytics uses cookies and other identifiers to collect information, such as how often users visit a website, what pages they visit when they do so, and what other websites they visited prior to visiting a website. To learn more about how Google Analytics collects Personal Information, review Google’s Privacy Policy. You can opt-out to Google Analytics tracking here.
HOW WE USE YOUR PERSONAL INFORMATION
We have set out below a description of the ways we use your Personal Information (referred to as “processing purposes” below), and, for individuals located in the EEA or the UK, we explain which legal bases under the General Data Protection Regulation (“GDPR”) we rely on to legitimize the processing.
Categories of Personal Information |
Processing Purposes |
Legal Basis (where you are located in the EEA or the UK) |
---|---|---|
Personal identifiers; Protected class information; Commercial information; Internet or other electronic activity information |
To provide our Products to you: (i) provide access to certain areas, functionalities, and features of our Sites; (ii) to provide you with products ordered from or sold by us, including processing your payment / gift cards and shipment of products; and, (iii) communicating with you about your orders, account and policy changes |
To enter into / perform a contract with you (i.e., our Terms of Service) (Article 6(1)(b), GDPR) To pursue our legitimate interests in providing the requested information and/or information about our processing of your Personal Information in an effective and efficient manner (Article 6(1)(f), GDPR)
|
Personal identifiers; Commercial information; Internet or other electronic activity information; |
Advertising and Marketing: (i) tailor ads displayed to you on our Site and elsewhere to your interests and history with us, (ii) send out general newsletters or specific communications, (iii) engage in promotional campaigns (including special events, contests, sweepstakes, programs, surveys and other offers), personalized offerings, provide discounts, onboard you on loyalty programs, (iv) and to store your information on our CRM database as past clients or potential customers |
Your consent (Article 6(1)(a), GDPR) To enter into / perform a contract with you (i.e., our Terms of Service) (Article 6(1)(b), GDPR) To pursue our legitimate interests to operate and improve our business (Art. 6(1)(f) GDPR)
|
Personal Identifiers; Internet or other electronic activity information |
Security: To ensure network and information security, including monitoring authorized users’ access to our Site for the purpose of preventing cyber-attacks, unauthorized use of our systems and website / app, prevention or detection of crime and protection of your Personal Information
|
To pursue our legitimate interests to ensure our website and app are safe and secure and to ensure they are used in accordance with our Terms of Service (Art. 6(1)(f) GDPR) |
Personal identifiers; Commercial information; Internet or other electronic activity information; |
Business Development: to operate and communicate with you about our social network pages or mobile applications and to operate, evaluate and improve our business (including developing new products and services; managing our communications; analyzing our products; performing data analytics; and performing accounting, auditing and other internal functions)
|
To pursue our legitimate interests to operate and improve our business (Art. 6(1)(f) GDPR) |
Personal identifiers; Protected class information; Commercial information; Internet or other electronic activity information |
Transactions: To enable any due diligence and other appraisals or evaluations for any actual or proposed merger, acquisition, financing transaction or joint venture
|
To pursue our legitimate interests to operate and improve our business (Art. 6(1)(f) GDPR) |
Personal identifiers; Protected class information; Commercial information; Internet or other electronic activity information |
Legal Claims: To defend and enforce our rights including, against legal claims that involve us, and to manage regulatory matters, investigations, data breaches, and/or data subject requests
|
To comply with a legal obligation, e.g. to respond to an official request or data subject request (Art. 6(1)(c) GDPR) To pursue our legitimate interests to defend and enforce our rights (Art. 6(1)(f) GDPR)
|
Personal Identifiers; Internet or other electronic activity information; and Professional Information |
Legal obligations: to comply with legal requirements and obligations, manage regulatory matters, investigations, data breaches, and/or data subject requests |
To comply with a legal obligation, e.g. to respond to an official request or data subject request (Art. 6(1)(c) GDPR)
|
If you are located in the European Economic Area and the United Kingdom: You have a right to object to the processing of your Personal Information where that processing is carried out for our legitimate interests. Please note however that we may not be able to fulfil such requests in all instances. You are able to request a copy of the legitimate interest assessment carried out by us. Where we need to collect the abovementioned categories of Personal Information by virtue of a legal obligation or in light of a contract entered or to be entered into with you, and you do not provide this Personal Information when requested, we may not be able to comply with our legal obligations, provide you with the Services or perform the contract we have or are trying to enter into with you. In such case, we may have to terminate our relationship with you.
We also may use the information in other ways for which we provide specific notice at the time of collection.
DISCLOSING YOUR PERSONAL INFORMATION FOR BUSINESS PURPOSES
The following chart describes the categories of Personal Information that we disclosed to third parties for a business purpose in the 12 months prior to the date of this Policy:
Categories of Consumers’ Personal Information |
Categories of Third Parties With Which We Shared Personal Information for a Business Purpose |
---|---|
Personal identifiers: Name, address, email address, postal address, billing address social media handle, mobile and other phone numbers, username and password, nickname/screen name, contact information of friends you provide to us or who are accessible when you visit our social media pages, and IP address
|
Service providers that assist us in fulfilling orders and delivering packages; sending postal mail, text messages and emails; operating, analyzing, and displaying content on our Site; provide analytics information; providing marketing and advertising services; conducting customer surveys; provide customer service; provide Site hosting; facilitate our contests and surveys; provide customer record management services; provide payment processing services |
Protected class information: Gender, age and date of birth
|
Service providers that assist us in fulfilling orders and delivering packages; sending postal mail, text messages and emails; operating, analyzing, and displaying content on our Site; provide analytics information; providing marketing and advertising services; conducting customer surveys; provide customer service; facilitate our contests and surveys; provide customer record management services |
Commercial information: Products purchased; products considered; product preference information such as product wish lists, order history, marketing preferences, and reminder and notification preferences; information that informs product selections such as physical characteristics and skincare information; survey responses and product review; comments made or articles written about our products; cred it or payment card information |
Service providers that assist us in fulfilling orders and delivering packages; sending postal mail, text messages and emails; operating, analyzing, and displaying content on our Site; provide analytics information; providing marketing and advertising services; conducting customer surveys; provide customer service; provide Site hosting; facilitate our contests and surveys; provide customer record management services; provide payment processing services |
Internet or other electronic activity information: Device and browser type and information regarding your interaction with our website, details about your browser, operating system or device
|
Service providers that provide data security services and cloud-based data storage; host our Site and assist with other IT-related functions; provide website hosting; provide analytics information. |
Geolocation information |
Service providers that assist us in processing geolocation information to provide users with personalized site experiences, marketing, and advertising campaigns. |
Additional Information About How We May Share Personal Information
We may also share Personal Information as required or permitted by law to comply with a subpoena or similar legal process or government request, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property or the rights, property or safety of others, including to law enforcement agencies, and judicial and regulatory authorities. We may also share your Personal Information with third parties to help detect and protect against fraud or data security vulnerabilities. And we may transfer your Personal Information to a third party in the event of an actual or contemplated sale, merger, reorganization of our entity or other restructuring.
We may also share aggregate or anonymous non-Personal Information with third parties for their marketing or analytics uses.
Sales of Personal Information
In the 12 months prior to the date of this Policy, we sold Personal Information to third party digital advertising networks by allowing such third parties to place cookies or other trackers on our Sites that may collect information about your online activities over time and across different websites or applications. These parties may then use the information they collect to provide you with personalized content and present you with third party products or services in which you may be interested. For more information about the use of cookies and trackers, see our .
We do not knowingly sell the Personal Information of minors under the age of 16.
CROSS BORDER TRANSFER OF PERSONAL INFORMATION
We may transfer the Personal Information we collect about you to countries other than the country in which the information was originally collected and your Personal Information may be processed and stored outside of your country of residence. Those countries may not have the same data protection laws as your country of residence and your Personal Information will be subject to applicable foreign laws. When we transfer your information to other countries, we will protect that information in the manner described in this Policy.
Our Site is hosted in the US. Therefore, when you disclose Personal Information to us, this Personal Information will be transferred to the US.
If you are located in the EEA/UK, we may, for the purposes listed in Section II, transfer your Personal Information to other recipients as referred to above, that are also located in countries outside the EEA/UK, including the U.S., and which are not currently considered by the European Commission and/or UK Government to provide an adequate level of data protection. In these circumstances, we will take steps to ensure that the Personal Information is protected including by entering into Standard Contractual Clauses or similar (“SCCs”) with the recipient, seeking assurances from the recipient that they have Binding Corporate Rules in place or otherwise relying on a derogation for the transfer (e.g., where the transfer is necessary for the defense of legal claims).
You can request further information on the data transfer solutions relied upon including, a copy of the SCCs by using the contact details in the How To Contact Us section below.
THIRD PARTY WEBSITES AND SOCIAL MEDIA BUTTONS
Our Site may contain links to third party websites or social media buttons. When you click on a link to any other website or social media button, you will leave our Site and go to another site or platform, and another entity may collect personal data or anonymous data from you. We have no control over, do not review, and cannot be responsible for, these outside websites or platforms, or their content. Please be aware that the terms of this Privacy Policy apply only to this Site; they do not apply to outside websites or content. We encourage you to read the privacy policies of every website you visit. The links to third party websites, social media platforms or locations are for your convenience and do not signify our endorsement of such third parties or their products, content or websites.
DO NOT TRACK
We currently recognize Global Privacy Control signals; we do not observe the “DNT” protocol signal.
YOUR RIGHTS AND CHOICES
We offer you certain choices in connection with the Personal Information we collect from you, such as how we use the information and how we communicate with you. To update your preferences, ask us to remove your information from our mailing lists or submit a request, please contact us in the manner specified below.
Email Opt-Out
You can at any time tell us not to send you marketing communications by email by clicking on the unsubscribe link within the marketing emails you receive from us or by contacting us as indicated below. You also may opt out of receiving marketing emails from MERIT emailing us at hi@meritbeauty.com.
You may opt out of receiving any MERIT loyalty or membership program emails that are not necessary to provide you with loyalty membership services by following the instructions provided in the email. Although you may opt out of loyalty or membership marketing emails, operational emails will still be sent to you. Examples of these include, but are not limited to, a redemption confirmation email, a profile update email, or other communications that relate to your account. In order to stop receiving all MERIT emails, you must terminate the loyalty or membership program.
Text Marketing & Notifications
By subscribing to text marketing notifications you agree to receive recurring automated marketing messages and shopping cart reminder messages at the phone number provided. Consent is not a condition of purchases. Reply STOP to unsubscribe. HELP for help. Msg & Data rates may apply. More info view our Terms of Service. We determine cart abandoned by using a cookie and check whether the existing user has already opted in for text marketing.
If you do not wish to be part of our service you can unsubscribe at any time by testing STOP, CANCEL, QUIT, END, or UNSUBSCRIBE to any mobile message received from us. You may get another text message confirming your unsubscribing from our service. You also agree that by sending an email, calling in, or sending any other means of opt out unsubscribe request or using words different than the ones presented above will not be reasonable means to unsubscribe you.
When you opt in for our service you may expect to get occasional texts concerning latest Text Alerts, Surveys, Welcome messages, Customer win-backs, Text Campaigns, Giveaways, Flash Sales, Upsells.
If your device does not support MMS we will deliver a SMS instead and strip the image. The opt out will also be delivered as a standard text message (SMS)
Carriers (AT&T, T-mobile, Verizon, T-Mobile, Sprint, Rogers, MetroPCS, etc) are not responsible or liable for undelivered or delayed messages.
You can ask MERIT to stop sending you marketing communications by postal mail by following the instructions that may be included in a particular promotion. You also can request that we refrain from sending you promotional postal mail by contacting us as indicated below.
Email us at hi@meritbeauty.com
Social Networking Application Opt-Out
To remove or delete our social media applications from your social networking account, follow the instructions from the social network.
Geo-Location Information
When you use one of our mobile applications, we may ask you for your geo-location. You may choose not to share your geo-location details by adjusting your mobile device’s location services settings. To decline from sharing your geo-location details, follow the instructions on your mobile device on changing the relevant settings; otherwise, please contact your service provider or device manufacturer.
Withdrawing Consent
You may withdraw any consent you previously provided to us, or object at any time on legitimate grounds, to the processing of your Personal Information. We will apply your preferences going forward. In some circumstances, withdrawing your consent to our use or disclosure of your Personal Information will mean that you cannot take advantage of some of our products or services.
Reviewing, Updating and Modifying Personal Information
Subject to applicable law, you may have the right to request access to and receive details about the Personal Information we maintain about you, update and correct inaccuracies in your personal data, and have the information blocked or deleted, as appropriate. The right to access Personal Information may be limited in some circumstances by local law requirements. We may take reasonable steps to verify your identity before granting access or making corrections.
You may request to review, change or delete your Personal Information by sending an email to hi@meritbeauty.com.California residents may have additional rights. Please see “California Privacy Rights” section below for more information.
Residents in the EEA and UK have the following privacy rights, subject to applicable limitations:
Right of Access: you have the right to confirm what data is being processed, obtain information about the processing activities and to receive a copy of your Personal Information;
Right to Rectification: you have the right to request rectification / correction of your Personal Information where it is inaccurate or incomplete
Right to Erasure: you have the right to request deletion of your Personal Information.
Right to Restriction: you have a right to ask that we restrict or suspend the processing of your Personal Information which means that whilst we are permitted to store the Personal Information we cannot otherwise use it.
Right to Data Portability: you have right to request the transfer of certain Personal Information to a third party, in machine readable format.
Right to Object: you have the right to object to the processing of your Personal Information including for any direct marketing purposes.
Right to Withdraw Consent: you have the right to withdraw your consent, at any time, without hindrance or cost, to prevent further processing. Please note that withdrawing your consent does not affect the lawfulness of our processing of your Personal Information based on such consent before the withdrawal.
Right to Lodge a Complaint: you have the right to file a complaint concerning our processing of your Personal Information with the competent data protection supervisory authority in the relevant jurisdiction.
CHILDREN'S PRIVACY
This Site is not directed to children under the age of thirteen and we do not knowingly collect Personal Information from children under the age of thirteen on the Site. If we become aware that we have inadvertently received Personal Information from a visitor under the age of thirteen on the Site, we will delete the information from our records.
HOW WE PROTECT PERSONAL INFORMATION
We maintain appropriate administrative, technical and physical safeguards designed to protect the Personal Information you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. However, no security system is perfect and we cannot promise that information about you will remain secure in all circumstances, including the security of your Personal Information during transmission to us or the security of data on your mobile device.
DATA RETENTION
We may retain your Personal Information for as long as we need for a legitimate business purpose. The criteria used to determine the retention periods include: (i) how long the Personal Information is needed to provide our products and services; (ii) the type of Personal Information collected; and (iii) whether we are subject to a legal, contractual or similar obligation to retain the data (e.g., mandatory data retention laws, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation or disputes).
UPDATES TO OUR PRIVACY POLICY
This Privacy Policy may be updated periodically and without prior notice to you to reflect changes in our Personal Information practices. We will post a notice on our website to notify you of any material changes to our Privacy Policy and indicate at the top of the Policy when it was most recently updated.
ACCESSIBILITY
We are committed to ensuring that our communications are accessible to people with disabilities. To make accessibility-related requests or report barriers, please contact us at hi@meritbeauty.com.
CALIFORNIA PRIVACY RIGHTS
The California Consumer Privacy Act (CCPA) gives California residents rights described below with respect to their Personal Information.
Your Right To Request Disclosure of Information We Collect and Share About You
We are committed to ensuring that you know what Personal Information we collect. To that end, you can ask us for any or all of following types of information regarding the Personal Information we have collected about you in the 12 months prior to our receipt of your request:
- Specific pieces of Personal Information we have collected about you;
- Categories of Personal Information we have collected about you;
- Categories of sources from which such Personal Information was collected;
- Categories of Personal Information that the business sold or disclosed for a business purpose about the consumer;
- Categories of third parties to whom the Personal Information was sold or disclosed for a business purpose; and
- The business or commercial purpose for collecting or selling your Personal Information.
Your Right To Request Deletion of Personal Information We Have Collected About You
Upon your request, we will delete the Personal Information we have collected about you, except for situations where the CCPA authorizes us to retain specific information, including when it is necessary for us to provide you with a good or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; or comply with or exercise rights provided by the law. The law also permits us to retain specific information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with your expectations based on your relationship with us. We will act on your deletion request within the timeframes set forth below.
Your Right to Ask Us Not to Sell Personal Information We Have Collected About You
You can direct us not to sell your Personal Information by submitting an opt-out request through our Data Request Form. We will act on your request within the timeframes set forth below.
Global Privacy Control
We also recognize opt-out signals communicated through the browser-based extension offered through the Global Privacy Control, a non-profit that is in the process of developing a technological tool that can be used universally to signal a user’s privacy preferences. However, please note that, due to the technical limitations of the Global Privacy Control’s extension, requests made through their extension apply only to the device on which the request is made (e.g., a specific computer) and will only work with the browser used to activate the opt-out setting (e.g., Duck Duck Go).
Exercising Your Rights and How We Will Respond
To exercise your right to opt out of any sales of Personal Information, please complete and submit our Data Request Form. To exercise all other rights or to ask a question, please contact us at hi@meritbeauty.com, complete and submit our Data Request Form or use the contact details set out at the end of this Policy.
For requests for access or deletion, we will first acknowledge receipt of your request within 10 business days of receipt of your request. We will provide a substantive response to your request as soon as we can, generally within 45 days from when we receive your request, although we may be allowed to take longer to process your request under certain circumstances.
For requests to stop the sale of your Personal Information, we will comply no later than 15 business days after receipt of your request.
If we expect your request is going to take us longer than normal to fulfill, we will let you know.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.
Our Commitment to Allowing You to Exercise Your Rights – Non-Discrimination
If you exercise any of the rights explained in this Policy, we will continue to treat you fairly. If you exercise your rights under this Policy, you will not be denied or charged different prices or rates for goods or services, or provided a different level or quality of goods or services than others.
Verification of Identity – Access or Deletion Requests
We will ask you for identifying information and attempt to match it to information that we maintain about you.
If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to your request. We will notify you to explain the basis of the denial.
Ensuring Veracity of Opt-Out Requests
If we have a good-faith, reasonable belief that a request to opt-out of the sale of Personal Information is fraudulent, we may deny the request. Should this occur, we will inform you and explain why we believe the request is fraudulent.
Authorized Agents
You may designate an agent to submit requests on your behalf. The agent must be a natural person or a business entity that is registered with the California Secretary of State.
If you would like to designate an agent to act on your behalf, you and the agent will need to comply with our verification process:
- Requests to Know or Delete Personal Information: If the agent submits requests to access, know or delete your Personal Information, the agent will need to provide us with your signed permission indicating the agent has been authorized to submit the request on your behalf. We will also require that you verify your identity directly with us or confirm with us that you provided the agent with permission to submit the request.
- Requests to Opt Out of Sale: If the agent submits a request to opt out of the sale of your Personal Information, the agent will need to provide us with your signed permission indicating the agent has been authorized to submit the opt-out request on your behalf.
Please note that this subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney. Any such requests will be processed in accordance with California law pertaining to powers of attorney.
Notice of Financial Incentive
The Merit Loyalty Program (the “Program”) is our customer recognition program that rewards participating members for referring individuals to our Site.
To participate in the Program, we collect your email, first name, last name, shipping address, and billing address. Participants in the Program receive codes they can redeem to receive gifts or discounts on purchases over a certain amount. The Program helps us establish brand loyalty and enhance the customer experience.
Participation in the Program is voluntary. To sign up for the Program, you must provide us with your name and email address and create a loyalty program password. You have the right to cancel your membership in the Program at any time. You can do so by emailing us at We will not discriminate against you for exercising your rights under CCPA.
California Shine the Light
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Site that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email to hi@meritbeauty.com.
HOW TO CONTACT US
If you have any questions or comments about this Privacy Policy, or if you would like us to update information, we have about you or your preferences, please contact us by email at hi@meritbeauty.com.
If we need, or are required, to contact you concerning any event that involves your Personal Information we may do so by telephone or email.
If you have inquiries regarding our privacy practices, or if you would like to receive a copy of the Privacy Policy or address concerns regarding the handling of Personal Information, please contact us at:
For everyone: |
For UK residents: |
---|---|
MERIT Customer Experience Team |
GDPR Representative: We have appointed the Osano UK Compliance LTD to act as our UK representative: |