Privacy Notice for U.S. State Residents

Last Updated: October 20, 2023

Summary

This policy, together with the HairDAO Privacy Statement, includes the information and disclosures we are required to provide to you under U.S. State Data Protection Laws. You should read them both carefully.

This Privacy Notice for U.S. State Residents applies to residents of California, Colorado, Virginia, Utah, and Connecticut and contains information required by the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act, the Colorado Privacy Act (“CPA”), the Virginia Consumer Data Protection Act (“VCDPA”), the Utah Consumer Privacy Act (“UCPA”), and the Connecticut Data Privacy Act (“CTDPA”) (collectively, “U.S. State Data Protection Laws”), as amended or replaced from time to time, along with any implementing regulations, and supplements our privacy statement.

This policy, together with the HairDAO Privacy Statement, includes the information and disclosures we are required to provide to you under U.S. State Data Protection Laws. You should read them both carefully.

HairDAO applies certain privacy controls to all U.S. customers. For example, all customers can request a copy of their data, request deletion, and control their privacy settings in their Account Settings. This notice makes sure we cover state-specific requirements. In the event of any conflict between the terms of this notice and the Privacy Statement, the terms of this notice prevail.

Here is a summary before we dive into the details:

  • You have the right to know whether we sell or share your Personal Information and opt-out of a sale or sharing of your Personal Information with a third party.
  • You have the right to receive an overview of the Personal Information we collect, how we use it, and who we share it with.
  • You have a right to limit use and sharing of your sensitive Personal Information.
  • You have the right to access your Personal Information and get a copy of it.
  • You have the right to correct inaccurate Personal Information.
  • You have the right to delete your Personal Information.
  • You or your authorized agent can always contact us if you have a question at privacy@hairdao.xyz

1. Your Rights

When we talk about “Personal Information” in this notice, we mean any information that identifies, relates to, describes, is capable of being associated with you, or could reasonably be linked, directly or indirectly, with you, and as otherwise defined in the U.S. State Data Protection Laws. The U.S. State Data Protection Laws do not consider publicly available information, deidentified, or aggregate consumer information as “Personal Information.”

We will not attempt to reidentify deidentified information (except as necessary to test our deidentification processes to ensure no individuals can be identified) and will use it only in deidentified form.

Let’s start with your privacy rights first. You have the right to:

  • Know what Personal Information we collect, use, disclose, share, or sell.
  • Receive a copy of your Personal Information.
  • Correct inaccurate Personal Information.
  • Delete your Personal Information.
  • Receive your Personal Information in a portable and, if technically feasible, in a readily usable format.
  • Opt out of: targeted advertising; the sale or sharing of your Personal Information with third parties; and/or, profiling in the furtherance of decisions that produce legal or similarly significant effects.
  • Limit the use and sharing of your sensitive Personal Information. Sensitive Personal Information includes, but is not limited to, Personal Information that reveals your racial or ethnic origin, religious beliefs, mental or health conditions or diagnosis, sex life or sexual orientation, citizenship or immigration status, genetic data, precise geolocation, or as otherwise defined in applicable U.S. State Data Protection Laws. Your HairDAO Registration Information, Genetic Information, and Self-Reported information likely include sensitive Personal Information.
  • Not receive discriminatory treatment if you exercise your privacy rights.

If you do not have a HairDAO account and would like to make a privacy rights request, or to appeal an action we made related to your privacy request, you can email us at privacy@hairdao.xyz with the subject line “Privacy Rights Request”. We will require some additional information to verify your identity in order to process your request. Alternatively, you may exercise your privacy rights through an authorized agent. If you use an authorized agent, we will require you to verify your identity and confirm that you have provided the authorized agent permission to submit the request on your behalf.

We will respond to your request within 45 days, and in more difficult cases we may extend our response time by another 45 days. The easiest way to exercise your rights is through your Account Settings so we can quickly verify your identity. Your rights under the U.S. State Data Protection Laws are not absolute and HairDAO may exercise limitations or exemptions as permitted by the U.S. State Data Protection Laws.

Notice of Right to Opt-Out of Sale/Sharing

Like many websites, HairDAO uses cookies (including other tracking technologies) for targeted or cross-context behavioral advertising. Cookies require your Web-Behavior Information to work.

Under the CCPA, this use of your data for cross-context behavioral advertising may constitute a “sale” or “sharing” of personal information. We let advertising providers collect identifiers (IP addresses, cookie IDs, and mobile IDs), activity data (browsing, clicks, app usage), device data, and geolocation data through our sites and apps when you use our online service. In the past 12 months, these categories of personal information may have been “sold” or “shared” as defined under CCPA. We do not have actual knowledge of selling or sharing personal information of users under the age of 16.

File a complaint under the California Genetic Information Privacy Act or the Virginia Genetic Information Privacy Act

We encourage you to reach out to us with any complaints or concerns at privacy@hairdao.xyz. Residents of the state of California or the state of Virginia may also file complaints if they believe certain rights were infringed under the California Genetic Information Privacy Act or the Virginia Genetic Information Privacy Act.

If you are a California resident, you may file a complaint with the California Attorney General, or your California county district attorney. Residents of cities with more than 750,000 residents may file a complaint with their city attorney, and residents of cities with full-time city prosecutors may file a complaint with their city prosecutor. If you wish to file a complaint with your district attorney, city attorney, or city prosecutor, contact their local office for more information.

If you are a Virginia resident, you may file a complaint with the Virginia Attorney General, or contact the Virginia Consumers Protection Hotline at 1-800-552-9963.

2. What We Collect

As detailed in our Privacy Statement, we collect Personal Information for various purposes with privacy principles in mind.

Below, we describe the categories of Personal Information as defined under the CCPA for California residents, and may include reference to certain key definitions from our Privacy Statement. Some of the categories below require separate opt-in consent and these categories do not necessarily reflect all of the types of information that we may collect about you. We will provide you a separate notice if we collect any additional Personal Information about you. Some Personal Information included in the categories may overlap with other categories.

In the last twelve (12) months, we have collected the following categories of Personal Information:

  • Identifiers: Registration Information and information contained in Web-Behavior Information and/or User Content such as your name, display name, address, online identifier, IP address, email address, username, or other similar identifiers.
  • Personal information categories listed in the California Customer Records provisions: Certain information from Registration Information (including payment information), certain User Content (such as your name, address, or phone number), and/or certain Self-Reported Information (such as details about your employment or education).
  • Characteristics of protected classifications under California or federal law: Certain information from Registration Information, Self-Reported Information, and/or User Content, such as your age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, and genetic information (including familial genetic information).
  • Commercial information: Certain information from Self-Reported Information and/or User Content such as products or Services purchased, obtained, or considered, survey responses regarding past purchasing history, information about products you purchased or considered, or other purchasing or consuming histories or tendencies.
  • Audio, electronic, visual, thermal, olfactory, or similar information: Certain information from Self-Reported Information and/or User Content you provide to us through surveys or other engagement on our platform, such as when you upload a profile picture.
  • Professional or employment-related information: Certain information from Self-Reported Information and/or User Content such as education, household income, occupation, and other professional information. This information can be collected when you apply for a job with HairDAO, fill out a survey, or otherwise engage with us.
  • Biometric information: Certain information from Self-Reported Information and/or User Content such as physiological, behavioral, and biological characteristics that can be used to establish an individual’s identity. To the extent we collect this information, we collect it directly from you when you choose to share it with us.
  • Internet or other electronic network activity information: Web-Behavior Information such as data generated from your use of our Services and collected through log files, cookies, web beacons, and similar technologies. Such information may include your browser type, domains, page views, how long you spent on a page or feature of the website, or other data about your engagement with our Services.
  • Geolocation data: Web-Behavior Information that includes the identification or estimation of physical location or movement.
  • Inferences drawn from other personal information: Inferences and Derived Data includes any information, data, assumptions, or conclusions HairDAO infers based on analyses of facts, evidence, or another source of information or data. HairDAO may derive Genetic Information, such as imputed genotype data, genetic risk scores, and phenotypes (which are observable characteristics or traits). Generally this information is created by HairDAO and not collected directly from you. HairDAO may derive information from data that was collected in relation to our genetic testing services, directly from you, or through tracking technology.
  • Sensitive personal information: Genetic Information, and certain Registration Information, Sample Information, and Self-Reported Information may be considered “sensitive.” This includes data that reveals your: social security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to your account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; mail, email, and/or text messaging contents where HairDAO is not an intended recipient; and genetic data.

HairDAO may access publicly available information or public records from federal, state, or local government records (e.g., vital records, census data).

3. How We Use Your Personal Information

As defined under the CCPA for California residents, HairDAO may use Personal Information listed above for the purposes described below or at your direction. Such purposes include:

  • Providing Services: To provide our Services to you, including maintaining or servicing your account, providing customer service, processing or fulfilling orders and transactions, and more.
  • Audit: Auditing related to a current interaction and concurrent transactions, or compliance with applicable laws or standards.
  • Security and Integrity: Detecting security incidents, maintaining integrity, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
  • Debugging: Debugging to identify and repair errors that impair existing intended functionality.
  • Transient Use: Short-term, transient use, including, but not limited to, nonpersonalized advertising shown as part of your current interaction with our business, provided that your Personal Information is not disclosed to another third party and is not used to build a profile about you or otherwise alter your experience outside the current interaction.
  • Advertising and Marketing: To provide advertising and marketing to you, including cross-context behavioral advertising.
  • Research and Development: Internal research that HairDAO performs to improve and develop its products and services.
  • Quality Assurance and Product Improvement: Activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by HairDAO, and otherwise to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by HairDAO.

If you have given your explicit consent, for example via a data transfer authorization or other consent document, we may use, disclose, or share your Personal Information for commercial or research purposes to third parties. The purpose, such as recruitment for external research or participation in HairDAO Research, may vary and will be described in the consent at that time.

In the past 12 months, we have disclosed Personal Information to service providers and contractors for the business purposes described above, and to third-party advertising and marketing companies for cross-context behavioral or targeted advertising.

We do not use or disclose sensitive Personal Information for purposes other than the business purposes permitted by CCPA, which include, for example, to perform our services, to detect and prevent security incidents, to perform services on behalf of the business, and other purposes as allowed by CCPA.

4. Changes to this notice

HairDAO will periodically review and update this notice. We recommend visiting this page to stay aware of any changes. If we modify this notice, we will make the revised notice available through our website.