Last updated: February 17, 2021
Eyebrowz Designs Inc. (“Eyebrowz”) is committed to protecting the privacy rights of our customers and visitors to our website, www.eyebrowzwholesale.com Eyebrowz knows that you care how information about you is collected, used and shared, and we appreciate your trust.
What personal data we collect and why we collect it
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
During your use of eyebrowzwholesale.com, such as filling our our contact form or making a sample purchase, you will be asked to provide personal information (such as your name, e-mail address, postal address, telephone number, credit card information, etc.) for the purpose of facilitating communications with you or facilitating your use of eyebrowzwholesale.com, including placing an order for samples, signing up to receive the latest product releases. If you choose not to provide certain requested personal information, you will not be able to register as a customer or receive email updates.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
eyebrowzwholesale.com uses “cookies”, a technology that stores a small amount of information on a website user’s computer to permit the website to recognize future visits using that computer. Cookies enhance the convenience and use of plhaircare.com. For example, the information provided through cookies is used to recognize you as a previous user (so you do not have to enter your personal information every time), offer personalized web page content and information for your use and otherwise facilitate your website experience. Cookie data may be used for purposes including delivering to you banner advertisements and other advertising tailored to your interests when you visit certain websites and selecting offers and products to display to you when you visit our website. You may also wish to decline cookies generally if your browser permits, but doing so may affect your use of the website.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
How we use your data
We use the information that we collect about you to:
- Process and fulfill your orders and provide customer service.
- Manage your Account.
- Administer the Website.
- Monitor customer online and offline traffic patterns and site usage to help us develop and improve the design and usability of the site, our showrooms, our products and services and our marketing campaigns.
- Protect the security or integrity of our website and our business.
- Notify you about enhancement to our services, such as recent updates to the Website, new services and special offers that may be of interest.
If you are in the European Economic Area (“EEA”), we will rely on one of the following legal grounds (as appropriate) to process your personal data:
- To enter and perform a contract with you or to perform any steps you require from us before entering into a contract.
- To pursue our legitimate business interests in providing you with our products and services.
- Your specific consent to us using your information, which you can withdraw at any time.
- To comply with our legal obligations and establish, exercise or defend our legal rights.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Eyebrowz (or its affiliates, suppliers and service providers) may disclose your personal information to an American or foreign government institution or regulatory authority that has asserted its lawful authority to obtain the information, but in each case only where Eyebrowz has reasonable grounds to believe the information could be useful in the investigation of unlawful activity, or to comply with a subpoena or warrant or an order made by a court, person or body with jurisdiction to compel the production of information, or to comply with court rules regarding the production of records and information, or to its legal counsel, or as otherwise might be required in compliance with applicable data protection legislation.
Your contact information
I f you have any comments or questions about this Policy or your personal information, please send your comments by e-mail to our Privacy Representative at [email protected]
Our headquarters are located at 115 First Street Sumas WA, 98295
How we protect your data
We work to protect the security of your information. For example, we use Secure Sockets Layer (SSL) software, which encrypts information you input online during transmission to us. If you have accessed a secure server, the first characters of the address in that line should change from “http” to “https.” We reveal only the last four digits of your credit card numbers when confirming an order. You can help us by also taking precautions to protect your personal data when you are using Internet. It is important for you to protect against unauthorized access to your password and to your computer. Be sure to sign off when finished using a shared computer.
What data breach procedures we have in place
Upon being notified of a (suspected or confirmed) data breach, the Data Breach Team should immediately activate the data breach & response plan.
Eyebrowz’ data breach management and response plan is:
- Confirm the Breach
- Contain the Breach
- Assess Risks and Impact
- Report the Incident
- Evaluate the Response & Recovery to Prevent Future Breaches
CONFIRM THE BREACH
The Data Breach Team (DBT) should act as soon as it is aware of a data breach. Where possible, it should first confirm that the data breach has occurred. It may make sense for the DBT to proceed Contain the Breach on the basis of an unconfirmed reported data breach, depending on the likelihood of the severity of risk.
CONTAIN THE BREACH
The DBT should consider the following measures to Contain the Breach, where applicable:
- Shut down the compromised system that led to the data breach.
- Establish whether steps can be taken to recover lost data and limit any damage caused by the breach. (eg: remotely disabling / wiping a lost notebook containing personal data of individuals.)
- Prevent further unauthorized access to the system.
- Reset passwords if accounts and / or passwords have been compromised.
- Isolate the causes of the data breach in the system, and where applicable, change the access rights to the compromised system and remove external connections to the system.
ASSESS RISKS AND IMPACT
Knowing the risks and impact of data breaches will help Eyebrowz determine whether there could be serious consequences to affected individuals, as well as the steps necessary to notify the individuals affected.
Risk and Impact on Individuals
- How many people were affected?
A higher number may not mean a higher risk, but assessing this helps overall risk assessment.
- Whose personal data had been breached?
Does the personal data belong to employees, customers, or minors? Different people will face varying levels of risk as a result of a loss of personal data.
- What types of personal data were involved?
This will help to ascertain if there are risk to reputation, identity theft, safety and/or financial loss of affected individuals.
- Any additional measures in place to minimize the impact of a data breach? eg: a lost device protected by a strong password or encryption could reduce the impact of a data breach.
Risk and Impact on organizations
- What caused the data breach?
Determining how the breach occurred (through theft, accident, unauthorized access, etc.) will help identify immediate steps to take to contain the breach and restore public confidence in a product or service.
- When and how often did the breach occur?
Examining this will help Eyebrowz better understand the nature of the breach (e.g. malicious or accidental).
- Who might gain access to the compromised personal data?
This will ascertain how the compromised data could be used. In particular, affected individuals must be notified if personal data is acquired by an unauthorized person.
- Will compromised data affect transactions with any other third parties?
Determining this will help identify if other organizations need to be notified.
REPORT THE INCIDENT
Eyebrowz is legally required to notify affected individuals if their personal data has been breached. This will encourage individuals to take preventive measures to reduce the impact of the data breach, and also help Eyebrowz rebuild consumer trust.
Who to Notify:
- Notify individuals whose personal data have been compromised.
- Notify other third parties such as banks, credit card companies or the police, where relevant.
- Notify GDPR especially if a data breach involves sensitive personal data.
- The relevant authorities (eg: police) should be notified if criminal activity is suspected and evidence for investigation should be preserved (eg: hacking, theft or unauthorized system access by an employee.)
When to Notify:
- Notify affected individuals immediately if a data breach involves sensitive personal data. This allows them to take necessary actions early to avoid potential abuse of the compromised data.
- Notify affected individuals when the data breach is resolved
How to Notify:
- Use the most effective ways to reach out to affected individuals, taking into consideration the urgency of the situation and number of individuals affected (e.g. media releases, social media, mobile messaging, SMS, e-mails, telephone calls).
- Notifications should be simple to understand, specific, and provide clear instructions on what individuals can do to protect themselves.
What to Notify:
- How and when the data breach occurred, and the types of personal data involved in the data breach.
- What Eyebrowz has done or will be doing in response to the risks brought about by the data breach.
- Specific facts on the data breach where applicable, and actions individuals can take to prevent that data from being misused or abused.
- Contact details and how affected individuals can reach the organization for further information or assistance (e.g. helpline numbers, e-mail addresses or website).
EVALUATE THE RESPONSE & RECOVERY TO PREVENT FUTURE BREACHES
After steps have been taken to resolve the data breach, Eyebrowz should review the cause of the breach and evaluate if existing protection and prevention measures and processes are sufficient to prevent similar breaches from occurring, and where applicable put a stop to practices which led to the data breach.