Website Privacy Policy
Last Modified: 6/26/2025
Purpose
Skinsistency, LLC (hereinafter “we,” “our,” “us”) is committed to protecting your privacy and maintaining a quality online experience for our website users.
This Privacy Policy describes the type of personal information we may collect from you or that you may provide when you visit Skinsistencyco.com (hereinafter “Website”) and our practices for handling, storing, and protecting that information as well as your rights in relation to your personal information and how you can contact us and supervisory authorities in the event you have questions about how we handle your personal information.
Privacy Policy Consent
Please read this Privacy Policy carefully and in its entirety before using our Website. If you do
not agree with our policies and practices regarding your personal information and how we will treat it, your choice is to not use our Website. Your use of our Website constitutes your voluntary acceptance to be bound by this Privacy Policy, whether you have read it or have had the opportunity to read it and have chosen not to.
This Privacy Policy applies to the information we collect:
On this Website.
In email, text, and other electronic messages between you and this Website.
When you interact with our advertising on third party websites and services, if that advertising includes links to this Privacy Policy.
It does not apply to information that is collected by:
Us offline or through any other means, including on any other website operated by any third party (including our affiliates).
Any third party (including our affiliates) through any content (including advertising) that may link to or be accessible from (or on) the Website.
Children’s Online Privacy Protection Act (COPPA)
This Website and any products and services offered herein are not intended for persons under the age of 18.
We prohibit children under the age of 18 from using any and all interactive portions of this Website, including leaving any comments, filling out forms, or otherwise submitting information. A child’s parent or guardian should contact us if we have inadvertently collected any information or content from that child without the parent or guardian’s authorization, so that we may delete that information from our records.
[COPPA imposes certain requirements on websites or online services directed at children under 13 years old, including the requirement that sites must require parental consent for the collection or use of any personal information from children. The General Data Protection Regulation (GDPR) requires parental consent for children under 16 years old.
If your site is directed at children under 18 years old, you will need to contact an attorney in your local area to discuss revisions to this section]
CAN-SPAM Act of 2003
We have taken the necessary steps to ensure that we are in compliance with the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003 and will not send misleading information.
Personal Information We Collect
The type of personal information we collect depends on how you are interacting with us. We generally collect the following categories of personal information:
Contact information, such as first and last name, email address, postal address, phone number, and other similar contact data;
Records and copies of your correspondence (including email address) if you contact us;
Details of transactions you carry out through our Website and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Website and we will use a third-party payment processor to process the payment. We do not collect your credit card or debit card number, expiration date, or pin number;
Comments, feedback, questions and other information you provide to us;
Details of your visits to our Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website;
Information about your computer and internet connection, including your IP address, operating system, and browser type
Sources of Personal Information
We collect personal information from you as follows:
You provide personal information to us when you:
Subscribe to or purchase our products and/or services;
Complete a contact or information request form. We automatically collect personal information when you:
Visit, interact with, or use our Website;
Access, use, or download content from us; and
Open emails or click links in emails from us.
How We Use the Information/Lawful Bases
We process personal information about you on one or more of the following bases:
To perform a contract;
With your consent;
For our legitimate interests;
To comply with the law;
To protect someone’s life; and/or
Public task.
We process personal information to:
Process and fulfill an order, download, subscription, or other transaction;
Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
Respond to your requests, inquiries, comments, and concerns;
Notify you about changes to our Website or any products or services we offer or provide through it;
Send marketing emails;
Inform you of and administer promotions, contests, sweepstakes or surveys;
Help us address problems with and improve our Website;
Protect the security and integrity of our Website;
Contact you for other business reasons, if necessary; and
Provide interest-based advertising. [OR]; and
[any additional reasons you process personal information]
[The CCPA/CPRA define “sale” of personal information as “selling, renting, releasing, disclosing, disseminating, making available, transferring or communicating orally, in writing, or by electronic or other means, a consumer’s personal information to another business or their party for monetary of other valuable consideration.”
The CPRA defines “sharing” as any disclosure of personal information (renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, or in writing, or by electronic or other means) to third parties for cross-contextual behavioral advertising whether or not for monetary or other valuable consideration.
We will not sell or share your personal information and have not done so in the last 12 months.
We may transfer your personal information to a third party in the event of a bankruptcy, dissolution, merger, sale, acquisition, or change of control.
We may transfer your personal information to a third party if we need to comply with our legal obligations, resolve disputes, and/or enforce our agreements.
Use of Cookies
“Cookies” are small text files that are placed on a computer or other device and used to identify the user or device and to collect information when you visit a website. Cookies may be set by the website you are visiting (also known as “first party cookies”) or by third parties who provide advertising or analytics services on the website (also known as “third party cookies”).
We use cookies for several different purposes.
You can disable cookies through your web browser’s settings, but disabling this function may diminish your experience on our Website as some features may not work as intended.
Interest-Based Advertising
Our Website also allows third parties to collect certain personal information during your visit to the Website to provide interest-based advertising to you.
Website users may opt out of interest-based advertising by:
Going to your account privacy settings in your browser and turning off personalization;
Going to the Digital Advertising Alliance’s opt out tool, http://optout.aboutads.info;
Going to the Network Advertising Initiative’s opt out tool, https://www.networkadvertising.org/choices; or
Going to https://www.youronlinechoices.com/, if you’re based in the EU.
Automated Decision-Making
We use the personal information that we collect for automated decision-making (i.e., making a decision solely by automated means without any human involvement) if it is authorized by legislation, if you have provided explicit consent, or if it is necessary for entering into or performance of a contract.
When using automated decision-making, we will provide you with further information about the logic involved, your right to obtain human intervention, the potential consequences of the processing, and your right to contest the automated decision.
Profiling
We use the personal information that we collect for profiling (i.e., automated processing of the information to evaluate certain personal aspects of a natural person to predict their behavior and make decisions regarding it) if it is authorized by legislation, if you have provided explicit consent, or if it is necessary for entering into or performance of a contract.
When profiling, we will provide you with further information about the logic involved, your right to obtain human intervention, the potential consequences of the processing, and your right to contest the automated profile.
“Do Not Track” (DNT) Signals
Some browsers transmit Do Not Track (DNT) signals to websites.
Due to the lack of a common interpretation of DNT signals throughout the industry, we do not currently alter, change, or respond to DNT requests or signals from these browsers.
How the Information is Shared
Depending on how you interact with us, we share information with our third-party service providers, agents and representatives, including, but not limited to, [1] eCommerce platform providers, payment processing providers, email service providers, IT service providers, security and software service providers, in order to process the information as necessary to complete a transaction, fulfill your request, or otherwise on our behalf based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures.
We also will disclose your personal information if we have a good faith belief that such disclosure is necessary to:
meet any applicable law, regulation, legal process or other legal obligation;
detect, investigate and help prevent security, fraud or technical issues; and/or
protect the rights, property, or safety of us, our Website, our users, employees, or others.
Our current third-party service providers include:
[2] Showit, ionon, shopify
Information Retention
We retain your personal information for as long as necessary to fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements, or until such time as you let us know you would like for us to delete it or unsubscribe from our marketing contacts.
Passwords
Certain features of our Website require the creation of a username and password. You are responsible for keeping your username and password confidential. We ask that you not share your username or password with anyone. We cannot and will not be liable for any loss or damage arising from your failure to protect your username or password.
You agree to notify us immediately of any unauthorized use of your username or password or any other breach of security.
Information Protection and Security
Our Website uses commercially acceptable security measures to prevent your personal information from being lost, used, or accessed in an unauthorized way. We use a Secure Sockets Layer (SSL) certificate and never transmit your credit card information via email. If you receive an email from us that appears to be a request for personal information, do not respond because it may be a phishing scam designed to steal your personal information.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk.
Should there be a data breach, we will notify you when we are legally required to do so.
Your Rights to Control Your Information
You can unsubscribe from our email newsletters or updates at any time through the unsubscribe links found in the communications you receive from us.
You can unsubscribe from our email advertisements at any time by clicking unsubscribe.
Local data protection laws may give you rights with respect to personal information if you are located in or a resident of that country, state, or territory.
THESE RIGHTS ARE NOT GUARANTEED AND IT IS IMPORTANT FOR YOU TO CONSULT YOUR LOCAL DATA PROTECTION LAWS TO DETERMINE WHAT RIGHTS MAY BE AVAILABLE TO YOU.
These rights may include the following:
Right
May Apply To
Right to disclosure/access (to know the personal information collected about you and request a copy)
Residents of California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, Virginia, Australia, Canada, the European Union and/or the European Economic Area, and the United Kingdom
Right to correct/rectification (to have your inaccurate personal information corrected)
Residents of California, Colorado, Connecticut, Delaware, Indiana, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Virginia, Canada, Australia, Quebec, the European Union and/or the European Economic Area, and the United Kingdom
Right to erasure/deletion (to have all or some of your personal information deleted upon a verifiable request)
Residents of California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Tennessee, Texas, Oregon, Utah, Virginia, the European Union and/or the European Economic Area, and the United Kingdom
Right to nondiscrimination (the right to equal service and price even if you exercise your rights)
Residents of California, Maryland, Minnesota, Montana, Oregon, Tennessee, Texas, and Virginia
Right to obtain a specific list of third parties your personal information was shared with
Residents of Minnesota and Oregon
Right to obtain a list of the categories of third parties to which the business has disclosed personal information
Residents of Maryland
Right to limit use and disclosure of sensitive personal information
Residents of California and Connecticut
Right to opt out of sensitive data processing
Residents of Iowa
Right to data portability (to have your personal information transferred to you or a third party in machine-readable format, where technically feasible)
Residents of Quebec, the European Union and/or the European Economic Area, and the United Kingdom
Right to data portability (to have your personal information transferred to you in a readily-usable format that lets you transmit that information to a third party)
Residents of California, Colorado, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia
Right to data portability (to have your personal information transferred to you in a readily-usable format that lets you transmit that information to a third party where processing is carried out by automated means)
Residents of Connecticut
Right to withdraw consent (to withdraw your consent that we handle your personal information at any time. The withdrawal of your consent shall not affect the lawfulness of processing based on your consent before its withdrawal)
Residents of Canada, Quebec, the European Union and/or the European Economic Area, and the United Kingdom
Right to not identify yourself or of using a pseudonym
Residents of Australia
Right to restriction of processing (to limit the purposes that your personal information may be used for)
Residents of the European Union and/or the European Economic Area, and the United Kingdom
Right to object (to object to the processing of your personal information in cases where our processing is based on direct marketing)
Residents of the European Union and/or the European Economic Area, and the United Kingdom
Right to stop unwanted direct marketing
Residents of the European Union and/or the European Economic Area, and Australia
Right to complain (to lodge a complaint with competent authorities in the proper jurisdiction if you are not content with how we collect, share, and process your personal information)
Residents of Canada, Australia, Quebec, the European Union and/or the European Economic Area, and the United Kingdom
Right to appeal (a decision made regarding an exercise of rights)
Residents of California, Colorado, Connecticut, Delaware, Indiana, Iowa, Maryland, Minnesota, Montana, New Jersey, New Hampshire, Nebraska, Oregon, Tennessee, Texas, Utah, and Virginia.
These rights are not absolute and they do not always apply in all cases. We will honor your rights under applicable data protection laws.
Use and Transfer of Your Information Out of the European Economic Area (EEA) or Canada
This Website is operated in the United States and the third parties with whom we might share your personal information (as explained above) are also located in the United States or other countries located outside the EEA and Canada.
If you are located outside of the United States, please be aware that any information you provide will be transferred to the United States. By using this Website and/or providing your information, you consent to this transfer.
Contact Us
If you have any questions, comments, complaints, or suggestions in relation to this Privacy Policy or our privacy practices, please contact us by email skinsistency@gmail.com.
Changes to this Privacy Policy
The date this Privacy Policy was last revised is identified at the top of the page. It is our policy to post any changes we make to our Privacy Policy on this page. If we make any material changes to how we treat our Website users’ personal information, we will notify you of any such changes by email (if you have provided your email to us) and/or by a prominent notice displayed on our Website’s home page and updating the revised date of our Privacy Policy. We recommend that you check this Privacy Policy when you visit our Website to be sure that you are aware of our most current policy.
Please also read our Terms and Conditions of Use. [Link your Terms and Conditions here]
[THIS TABLE IS NOT INTENDED TO BE PART OF THE PRIVACY POLICY POSTED TO YOUR WEBSITE. IT IS AN OUTLINE OF THE VARIOUS DATA PRIVACY LAWS THIS TEMPLATE ADDRESSES IN THE CHART ABOVE AND THEIR THRESHOLDS FOR IMPLEMENTATION:
DATA PRIVACY LAW
WHO IT APPLIES TO
Australia Privacy Act of 1988
Applies to business if website collects personal information of residents of Australia or Australian territories.
California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA)
SEE NOTES ABOVE IN TEMPLATE.
Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
Applies to business if website collects the personal information of Canadians.
Colorado Privacy Act (CPA)
Applies to business if:
Conduct business in Colorado or produce or deliver commercial products or services that are intentionally targeted towards residents of Colorado; and
Satisfies one of the following thresholds:
Controls or processes the personal data of 100,000 or more Colorado consumers during a calendar year; or
Derives revenue or receives a discount on the price of goods or services from the sale of personal data and processes or controls the personal data of 25,000 or more Colorado consumers.
Exempts airlines, public utilities, financial institutions, governmental entities in Colorado, entities covered by the Health Insurance Portability and Accountability Act (HIPAA), those collecting/processing data for Colorado health insurance law purposes,
those collecting/processing data for, employment records purposes, those processing de-identified personal data, consumer reporting agencies, and higher education institutions.
Connecticut SB6
Applies to business if:
Controlled or processes the personal data of 100,000 or more Connecticut residents; or
Controlled or processed the personal data of 25,000 or more residents of Connecticut and derived more than 25% of their gross revenue from the sale of personal data.
Exempts non-profits, higher education institutions, national securities associations, financial institutions and entities that need to comply with HIPAA.
Delaware Personal Data Privacy Act (DPDPA)
Applies to business if doing business in Delaware or targeting its residents, and during the prior calendar year:
Controls or processes personal data of 35,000 or more Delaware consumers (excluding data solely for payment transactions), or
Controls or processes personal data of 10,000 or more Delaware consumers with over 20% annual gross revenue from the sale of personal data.
Exempts government entities and financial institutions.
Businesses may not process sensitive personal data without receiving prior consent from the consumer.
General Data Protection Regulation (GDPR)
Applies to business if it:
processes personal information as part of the activities of one of its branches established in the European Union, regardless of where the data is processed; or
is established outside the European Union and is offering goods or services (paid or for free) or is monitoring the behavior of individuals in the European Union.
Indiana Consumer Data Protection Act (Indiana CDPA)
Applies to businesses who conduct business in Indiana or produce products or services that are targeted to residents of Indiana and during a calendar year either:
Controls or processes personal data of at least 100,000 Indiana residents; or
Controls or processes personal data of at least 25,000 Indiana residents and derives over 50% of its gross revenue from the sale of personal data.
Exempts non-profit organizations, higher education institutions, financial institutions, and public utilities.
Iowa Consumer Data Protection Act (IACDPA)
Applies to individuals and entities who conduct business in Iowa or produce products or services that are targeted to residents of Iowa and during a calendar year either:
Controls or processes personal data of at least 100,000 Iowa residents; or
Controls or processes personal data of at least 25,000 Iowa residents and derives over 50% of its gross revenue from the sale of personal data.
Exempts non-profit organizations, government entities, public and private education institutions.
Exempts data such as business-to-business personal data, data provided in the employment context, consumer credit reporting data, health records, and scientific research data.
Kentucky Consumer Data Protection Act (KCDPA)
Applies to businesses in Kentucky or that provide products or services that are targeted to residents of Kentucky if:
Control or process the personal data of at least 100,000 consumers; or
Control or process the personal data of at least 25,000 consumers AND derived more than 50% of its gross revenue from the sale of personal data.
Exempts city or state agencies or state political subdivisions, financial institutions, entities covered by HIPAA, nonprofit organizations, higher education institutions, and small telephone utilities.
Maryland Online Data Privacy Act of 2024
Applies to businesses in Maryland or that provide products or services that are targeted to residents of Maryland if:
Control or process the personal data of at least 35,000 residents of Maryland; or
Control or process the personal data of at least 10,000 residents of Maryland AND derived more than 25% of its gross revenue from the sale of personal data.
Exempts non-profits who process data to assist law enforcement agencies in investigating criminal or fraudulent acts relating to either insurance or first responders in responding to catastrophic events.
Minnesota Consumer Data Privacy Act (MCDPA)
Applies to legal entities in Minnesota or that provide products or services that are targeted to residents of Minnesota if:
Control or process the personal data of 100,000 residents of Minnesota; or
Control or process the personal data of at least 25,000 residents of Minnesota AND derived more than 25% of its gross revenue from the sale of personal data.
Exempts government entities, federally recognized Indian tribes, covered entities and business associates subject to the Health Insurance Portability and Accountability Act ("HIPAA"), state or federally chartered banks or credit unions, insurance companies, non-profits established to detect and prevent insurance fraud, air carriers subject to the federal Airline Deregulation Act, and
small businesses, as defined by the United States Small Business Administration. The Small Business Administration defines “small business” as either an independent business with less than 500 employees or a business that makes under a certain amount of gross revenue per year.
HOWEVER, small businesses may not engage in the sale of sensitive personal data without receiving prior consent from the consumer.
Montana Consumer Data Privacy Act (MCDPA)
Applies to businesses in Montana or that provide products or services that are targeted to residents of Montana and meet one or more of the following factors:
Control or process the personal data of not less than 50,000 Montana residents (excluding personal data controlled or processed solely for completing payment transactions); or
Control or process the personal data of not less than 25,000 Montana residents and derive more than 25% of gross revenue from the sale of personal data.
Exempts non-profits, higher education institutions, national securities associations, financial institutions and entities that need to comply with HIPAA.
Nebraska Data Privacy Act (NDPA)
Applies to any entity that:
Conducts business in Nebraska or produces products or services consumed by Nebraska residents;
Processes or engages in the sale of personal data; and
Is not a small business under the federal Small Business Act (SBA), except if such entity engages in the sale of sensitive data without receiving prior consent from the consumer.
Exempts state agencies, non-profit organizations, higher education institutions, and energy utility providers.
Nevada Revised Statutes Chapter 603A
Applies if a person:
Owns and operates a website for business purposes;
Collects and maintains personal information from consumers who reside in Nevada and use the website; and
Purposefully directs its activities towards Nevada, consummates a transaction with the State of Nevada or a resident of Nevada, purposefully avails itself of the privilege of conducting activities in Nevada or otherwise engages in any activity that constitutes sufficient nexus with Nevada to satisfy the requirements of the U.S. Constitution.
Exempts those that live in Nevada if your revenue is derived primarily from a source other than selling goods, services or credit on your website; and your website has less than 20,000 unique visitors per year as well as financial institutions and entities that need to comply with HIPAA.
New Hampshire Privacy Act (NHPA)
Applies to business if doing business in New Hampshire or targeting its residents, and during the prior calendar year:
Controls or processes personal data of 35,000 or more New Hampshire consumers (excluding data solely for payment transactions), or
Controls or processes personal data of 10,000 or more New Hampshire consumers with over 25% annual gross revenue from the sale of personal data.
Exempts non-profit organizations, government entities, financial institutions, and education institutions.
New Jersey Privacy Act (NJPA)
Applies to business if doing business in New Jersey or targeting its residents, and during the prior calendar year:
Controls or processes personal data of 100,000 or more New Jersey consumers (excluding data solely for payment transactions), or
Controls or processes personal data of 25,000 or more New Jersey consumers and the controller receives revenue or a discount on the price of any goods or services from the sale of personal data.
Exempts government entities and financial institutions.
Oregon SB619
Applies if person conducts business in Oregon or provides products or services to residents of Oregon and that, during a calendar year:
Processors or controls the personal data of 100,000 or more residents of Oregon; or
Processors or controls the personal data of 25,000 or more residents of Oregon and derives 25% or more of annual gross revenue from the sale of personal data; or
signed a contract for the processing of data with a company that does need to comply with this law.
Exempts non-profits that are established to detect or prevent fraudulent acts in connection with insurance and non-profits that provide programming to radio or television networks.
Quebec Law 25
Applies to business if persons collect, hold, use or share personal information in the course of carrying on an enterprise.
“Enterprise” is defined as “the carrying on by one or more persons of an organized economic activity, whether or not it is commercial in nature, consisting of producing, administering or alienating property, or providing a service.”
Includes non-profits.
Tennessee Information Protection Act (TIPA)
Applies to business if doing business in Tennessee or targeting its residents and:
Controls or processes personal information of 100,000 or more Tennessee residents during a calendar year, or
Controls or processes personal information of 25,000 Tennessee consumers during a calendar year AND derives more than 50% of their gross revenue from the sale of personal information.
The definition of “consumer” excludes individuals acting in an employment or business (B2B) context.
Exempts government entities, financial institutions, insurance companies, institutions of higher education, and nonprofit organizations.
Texas Data Privacy and Security Act (TDPSA)
Applies if person conducts business in Texas or produces a product or service consumed by residents of Texas and that processes or engages in the sale of personal data.
Exempts non-profits, small businesses, as defined by the United States Small Business Administration. The Small Business Administration defines “small business” as either an independent business with less than 500 employees or a business that makes under a certain amount of gross revenue per year.
HOWEVER, small businesses may not engage in the sale of sensitive personal data without receiving prior consent from the consumer.
United Kingdom’s Data Protection Act of 2018
Applies if business monitors the behavior of UK residents via interest-based advertising, use of cookies, etc.
Utah Consumer Privacy Act (UCPA)
Applies to business if:
Has annual revenue of $25,000,000 or more; and
Meets one of the following thresholds:
During a calendar year, controls or processes the personal data of 100,000 or more Utah residents; or
Derives 50% or more of its annual gross revenue from the sale of personal data and controls or processes the personal data of 25,000 or more Utah consumers.
Exempts state agencies and other such political organizations, financial institutions,
HIPAA-defined covered entities and their business associates, higher education institutions, non-profits, and air carriers.
Virginia Consumer Data Protection Act (VCDPA)
Applies to business if during a calendar year:
control or process the personal data of at least 100,000 Virginia residents
control or process the personal data of at least 25,000 consumers and derive over 50% of gross revenue from the sale of personal data
Exempts state agencies and other such political organizations, financial institutions,
HIPAA-defined covered entities and their business associates, higher education institutions, and non-profits.