IF YOU ARE A RESIDENT OF CALIFORNIA OR NEVADA, PLEASE SEE THE SECTIONS “CALIFORNIA CONSUMER RIGHTS” OR “NEVADA PRIVACY RIGHTS” FOR SPECIFIC DISCLOSURES WITH RESPECT TO OUR COLLECTION, USE, AND DISCLOSURE OF YOUR INFORMATION AND ADDITIONAL RIGHTS YOU HAVE UNDER APPLICABLE LAW.
How Do We Collect And Use Your Personal Information
We collect your information to provide an efficient, enhanced, and personalized shopping experience. We use your Personal Information to support and enhance your use of the Site and App, and their features, including without limitation: fulfilling your order, providing customer service, tracking email invitations you send, and otherwise supporting your use of the Site and the App.
Information obtained in connection with the Site and the App, may be intermingled with and used by us in conjunction with information obtained through sources other than the Site and the App, including both offline and online sources.
When You Subscribe, Visit or Sign Up to Birchbox
If you subscribe to Birchbox, visit or sign up to Birchbox services, we will ask you for your name, email address, shipping address, telephone number. Telephone numbers and email addresses are used to contact you for transactional or marketing purposes, as described in more detail below. In addition, we may notify you about new services or special promotional programs, or send you offers or other information.
When subscribing to Birchbox, you will also complete a beauty quiz that asks for beauty profile information like your skin tone and type, date of birth, eye color, hair color and type, your level of beauty knowledge, your beauty style, your ethnicity or demographic information, and products that you might like ("Beauty Profile"). If You subscribe to Birchbox Grooming, you will also complete a grooming quiz that asks for grooming information like your skin tone and type, hair color and type, your level of grooming knowledge, tools you use when you shave and products that you might like (“Grooming Profile”). We use the Beauty Profile and Grooming Profile information to give you a more enjoyable convenient shopping experience and to help us identify and provide information, products or services that may be of interest to you. We will also use the Beauty Profile or Grooming Profile information to send you alerts about Birchbox products, services, partnerships, and other beauty news that might interest you and match your Beauty or Grooming Profile.
When You Place an Order on The Site
In order to make a purchase or subscribe to a Birchbox Subscription, you must create an account and provide your name, shipping address, billing address, and credit card information. We use this information to process and fulfill your order and to notify you of your order status. All archived credit card information is maintained by a third party in a secure and safe environment.
We are also collecting the information related to what you’ve bought (“Purchase History”) and what you’ve stored in your cart for another time (“Saved Items”). We use your Purchase History in order to provide you customer service, support and handle returns. We may also use your Saved Items information to send additional “Nudges” to remind you to purchase the items or to find out what you, and other customers like and improve your overall experience. We may also track your past purchases to provide you with a personalized profile of your shopping history.
When You Share Information about Your Family & Friends
If you elect to use our referral service for informing a friend about our Site and the App we ask you for the friend's name and email address. Birchbox will automatically send the friend an initial email inviting them to visit or transact with the Site. Birchbox may also send additional emails reminding your friend that you referred them. Additionally, you may send additional "Nudges" to your friend to remind them to sign up. Birchbox stores this information for the sole purpose of sending these referral emails and tracking the success of our referral program. The friend may contact Birchbox at firstname.lastname@example.org or complete this request form to request the removal of this information from our database and to stop receiving Nudges.
You may also choose to share Personal Information about your Family or Friends for sending a gift such as the person’s name, shipping address or email address. Please do not do so without their express permission.
When You Browse our Site our App
When you are visiting our Site or our App, we will automatically receive and store in log files additional information about your phone or laptop and how you use our Site and App. This information includes your IP address, browser type, device type, your operating system, pages viewed, page elements clicked, and duration and frequency of visits. We collect this information to improve our website, give you the best possible shopping experience and gather demographic information about the Site and the App for targeted online marketing purposes. This information also helps us to prevent and detect fraud against You or Birchbox.
When You Participate to Surveys, Competitions, and Promotions
In addition, when you respond to a contest, survey, questionnaire, sweepstakes or other promotional feature, we may ask you for your name, address and email address or other Personal Information.
Use of Tracking Technologies and Opting Out
● BIRCHBOX COOKIES
● THIRD PARTY AND MARKETING PARTNERS COOKIES
We also work with third party analytics or marketing partner companies that collect information about visitors to our Site and the App and report website trends without directly identifying individual visitors. These services allow us to view a variety of reports about how visitors interact with the Site and the App, so we can improve our Site and the App and understand how people find and navigate it. We may enable third parties to collect usage analytics about our services. These third parties may place their own cookies on your device to collect traffic and activity data in order to deliver us relevant metrics and information. We may share such information about our users with them to help improve our services. The collection of this data by these third parties is subject to the third parties’ own privacy policies. With the exception of the use of such technologies by our service providers or other authorized third parties, we do not permit any other third-party content on sites to include or utilize any cookies, web beacons, local storage, or similar technologies for tracking purposes or to collect your Personal Information.
● OPTING OUT OF COOKIES
You may set your browser to decline cookies. If you do so, however, you may not be able to fully experience some interactive features of the Site. If you want to stop or restrict the placement of cookies or flush any cookies that may already be on your computer or device, please refer to and adjust your web browser preferences. Further information on cookies is available at www.allaboutcookies.org. By deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our Website or some of its functionality may be affected. Cookies and similar items are not used by us to automatically retrieve Personal Information that directly identifies you from your device without your knowledge.
● TRACKING TAGS AND PIXELS
In addition to cookies, we implement third party tracking tags and pixels to collect information regarding the interaction with a web page or email. A tracking tag is a snippet of code created by Birchbox or provided by a third party. A tracking pixel is a transparent graphic image (usually 1 pixel x 1 pixel) that is placed on a web page or email and, in combination with a cookie, allows for the collection of information regarding the use of the web page or viewing of the email that contains the tracking pixel. We use tracking tags and pixels to know when an advertisement has been clicked on or otherwise interacted with, and use that information to determine which advertisements are more appealing to our users. In some cases, we use third party service providers to help us collect and analyze this information. We may, however, link this automatically collected information to other information we collect about you, including Personal Information that directly identifies you.
● CLICKSTREAM DATA
As you use the Internet, a trail of electronic information is left at each website you visit. This information, which is sometimes referred to as “clickstream data,” can be collected and stored by a website’s server. Clickstream data can tell us the type of device and browsing software you use and the address of the website from which you linked to the Site and App. We may collect and use clickstream data to determine how much time visitors spend on websites, how visitors navigate throughout websites and how we may tailor our Service to better meet consumer needs. This information will be used to improve our Site and App. Any collection or use of clickstream data will not intentionally contain any Personal Information that directly identifies you.
● INTEREST BASED ADVERTISING AND OPTING OUT OF SUCH ADVERTISING
The Site and the App may also use Birchbox or third party cookies to provide you with relevant online display advertising tailored to your interests. Note that the online advertising industry also provides a service through which you may opt-out of receiving targeted ads from certain data partners and other advertising partners that participate in self-regulatory programs. You can opt-out of targeted advertising from certain providers at www.aboutads.info/consumers. Please note that by opting out, you will continue to see generic advertising that is not tailored to your specific interests and activities. To be clear, cookie-based opt-outs must be performed on each device and browser that you wish to have opted-out. For example, if you have opted out on your laptop browser, that opt-out will not be effective on your mobile device. You can also generally opt-out of receiving personalized ads from third party advertisers and ad networks who are members of the Network Advertising Initiative (NAI) on the NAI website.
● DO NOT TRACK SIGNALS
Some internet browsers have incorporated “Do Not Track” setting. When you choose to turn on such setting in your browser, it will send a special signal to website you visit indicating that you do not wish to be tracked. There is not yet a common understanding of how to interpret such signals, so our Site is not currently designed to respond to such signals.
How Do We Share Your Information
ENHANCED AND PERSONALIZED SHOPPING EXPERIENCE
Certain trusted third parties may be permitted to access your information in connection with their performance of services to maintain and operate the Site and the App and provide our services to you. For example, we may use third parties to host the Site; operate various features available on the Site and the App; send emails; analyze data; provide search results and links and assist in fulfilling your orders.
We use information that does not identify any individual, device or household (“Aggregate Information”) for the purposes of internal business research, sales and business development and reporting back to our brand partners. We may share Aggregate Information about our visitor and user base with third parties such as our brand partners or advertising partners. Aggregate Information may include the number of daily visitors to our Site and the number of orders of a specific item. We also may share Beauty Profile or Grooming Profile information with brand partners in an anonymous or aggregate manner. We may collect, use and disclose Aggregate Information or other non-Personal Information for any purpose permitted by law and subject to the section Your California Privacy Rights below.
DISCLOSURE OF PERSONAL INFORMATION TO THIRD PARTY
We may disclose your Personal Information (such as contact information, purchase history, etc.):
● To our subsidiaries and affiliates
● To third-party advertising partners and its service providers in order to deliver to you banner advertisements and other advertising tailored to your interests when you visit certain websites. To learn more about the use of this information or to make choices about receiving personalized advertising provided by third parties, please visit the Network Advertising Initiative at http://www.networkadvertising.org/.
● To other parties with your consent. For instance, if you submit your email address to be added to a mailing list or Sweepstakes or other promotion, we will use the email address for the sole purpose of sending you announcements, special offers from Birchbox and its promotional partners along with Site and the App updates.
● Birchbox reserves the right to and may disclose Personal Information about you in response to (a) requests from local, state or federal law enforcement officials; (b) any judicial, administrative or similar proceeding or order, such as subpoena; (c) if required by law; or (d) to investigate suspected fraud, harassment, physical threats, or other violations of any law, rule or regulation, the Site or the App, rules or policies, or the rights of third parties or to investigate any suspected conduct which we deem improper.
Personal data obtained through the SMS short code program will not be shared with any third parties for marketing or advertising reasons.
How We Protect Your Information
At Birchbox, we are committed to protecting the information we receive from you. We have put appropriate security measures in place to help protect your Personal Information. In addition, we limit access to your Personal Information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Information on our instructions, and they are subject to a duty of confidentiality. In addition, the Site and the App encrypt your credit card number and other Personal Information using secure socket layer (SSL) or equivalent technology to provide for the secure transmission of the information from your PC to our servers or third-party payment card processor servers.
We have undertaken commercially reasonable efforts to prevent unauthorized Internet access to visitor data retained in our servers, however, due to the inherent open nature of the Internet, Birchbox cannot ensure or warrant the security of any information you transmit to us or any information provided online, and you do so at your own risk. Users must accept all risks associated with any data transmission, including the risk that their Personal Information may be intercepted in transit.
For How Long Do We Retain Your Information
We will retain your information for as long as your account or inquiry is active or as needed to provide you with the Site and App, and for a reasonable time thereafter in accordance with our standard procedures or as necessary to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Even if we delete some or all of your Personal Information, we may continue to retain and use aggregate or anonymous data previously collected and/or anonymize or aggregate your Personal Information. Please note that we will not be liable for disclosures of your data due to errors or unauthorized acts of third parties.
Accessing and Updating Your Personal Information and Preferences
● ACCESSING AND UPDATING YOUR PERSONAL INFORMATION
If you are a registered user, you may access and update your registration information and your preferences to receive email or other communications from us by logging onto the Site or App and visiting your account profile page or by sending an email to email@example.com.
If you are not a registered user, you may also send email to firstname.lastname@example.org.
● UNSUBSCRIBING FROM OUR MAILING LIST
Each email we send will contain information on how to unsubscribe from our mailing list. You can also unsubscribe by sending an email to email@example.com.
We will take commercially reasonable steps to implement your opt-out requests promptly, but you may still receive communications from us for up to ten business days as we process your request. While we make efforts to accommodate requests to restrict our use of your information, we reserve the right to delete all or any portion of customer information if we are not able to reasonably accommodate a requested restriction.
Text/SMS Message Consent And Opt-Out
You may be able to sign up to receive and send text messages from Birchbox concerning our products, services, status of your order(s), customer support, tips, and promotions that may be sent using automated dialing systems (“Text Messages”). Message frequency varies per month. Your consent is not required to purchase goods or services. You agree that by providing your mobile phone number, you expressly agree to receive Text Messages from us to mobile phone number you provided.
You may opt out of receiving Text Messages at any time directly on your mobile device by sending a text message with the word “STOP” to firstname.lastname@example.org. You may also choose to not receive Text Messages in opting-out directly in your account on the Site or contacting us directly at email@example.com and specifying that you wish to opt-out from Text Messages communication.
You understand and agree that depending on the terms of your mobile phone contract, charges may incur for Text Messages. Message and data rates may apply. You should check the applicable rates with your mobile service provider. We do not charge you for sending or receiving Text Messages.
Data collected from you in connection with this Text Messages service may include your mobile phone number, your carrier’s name, the data, time, content of your messages and other information you provide us. We may use this information to contact you and to provide the services you request from us. Personal data obtained through the SMS short code program will not be shared with any third parties for marketing or advertising reasons.
Birchbox is not responsible or liable for undelivered or delayed messages. Carriers are not liable for delayed or undelivered messages.
Enforcement and Dispute Resolution
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Children's Privacy and Parental Controls
This Site and the App are not intended for persons under the age of 16, and we have no intention of collecting or soliciting Personal Information from persons under the age of 16. If you are not 16 or older, you are not authorized to use the Site or the App. Parents should be aware that there are parental control tools available online that you can use to prevent your children from submitting information online without parental permission or from accessing material that is harmful to minors. If a child under age 16 has provided us with Personal Information, we will use all reasonable efforts to delete such information from our database.
Links To Third Party Sites
Our Site may contain links to other websites, including our affiliated or co-branded websites. Other websites may also reference or link to our Site. These "other" domains (websites) are not controlled by Birchbox. We encourage our users to be aware when they leave our Site to read the privacy policies of each and every website that collects Personal Information. We do not endorse, screen or approve, and are not responsible for the privacy practices or content of such other websites. Visiting these other websites is at your own risk.
Social Networking Services
The Site and App may integrate with social networking services. You understand that we do not control such services and are not liable for the manner in which they operate. While we may provide you with the ability to use such services in connection with our Site and App, we are doing so merely as an accommodation and, like you, are relying upon those third party services to operate properly and fairly.
You should be aware that Personal Information which you voluntarily include and transmit online in a publicly accessible blog, social network or otherwise online may be viewed and used by others. We are unable to control such uses of your Personal Information, and by using such services you assume the risk that the Personal Information provided by you may be viewed and used by third parties.
Your California Privacy Rights
● The California Consumer Privacy Act (“CCPA”)
If you are a California resident, the processing of certain personal information about you may be subject to the California Consumer Privacy Act (“CCPA”) and other applicable California state privacy laws. Beginning January 1, 2020, the CCPA gives you certain rights with respect to the processing of your Personal Information. Under this section, Personal Information does not include (i) information that is lawfully made available from federal, state or local government records, (ii) de-identified or aggregated data or (iii) information excluded from the scope of the CCPA.
For more details about the Personal Information we have collected over the last twelve months, including the categories of sources, please see the How Do We Collect And Use Your Personal Information section above. We collect this information for the business and commercial purposes described in the How Do We Collect And Use Your Personal Information section above. We share this information with the categories of third parties described in the How Do We Share Your Information section above.
Your rights and Choices
Subject to certain limitations, the CCPA provides California consumers, as defined by the CCPA, the right to request to know more details about the categories or specific pieces of their Personal Information we collected over the past 12 months (including how we used and disclosed this information), to delete their Personal Information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.
Right to Know About Personal Information Collected, Disclosed or Sold
As a California consumer, you have the right to request that we disclose certain information to you about our collection, use, disclosure or sale of your Personal Information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access and Deletion Rights), and subject to certain limitations that we describe below, we will disclose such information. You have the right to request any or all of the following:
• The categories of Personal Information we collected about you.
• The categories of sources from which the Personal Information is collected.
• Our business or commercial purpose for collecting or selling that Personal Information.
• The categories of third parties with whom we share that Personal Information.
• The specific pieces of Personal Information we collected about you (also called a data portability request).
Deletion Request Rights
You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies. However, we may retain Personal Information that has been de-identified or aggregated. Furthermore, we may deny your deletion request if retaining the information is necessary for us or our service provider(s) in order to perform certain actions set forth under CCPA, such as detecting security incidents and protecting against fraudulent or illegal activity.
Exercising Access and Deletion Rights
California consumers may make an access or deletion request pursuant to their rights under the CCPA by completing this request form, contacting us at firstname.lastname@example.org or setting up a call with us, here. We will verify your request using the information associated with your account, including email address. The request should include your contact information and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. In addition, you should provide sufficient information that allows us to reasonably verify that you are the person about whom we collected the Personal Information or an authorized representative of that person.
Government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf.
For more information about verification, see Response Timing and Format immediately below.
Response Timing and Format
We will respond to consumer requests in a reasonably timely manner. If we require extra time to respond, we will inform you of the reason and extension period in writing. In order to protect the security of your Personal Information, we will not honor a request if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. The method used to verify your identity will depend on the type, sensitivity and value of the information, including the risk of harm to you posed by any authorized access or deletion. Generally speaking, verification will be performed by matching the identifying information provided by you to the Personal Information that we already have.
Any disclosures we provide will only cover the 12-month period preceding our receipt of your request (and will not be made more than twice in a 12-month period). If we cannot comply with a request, or cannot fully comply with a request, the response we provide will also explain the reasons we cannot comply.
Sale of Personal Information
Under the CCPA, a “sale” means providing to a third party Personal Information for valuable consideration. It does not necessarily mean money was exchanged for the transfer of Personal Information. Please note that we do not sell your Personal Information for money and we do not believe that we share your Personal Information in a manner that constitutes a sale under CCPA. However, due to the complexities and ambiguities in the CCPA, we will continue to evaluate some of our third party relationships as we wait for final implementing regulations and guidance. For example, it is currently unclear whether the use of certain types of advertising partners would be considered a sale under CCPA. For instance, we provide hashed email addresses to advertising partners such as Facebook or Instagram, which enables us to provide you with interest-based advertising.
If you prefer not to receive interest-based advertising, you can opt-out by making a request via this request form or contacting us at email@example.com or setting up a call with us, here. We will continue to update our business practices as regulatory guidance becomes available and provides clarity on what constitutes a sale transaction.
California "Shine the Light" Law
If you are a California resident, California's "Shine the Light" law (Civil Code Section § 1798.83) permits you to request from us certain information regarding our disclosure of personal information, as defined under Shine the Light, such as name, email address and mailing address and the type of services we provided to you that we have disclosed to third parties for their direct marketing purposes. To make such a request please send an email to firstname.lastname@example.org.
Nevada Privacy Rights
If you are a Nevada resident, you have the right to request that we do not sell your covered information (as those terms are defined in N.R.S. 603A) that we have collected, or may collect, from you. We do not sell your covered information, however, if you would like to make such a request you may do so by contacting us at email@example.com
Site and App Terms and Conditions
Use of this Site and the App is governed by, and subject to, the legal notices contained in our Terms and Conditions. Your use, or access, of the Site or the App, constitutes your agreement to be bound by these provisions. IF YOU DO NOT AGREE TO THESE TERMS YOU MAY NOT ACCESS OR OTHERWISE USE THE SITE OR THE APP.
16 Madison SQ West, FL 4
New York, NY 10010
United States of America
Our Site and App are maintained in the United States of America. By using the Site or App, you authorize the export of Personal Information to the USA and its storage and use as specified in this policy.