Biometric Data Policy and Notice

1. Purpose

Lys Beauty, LLC ("Company") has adopted this Biometric Data Policy and Notice (this "Policy") to govern the treatment of our customers’ and site users’ Biometric Data. Protecting the confidentiality and integrity of Biometric Data is a critical responsibility that must be taken seriously at all times. Compliance with this Policy is mandatory. This Policy (together with our Privacy Policy, Terms of Service, and any other documents referred to on it) sets out the basis for how biometric information collected from you, or that you provide to Company, will be processed.

2. Scope

This Policy applies to all Company employees, agents, and representatives, including any contractor or third-party service provider to the Company ("Third-Party Service Provider") who have access to Biometric Data on behalf of the Company. This Policy applies to all Biometric Data collected, maintained, transmitted, stored, retained, or otherwise used by the Company regardless of the media on which that information is stored and whether relating to customers and users.

3. Definitions

"Biometric Data" means collectively all Biometric Identifiers and Biometric Information.

"Biometric Identifiers" means:

·       Retina or iris scans.

·       Fingerprints.

·       Voiceprints.

·       Scans of hand or face geometry.

Biometric Identifiers do not include:

·       Writing samples and written signatures.

·       Photographs.

·       Human biological samples used for valid scientific testing or screening.

·       Demographic data.

·       Tattoo descriptions.

·       Physical descriptions, such as:

·       height;

·       weight;

·       hair color; or

·       eye color.

·       Information captured from a patient in a healthcare setting.

·       Information collected, used, or stored for healthcare treatment, payment, or operations under the Health Insurance Portability and Accountability Act (HIPAA).

·       Donated organs, tissues, or parts as defined by the Illinois Anatomical Gift Act or blood or serum stored in connection with organ transplants.

·       Biological materials regulated under the federal Genetic Information Privacy Act.

"Biometric Information" means information, regardless of how it is captured, converted, stored, or shared, that is based on a Biometric Identifier. Biometric Data does not include information derived from items or procedures excluded under the definition of Biometric Identifiers.

4. Retention Schedule

Company does not retain Biometric Information. Company only retains any Biometric Identifiers and/or Biometric Information for the limited period-of-time required to provide you with the service(s) described in section 5 below. Initial purposes for collection end when:

·       The individual last interacts with the technology using Biometric Data.

5. Biometric Data Collection

Company and its partners and providers collect, store, and use multiple data points on your face so you can use augmented reality to virtually “try-on” products on your face in a realistic position and to scale. This data is only processed while you are using the virtual try-on feature. We do not store these scans or measurements or share this data with any third parties. Before collecting Biometric Data from any individual, the Company will obtain the individual's consent to the collection by presenting these terms prior to use of the “try-on” software.

6. Biometric Data Security

Company shall use a reasonable standard of care to store, transmit and protect from disclosure of any electronic Biometric Data collected.

7. Biometric Data Disclosures

Subject to individual consent, the Company may disclose an individual's Biometric Data to its third-party vendors and/or licensors in order to facilitate the provision of its products.

The Company prohibits any further disclosure or re-disclosure of Biometric Data unless:

·       The individual or the individual's legally authorized representative consents to the disclosure;

·       The disclosure is required by applicable law or regulation; or

·       The disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.

Company does not sell, lease, trade, or otherwise profit from Biometric Data.

8. Your Rights

Depending on the state in which you reside, you may have certain privacy rights regarding your Biometric Data. Residents of Illinois should refer to the Illinois Biometric Information Privacy Act, 740 ILCS § 14/1 et seq. and residence of Texas should refer to Texas Capture or Use of Biometric Identifier Act (“CUBI”), Bus. & Com. § 503.001 et seq. For other state residents, we encourage you to check on your state’s Biometric Data privacy rights, including (if applicable for your state):

  • Your right to know what biometric data is collected, why, and how it is used.
  • Your right to request access to your biometric data.
  • Your right to request deletion of your biometric data.
  • Your right to opt-out of the collection, use, or sale of biometric data, as permitted by law.

 

9. Contact Us

If there are any questions or concerns about this policy or Biometric Data practices, contact customerservice@lysbeauty.com.