Privacy Policy LAST UPDATED: NOVEMBER 10, 2020

Your privacy is important to us at eSalon.com, LLC, 1910 E. Maple Ave., El Segundo, CA 90245 USA ("eSalon", "we" or "us"). When we refer to "personal data" or "personal information" in this Privacy Policy, which we use interchangeably, we mean information that identifies, or which could reasonably be used to identify, an individual.

In this Privacy Policy, we provide information about how we collect, use and transfer personal information about any user or visitor to our website at www.eSalon.com, www.eSalon.ca, www.eSalon.co.uk, www.eSalon.eu.com, www.eSalon.de, www.eSalon.es, www.eSalon.fr, www.eSalon.at, www.eSalon.ch, www.eSalon.co.nz, www.eSalon.com.au, www.eSalon.co.nl, www.Colorsmith.co, www.AuraHairCare.com, or any successor website (collectively, the "Site"), any user of our hair color and hair care products and services (collectively, "Products"), and any other personal information that we process (collect, use or store) about an individual (collectively, "you" or "your"), and what rights you have regarding your personal information. This Privacy Policy also describes the choices available to you regarding our use of your personal data and how you can access and update this information.

If you are resident (1) of California (and a natural person: a "consumer"), please also see the Supplemental Privacy Statement for California consumers below; and (2) in the European Economic Area, please also see the Supplemental Privacy Statement for EEA Residents below. As required in the jurisdictions where consumers access the Site or where we have employees, eSalon complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom to the United States in reliance on Privacy Shield. eSalon has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. In general, "personal data" and "personal information" as defined by applicable law resides on our secure servers in the United States, and if transferred to the US from Europe, has been done in accordance with the Privacy Shield Framework referenced above. This Privacy Policy is effective upon posting.

This Privacy Policy complies with the Australian Privacy Act 1988 and the Australian Privacy Principles set out therein and equivalent state legislation in each relevant state.

This Privacy Policy complies with the New Zealand Privacy Act 1993 and the Principles set out therein.

What Personal Information/Data Do We Collect?

We collect various types of personal information so that we can provide you with our Products via the Site, as follows:

• Pre-Sales and Purchase Information: We collect personal information that allows us to complete sales to you of our Products, which often involves your completing a detailed online hair color questionnaire or quiz, much of which deal with hair characteristics and hair-dyeing habits, so that we can formulate and customize hair color products for you, and maintain contact with you in this regard, in order to facilitate an order so that you can complete your purchase (this information includes name, shipping address, billing address, telephone numbers, e-mail address, and your credit card and other payment information). You may also provide us with a personal image or hair color shot, in order to help us formulate hair products that are customized to the information you have provided to us.
• Contact and Request Information; Optional Notices: personal information that you voluntarily provide to us when you contact us with a question, comment or request in relation to our Products and services, and your opt-in to receive optional notifications at the time you place an order. Some of the notices may relate to your Product purchases, but others may be purely optional, and since they are sent by email with an opt-out link in each case, you can opt-out whenever you no longer wish to receive optional notices, or you may be log into your account and indicate that you no longer wish to receive optional notices.
• Account Information: If you create an account on the Site to facilitate your ongoing relationship with us with respect to the purchase, formulation and customization of Products for your benefit, we collect your first name, last name and email address. You choose your own password, and we never share your login information with any third parties (nor should you). We also collect information about your orders for and usage of our Products and services in association with your account, namely, your account preferences, which Products you order and for how long, and any requests or orders made via your account.
• Human Resources Data: We collect certain personal data constituting human resources data or "HR Data" both in the United States and wherever we have employees abroad, which in Europe is limited to our affiliated company in the United Kingdom, eSalon.com Ltd.
• Website Information/Data Analytics: When you access the Site, we automatically collect your device's internet protocol (IP) address and other technical information about your computer and website usage, namely, your browser type and version, internet service provider, referring/exit pages, and the options you select, which is known as data analytics, and which is collected in the aggregate in de-identified format, to optimize operation of the Site and improve your Site experience. We also use cookies and similar tracking technologies on the Site; for more information, please see the Cookies Policy section below.
• The personal information listed above, if collected in the European Union or the United Kingdom, may be transferred to eSalon in the United States in reliance upon eSalon's certification under the EU-US Privacy Shield Framework.

How Do We Use Your Personal Information/Data?

We use your personal information to provide you with our Products and optimize our Products and services. In particular, we use:

• Pre-Sales and Purchase Information, most of which is obtained from the online hair color/hair care questionnaire, so that we can both ensure that if and when you choose to complete your purchase by ordering Products from us, you will receive the most perfectly customized hair color/hair care products so that you are entirely satisfied, and will be a client who will continue to purchase Products from eSalon. In addition, while we require payment information to complete a sale, we do not store any of your payment or credit card information, which you give directly to our payment processor (and is then subject to their privacy policy). If you are located in the EEA, your payment is managed by our UK company, eSalon.com Ltd, through our payment processor. We may use different payment processors depending on your geographic location and payment method. General information about the payment processors and the user terms per country can be found on braintree.com, adyen.com, or klarna.com.
• Contact and Request Information to respond to your comments, questions and requests, and to communicate with you about any promotions, news about Products or services, or notices that may be of interest, subject to applicable law including anti-spam laws. As permitted by applicable law, including with your consent where required, we may use your contact information to provide you with marketing communications, promotional offers and updates on new services and benefits.
• Account Information to manage your account, communicate with you in relation to your account, personalize our Products and related services for you, provide you with customer service, product updates and warranty information, and monitor the performance of our Products.
• Certain personal information (with your consent depending on where you are located and applicable law) may be provided to third party promotional or direct-mail companies to be used to target prospective customers who may be interested in Site offerings.
• Website Information/Data Analytics to monitor the performance of the Site (and any related sites), prevent fraudulent transactions, analyze trends and usage and activities in connection with the Site and to improve your shopping experience.
• Compliance and Safety: We also use your personal information as necessary to comply with our legal and contractual obligations and reserve the right to use it if necessary to protect the Site users, employees and legal interests, such as in the event of a complaint or dispute. In this regard, we may use personal information as necessary to comply with court orders, legal process, judicial or arbitral proceedings and as requested by government agencies or as necessary to protect our rights and public safety.
• HR Data: We use your human resources data in order to hire, pay and provide salary and benefits to our employees.

What Personal Information Do We Share or Disclose?

eSalon will not disclose your personal data to third parties, except in the following circumstances and in accordance with applicable laws:

• With your consent.
• To eSalon's service providers, who act on eSalon's behalf and instructions, or in the UK, on eSalon.com Ltd's behalf and instructions, to fulfill product orders, deliver services, provide IT support and security services, for promotional purposes (in a lawful manner depending upon your location and applicable law), and to fulfill the other purposes set forth above (an example would be that credit card information goes to our payment processors and is not used or stored by us).
• To or between other eSalon-owned business entities or websites for the purposes of coordinating our global enterprise's provision and development of Products and services, and to coordinate recordkeeping and efficiency with respect to our employees and service providers.
• As required by applicable law or lawful requests by public authorities, including, without limitation, in response to any government or regulatory agency request, to cooperate with law enforcement requirements and/or investigations, to meet national security requirements or upon receipt of any court order.
• To a prospective or actual purchaser or seller with respect to eSalon's business in the context of a merger, acquisition or other reorganization or sale of eSalon's business or assets or a line of business. eSalon's would seek appropriate protection for information in these types of transactions. eSalon will attempt to notify you by email and/or a prominent notice on the Site of any change in ownership and the choices you may have regarding your personal information, once it is legally permissible to do so.
• To courts and public authorities to protect you, eSalon or third parties from harm, including fraud or instances where somebody's physical safety is at risk.

What Service Providers Do We Use for Processing Your Data?

As part of operating procedure, eSalon may share personal information about end users with some or all of the following service providers in order to operate the Site and carry out the purposes described above:

• Amazon Web Services: Hosts uploaded images and data backups
• Twilio, Sailthru, Attentive: Send emails and text messages on our behalf
• ZenDesk: Customer support and helpdesk management
• Google Analytics, Mixpanel, FullStory, DataDog, New Relic: Site performance tracking
• Braintree, PayPal, Adyen, Klarna: Payment processing
• TrustPilot: Reviews and feedback
• Various Shipping Providers: Deliver your order
• Facebook, Google, Albert.ai, GetAmbassador.com, SharedLocalMedia, Wiland: Advertising and promotion

What Security Measures and Care Do We Apply regarding Personal Information?

eSalon takes reasonable and appropriate precautions — including administrative, technical, and physical measures — to safeguard your personal information against loss, theft, and misuse, as well as against unauthorized access, disclosure, alteration, and destruction.

In order to assure you that the webpages where you provide personal information are trustworthy and secure, such transmission of information will be encrypted and the webpages where such information is collected, such as your account pages, will be SSL-certified by a reputable Internet certification organization such as DigiCert. We strive to process and store your personal information securely until such time as it is no longer required or has no further use, as set forth in applicable law. We encourage you to communicate with us should you wish to know what personal information we store about you, or should any of your personal information need modification, or in the event that you wish it to be removed, at [email protected].

Service providers acting on eSalon's behalf shall be obliged to adhere to confidentiality requirements no less protective than those set forth herein and will only receive access to your personal data as necessary to perform their functions.

We also perform statistical analyses of the users of the Site and Products to improve the content, design and navigation of the Site and to further improve our Products and services, and our offerings. In these cases, we use aggregate or statistical data that cannot be used to identify you.

We will not display your personal information on the Site unless you choose to display it. If you post any content on the Site (such as comments or other text, testimonials, photos or videos), you can associate any "display name" you choose with your content or activity, as long as it is available. We recommend that you choose a user name that protects your own privacy online.

Third-Party and External Websites

The Site (and any affiliated websites) may include links to third-party applications, products, services, or external websites for your convenience and information. If you access those links, you will leave our Site. eSalon does not control these third-party websites or their privacy practices, which may differ from eSalon's practices. The eSalon Privacy Policy does not cover the personal information you choose to provide to or that is collected by these third parties. You are encouraged to review the privacy policies of any third-party site you interact with and use reasonable prudence before you allow them to collect and use your personal information. eSalon shall not be liable for any damages or harm suffered while visiting or using an external website.

In some cases the Site may frame, mask or include components of third-party websites or content within our interface so that it may appear that you have not left the Site. In such cases, eSalon will review the privacy practices of such websites, and will include such components or webpages only after determining that such websites maintain a comparable commitment to privacy as eSalon.

eSalon may also provide "Follow Us" links to social media websites, such as Facebook, Instagram, Twitter and Pinterest, and social media features, such as the Facebook or Twitter buttons that enable you to share information with your social networks to interact with eSalon on various social media websites. Your use of these features may result in the collection or sharing of information about you depending on each specific social media website. This may include your IP address, which page you are visiting on the Site, and a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on the Site. Your interactions with these features are governed by the privacy policy of the company providing it.

Persons under 18

We do not knowingly collect personal information from minors under the age of 18. If we learn that we have collected the personal information of a minor under 18 years old, we will take steps to delete the information as soon as possible.

Cookies and Similar Technologies

eSalon and our partners (e.g., marketing partners, analytics, advertising, or service providers) use various tracking technologies such as cookies, beacons, tags and scripts to analyze trends on the Site and regarding our Products and services, and to gather demographic information about our user base. We receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis. For more information, please see our Cookies Policy here. The Site currently does not respond to "Do Not Track" signals from browsers.

Integrity and Retention of Personal Information

eSalon provides procedures for you to keep your personal information accurate, complete, and up-to-date. We will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Policy and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Access to Personal Information

You can help ensure that your contact information and preferences are accurate, complete, and up-to-date by contacting us using the information below. For other personal information, we make good faith efforts to provide you with access so you can request that we correct the data if it is inaccurate or delete the data if eSalon is not required to retain it by law or for legitimate business purposes. We will attempt to respond to your request within 30 days or sooner where required by law. As permitted by applicable law, we may decline to process requests where the data is required to be retained by law, required for legitimate business purposes, or jeopardizes the privacy of others.

Privacy Policy Updates and Notification

eSalon may update its Privacy Policy from time to time to reflect changes to our information management practices. Changes would become effective 48 hours from the time the modifications are announced on the Site. If we make material changes to this Policy, we will notify you here, by email, or by means of a notice on our homepage. In addition, please check the "Last Updated" date at the top of this Policy, which will indicate when the last changes have been made to this Policy. To the maximum extent permitted by applicable law, your continued use of the Site after such modifications are announced on the Site constitutes your acceptance of such modifications. For European residents, please see the Supplemental Privacy Statement for EEA Residents below, which will govern rather than the prior sentence. We encourage you to periodically review this page for the latest information on our privacy practices.

Governing Law

eSalon is based in California, and our servers are also US-based. If you are not located in the UK or the European Union, then accessing or using the Site, or any of eSalon's services, or by purchasing Products on the Site, you agree that your use of the Site is governed by the laws applicable in the State of California, and you expressly consent to the processing of personal information/data in, and transfer of your personal information/data to, the United States (and any other countries where eSalon may in the future hold such data, subject to the security representations set forth in this Policy). While we accept orders from outside of the United States, and we treat your personal information with great care, we do not purport to comply with all applicable laws in all other jurisdictions where our users may be located. However, if you are resident and located in the EEA, please see the Supplemental Privacy Statement for EEA Residents with respect to your use of the Site.

Contacting Us

We value your opinions. If you have any general questions or comments for eSalon, please contact us at:

eSalon.com, LLC
Attention: Privacy c/o Legal Dept.
1910 E. Maple Ave
El Segundo, CA 90245
USA
Or via e-mail at [email protected]

SUPPLEMENTAL PRIVACY STATEMENT FOR CALIFORNIA CONSUMERS

In light of California's new privacy legislation, the California Consumer Privacy Act of 2018, eSalon wishes to make the following clear to the many California-based consumers who use eSalon Products and services: similar to the rights of European residents as detailed in the Supplemental Privacy Statement for EEA Residents below, California consumers (natural persons resident in California) have the following five categories of data privacy rights with respect to their personal information:

1. The right to know what personal information we collect about you if you are a California consumer, and the purposes for which such information will be used, the categories of personal information that were collected in the 12 months preceding a consumer's request, and what categories of consumer personal information were sold or disclosed for business purposes, and to whom, in the 12-months preceding such a request for your information. Please request our online disclosure form at [email protected], or call us at our toll-free number if you wish to request this information: +1 (866) 550-2424. We will respond to you within 45 days, and will not charge for your request provided that you make no more than two data requests per year.
2. The right to access a copy of the specific pieces of personal information that we have collected about you, which we will deliver by mail or electronically.
3. The right to deletion: you can have your personal information deleted from our servers and service providers, unless we are required to retain the data for data security, legal or other purposes enumerated in the law.
4. The right to equal service: you will not be discriminated against in any way by virtue of your exercise of your rights under the California Consumer Privacy Act.
5. The right to opt out of a sale of your personal information to third parties: eSalon does not exchange any of the Personal Information you provide on this Site to any other business or party for payment of money, and we have no present plans to do so. However, the definition of "sell" in the California Consumer Privacy Act is broad. Since we do sometimes use personal information collected from this Site to help create more personalized products and services, we may share personal information with advertising partners for a more targeted approach to our customers and prospective customers. It is possible that this would be considered a sale under CCPA, even though they do not pay us. If you are a California resident and you do not want us to share your personal information, please select that setting below. We will then make sure that we do not share your personal information with third parties for this browser, device, and property.

SUPPLEMENTAL PRIVACY STATEMENT FOR EEA RESIDENTS

As of May 25, 2018, European Union Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, known as the General Data Protection Regulation ("GDPR"), requires eSalon.com LLC as a data controller of the Site and related services to provide additional and/or different information about our data processing practices to data subjects resident in the European Economic Area ("EEA"). If you are accessing the Site from a member state of the EEA, this Supplemental Privacy Statement for EEA Residents applies to you in addition to the Privacy Policy above.

Name and address of the responsible party:

eSalon.com, LLC
Attention: Privacy c/o Legal Dept.
1910 E. Maple Ave
El Segundo, CA 90245
USA

Cookies

With respect to web cookies and similar technologies that are not strictly necessary for our provision of the Site, Products and related services, eSalon seeks consent from users of the Service in the EEA based on a separate Cookies Policy.

Legal Basis of Processing.

• (a) Contractual Basis for non-HR Data: The legal basis for eSalon's processing of your personal data in connection with most of the personal information we gather on the Site, and the Products and services we provide, is the "contractual basis" set forth in Article 6(1)(b) of the GDPR, which allows processing of personal data as necessary for the performance of a contract. We are primarily a "product" company, in the sense that we offer you hair care and hair color Products which in many cases are formulated and customized to your unique specifications. In order to achieve this, we offer you the questionnaire/quiz to provide us necessary information about your hair and haircare practices, and then you can purchase the Products online, and have them shipped to you. So most of the personal information we gather is strictly for Pre-Sales and Sales-based contractual purposes, so that we can sell our customized Products to you, and ship them to you. When you access, use or establish an account on the Site or provide credit card information, the overwhelming objective is to facilitate a hair-related purchase transaction, and we need to process your personal data to respond to your requests, provide our Products/services and satisfy our obligations with respect to the other purposes listed in the Privacy Policy above.
• (b) Contractual Basis for HR Data: The collection of personal data for HR purposes from employees in the United Kingdom is necessary on various bases or grounds, such as in fulfillment of the employment contract between employee and employer.
• (a) Legitimate Interests for Non-HR Data: When we collect minimal personal data from you so that you can establish an account on the Site and we can communicate with you, or when we or our UK affiliate make your personal data available (such as credit card information) to our payment processor so that you can complete a purchase via the Site, or in situations where eSalon needs to process your personal data to comply with applicable laws (as a U.S.-based company, eSalon is subject to U.S. laws and must comply with them), or to provide good customer service, we rely on the "legitimate interests" basis for such personal data processing under Art. 6(1)(f) of the GDPR. In these cases, we will ensure that your privacy and other fundamental interests do not override our legitimate interests.
• (b) Legitimate Interests for HR Data: The collection of personal data for HR purposes from employees in the United Kingdom is also to fulfill legal obligations such as tax and social welfare requirements regarding employees, and is a legitimate interest of eSalon, the data controller.
• Consent: eSalon relies on your opt-in consent with respect to cookies that are not strictly necessary and for any direct marketing emails or purely promotional use of your personal data, per Article 6(1)(a) of the GDPR; we have taken steps to meet obligations under GDPR.

Personal Data Transfers outside of the EEA.

eSalon may transmit personal data you provide to the United States, and process it in the United States, where the European Commission has determined that the data protection laws may not provide a level of protection equivalent to the laws in your jurisdiction. As required by applicable law, eSalon is committed to providing an adequate level of protection for your personal data using various means, including, where appropriate:

• eSalon complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom to the United States. A decision of the European Court of Justice (ECJ) recently invalidated transfers under this Framework. Until further resolution such as a possible enhanced government-to-government framework, eSalon will rely on Standard Contractual Clauses where appropriate to effect such transfers, or individual consent, in accordance with applicable law. eSalon has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. For purposes of our participation in the Privacy Shield Framework, eSalon confirms that we are subject to the jurisdiction of the United States Federal Trade Commission (FTC), and to its investigatory and enforcement powers.
• With respect to onward transfer of personal data from the European Economic Area (EEA) by eSalon to external third parties who are based outside the EEA:
  • Whenever your personal data is transferred outside the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
  • Where we use service providers based outside the EEA, we may transfer to them personal data of EU residents if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
  • In addition, eSalon is obligated to ensure adequate protection of such personal data in any onward transfer, and therefore has entered into and will continue to enter into appropriate data processing and data transfer agreements based on language approved by the European Commission pursuant to Article 46(5) of the GDPR, such as the Standard Contractual Clauses (2010/87/EC and/or 2004/915/EC), which are available upon request at [email protected].
  • eSalon has previously been responsible for the processing of personal data/information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. We remain liable under the Principles if our agent processes such personal data in a manner inconsistent with the Principles, unless we prove that it we are not responsible for the event giving rise to the damage.
• implementing appropriate physical, technical and organizational security measures to protect personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing; and
• taking other measures to provide an adequate level of data protection in accordance with applicable law.

Any onward transfer is subject to appropriate onward transfer requirements as required by applicable law.

Data Security.

We process your personal data in a manner that ensures appropriate security of such data, including protection against unauthorized or unlawful processing, and against accidental loss, destruction or damage, using appropriate technical and organizational measures.

Data Retention.

eSalon keeps personal data as required to provide our Products and services to you and comply with applicable laws. It has been our experience that many customers make purchases intermittently, returning to the Site to initiate a purchase of Products after periods of absence, and so we act in a commercially reasonable manner when we attempt to determine when personal data is no longer of use to us. In addition, if you register for an account on the Site, we retain your personal data for as long as you have an account with us and then for as long as we believe it is necessary and appropriate for us to comply with applicable laws, discharge our contractual obligations to you, or defend our legal interests in connection with any claim or defense we could face before any formal dispute resolution body. We take reasonable measures to ensure that personal data is deleted, erased or de-identified/anonymized once the purposes for which personal data was collected have been fulfilled, and that we keep such data for no longer than is necessary for the purposes for which the personal data is processed.

Data Subject Rights.

You have a right to request from eSalon access to and rectification or erasure of your personal data. You also have the right to request that processing concerning you be restricted, in which case such personal data would be marked and processed by us only for certain purposes. We will not charge a fee for this, provided the request is not excessive or unreasonable. In addition, you have the right to data portability, which allows you to receive from us personal data about you which you have provided to us; we will provide your data in a structured, commonly used and machine-readable format, such as a CSV file, and the right to transmit such personal data to another entity without hindrance from us if it is technically feasible. We will respond to the request within 30 days, unless the request is complex or you send us multiple requests, in which case we can extend our response by another two (2) months upon notice to you.

You also have the right to object to various data processing activities, including processing activities that are based exclusively on your consent or processing for the purposes of direct marketing. You can exercise such rights by accessing the information in your account and/or by emailing us at [email protected]. If you have provided consent for data processing or cookies that are not strictly necessary or that are primarily for promotional purposes, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. You have the right to lodge a complaint with a supervisory authority.

We may choose not to fulfill any request that we determine is illegal or incorrect, where we need to maintain the personal data because of our contractual or legal obligations (e.g., personal data in case files), where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy, or where the rights of persons other than the individual would be violated, but our intention is to comply with opt-out requests, and other requests that seek to correct, update or delete your personal data, as fully as possible in accordance with applicable law. You will also be given notice should we use your personal data for a purpose other than that for which it was originally collected or processed. We do not ask for, collect or knowingly receive sensitive personal data, i.e., personal data specifying medical or health conditions, racial or ethnic origin, political opinions, religious beliefs, or information relating to sex life.

Your Choices.

You are not required to provide any personal data to eSalon, but if you do not provide any personal data to eSalon, you may not be able to use the Site effectively or make purchases from us.

HR Data and Privacy Shield:

With respect to HR-related personal data about employees located in the United Kingdom, access to such data will be provided to such associates either directly or through eSalon's wholly owned subsidiary. Should any such employees not be satisfied with internal review procedures or applicable grievance procedures by law or contract regarding any complaint about data protection rights, their recourse would be to the national data protection authority in the jurisdiction where such employees work, primarily the Information Commissioner's Office (ICO) in the United Kingdom. We will cooperate with any such authority. Most personal data that originates in the United Kingdom, including HR-related personal data, will be maintained at eSalon's secure data centers in the United States, via a transfer between data controllers within a controlled group of entities, from the UK to eSalon's data centers in accordance with the EU-US Privacy Shield Framework (to the extent it continues to be applicable with respect to transfers from the UK), and the intercompany data protection compliance and control protocols.

Profiling:

eSalon does not use in connection with the Site automated decision-making in a way that produces legal effects concerning you or which significantly affects you.

Complaints and Dispute Resolution in the EU:

If you are an EU resident and have any complaint or concern regarding your personal data under this Privacy Policy, or arising under the Privacy Policy, please contact us at [email protected]. We suggest that you put in the subject line of any email or communication "Privacy Policy" or "Privacy Complaint." We will respond within 30 days. If this does not resolve your concern, you have several escalating options.

1. If you have an unresolved privacy or data use dispute or concern that we have not addressed satisfactorily, you can raise the issue with the local Data Protection Authority in the UK (Information Commissioner’s Office) or EU as applicable regarding customer data, and you must choose this route concerning your Human Resources personal data that is the subject of your complaint (that is, personal data transferred from the UK/EU to the United States relating to your employment status), which will then be taken up by the UK Information Commissioner’s Office or relevant EU Data Protection Authority with the US Department of Commerce to resolve the issue. The Information Commissioner's Office in the United Kingdom, which is the local Data Protection Authority, at https://ico.org.uk/concerns or call its helpline in the UK at 0303 123 1113.
2. If you still believe that your complaint or dispute has not been resolved, you can invoke binding arbitration as a last resort (if permitted with respect to your complaint), by providing notice to us in the manner indicated in Annex I to the EU – U.S. Privacy Shield Principles, available online if it or a successor framework is applicable either regarding transfers from the UK or from the European Union, and following the procedures set forth in such Annex. The location of the arbitration will be in the United States. You may choose video or telephone participation, which will be provided at no cost to you. In-person participation will not be required. eSalon commits to follow up in its verification that the attestations and assertions made in this Privacy Policy are true, and to remedy any problems that may arise if we fail to comply with the Privacy Shield Principles.

Independent Recourse Mechanism.

As a US-based company that self-certifies compliance under the EU-U.S. Privacy Shield Framework, eSalon is required to name an independent recourse mechanism available to investigate unresolved complaints, including a system of alternative dispute resolution (ADR) by such mechanism, which is available at no cost to you. We have designated JAMS as our ADR provider to assist in resolving disputes under the Privacy Shield Framework up to the point of any final arbitration. If you are a consumer based in the European Union and wish to open a case, you can do so at https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim. However, if the claim relates to human resources data transferred from the EU or UK, we will cooperate and comply with the EU data protection authorities (DPAs) in connection therewith.

Mediation.

You also agree that, in the event any dispute or claim arising out of or relating to your use of the Site or eSalon Products/services or this Privacy Policy that does not relate to your personal data (personal data), or that is not covered by the previous paragraph, you and eSalon will attempt in good faith to negotiate a written resolution of the matter directly between the parties. You agree that if the matter remains unresolved for forty-five (45) days after notification (via certified mail or personal delivery) that a dispute exists, all parties shall join in mediation services in Los Angeles, California with a mutually agreed mediator in an attempt to resolve the dispute. Should you file any arbitration claims, or any administrative or legal actions without first having attempted to resolve the matter by mediation, then you agree that to the maximum extent permitted by applicable law, you will not be entitled to recover attorneys' fees, even if you would otherwise be entitled to them.

Verification.

eSalon self-assesses its compliance to the Privacy Shield Framework. eSalon's Privacy Policy regarding personal data received from the EU is accurate, comprehensive and conforms to the Privacy Shield Principles.