This privacy notice was last updated January 2, 2024
This is the website ("Site") of Sally Beauty Holdings, Inc.
This PRIVACY NOTICE FOR CALIFORNIA RESIDENTS (“Notice”) supplements the information contained in the Privacy Policy of Sally Beauty Holdings, Inc. and its affiliates (collectively, “Sally,” “we,” “us,” or “our”) and applies solely to visitors of this Site who reside in the State of California, to whom the California Consumer Privacy Act and California Privacy Rights Act (collectively, “CPRA”) applies (“consumers” or “you”). We adopt this Notice to comply with the CPRA and other California privacy laws. Any terms defined in the CPRA have the same meaning when used in this Notice.
If you interact with us as a customer, employee, job applicant, or in another capacity through our stores or consumer-facing websites, this Policy does not apply to such interactions. Please visit the applicable California privacy notice listed below:
Employees, job applicants, contractors, directors, or officers: click here.
Customers: Sally Beauty or Cosmo Prof
Information We Collect
We collect information that identifies, relates to, describes, is reasonablycapable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
Identifiers
Contact information, such as your name, alias, postal address, email, and telephone number; and online identifiers, such as an IP address and a social media channel ID.
Collected? |
Yes |
Source |
From you or your device(s) when you provide it to us or interact with us online (such as through our Site, via chat or email, or our social media) or offline (such as through our offices or over the phone).
From third parties such as carriers (e.g. updated address); online data aggregators; data analytic providers; and other third parties who help us prevent fraud.
|
Purpose of Collection or Use
|
Identify and communicate with you.
Provide customer service when you contact us.
Manage and improve our business operations.
Provide relevant marketing to you.
Physical security, cybersecurity, incident response, and risk reduction purposes.
Legal, recordkeeping, and compliance purposes (e.g. exercise or defend legal claims; reporting due to regulators/government entities).
Other purposes communicated to you at the time of collection.
|
Retention Period*
|
We retain information contained communications you send us (e.g. email) for so long as the recipient saves the communication. Thereafter, records, or portions thereof may be deleted when there is no longer a legal or compliance reason to retain the data.
Your IP address may be retained for up to two years.
|
Disclosed to third parties (not service providers) for a business purpose.
|
Our affiliates to provide shared business services (e.g. customer service, investor relations, information security, IT support).
Delivery service providers (e.g. USPS or UPS) to send you mail.
Other third parties (such as law enforcement) as required by law, or as necessary to exercise our legal rights.
|
Legally Protected Demographics
These include those described in subdivision (e) of Section 1798.80. Examples include name and telephone number.
Collected? |
Yes
|
Source
|
From you or your device(s) when you provide it to us or interact with us online (such as through our Site, via chat or email, or our social media) or offline (such as through our offices or over the phone).
From third parties such as online data aggregators; data analytic providers; and other third parties who help us prevent fraud.
|
Purpose of Collection or Use
|
Identify and communicate with you.
Provide customer service when you contact us.
Manage and improve our business operations.
Provide relevant marketing to you.
Physical security, cybersecurity, incident response, and risk reduction purposes.
Legal, recordkeeping, and compliance purposes (e.g. exercise or defend legal claims; reporting due to regulators/government entities).
Other purposes communicated to you at the time of collection.
|
Retention Period*
|
We retain information contained communications you send us (e.g. email) for so long as the recipient saves the communication. Thereafter, records, or portions thereof may be deleted when there is no longer a legal or compliance reason to retain the data.
|
Disclosed to third parties (not service providers) for a business purpose.
|
Our affiliates to provide shared business services (e.g. customer service, investor relations, information security, IT support).
Delivery service providers (e.g. USPS or UPS) to send you mail.
Other third parties (such as law enforcement) as required by law, or as necessary to exercise our legal rights.
|
Characteristics of Protected Classifications under California or Federal Law
We do not collect these characteristics.
Commercial Information
We do not collect commercial information.
Biometric Information
We do not collect biometric information.
Internet or other Similar Network Activity
Information on your interaction with the Site (e.g. distinguishing unique visitors to the Site, time spent on the Site); whether you open or click on emails we send you.
Collected? |
Yes
|
Source
|
From you or your device(s) when you provide it to us or interact with us online (such as through our Site).
From third parties such as information submitted through online data aggregators; data analytic providers; and other third parties who help us improve our marketing or prevent fraud.
|
Purpose of Collection or Use
|
Make our website more intuitive.
Improving the efficiency and quality of our Site; debugging, identifying, and repairing errors that impair the intended functionality of our Site.
Physical security, cybersecurity, incident response, and risk reduction purposes.
Other purposes communicated to you at the time of collection.
|
Retention Period*
|
We retain information contained communications you send us (e.g. a read receipt for email) for so long as the recipient saves the communication. Thereafter, records, or portions thereof may be deleted when there is no longer a legal or compliance reason to retain the data.
Otherwise, we may retain this information for up to two years.
|
Disclosed to third parties (not service providers) for a business purpose.
|
Our affiliates to provide shared business services (e.g. information security, IT support, loss prevention).
Other third parties (such as law enforcement) as required by law, or as necessary to exercise our legal rights.
|
Geolocation Data
We do not collect geolocation data.
Sensory Data
Audio, electronic, visual, or similar information.
Collected? |
Yes
|
Source
|
From you or your device(s) when you provide it to us or interact with us online (such as through our Site, via chat or email, or our social media) or offline (such as over the phone or when you leave us a voicemail).
From our devices in our offices, such as Closed Circuit Television systems, devices where an operator interacts verbally and may take pictures, when activated in an emergency.
|
Purpose of Collection or Use
|
Identify and communicate with you.
Provide customer service when you contact us.
Improve our services and train our employees.
Manage and improve our business operations.
Physical security, cybersecurity, incident response, and risk reduction purposes.
Legal, recordkeeping, and compliance purposes (e.g. exercise or defend legal claims).
Other purposes communicated to you at the time of collection.
|
Retention Period*
|
Under normal circumstances, voicemails, call recordings, and videos for security purposes are retained for up to one year.
|
Disclosed to third parties (not service providers) for a business purpose.
|
Our affiliates to provide shared business services (e.g. customer service, investor relations, loss prevention, information security, IT support).
Other third parties (such as law enforcement) as required by law, or as necessary to exercise our legal rights.
|
Inferences
We do not maintain inferences drawn from the personal information identified herein.
Professional or Employment-Related Information
We may collect your title, employer name, and work-related contact information (e.g. telephone, email, mailing address) if you contact us on behalf of your employer.
Collected? |
Yes
|
Source
|
From you or your device(s) when you provide it to us or interact with us online (such as through our Site, via chat or email, or our social media) or offline (such as through our offices or over the phone).
From third parties such as carriers (e.g. updated address); online data aggregators; data analytic providers; and other third parties who help us prevent fraud.
|
Purpose of Collection or Use
|
Identify and communicate with you.
Provide customer service when you contact us.
Manage and improve our business operations.
Provide relevant marketing to you.
Physical security, cybersecurity, incident response, and risk reduction purposes.
Legal, recordkeeping, and compliance purposes (e.g. exercise or defend legal claims; reporting due to regulators/government entities).
Other purposes communicated to you at the time of collection.
|
Retention Period*
|
We retain information contained communications you send us (e.g. email) for so long as the recipient saves the communication. Thereafter, records, or portions thereof may be deleted when there is no longer a legal or compliance reason to retain the data.
|
Disclosed to third parties (not service providers) for a business purpose.
|
Our affiliates to provide shared business services (e.g. customer service, investor relations, information security, IT support).
Delivery service providers (e.g. USPS or UPS) to send you mail.
Other third parties (such as law enforcement) as required by law, or as necessary to exercise our legal rights.
|
Non-public Education Information
We do not collect non-public education information.
Sensitive Personal Information
Your account log-in credentials in combination with your password to access our Site.
Collected? |
Yes
|
Source
|
From you when you provide it to us online.
|
Purpose of Collection or Use
|
Create and administer an online account you requested, and facilitate your access to our Site via such account.
|
Retention Period*
|
For so long as you have an online account with us.
|
Disclosed to third parties (not service providers) for a business purpose.
|
Our affiliates to provide shared business services (e.g. information security, IT support).
Other third parties (such as law enforcement) as required by law, or as necessary to exercise our legal rights.
|
*Retention Periods: The retention periods disclosed above depend on and may change based on a variety of factors including, but not limited to: our available space to store the records; shortening the period if we determine we no longer have a reasonable need for the information; extending the period if the information is needed for legal purposes (e.g. ongoing litigation), required to be retained by law, needed to exercise our legal rights, part of an unresolved customer service or security issue, or used for internal training purposes; legal requirements that change after the information was collected (e.g. a law that requires us to delete something sooner or save something longer than we originally intended to).
Personal information does not include publicly available information or lawfully obtained truthful information that is a matter of public concern; de-identified or aggregated information; or information excluded from the CPRA’s scope, such as information covered by other specifically-named privacy laws. We collect, disclose, and use this information in accordance with applicable law. If information is in de-identified form, we will not attempt to re-identify the information, except as permitted by the CPRA.
This Site is directed to adults, and Sally does not knowingly collect, sell, or share the personal information of consumers under the age of 16. If you believe we have collected personal information of a consumer under the age of 16, please submit a Request to Delete.
Your Privacy Rights and Choices
The CPRA provides consumers with specific rights and to make requests regarding their personal information. To learn more click here, to submit such requests, click here.
We do not discriminate against customers who exercise their rights under applicable privacy law.
Shine the Light
California Civil Code Section 1798.83 permits customers who are California residents to request certain information regarding and/or opt-out of our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please write to us at the following address and clearly label your correspondence as a “Shine the Light Request”:
Sally Beauty Holdings, Inc.
c/o Customer Care
3001 Colorado Blvd.
Denton, TX 76210
Statistics on Consumer Privacy Requests We Receive
We receive a number of requests from our customers to exercise their privacy rights. Below are statistics on the number of requests we’ve received in California and how they have been fulfilled.
Requests as of January 1, 2023 – December 31, 2023 |
Received
|
Fulfilled
|
Denied*
|
Mean Duration (days)
|
Requests to know
|
0
|
0
|
0
|
N/A
|
Requests to delete
|
0
|
0
|
0
|
N/A
|
Requests to opt-out - not offered |
N/A |
N/A |
N/A |
N/A |
Requests to correct |
0 |
0 |
0 |
N/A |
Requests to limit use of sensitive information – not offered
|
N/A
|
N/A
|
N/A
|
N/A
|
*Lack of verification response; duplicate request; or other permitted reason.
Notice of Financial Incentive Programs
We do not offer financial incentive programs through this Site. If you interact with us as a customer, or in another capacity through our stores or consumer-facing websites, this Policy does not apply to such interactions. Please visit the applicable website of the business you interact with.
Changes to Our Privacy Notice
We reserve the right to amend this privacy notice at out discretion and at any time. We will provide additional notice to you if we make any changes that materially affect your privacy rights.
Contact Information
If you have any questions or comments about this notice, our Privacy Statement, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Phone: 833-505-0472
Website: https://www.sallybeauty.com/customer-service/email-sally/
Postal Address: 3001 Colorado Blvd, Denton, TX 76210