Effective Date: May 28, 2020
1. INFORMATION COLLECTION PRACTICES
This section of the Policy, How We Collect Information About You, outlines the various ways that we gather information about you.
- 1.1 Information that You Provide. We collect and store information that you enter through the Services or give to us in any other way. This section, Information that You Provide, provides examples of the information that you provide to us. You can choose not to provide certain information to us, but then you might not be able to access or use all the Services.
- (a) Account Registration and Login. You may visit and browse the Website without registering or submitting personal information about yourself. However, to use the App and other Services available through the Website and the App, you will be required to register for an account and, if you use multiple Services, you may be required to register for a distinct account for each Service (each, an “Account”). When you register for an Account, you will be asked to provide some personal information, such as your first name, last name, address, email address, phone number, and a password that you select. For certain services including Evolus Rewards, you may provide medical or other health related information; and aesthetic information (e.g. treatment history, loyalty program history, treatment date, treatment type, treating healthcare professional). Health care providers who register for an Account to use certain Services will be required to provide additional personal information, such as your medical license number or NPI number, practice name, specialty, degree, and additional biographical information.
When you register for an Account and log in to a Service you must provide your current, complete, and accurate information. It is your responsibility to keep your information up to date. We are not responsible for any problems, interruptions in access, or liability that may arise if you do not give us complete and accurate information or if you fail to update your information so that it is current.
- (b) Profile Creation. After you register for an Account, some Services will ask you to create a user profile (a “Profile”). If you choose to create a Profile, we will collect and store personal information about you that you provide when you create your Profile, such as your Profile image, your name, your practice information, and your ZIP code and, if you are a health care provider creating a physician Profile, your practice area and specialty, degree, office address and telephone number, training and credentials, procedures that you perform, and other biographical information
- (c) Correspondence; Chat, Contact Us Feature. If you send us personal correspondence, such as emails, letters or text messages, or if other users or third parties send us information about your use of the Services, we may save the information in a profile specific to you. Additionally, we collect and store the personal information you provide when you use the “Contact Us” feature within the Services, such as your first name, last name, address, email address, phone number, the reason for your inquiry, and your comments, including any aesthetic information you provide. We also maintain a history of any chat you may have with us.
- (d) Job Applications. We collect and store personal information when you submit contact, resume, qualification, and other biographical information to us in connection with submitting a job application using the Services. Unless we specifically ask for personal information about you during the job application process, please do not provide it. For example, don’t send us a social security number simply because it is in your resume—remove it before submitting your resume.
- (e) Your Use of the Services. We collect and store the information that you and other users provide when you and they use and interact with the Services. For example, we collect and store your responses to surveys and questionnaires; the geographical and other information you provide when using “Find a Specialist” and similar features; the information you provide when interacting with customer service; the billing, shipping, payment, and other information you provide when purchasing products through the Services.
- 1.2 Information that is Automatically Collected. We collect and store information about you and any computer or device you use to access or use the Services automatically using a variety of technologies. This section provides examples of information that we collect about you automatically. We collect this information for the purposes described in this Policy, including to better understand our customer base and to improve the quality of the Services.
- (a) Device Information. We collect and store device-specific information, including your mobile number, your operating system version, and browser version. We may associate your device-specific information with you.
- (b) Log Information. When you use or interact with the Services, we and our service providers automatically collect certain information in our server logs. Generally, this information does not directly identify you, and may include your internet protocol address, browser type, and pages viewed.
- (d) Location Information. If you use our “Find a Specialist” we will collect and record your location. If you give us permission through the App, we may collect location information (including geolocation and GPS location) about you. Once you have given us permission to collect location information, we may continue collecting that information without asking permission again. You may be able to disallow our use of certain location data through your device settings, for example, by disabling “Location Services” for the App in your device’s privacy settings. If you block the use of location information, some features of the App may be inaccessible or not function properly. Our third-party analytics provider may also collect location information about you, as described in Section 3.3 below.
- 1.3 Information that is Collected by Third Parties. Some Services link or allow you to access or sign up for services provided by third parties (“Third Party Sites and Services”). The collection, use, and disclosure of information by Third Party Sites and Services are subject to the privacy policies of the third-party operator, which we do not control.
2. INFORMATION COLLECTION PRACTICES
This section of the Policy, How We Use Information, outlines the various ways that we use the information that we collect about you.
- 2.1 General. We may use your personal information (including tracking information) to operate, maintain, and improve the Services and any successor or future versions of the Services (including to provide you a more personalized experience); allow you to log in more conveniently; understand where requests originate; conduct security and statistical analysis; communicate with you; produce traffic volume statistics; maintain a record of customer service requests; provide you information about products and services (including products and services of third parties); sell and deliver advertising; market; conduct research; resolve disputes; collect fees owed; detect and protect against errors, fraud, and criminal activity; assist law enforcement; enforce this Policy and any other terms related to the Services; and any other purpose described in this Policy or that we describe to you at the time of collection.
- 2.2 Provision of Services. We use your personal information to provide the Services to you. For example, we use your personal information to respond to your requests for information, administer the Evolus Rewards program, provide a list of specialists or chat with you. We also use your personal information to fulfill orders that you place through the Services, provide customer service, respond to your requests for information and prevent transactional fraud.
- 2.3 Communications. We may use your personally identifiable information to send you emails, text messages or other communications related to the Services, or in response to your inquiries or requests. You may not opt-out of receiving service-related messages that are not promotional in nature. We may also send you marketing messages, surveys, or newsletters by e-mail or text message to notify you about products or services that may be of interest to you. If you would like to stop receiving marketing emails from us, please click on the unsubscribe link at the bottom of any marketing email you receive. If you would like to stop receiving text messages from us, please respond “Stop”. If you opt-out, you will continue to receive service-related emails.
- 2.4 Resumes and Job Applications. We may use personal information that you provide when you submit contact, resume, qualification, and other biographical information to us in connection with submitting a job application in connection with our hiring and recruiting process, and if you are hired, your employment with us.
- 2.5 Non-identifying and Aggregated Information. We may use non-identifying information for any lawful purpose, including analyzing trends, research, Services administration, tracking users’ movements around the Services, and to improve our business and the Services and we sell it to third parties including for commercial purposes.
- 2.6 Retaining Your Information. In general, we will retain your information indefinitely, or if legally required or allowed; however, we are not obligated to retain your information and may delete it at any time.
3. HOW WE SHARE INFORMATION
This section of the Policy, How We Share Information, describes how we share the information that we collect about you with other parties.
- 3.1 Generally. We will not sell or rent any of your personal information to third parties for marketing purposes. However, we may disclose your information to any affiliated entity or organization and to agents and service providers. We may also share non-identifying information with third parties for any lawful purpose, including analyzing trends, research, Services administration, tracking users’ movements around the Services, and to improve our business, products, services, and the Services and we may sell it to third parties for commercial purposes. Use of information by affiliated entities and organizations will be subject to this Policy or an agreement that is at least as restrictive as this Policy.
- 3.2 Sharing with Third Parties. We may share information about you with third parties to help us operate and improve the Services, and to provide and promote our products and services as well as third-party products and services. Additionally, we may be required to disclose information about you to comply with law, or in connection with a business transition. Below are examples of how we share your information with third parties.
- (a) Service Providers. We use third parties to help us operate and improve the Services (e.g., hosting providers, e-commerce service providers, analytics service providers, etc.). We may provide these third parties information we collect, and they may collect information from you and about your use of the Services. We may provide information we collect to third parties and it will, unless specifically noted otherwise in this Policy, be governed by this Policy and may only be used by those third parties to help us operate or improve our business or the Services and to provide services to us. We do not control information collected by third parties and are not responsible for their use of that information. Please review their privacy policies for more information on their information collection, use, and sharing practices.
- (b) Healthcare Providers: To administer certain Services including the Evolus Rewards loyalty program and the Find a Specialist tool, we may share your information (including your aesthetic information) with your healthcare professional.
- (d) Legal Requirements. In some cases, we may disclose your personal information as required by law; if we believe that disclosure is needed to protect our rights; to government regulators; to law enforcement authorities; in connection with any judicial proceeding, court order, subpoena, or legal process served on us or the Services; and to respond to a physical threat to you or another person.
- (e) Insolvency and Business Transitions. If we ever file for bankruptcy or engage in a business transition such as a merger or joint venture with another company, or if we purchase, sell, or reorganize all or a part of the Services or our business or assets or the business or assets of our affiliates, we may disclose your personal information, including to prospective or actual purchasers in connection with one of these transactions.
- 3.3 Disclaimer. We cannot ensure that all your personal information will never be disclosed in ways not otherwise described in this Policy. For example, we may be required to disclose personal information to the government or third parties under certain circumstances, third parties may unlawfully intercept or access transmissions or private communications, or users may abuse or misuse your personal information that they collect from the Services. No storage or transmission of data can be 100% secure.
4. ONLINE TRACKING AND YOUR CHOICES
5. INFORMATION SECURITY MEASURES
Keeping secure personal information that we collect is of great concern to us. While we have mechanisms in place to safeguard your personal information once we receive it, no storage or transmission of data can be guaranteed to be 100% secure. When you provide information to the Services, you do so at your own risk.
The Services are intended for users over the age of 18 and are not directed to children under 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information without parental consent, please contact us at by using the contact information in the Privacy Questions section at the bottom of this Policy, and we will take steps to remove the information.
7. CALIFORNIA PRIVACY RIGHTS
Under the California Consumer Protection Act of 2018 (“CCPA”), California residents have certain rights around our collection, use, and sharing of their personal information.
We have not, within the past 12 months, sold your personal information and will not do so in the future without providing you with notice and an opportunity to opt-out of such sale as required by law.
We collect various categories of personal information when you use the Services, including identifiers, commercial information, internet or other electronic network or device activity information, geolocation data, professional information and inferences drawn from other personal information. A more detailed description of the information we collect and how we use it is provided above in Section 1 and 2 of this Policy. Section 3 of the Policy describes the categories of third parties with whom we share personal information, and what information may be shared under different circumstances.
If you are a resident of California, you have the right to request to know what personal information has been collected about you, and to access that information. You also have the right to request deletion of your personal information, though exceptions under the CCPA may allow us to retain and use certain personal information notwithstanding your deletion request. You can learn more about how to submit a data rights request, please submit a verifiable consumer request to us by contacting us using the information in Section 9 of this Policy
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.
Separate from the CCPA, California’s Shine the Light law gives California residents the right to ask companies what personal information they share with third parties for those third parties’ direct marketing purposes. We do not disclose your personal information to third parties for the purpose of directly marketing their goods or services to you unless you request such disclosure. If you have any questions regarding this Policy, or would like to change your preferences, you may contact us at the address listed above in Section 9 of this Policy.
8. MODIFICATION OF THIS POLICY
We will occasionally update this Policy. When we post changes to this Policy, we will revise the “Effective Date” at the top of this Policy. We recommend that you check the Services from time to time to inform yourself of any changes in this Policy or any of our other policies. By continuing to access or use the Services after a change to this Policy becomes effective, you agree to the revised Policy.
9. PRIVACY QUESTIONS
If you have questions or concerns about our privacy practices, please email us at: firstname.lastname@example.org, call us toll-free at 1-877-EVOLUS1 or via postal mail at the following address:
520 Newport Center Dr., Suite 1200
Newport Beach, CA 92660
Attn: Privacy Office