×
Now Shipping Internationally

Shipping to:

Skip to content

Free Shipping On $45+ Purchases & All Subscriptions!

Free Shipping On $45+ Purchases & All Subscriptions!

Shop Now →
Your Cart
(0)

Complete your hair care routine.

Travel-Sized Volume Duo

Travel-Sized Hydrating Duo

30ml Scalp Serum Save 20%

Travel-Sized Dry Shampoo Trio

Whipped Repair Treatment Mask Save 20%

3-in-1 Leave-In Conditioner Save 20%

Elevate Your Hair Routine Today

Shop Best sellers:

30ml Scalp Serum Save 20%

Hair Vitamins Save 20%

100ml Scalp Serum Save 20%

The Healthy Hair Bundle Save 20%

Hair Vitamins Trio Save 20%

Best Sellers Bundle

Volume Rescue Trio

PRIVACY POLICY

GLOBAL PRIVACY POLICY
Revised September 25, 2024 / Effective October 1, 2024
We take your privacy seriously. Please read this privacy policy (“Policy”) carefully as it contains important information about your personal information and data that identifies you, identifies a particular individual, or refers to personally identifiable information, personal information, or personal data (“Personal Information”) under applicable data privacy laws, rules, or regulations (“Data Privacy Laws”). 
Importantly, this Policy does not cover the practices of companies we do not own or control or people we do not manage.
ABOUT THIS POLICY
This Policy explains how and why we collect, store, use, and share your Personal Information. This Policy also explains your rights related to your Personal Information, including how to contact us in the event you have a complaint.
This policy applies when Divi Official, LLC, its subsidiaries, and its affiliated companies (collectively, “Divi,” “we,” “us,” or “our”) act as a “Controller” as defined in the European Union’s General Data Protection Regulation (the “GDPR”) or “Business” as defined under the California Consumer Privacy Act (the “CCPA”) or when we otherwise processes Personal Information, including when we communicate, offer, provide, and deliver products or service to you. Therefore, our policies apply when Divi acts as a Controller, Business, or the equivalent as defined under Data Privacy Laws, including North American Data Privacy Laws (including the laws of Canada, the United States, California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia), European Data Privacy Laws (including the GDPR), South American Data Privacy Laws (including the laws of Argentina, Brazil, and Colombia), and Asia-Pacific Data Privacy Laws (including the laws of Armenia, Australia, China, Hong Kong, Israel, New Zealand, Philippines, Singapore, and South Korea), and African Data Privacy Laws (including the laws of Benin Republic, Kenya, Nigeria, and South Africa), collectively “Worldwide Data Privacy Laws.” We work to comply with Worldwide Data Privacy Laws even though some Worldwide Data Privacy Laws may not be applicable to us.
Additionally, please note: We do not anticipate we will be a Processor of or Service Provider for your Personal Information or the equivalent under any Data Privacy Laws. However, in the case that you or we find that we are acting in such capacity of, for, or with your Personal Information (i.e., not the Controller or Business), please contact the controller or business to address your rights with respect to such data under the Worldwide Data Privacy Laws. 
OUR DATA POLICIES
Please read the following carefully to understand our views and practices regarding your Personal Information as a visitor, account owner, or customer of our website.
Some of Our Key Terms Used In This Policy. It would be helpful to start by explaining some key terms used in this policy:

We, us, our

Divi Official, LLC, its subsidiaries, and affiliated companies

16990 Dallas Pkwy, Ste 200

Dallas, Texas 75248

Our website

www.diviofficial.com

Our Data Protection Officer (“DPO”)

Bryce Washum

16990 Dallas Pkwy, Ste 200

Dallas, Texas 75248

[email protected]

Personal Information

Personal information and data that identifies you; identifies a particular individual; refers to personally identifiable information, personal information, or personal data; or identifies, relates to, describes, is reasonable capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household

Our Products and Services

The items and opportunities available to purchase or provided for free on our website.

Service Providers

A “Service Provider” under the CCPA, a “Processor” under the GDPR, or any natural person, legal entity, or other body that operates under a service-provider contract with us to process Personal Information from us under contractual obligations prohibiting the retention, use, or disclosure of Personal Information collected by us for any purpose other than the purpose specified in the contract or any other purpose permitted under any applicable Worldwide Data Privacy Laws (i.e. a person or entity who processes any Personal Information we collected on behalf of us)

How We Collect Your Personal Information. We collect your Personal Information from you when you provide such information directly to us and when such information is collected via our website through your opt-in, your input, and your consent when you create an account to become an account owner or customer. As an account owner or a customer, you agree to receive communications or offers about our products, services, and other offerings. 
For anyone that visits our website, including those that do not create an account, we may also collect information about you from cookies, web beacons, tracking pixels, and other tracking technology (collectively, “Tracking Technology”) on our website. The Tracking Technology on our website does not collect Personal Information. It is used to help customize our website to improve your experience. Most web browsers are set to accept Tracking Technology by default. Through an initial pop-up menu bar, we provide you the option to consent or opt-out of Tracking Technology, except web beacons. You can consent or opt-out accordingly. You can also remove or reject Tracking Technology, except web beacons, through your web browser. Be aware that opting-out, removing, or rejection tracking technology can affect the availability and functionality of our website. You may not decline web beacons. However, they can be rendered ineffective by declining all cookies or by modifying your web browser’s settings to notify you each time a cookie is tendered, permitting you to accept or decline cookies on an individual basis. 
Accordingly, we do not collect any Personal Information from website visitors that do not initiate the process to create an account. 
Personal Information We Collect About You. For those that initiate or complete the process to create an account, we may collect and use the following Personal Information:

Categories of Personal Information

Specific Types of Personal Information Collected

Identifiers (including potentially some Sensitive Personal Information or Data under some of the Worldwide Data Privacy Laws)

Name; addresses; telephone numbers; internet protocol (“IP”) address; electronic mail (“e-mail”) addresses; home, work, mailing, and billing addresses; social security number in the United States, SIN number in Canada, or the equivalent government-identification number in other countries; driver’s license number and information; passport number and information; date of birth; and online account names

Characteristics of protected classifications under some laws and regulations

Race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, and any other status protected by the laws or regulations in the locations where we operate

Internet or other electronic network activity information (e.g., browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement)

Purchase history, purchase data, Usage data, unique device identifiers for advertising (e.g., Google Advertiser ID or IDFA); and Tracking Technology

This collected Personal Information is required to provide you with our Services. If you do not provide Personal Information, it may delay or prevent us from providing our Services to you.
IMPORTANT NOTICE FOR CHILDREN UNDER THE AGE OF SIXTEEN (16). Our Website and Services are NOT intended for children under the age of 16 without parental consent. IF YOU ARE UNDER THE AGE OF 16 and wish to become an account owner or customer of our website, your parent or legal guardian must supervise your use of our website, products, and services; opt-in and consent to the use of any Tracking Technology; and initiate or complete the process of creating any account, submit any of your purchases, and agree to this Policy or any of our website’s Terms & Conditions. Also, WE WILL NOT RETAIN ANY PERSONAL INFORMATION OF ANY PERSON UNDER THE AGE OF THIRTEEN (13) IF KNOWINGLY COLLECTED WITHOUT PARENTAL OR LEGAL GUARDIAN SUPERVISION AND CONSENT. If we learn that we have collected Personal Information from someone under the age of 13 that was not provided with the supervision and consent of the minor’s parents or legal guardian, we will promptly delete that Personal Information. If you believe we have impermissibly collected Personal Information from someone under the age of 13, please contact us immediately.
How We Store Your Personal Information. We take seriously the security of your Personal Information. 
Security. We take appropriate measures to ensure that your Personal Information is kept secure including security measures to prevent Personal Information from being accidentally lost, or used or accessed in an unauthorized way, for the duration of your use of our Services. We limit access to your Personal Information to those who have a genuine need to know it to provide or improve our products and services both internally and with Service Providers. Also, individuals or Service Providers processing your Personal Information will do so only in an authorized manner and are subject to a duty of confidentiality. 
Our Relationships with Service Providers
We impose contractual obligations on our Service Providers to ensure they only use Personal Information to provide or improve our products and services to us or to you. We also impose contractual obligations on Service Providers to ensure they only use any Personal Information shared in a way allowable by any applicable Worldwide Data Privacy Laws. Service Providers are therefore under contractual obligations prohibiting the retention, use, or disclosure of Personal Information collected by us for any purpose other than the purpose specified in the contract to provide or improve our products or services, or any other purpose permitted under any applicable Worldwide Data Privacy Laws.
In Case of a Data Breach
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
IMPORTANT NOTICE: WE DO NOT GUARANTEE THE SECURITY OF YOUR DATA. Unfortunately, the transmission of information via the internet is not completely secure. Although we work to protect your Personal Information, we cannot guarantee the security of your data provided or transmitted to us through our website or an online submission form. Therefore, any data you provide remains at YOUR OWN RISK. But once we have received your Personal Information, we will use strict procedures and security features in order to prevent unauthorized access and use.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
Keeping Your Personal Information Up to Date. If your personal details change, you may update them by logging into your account and updating them accordingly or by contacting our DPO at [email protected]
We will attempt to update your Personal Information within thirty (30) days of any new or updated Personal Information being provided to us, in order to ensure that the Personal Information that we hold about you is as accurate and up to date. For more information about this process, please see the section about “Your Rights” below.
Where We Store Your Personal Information. Personal Information may be held at our offices and those of our Service Providers. For more information about who may store your Personal Information, see the section about “Who We Share Your Personal Information With” below. 
If you are a subject of the European Union, the data that we collect from you and process may be transferred to, and stored at, a destination in the United States or other countries—specifically, in areas outside the UK or the European Economic Area (“EEA”). It may also be processed by staff operating in the United States or other countries—specifically, people in areas outside the UK or the EEA who work for us or for one of our Service Providers. 
By submitting your Personal Information, you agree to this transfer, storing, or processing. Some Service Providers may be based outside the EEA. For more information, including on how we safeguard your Personal Information when this occurs, see “Transferring Your Personal Information Out of the EEA” below.
How Long Your Personal Information Will Be Kept. We will keep your Personal Information as long as we plan to provide our services or products, including communicating, offering or providing products, services, or other offerings, unless you request otherwise. For more information about the process to opt out after you’ve initiated the process to create an account, please see the section about “Your Rights” below. 
We will also keep your Personal Information for as long as is necessary:
  • To respond to any questions, complaints or claims made by you or on your behalf;
  • To show that we treated you fairly; or
  • To keep records required by law.
When it is no longer necessary to retain your Personal Information, we will delete or anonymize it.
Transferring Your Personal Information Out of the EEA. To deliver Services to you, it is necessary for us to share your Personal Information outside the EEA. For example, we must share your Personal Information:
  • With our office outside the EEA;
  • With our Service Providers located outside the EEA; or
  • When you travel or if you are based outside the EEA; 
IMPORTANT NOTICE TO EUROPEAN DATA SUBJECTS: You agreed and expressly gave your consent when you initiated the process to create an account to allow the transfer of your Personal Information outside of the UK or EEA (“Opted-In Consent”).
We have worked to comply with GDPR’s requirements to keep European data subject’s information within the EEA or to comply with Article 46 of the GDPR, entitled “Transfers Subject to Appropriate Safeguards,” or Recital 111 of the GDPR, entitled “Exceptions for Certain Cases of International Transfers.” 
We have complied with Article 46 because you provided Opt-In Consent for us to transfer your Personal Information to non-EEA countries or international organizations, we have provided appropriation safeguards, provide you the ability to enforce your data privacy rights, and allow you effective legal remedies if your rights are not enforced by us when applicable. The appropriate safeguards are provided for, without requiring any specific authorization from a supervisory authority, by standard data protection clauses. 
We have complied with Recital 111 because you provided Opt-In Consent for us to transfer your Personal Information to non-EEA countries or international organizations and the transfer of your Personal Information is occasional and necessary in relation to our products or services.

Why We Use Your Personal Information. Under Data Privacy Laws, we can only use your Personal Information if we have a proper reason for doing so, e.g.,:
  • To comply with our legal and regulatory obligations;
  • To provide our Services to you or to take steps at your request before providing our Services to you;
  • For our legitimate interests or those of a third party; or
  • Where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
The table below explains what we use (process) your Personal Information for and our reasons for doing so:


What we use your Personal Information for

Our reasons

To provide our products and services to you

For the performance of providing our products or services to you or to take steps at your request before performing of providing our products or services to you

To prevent and detect fraud against you or Divi

For our legitimate interests or those of a third party, i.e. to minimize fraud that could be damaging for us and for you

Conducting checks to identify account owners and customers and verify their identities

For our legitimate interests, i.e. to minimize data storage and fraud that could be damaging for us and for you

Screening for financial and other sanctions or embargoes

To comply with our legal or regulatory obligations

Other processing necessary to comply with professional, legal and regulatory obligations that apply to us

To comply with our legal or regulatory obligations

Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies

To comply with our legal or regulatory obligations

Ensuring business policies are adhered to, e.g. policies covering security and internet use

For our legitimate interests or those of a third party, i.e. to make sure we are following our own internal procedures so we can deliver the best service to you and avoid a data breach

Operational reasons, such as improving efficiency, training and quality control

For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service for you

Ensuring the confidentiality of commercially sensitive information

For our legitimate interests or those of a third party, i.e. to protect trade secrets and other commercially valuable information


Also, to comply with our legal and regulatory obligations

Statistical analysis to help us manage our business, e.g. in relation to our financial performance, customer base, products or services range or other efficiency measures

For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service for you

Preventing unauthorized access and modifications to systems

For our legitimate interests or those of a third party, i.e. to prevent and detect criminal activity that could be damaging for us and for you


Also, to comply with our legal and regulatory obligations

Updating and enhancing account owners’ or customers’ records

For the performance of providing our products or services to you or to take steps at your request before performing providing our products or services to you


Also, to comply with our legal and regulatory obligations


And for our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with our account owners or customers to communicate and offer our products or services

Statutory returns

To comply with our legal and regulatory obligations

Ensuring safe working practices and staff administration and assessments

To comply with our legal and regulatory obligations


Also, for our legitimate interests or those of a third party, e.g. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you

Marketing our products or services directly to account owners or customers

For our legitimate interests or those of a third party, i.e. to promote our products and services

External audits and quality checks, e.g. for accreditation and the audit of our accounts

For our legitimate interests or a those of a third party, i.e. to maintain our accreditations so we can demonstrate we operate at the highest standards


Also, to comply with our legal and regulatory obligations


Promotional Communications. We may use your Personal Information to send you updates (by email, text message, telephone or post) about our products and services, including exclusive offers, promotions or new products and services.
We have a legitimate interest in processing your Personal Information for promotional purposes. This means we do not usually need your consent to send you promotional communications. However, where consent is needed (or doubly needed) under Data Privacy Laws, we will ask for this consent separately and clearly.
IMPORTANT NOTICE REGARDING PROMOTIONAL COMMUNICATIONS: We will always treat your Personal Information with the utmost respect. Accordingly, WE DO NOT SELL or share it with other organizations for marketing purposes.
You have the right to opt out of receiving promotional communications at any time by:
We may ask you to confirm or update your marketing preferences if you instruct us to provide further products or services in the future, or if there are changes in the Data Privacy Laws or the structure of our entity.
Who We Share Your Personal Information With. We routinely share Personal Information with:
  • Service Providers we use to help deliver our products or services to you;
  • Other third parties we use to help us manage marketing or customer relationship management or run our website, such as website hosts;
  • Third parties approved by you, including social media sites you choose to link to;
  • Our insurers and brokers;
  • Our banks; and
  • Our affiliates.
We may also disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
Additionally, we may also need to share some Personal Information with other parties, such as potential buyers of some or all of our entity or during a re-structuring. We will typically anonymize information, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations, similar to those binding Service Providers discussed above.
Personal Information We Sold or Disclosed for a Business Purpose. In the preceding 12 months, we have NOT sold Personal Information. 
Where Your Personal Information is Held. Information may be held at our offices, Service Providers, and third parties (see above: “Who We Share Your Personal Information with”).
Some of these Service Providers and third parties may be based outside the EEA. For more information, including on how we safeguard your Personal Information when this occurs, see below: “Transferring Your personal information Out of the EEA.”
AVAILABLE RIGHTS TO YOU
We take your data rights seriously. Therefore, we offer you rights common to Worldwide Data Privacy Laws.
Your Rights in General.
We provide the following rights to you that are common among Worldwide Data Privacy Laws—even though some of the rights may not be necessary because we do not sell Personal Information, we do not use automated decision making in our data processing, and we do not use Personal Information to profile website visitors, account owners, or customers for direct marketing.

Disclosure of Personal Information We Collect About You

You have the right to know:

  • The categories of Personal Information we have collected about you;
  • The categories of sources from which the Personal Information is collected;
  • Our business or commercial purpose for collecting or selling Personal Information;
  • The categories of third parties with whom we share Personal Information, if any; and
  • The specific pieces of Personal Information we have collected about you.

Please note that we are not required to:

  • Retain any Personal Information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained;
  • Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered Personal Information; or
  • Provide the Personal Information collected to you more than twice in a 12-month period.

Personal Information Sold or Used for a Business Purpose

In connection with any Personal Information we may sell or disclose to a third party for a business purpose, you have the right to know:

  • The categories of Personal Information about you that we sold and the categories of third parties to whom the Personal Information was sold; and
  • The categories of Personal Information that we disclosed about you for a business purpose.

You have the right to opt-out of the sale of your Personal Information to third parties or Service Providers. If you exercise your right to opt-out of the sale of your Personal Information, we will refrain from selling your Personal Information, unless you subsequently provide express authorization for the sale of your Personal Information. To opt-out of the sale of your Personal Information, please update your Personal Information Preferences here https://www.diviofficial.com/pages/us-laws-compliance.

Right to Access

The right to be provided with a copy of your Personal Information (the right of access)

Right to Rectification or Correct Personal Information

The right to require us to correct any mistakes in your Personal Information

Right to be Forgotten or Deleted

The right to require us to delete your Personal Information


We may deny the request if the information is necessary to: 

  • Complete providing a product or service requested or reasonably anticipated by the account owner or customer 
  • Detect and protect against security incidents, malicious, deceptive, fraudulent, or illegal activity, or take action against those responsible for such activity 
  • debug to identify and repair errors impairing intended functionality
  • Engage in research in the public interest adhering to applicable ethics and privacy laws where the account owner or customer has provided informed consent 
  • Enable solely internal uses reasonably aligned with the account owner’s or customer’s expectations based on the account owner’s or customer’s relationship with us
  • Comply with any legal proceeding, court order, law, legal investigation, regulatory body, or other legal obligation
  • Otherwise use the information internally in a lawful manner compatible with the context in which the account owner or customer provided the information

Right to Restriction of Processing

The right to require us to restrict processing of your Personal Information—in certain circumstances, e.g. if you contest the accuracy of the data

Right to Data Portability

The right to receive the Personal Information you provided to us

Right to Object

The right to object:

  • At any time to your Personal Information being processed for direct marketing (including profiling)
  • In certain other situations to our continued processing of your Personal Information, e.g. processing carried out for the purpose of our legitimate interests

Right Not to Be Subject to Automated Individual Decision-Making

The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

Right Not to Be Discriminated Against

You have the right to not be discriminated against by us because you exercised any of your rights. This means we cannot, among other things:

  • Deny goods or services to you;
  • Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
  • Provide a different level or quality of goods or services to you; or
  • Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

Please note that we may charge a different price or rate or provide a different level or quality of goods and services to you, if that difference is reasonably related to the value provided to our business by your Personal Information.

Right to Appeal the Denial of an Enforcement of Your Right by Us

You have the right to appeal the denial or failure of our DPO to enforce any request of your rights listed above by us. 


You can appeal any data privacy decision or indecision we make concerning your Personal Information by contacting in writing:


Personal Information Appeal Board

3229 Premier Drive

Dallas, Texas 75063


We will work to respond (or send a response) within 30 days of receipt of your appeal in writing at the address or email address provided in your appeal.

Right to Be Provided with a Supervisory Authority, if Known, to Complain to if Dissatisfied with Our Response to Your Change in Personal Information Preferences or Our Appeals Process

You have a right to know, if we know, who to complain to if you are dissatisfied with our response to your request to change your Personal Information Preferences or to your appeal of a decision we made in response to your request to change your Personal Information Preferences.


We have worked to list known local supervisory authorities or resources to find your local supervisory authority under the “Your Rights Under Local Data Privacy Laws” section below.


If you cannot find your supervisory authority in the section below, please contact our DPO at [email protected] with the subject “REQUEST TO IDENTIFY SUPERVISORY AUTHORITY” and the location of the supervisory authority sought, including city/state, country, and continent. Our DPO will do their best to get back to you within 30 days from receipt of your request in writing via email with either the known supervisory authority or an explanation that no known supervisory authority could be identified by us.

Your Rights Under Local Data Privacy Laws.
While some Data Privacy Laws may not apply to us, we will provide you rights under the following applicable Data Privacy Laws when they apply or voluntarily when they do not apply:
North America
Canada
Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) generally provides rights to individuals that we voluntarily provide, including the right to access what Personal Information we have collected from you, the ability to correct any inaccurate Personal Information, learn about our collection and usage of Personal Information, identify who within the organization is responsible for the protection of Personal Information, confirm we use and disclose your Personal Information in an appropriate manner, ensure we follow your consent regarding your Personal Information, and report to you if your Personal Information rights are knowingly violated. 
Complaints under the PIPEDA. We hope that our DPO can resolve any query or concern you raise about our use of your information. The PIPEDA also gives you the right to lodge a complaint with the Office of the Privacy Commissioner of Canada. To learn more about lodging a complaint,you may visit: https://www.priv.gc.ca/en/report-a-concern/file-a-formal-privacy-complaint/file-a-complaint-about-a-business/
California
The CCPA generally provides rights to individuals that we voluntarily provide, including the right to know about the Personal Information we collected about you and how it is used and shared; the right to correct inaccurate Personal Information that we have about you; the right to delete Personal Information we collected from you (with some exceptions); the right to opt-out of the sale or sharing of your Personal Information; the right to limit the use and disclosure of Sensitive Personal Information collected about your; and the right to non-discrimination for exercising your CCPA rights. The CCPA also provides a right to a private cause of action to seek statutory damages against a business in limited circumstances involving the CCPA’s reasonable security obligation. For more information regarding this private right of action, please see Section 1798.150 of the California Civil Code.
Complaints under the CCPA. We hope that our DPO can resolve any query or concern you raise about our use of your information. The CCPA also gives you the right to lodge a complaint with the California Privacy Protection Agency. To lodge a complaint, you may visit https://privacy.ca.gov/submit-a-complaint/ccpa-complaints/
 
Colorado
The Colorado Privacy Act (“CPA”) generally provides rights to individuals that we voluntarily provide, including the right to access, delete, and correct their personal data as well as the right to opt out of the sale of their personal data or its use for targeted advertising or certain kinds of profiling. Under the CPA, Colorado consumers will have the following enumerated rights with respect to their Personal Information: the right to opt-out from the sale of their Personal Information, or use of Personal Information for targeted advertising and certain types of profiling; the right to know whether we are collecting Personal Information; the right to access Personal Information that we have collected about them; the right to correct Personal Information; the right to delete Personal Information; and the right to download and remove Personal Information from a platform in a format that allows the transfer to another platform. The CPA also places new obligations on covered entities to safeguard personal data, including the requirement to give Coloradans meaningful information about the collection and use of their Personal Information, to conduct data protection assessments, and to obtain consent before processing certain Sensitive Personal Information.
Complaints under the CPA. We hope that our DPO can resolve any query or concern you raise about our use of your information. The CPA also gives you the right to lodge a complaint with the Colorado Attorney General. To lodge a complaint, you may visit: https://coag.gov/file-complaint/
Connecticut
The Connecticut Data Privacy Act (“CTDPA”) generally provides rights to individuals that we voluntarily provide, including the right to access Personal Information that we have collected about you; the right to correct inaccuracies in your Personal Information; the right to delete your Personal Information, including Personal Information that we collected through third parties; the right to obtain a copy of your Personal Information in a portable and readily usable format that allows them to transfer the data to another controller with ease; and the right to opt-out of the sale of your Personal Information, the processing of Personal Information for the purposes of targeted advertising, and profiling that may have a legal or other significant impact.
Complaints under the CTDPA. We hope that our DPO can resolve any query or concern you raise about our use of your information. The CTDPA also gives you the right to lodge a complaint with the Connecticut Attorney General. To lodge a complaint, you may visit: https://www.dir.ct.gov/ag/complaint/e-complaint.aspx?CheckJavaScript=1?CheckJavaScript=1
Delaware
The Delaware Personal Data Privacy Act (“DPDPA”) generally provides rights to individuals that we voluntarily provide, including the right to confirm whether we are processing their Personal Information and provide access to the individual’s Personal Information; the right to correct inaccurate Personal Information; the right to delete Personal Information; the right to obtain a copy of the Personal Information (i.e., data portability); the right to obtain a list of the categories of third parties to which we disclosed the Personal Information; and the right to opt out of the processing of the individual’s Personal Information for purposes of targeted advertising, the sale of personal data or profiling in furtherance of solely automated decisions that produce legal or similarly significant effects concerning the consumer.
Complaints under the DPDPA. We hope that our DPO can resolve any query or concern you raise about our use of your information. The DPDPA also gives you the right to lodge a complaint with the Delaware Department of Justice. To lodge a complaint, you may visit: https://attorneygeneral.delaware.gov/fraud/cmu/complaint/
Indiana
The Indiana Consumer Data Privacy Act (“INCDPA”) generally provides rights to individuals that we voluntarily provide, including the right to access Personal Information that we have collected about you the right to correct inaccuracies in your Personal Information; the right to delete your Personal Information, including Personal Information that we collected through third parties; the right to obtain a copy of your Personal Information in a portable and readily usable format that allows them to transfer the data to another controller with ease; and the right to opt-out of the sale of your Personal Information, the processing of Personal Information for the purposes of targeted advertising, and profiling that may have a legal or other significant impact.
Complaints under the INCDPA. We hope that our DPO can resolve any query or concern you raise about our use of your information. The INCDPA also gives you the right to lodge a complaint with the Indiana Attorney General. To lodge a complaint, you may visit: https://www.in.gov/attorneygeneral/consumer-protection-division/consumer-complaint/
Iowa
The Iowa Act Relating to Consumer Data Protection (“ICDPA”) generally provides rights to individuals that we voluntarily provide, including the right to access Personal Information that we have collected about you; the right to correct inaccuracies in your Personal Information; the right to delete your Personal Information, including Personal Information that we collected through third parties; the right to obtain a copy of your Personal Information in a portable and readily usable format that allows them to transfer the data to another controller with ease; the right to opt-out of the sale of your Personal Information, the processing of Personal Information for the purposes of targeted advertising, and profiling that may have a legal or other significant impact; and the right not to discriminated against for exercising your rights under the ICDPA.
Complaints under the ICDPA. We hope that our DPO can resolve any query or concern you raise about our use of your information. The ICDPA also gives you the right to lodge a complaint with the Iowa Attorney General. To lodge a complaint, you may visit: https://www.iowaattorneygeneral.gov/for-consumers/file-a-consumer-complaint
Kentucky
The Kentucky Consumer Data Protection Act (“KCDPA”) generally provides rights to individuals that we voluntarily provide, including the right to access Personal Information that we have collected about you; the right to correct inaccuracies in your Personal Information; the right to delete your Personal Information, including Personal Information that we collected through third parties; the right to obtain a copy of your Personal Information in a portable and readily usable format that allows them to transfer the data to another controller with ease; and the right to opt-out of the sale of your Personal Information, the processing of Personal Information for the purposes of targeted advertising.
Complaints under the KCDPA. We hope that our DPO can resolve any query or concern you raise about our use of your information. To lodge a complaint under the KCDPA, you may visit: https://www.ag.ky.gov/Resources/Consumer-Resources/Consumers/Pages/Consumer-Complaints.aspx
Maryland
The Maryland Online Data Privacy Act (“MODPA”), will go into effect on October 1, 2025, and it generally provides rights to individuals that we voluntarily provide, including the right to confirm whether a controller is processing the consumer’s personal data and to access such personal data; to correct inaccuracies in the consumer’s personal data; to delete personal data provided by, or obtained about, the consumer unless retention is required by law; to obtain a copy of the consumer’s personal data processed by the controller, in a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the data to another controller without hindrance, where the processing is carried out by automated means; to obtain a list of the categories of third parties to which the controller has disclosed the consumer’s personal data or a list of the categories of third parties to which the controller has disclosed any consumer’s personal data if the controller does not maintain this information in a format specific to the consumer; and to opt out of the processing of the personal data for purposes of targeted advertising, the sale of personal data or profiling in furtherance of solely automated decisions that produce legal or similarly significant effects concerning the consumer. 
Complaints under the MODPA. We hope that our DPO can resolve any query or concern you raise about our use of your information. However, you can lodge a complaint with the Maryland Attorney General’s office. To lodge a complaint, you may visit: https://www.marylandattorneygeneral.gov/Pages/CPD/Complaint.aspx
 
Minnesota
The Minnesota Consumer Data Privacy Act (“MCDPA”), will go into effect on July 31, 2025, and it generally applies provides rights to individuals that we voluntarily provide, including the right to verify or confirm if a controller is processing their personal data; the right to rectify inaccuracies; the right to erase personal data; the right to receive a portable and easily usable copy of personal data; the right to obtain a list of the specific third parties to which the controller has disclosed a consumer’s personal data or a list of third parties to whom the controller have disclosed any personal data, and the right to opt out of data processing for targeted advertising, personal data sales, or profiling that solely results in automated decisions with legal or similarly significant implications.
Complaints under the MCDPA. We hope that we can resolve any query or concern you raise about our use of your information. To lodge a complaint under the MCDPA, you may file a complaint by email at [email protected] or by phone at (651) 539-1600.
Montana
The Montana Consumer Data Privacy Act (“MTCDPA”) generally provides rights to individuals that we voluntarily provide, including the right to confirm processing, right to access, right to correction of data, right to portability, right to deletion, right to opt out of targeted advertising, the sale of personal information, or profiling with legal or other significant effects.
Complaints under the MTCDPA. We hope that our DPO can resolve any query or concern you raise about our use of your information. To lodge a complaint under the MTCDPA, you may visit: https://app.doj.mt.gov/OCPPortal/?q=node/395/
Nebraska
The Nebraska Data Privacy Act (“NEDPA”), goes into effect on January 1, 2025, and it generally provides rights to individuals that we voluntarily provide, including the right to verify if a controller is processing their personal data; the right to rectify inaccuracies; the right to erase personal data; the right to receive a portable and easily usable copy of personal data; and the right to opt out of data processing for targeted advertising, personal data sales, or profiling that solely results in automated decisions with legal or similarly significant implications.
Complaints under the NEDPA. We hope that our DPO can resolve any query or concern you raise about our use of your information. To lodge a complaint under the NEDPA, you may visit: https://dhhs.ne.gov/Pages/hipaa.aspx
New Hampshire
The New Hampshire Privacy Act (“NHPA”), goes into effect on January 1, 2025, and it generally provides rights to individuals that we voluntarily provide, including the right to verify if a controller is processing their personal data; the right to rectify inaccuracies; the right to erase personal data; the right to receive a portable and easily usable copy of personal data; and the right to opt out of data processing for targeted advertising, personal data sales, or profiling that solely results in automated decisions with legal or similarly significant implications.
Complaints under the NHPA. We hope that our DPO can resolve any query or concern you raise about our use of your information. To lodge a complaint under the NHPA, you may visit: https://www.doj.nh.gov/citizens/consumer-protection-antitrust-bureau/consumer-complaints
New Jersey
The New Jersey Data Privacy Act (“NJDPA”) generally provides rights to individuals that we voluntarily provide, including the right to confirm whether a controller is processing the consumer’s personal data and to access such personal data; to correct inaccuracies in the consumer’s personal data; to delete personal data provided by, or obtained about, the consumer unless retention is required by law; to obtain a copy of the consumer’s personal data processed by the controller, in a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the data to another controller without hindrance, where the processing is carried out by automated means; to obtain a list of the categories of third parties to which the controller has disclosed the consumer’s personal data or a list of the categories of third parties to which the controller has disclosed any consumer’s personal data if the controller does not maintain this information in a format specific to the consumer; and to opt out of the processing of the personal data for purposes of targeted advertising, the sale of personal data or profiling in furtherance of solely automated decisions that produce legal or similarly significant effects concerning the consumer. 
Complaints under the NJDPA. We hope that our DPO can resolve any query or concern you raise about our use of your information. However, you can lodge a complaint with the New Jersey Attorney General’s office. To lodge a complaint, you may visit: https://www.njconsumeraffairs.gov/Pages/Consumer-Complaints.aspx
 
Oregon
The Oregon Consumer Privacy Act (“OCPA”) generally provides rights to individuals that we voluntarily provide, including the right to verify or confirm if a controller is processing their personal data; the right to rectify inaccuracies; the right to erase personal data; the right to receive a portable and easily usable copy of personal data; the right to obtain a list of the specific third parties to which the controller has disclosed a consumer’s personal data or a list of third parties to whom the controller have disclosed any personal data, and the right to opt out of data processing for targeted advertising, personal data sales, or profiling that solely results in automated decisions with legal or similarly significant implications. The OCPA also gives consumers the right to revoke previously given consent to process a consumer’s personal data.
Complaints under the OCPA. We hope that we can resolve any query or concern you raise about our use of your information. To lodge a complaint under the OCPA, you may visit:
https://www.doj.state.or.us/consumer-protection/contact-us/
Rhode Island
The Rhode Island Data Privacy Act (“RIDPA”), goes into effect on January 1, 2026, and it generally provides rights to individuals that we voluntarily provide, including the right to verify if a controller is processing their personal data; the right to rectify inaccuracies; the right to erase personal data; the right to receive a portable and easily usable copy of personal data; and the right to opt out of data processing for targeted advertising, personal data sales, or profiling that solely results in automated decisions with legal or similarly significant implications.
Complaints under the RIDPA. We hope that our DPO can resolve any query or concern you raise about our use of your information. To lodge a complaint under the RIDPA, you may visit: https://riag.ri.gov/forms/consumer-complaint
Tennessee
The Tennessee Information Protection Act (“TIPA”), goes into effect on January 1, 2025, and it generally provides rights to individuals that we voluntarily provide, including the right to know whether a controller is processing the consumer’s data and the right to access that data; request a controller correct inaccuracies in the consumer’s personal data; delete personal data provided by, or obtained about, the consumer; obtain a copy of their personal data in a portable and readily usable format; and opt out of processing for the sale of personal data, targeting advertising or profiling.
Complaints under the TIPA. We hope that our DPO can resolve any query or concern you raise about our use of your information. To lodge a complaint under the TIPA, you may visit: https://www.tn.gov/attorneygeneral/working-for-tennessee/consumer/file-a-complaint.html
Texas
The Texas Data Privacy and Security Act (“TDPSA”) generally provides rights to individuals that we voluntarily provide, including the right to confirm whether the controller is processing their personal data and provide them access to their personal data; correct inaccuracies in their personal data; delete personal data provided by or obtained about them; obtain a copy of the consumer's personal data that the consumer previously provided to the controller (i.e., data portability); and opt out of the processing of their personal data for targeted advertising, selling personal data about them, or profiling.
Complaints under the TDPSA. We hope that our DPO can resolve any query or concern you raise about our use of your information. To lodge a complaint under the TDPSA, you may visit: https://www.texasattorneygeneral.gov/consumer-protection/data-breach-reporting
Utah
The Utah Consumer Privacy Act (“UCPA”) generally provides rights to individuals that we voluntarily provide, including the right to confirm whether the controller is processing their personal data and provide them access to their personal data; correct inaccuracies in their personal data; delete personal data provided by or obtained about them; obtain a copy of the consumer's personal data that the consumer previously provided to the controller (i.e., data portability); and opt out of the processing of their personal data for targeted advertising, selling personal data about them, or profiling.
Complaints under the UCPA. We hope that our DPO can resolve any query or concern you raise about our use of your information. To lodge a complaint under the UCPA, you may visit: https://dcp.utah.gov/ucpa/
Virginia
The Virginia Consumer Data Protection Act (“VCDPA”) generally provides rights to individuals that we voluntarily provide, including the right to confirm if the controller is actually processing their personal data; correct inaccuracies in the consumer’s personal data that is collected by the controller; delete personal data provided by or obtained about the consumer; obtain copies of the personal data collected by the controller; and opt out of the processing of personal data for purposes of targeted advertising, the sale of personal data, or further profiling 
Complaints under the VCDPA. We hope that we can resolve any query or concern you raise about our use of your information. To lodge a complaint under the VCDPA, you may visit:
https://www.oag.state.va.us/consumer-protection/index.php/file-a-complaint
Europe 
The GDPR only applies to entities established outside the European Union (“EU”) that offer goods or services (or is monitoring the behavior of individuals) in the EU. The GDPR provides rights to individuals that we voluntarily provide, including:

Right to Access

The right to be provided with a copy of your personal information (the right of access)

Right to Rectification

The right to require us to correct any mistakes in your personal information

Right to be Forgotten

The right to require us to delete your personal information—in certain situations

Right to Restriction of Processing

The right to require us to restrict processing of your personal information—in certain circumstances, e.g. if you contest the accuracy of the data

Right to Data Portability

The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations

Right to Object

The right to object:

  • at any time to your personal information being processed for direct marketing (including profiling);
  • in certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests.

Right Not to be Subject to Automated Individual Decision-Making

The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

For further information on each of those rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioner’s Office (“ICO”) on individual rights under the GDPR.
Double Opt-In. Some countries require double opt-in consent (e.g. Austria, Germany, Greece, Switzerland, Luxembourg, and Norway). We believe the GDPR and other data privacy laws in these countries do not apply to us, as explained above. Regardless, in these countries, we only collect, use, store, transfer, or share an Opt-In Participant’s Personal Information if the Opt-In Participant doubly consented to us to do so.
Complaints under the GDPR. We hope that our DPO can resolve any query or concern you raise about our use of your information. The GDPR also gives you right to lodge a complaint with a supervisory authority, in the European Union (or EEA) state where you work, normally live, or where any alleged infringement of data protection laws occurred. To find your supervisory authority, you may visit: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en
South America, Asia-Pacific, and Africa
In South American, Asia-Pacific, and African regions of the world, many countries and territories have data privacy laws that may not apply to us but we voluntarily provide those rights to individual website visitors, account owners, or customers. A review of those reasons include, for example:
The data privacy laws of Argentina and Hong Kong, pursuant to the 2020 decision of the Administrative Appeals Board (“AAB”), only apply to entities in those countries. 
The data privacy laws of Australia allow a consumer to obtain certain data held about that consumer by a third party and require data to be given to accredited third parties for certain purposes. We provide those rights voluntarily as explained above. We hope that our DPO can resolve any query or concern you raise about our use of your information under Australian Data Privacy Laws. To lodge a complaint under Australian law, the Information Commissioner, under the Office of the Australian Information Commissioner (“OAIC”) is the national data protection regulator responsible for Privacy Act oversight and can be reached at 175 Pitt Street, Sydney NSW 2000, or by telephone at 1300 363 992 or by facsimile at 61 2 9284 9666.
Generally, the data privacy laws of Armenia, Benin Republic, Brazil, China, Colombia, Israel, Kenya, New Zealand, Nigeria, the Philippines, Singapore, South Africa, and South Korea apply to extraterritorial entities that foresee collecting, storing, using, transferring, sharing, or selling Personal Information of their country’s residents or citizens. However, they generally provide rights to a consumer that we voluntarily provide as explained above. 
Regardless, these regions’ privacy laws provide rights to their residents or citizens that we voluntarily provide our website visitors, account owners, and customers as outlined in the above sections.
For specific rights related to these regions’ data privacy laws or for more information about filing a complaint under these regions’ data privacy laws, please contact our DPO at [email protected].
How to Exercise Your Rights. If you would like to exercise any of your rights as described in this Policy, please:
Please note that you may only make a CCPA-related data access or data portability disclosure request twice within a 12-month period.
If you choose to contact us directly by, you will need to provide us with:
  • Enough information to identify you (e.g., your full name, email address and phone number or WhatsApp number provided);
  • Proof of your identity and address (e.g., a copy of your driving license or passport and a recent utility or credit card bill); and
  • A description of what right you want to exercise and the information to which your request relates.
We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person’s behalf.
Any Personal Information we collect from you to verify your identity in connection with you request will be used solely for the purposes of verification.
GENERAL INFORMATION
  • Changes to This Privacy Notice. This Policy was published and last updated on October 1, 2024. We may change this Policy from time to time–when we do, we will inform you via our Website and by email if you have provided an email address to us as an account owner or customer.
  • How to Contact Us. Please contact our DPO by email or telephone if you have any questions about this Policy or the Personal Information we hold about you.
  • Our contact details are shown below:

    Our Data Protection Officer (“DPO”)

    Bryce Washum

    3229 Premier Drive

    Dallas, Texas 75063

    [email protected]

    Do You Need Extra Help? If you would like this Policy in another format (for example: audio, large print, braille), please contact us (see “How to contact us” above).