Free shipping on orders over $50

Alpecin Logo
Cart

Privacy Policy

We take the protection of your personal information seriously. This Privacy Policy explains how we collect, use, disclose, and protect information about consumers in connection with this website and online store. 

Important structural note – separate businesses: DR. KURT WOLFF GMBH & CO. KG, incorporated and registered in Germany with the commercial register of the local court in Bielefeld, Germany under HRA 11533 and its registered office at Johanneswerkstrasse 34-36 33611 Bielefeld, Germany (“Dr. Wolff”, “we”, “us”) operates and provides this website and its content.  

For all processing activities by Dr. Wolff described in this Privacy Policy (other than the checkout described in Part B), Dr. Wolff USA Distribution Inc., 228 Park Avenue S #25124 New York, NY 10003 USA (“Dr. Wolff US”), a wholly-owned subsidiary registered in the USA, acts as a sub-processor and service provider to Dr. Wolff, assisting with website operation, analytics, marketing, and customer service as described herein. 

The checkout of the webshop (including conclusion of the purchase contract, payment, fulfillment) is operated by FIC SHARECO LIMITED incorporated and registered in England and Wales with company number 05016010 whose registered office is at Icon 1, 7-9 Sunbank Lane, Altrincham, WA15 0AF (“THG”), which acts as the seller to customers and as a separate controller for the processing at checkout.  

Dr. Wolff and THG act independently unless expressly stated otherwise, and share/receive data as described below to provide customer service and marketing. 

Last updated: 03/17/2026 

A. Dr. Wolff – Website, marketing, and customer service

I. Who we are and scope 

  • Business: DR. KURT WOLFF GMBH & CO. KG, Johanneswerkstraße 34–36, 33611 Bielefeld, Germany. 
  • Scope: personal information collected via our US website and related features (browsing, analytics, marketing, newsletters, embedded content, reviews) and customer service for purchases. Checkout, payment, and fulfillment are handled by THG (see Part B). 
  • In all activities described in this Section, Dr. Wolff US acts as a service provider/sub-processor on behalf of Dr. Wolff. 

II. Categories of personal information we collect 

  • Identifiers and contact details: name, email address, postal address, phone number, online identifiers (cookies, device IDs, IP address). 
  • Internet or network activity and device data: pages viewed, clicks, scrolls, referring URLs, timestamps, language, browser/OS, screen resolution, error diagnostics. 
  • Commercial information: order and communications data we may receive from THG to provide customer service and conduct marketing analysis (e.g., order ID, items purchased, delivery status, inquiry history). 
  • Geolocation data: approximate location derived from IP address. 
  • Inferences: inferred preferences/interests. 
  • Usergenerated content: product reviews and ratings. 
  • Sensitive personal information: we do not seek to collect sensitive personal information via our website. Payment card data and similar information are handled by THG during checkout. 
  • Wherever this Privacy Policy refers to the collection or processing of your personal information by Dr. Wolff, such collection or processing may also be performed by Dr. Wolff US as a service provider and subsidiary, strictly on behalf of Dr. Wolff. 

III. Sources of personal information 

  • Directly from you (forms, newsletter signup, communications, reviews). 
  • Automatically from your device/browser (including through cookies, pixels, SDKs, and similar technologies). 
  • From service providers, partners, and platforms that support our site, advertising, and analytics. 
  • From THG (limited customer/order and communications data to provide customer service and, where permitted, marketing/market analysis). 

IV. How we use personal information 

  • Provide, operate, maintain, and improve the website and its features. 
  • Customer service: respond to inquiries about orders, delivery, returns/warranty questions, and related support; communicate with you and keep records of interactions. 
  • Measure, analyze, and optimize site performance and content; detect and fix errors; conduct A/B testing. 
  • Marketing and advertising, including crosscontext behavioral/targeted advertising, where permitted by law and your choices. 
  • Prevent fraud and abuse; ensure security and integrity of our systems. 
  • Comply with legal obligations and enforce our terms. 

V. Cookies and similar technologies; consent and controls 

  • We use cookies, pixels, local storage, and similar technologies to operate the site, remember preferences, perform analytics, and support advertising. 
  • You can manage cookies via our cookie banner/settings and your browser settings. If you block cookies, some features may not work. 
  • Global Privacy Control (GPC) and universal optout signals: where required by applicable US state law (e.g., California, Colorado), we honor recognized browserbased optout signals for sale/sharing/targeted advertising. 
  • We use a consent/choice management platform (OneTrust) to record your preferences (data captured may include IP address, timestamp, a pseudonymous ID, and your selected settings). Consent logs are typically retained for 12 months. 

VI. Web analytics, monitoring, and optimization  

Purposes: evaluate visits and interactions; identify technical errors; optimize design/content; conduct A/B tests. Data categories may include pseudonymous usage and interaction data, device/technical data, IP address, referrer URL, date/time; where feasible we use IP masking. 

Service providers used (examples): 

  1. Google services (e.g., Google Analytics, Google Ads, DoubleClick) 
  • International processing may occur. See Google’s privacy information for details. 
  1. Sentry (Functional Software Inc., San Francisco, USA) for error monitoring and stability. 
  1. Microsoft Clarity (Microsoft Corporation, Redmond, USA) for heatmaps and session replays to understand behavior and improve our site. Provider storage typically up to 13 months. 

VII. Remarketing and conversion tracking  

We use services to present interestbased ads, analyze interactions, and measure campaign performance on other sites/platforms. Categories include pseudonymous usage data, device information, interests, demographic segments, and location data where enabled. 

Service providers used (examples): 

  • Google services (Analytics, Ads, Remarketing, DoubleClick) 
  • TikTok Analytics 
  • Adform 
  • Outbrain Amplify 
  • Taboola 
  • Facebook Custom Audiences (Meta) 
  • Pinterest Conversion Insights Note on state privacy laws: our use of advertising cookies and tags may constitute “sharing” (CA) or “targeted advertising” (CO/CT/VA and others). You can opt out as described under Your Privacy Rights. 

VIII. Advertising emails and newsletters 

  • Email delivery and marketing platform: Klaviyo, Inc., 225 Franklin St., Boston, MA 02110, USA. Klaviyo processes your email address and related engagement data (e.g., opens, clicks, unsubscribe events) to deliver and measure our emails. 
  • With your consent or as otherwise permitted by law, we send marketing emails about offers and products. You can unsubscribe at any time via the link in each email or by contacting us. 
  • We may use tracking pixels/unique IDs (via Klaviyo) in emails to understand engagement. If your email client blocks images by default, tracking is limited. 
  • CANSPAM: we include our sender information and an easy unsubscribe in every marketing email. 

IX. Data we are granted access to by THG for customer service, marketing, and market analysis 

  • Separation of responsibilities: THG operates checkout, payment, and fulfillment as an independent business. Dr. Wolff provides customer service for purchases; marketing, and market analysis. For that purpose, THG grants access to necessary customer/order and communications data to Dr. Wolff as described below.  
  • Categories accessed (as far as strictly necessary): 
  • For customer service: identification and contact details (e.g., name, email, postal address, phone), order details (e.g., order ID, items purchased, delivery status, returns/warranty data), and communications history (e.g., prior inquiries and responses). 
  • For marketing/market analysis (where permitted): identification and contact details and limited purchase metadata (e.g., product categories, purchase date, order value). 
  • Purposes: 
  • Customer service: respond to and resolve your inquiries about orders, delivery, and product issues; communicate updates; maintain records for quality and compliance. 
  • Direct marketing by Dr. Wolff (where permitted by law and subject to your choices); market analysis (e.g., aggregate/pseudonymous evaluations to improve offerings). 
  • Your choices: 
  • Customer service: using your data for customer service is necessary to address your requests and support postpurchase needs. We do not use customerservice data for crosscontext behavioral advertising unless you separately allow it. 
  • Marketing: you can opt out of Dr. Wolff direct marketing at any time (unsubscribe link or email haircoach@usa.alpecin.com). Where applicable state law treats such use as “sale/share” or “targeted advertising,” you can exercise optout rights as described below. 

X. Disclosures of personal information We disclose personal information to: 

  • Service providers/contractors who process data on our behalf (e.g., hosting, email delivery via Klaviyo, analytics and advertising technology, security, support). 
  • Dr. Wolff US, as a wholly-owned subsidiary and sub-processor/service provider, may access or process personal information solely for the purposes and under the instructions of Dr. Wolff, including all activities described above. 
  • Advertising and analytics partners to support measurement and crosscontext advertising subject to your choices and applicable law. 
  • Authorities and others as required by law or to protect rights and safety. 
  • Parties to business transactions (e.g., merger, acquisition). 

We do not sell personal information for money. We may “share” personal information for crosscontext behavioral advertising as defined by California law and/or process it for targeted advertising under other state laws. We do not knowingly sell or share personal information of consumers under 16 years of age. 

XI. Security We implement reasonable administrative, technical, and physical safeguards to protect personal information. Transmissions are encrypted with TLS/SSL where applicable. No method of transmission or storage is 100% secure. 

XII. Data retention We keep personal information only as long as reasonably necessary to fulfill the purposes outlined or as required by law. Illustrative periods: 

  • Web server logs: up to 12 months. 
  • Cookie/analytics data: typically 13–26 months depending on provider settings. 
  • Consent logs (cookie/marketing): 12 months. 
  • Marketing contact data via Klaviyo: until you opt out or after a defined inactivity period. 
  • Customer service records: for the period necessary to resolve the request and comply with legal/operational requirements. 
  • Reviews: for the life of the product page, unless you request deletion. Actual retention may vary depending on legal, operational, and security needs. 

XIII. Children’s privacy Our services are not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child under 13 has provided personal information, contact us to request deletion. We do not knowingly sell or share personal information of consumers under 16. 

XIV. Your privacy rights (US state laws, including California) Depending on your state of residence, you may have some or all of the following rights. We will honor requests as required by applicable law. 

  • Right to know/access: request disclosure of the categories and specific pieces of personal information we collected, the sources, purposes, and categories of third parties to whom we disclosed it. 
  • Right to delete: request deletion of personal information we collected from you, subject to exceptions. 
  • Right to correct: request correction of inaccurate personal information. 
  • Right to portability: request a copy of certain information in a portable format. 
  • Right to opt out of sale/share/targeted advertising: opt out of the “sharing” of personal information for crosscontext behavioral advertising (CA) and of targeted advertising/sale under other state laws. 
  • Right to limit use/disclosure of sensitive personal information (CA): we do not use sensitive personal information for purposes that require a right to limit; if that changes, we will provide a method to limit. 
  • Right to appeal (e.g., CO/CT/VA): if we deny your request, you may appeal by replying to our decision email or contacting dpo@drwolffgroup.com; we will inform you in writing of our decision and how you can contact your state attorney general if you remain unsatisfied. 
  • Nondiscrimination: we will not discriminate against you for exercising your privacy rights. 

How to exercise your rights 

  • Submit a request: email dpo@drwolffgroup.com or use our web form (if available on the site). For California, you may also use the “Your Privacy Choices” or “Do Not Sell or Share My Personal Information” link in the site footer to opt out of sale/share. 
  • Verification: we may need to verify your identity (e.g., by matching information you provide with information we maintain). Authorized agents may submit requests on your behalf; we may require proof of authorization and verification of your identity. 
  • Optout preference signals: where required by law, we recognize browserbased signals such as Global Privacy Control (GPC). If we can associate a signal with your account or device, we will apply it to that browser/device and, where feasible, to your account. 
  • Timing: we aim to respond within the timeframes required by law (e.g., 45 days, extendable as permitted). 

California disclosures (CCPA/CPRA) 

  • Categories collected in the past 12 months: identifiers and contact details; internet/network activity; device data; commercial information (including limited order and communications data received from THG for customer service); geolocation (approximate); inferences; usergenerated content. 
  • Categories disclosed for business purposes: all of the above to service providers/contractors and as otherwise described. 
  • Sale/share: we do not sell personal information for money. We “share” identifiers, internet/network activity, device data, and inferences with advertising partners for crosscontext behavioral advertising unless you opt out. 
  • Financial incentives: we do not offer financial incentive programs for personal information. If we introduce such programs, we will provide a separate notice describing the material terms. 

Nevada residents 

  • We do not sell “covered information” as defined under Nevada law. You may submit a request directing us not to sell by contacting dpo@drwolffgroup.com

B. THG – Checkout and fulfillment

THG Privacy Notice – Checkout and Fulfilment

(1) What personal data we collect and how 

Personal data, or personal information, means any information about an individual from which that person can be identified.  

Personal data we collect directly. We collect personal data from you when you provide it to us directly and through your use of the website [insert domain name] (Site), including: 

  • Name and contact information - information you provide to us when you use our Site e.g. your name, contact details, gender, and any information which you submit as part of a webform e.g. asking to be contacted about a product or service.  
  • Records of your communications and interactions with us, such as when you email, call, or otherwise contact us, we collect and maintain a record of your contact details, communications and our responses.  

Personal data collected automatically. We automatically collect personal data related to your use of our Site and interactions with us and others, e.g. using cookies and pixel tags, as well as information we derive about you and your use of the Site. This includes: 

  • Device and browsing information. We use cookies, log files, pixel tags and other tracking technologies to automatically collect information when users access or use our Site.  This can include IP address, general location information, domain name, page views, a date/time stamp, browser type, device type, device ID, Internet service provider, referring and exiting URLs, operating system, language, clickstream data, and similar device and usage information. For more information, see Section 4 “Cookies and Personalisation” below.  
  • Activities and usage information related to your use of the Site, such as links clicked, searches, features used, items viewed, time spent within the Site, files uploaded, products and items you view and items you add to your basket.  
  • Location informationWe may collect or derive location information about you, such as through your IP address. With your permission, we may also collect geolocation information from your device. You may turn off location data sharing through your device settings.   

(2) How we use personal data 

Depending on how you use our Site, your interactions with us, and the permissions you give us, the purposes for which we use your personal data include: 

  • Respond to your requests. To manage and respond to any queries and requests for information you make to us.  
  • Manage our relationship with you. To notify you of service-related matters such as changes to our terms or privacy policy.   
  • Personalise content and experiences. To personalise the Site and show you content we think you will be most interested in.  
  • Operate and improve the Site and our business. To display the Site and its fonts (which may include Google Fonts), improve and maintain the Site, and monitor its usage, to better understand how users access and use the Site, and our other products and offerings, and for other research and analytical purposes, such as to evaluate and improve our business operations, to develop services and features, and for internal quality control and training purposes.  
  • Security and protection of rights. For security purposes, to prevent, detect, and investigate fraud and other unauthorised activities and access, and where necessary to protect ourselves, our business and third parties.  
  • Compliance with law and legal process. To comply with the law and our legal and regulatory obligations, to respond to legal process and in relation to legal proceedings. 

We rely on the following legal bases under data protection law to process your personal data: 

  • Because the processing is necessary to perform a contract with you, or take steps prior to entering into a contract with you (e.g. where you express and interest in purchasing products or services from us).  
  • Because we have obtained your consent (e.g. if you consent to receive marketing from us or agree to the use of non-essential cookies).  If you have consented to a processing activity, you can withdraw your consent at any time.  We explain how to do this in the Cookies and Personalisation section (section 4) and Marketing section (section 5) of this policy.  
  • Because it is in our legitimate interests as an e-commerce provider to maintain, promote and protect our business and services. We are always seeking to understand more about our customers in order to offer the best products and customer experience. We use information about you to tailor your view of the Site, to make it more interesting and relevant in respect of the products, services and offers on view.  
  • In very limited cases, because it is necessary to comply with a legal obligation which we are subject to. 

 (3) Who do we share personal data with? 

We may share your personal data with third parties, for the purposes described above, in the following circumstances:  

  • With other companies in our group of companies.  
  • With our suppliers and service providers who process the data on our behalf, e.g., payment processors.  
  • With our professional and legal advisors.  
  • With third parties engaged in fraud prevention and detection.  
  • With third party platforms, providers and networks.  We may disclose or make available personal data to third party platforms and providers that we use to provide our Site and its features. We may also make personal data available to third parties in support of our marketing, analytics, advertising and campaign management.  See Section 4 “Cookies and Personalisation” for more information.  
  • With law enforcement or other governmental authorities, e.g., to report a fraud or in response to a lawful request.  
  • To comply with legal obligations. We may share personal data with third parties to comply with our legal and compliance obligations and to respond to legal process e.g. in response to subpoenas, court orders, and other lawful requests by regulators and law enforcement and government bodies.  This may include responding to national security or law enforcement disclosure requirements and disclosures that we are required to make under applicable laws, such as the names of sweepstakes and contest winners.  
  • Otherwise where we have your consent or are legally permitted to do so. 

(4) Cookies and Personalisation 

Cookies and tracking technologies. We and our third party service providers use cookies, pixels, local storage objects, log files, APIs, and similar technologies to automatically collect browsing activity, device and similar information within our Site. 

We use this information to provide functionality on the Site, to understand and measure Site performance, to understand how users access, use and interact with others, and to deliver targeted advertising and content on our Site and third party sites.   

We also use it to identify and resolve bugs and errors in our Site and to assess, secure, protect, optimise and improve the performance of our Site.  

Manage your preferences.  You can manage your preferences for cookies and personalisation used by us as explained below. 

  • Cookie preference tool. You can review and update your cookie preferences for our Site and opt out of most cookies and trackers on our Site (other than those that are strictly necessary) within our Cookie Preference Tool accessible via the cookie icon at the bottom left hand corner of the webpage.  Your preferences are browser and device specific so you need to set the preference for each browser and device you use to access our Site.  If you delete or block cookies, you may need to reapply these preferences.   

Please note that opting out of cookies and trackers on our Site does not mean that you will no longer see ads from us. You may continue to see generic or “contextual” ads.   

(5) Transfers of personal data to other countries 

We use service providers, and have group companies, in countries around the world. Your personal data may therefore be processed in countries outside of Europe, including in countries where you may have fewer legal rights in respect of your data than you do under local law. If we transfer personal data outside your territory we will ensure that your privacy rights are adequately protected by appropriate safeguards. Please contact us if you would like more information about these safeguards. 

(6) Retention 

We will keep your personal data in line with our data retention policy, for as long as we need it for the purposes set out above, so this period will vary depending on your interactions with us. 

(7) Security  
We implement appropriate technical and organisational security safeguards to protect your data from loss, misuse, and unauthorised access, disclosure, alteration and destruction. We also maintain ISO 27001 and PCI DSS (Payment Card Industry - Data Security Standard) security certifications. 

However, please be aware that it is impossible for any company to guarantee the absolute security and integrity of the information that has been transmitted to its website. 

(8) Children 

The Site is not intended for, and should not be used by, children under the age of 18. We do not knowingly collect personal data from children under 18. 

(9) Your Rights 

You have choices regarding our processing of your personal data as described in this section. 

Your rights under data protection laws: You have the right to: 

  • Ask for a copy of your personal data, make corrections to your personal data, and in some cases e.g. where our purposes for processing have come to an end, ask us to delete it. 
  • Object to our use of your personal data in certain situations, including where we use your personal data for direct marketing.  See section 5 “Marketing” for details of how to opt out of direct marketing.  
  • Transfer your personal data, in certain circumstances, to another provider, in a commonly used format.  
  • Complain to the data protection regulator in your country.    

We will comply with any requests to exercise your rights in accordance with applicable law. Please be aware, however, that there are several limitations to these rights, and there may be circumstances where we are not able to comply with your request.  

You can exercise your rights by contacting customer.experience@thehutgroup.com. 

US residents. If you are a California resident, please review our California Privacy Supplement (section 13) below, for specific information about your rights under California privacy laws and how to exercise them.  Residents of certain other US states including Virginia have additional rights under applicable privacy laws, subject to certain limitations, which may include: 

  • The right to correct inaccuracies in your personal information, taking into account the nature and purposes of the processing of the personal information.  
  • The right to delete your personal information provided to or obtained by us.  
  • The right to confirm whether we are processing your personal information and to obtain a copy of your personal information in a portable and, to the extent technically feasible, readily usable format.  
  • The right to opt out of (as applicable) the “sale” of your personal data, targeted advertising, and any processing of personal information for the purposes of making decisions that produce legal or similarly significant effects.   
  • The right to submit an appeal if we deny your request. 

You can opt out of targeted advertising on our Site as set out in Section 4 “Cookies  and Personalisation”, and opt out of direct marketing as set out in Section 5 “Marketing”. To exercise your other rights please contact  customer.experience@thehutgroup.com. 

(10) Changes to this Notice 

This Notice is current as of the Effective Date stated above. We may change this Notice from time to time, so please be sure to check back periodically. If we make material changes we will alert you e.g. by posting a prominent notice on the Site or via email.  

(11) Contact Us 

If you have any queries on any aspect of our Privacy Notice, please contact us on the details below:  
Email: customer.experience@thehutgroup.com 

(12) California Privacy Supplement 

Consumers residing in California have additional rights in relation to their personal information under California privacy law, including the California Consumer Privacy Act (“CCPA”). If you are a California resident, this section applies to you. This section does not address or apply to our handling of publicly available information or other personal information that is exempt under the CCPA. 

Categories of personal information collected and disclosed. Whilst our processing of personal information varies based upon our relationship and interactions with you, the table below identifies, generally, the categories of personal information (as defined by the CCPA) that we may collect, and have in the past twelve months collected, about California residents, as well as the categories of third parties to whom we may disclose this information for a business or commercial purpose.  

Categories of Personal Information and Third Party Disclosures

1. Identifiers

Description
Includes direct identifiers, such as name, alias, user ID, username, account number or unique personal identifier; email address, phone number, address and other contact information; IP address and other online identifiers.

Categories of third party disclosures
We may disclose Identifiers to the following categories of third parties:

  • vendors and service providers
  • advisors and agents
  • government entities and law enforcement
  • affiliates and subsidiaries
  • advertising networks
  • data analytics providers
  • social networks
  • internet service providers
  • operating systems and platforms
  • others as required by law or directed by you

 

2. Customer Records

Description
Includes e.g. name, account name, user ID, contact information, account number. For example, this may include information collected when an individual registers for an account or contacts us about our products and services.

Categories of third party disclosures
We may disclose Customer Records to the following categories of third parties:

  • vendors and service providers
  • advisors and agents
  • government entities and law enforcement
  • affiliates and subsidiaries
  • internet service providers
  • operating systems and platforms
  • others as required by law, or as otherwise directed by you

 

3. Commercial information

Description
Includes records of personal property, products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies. For example, this may include demographic information that we receive from third parties in order to better understand and reach our customers.

Categories of third party disclosures

  • vendors and service providers
  • advisors and agents
  • government entities and law enforcement
  • affiliates and subsidiaries
  • advertising networks
  • data analytics providers
  • social networks
  • internet service providers
  • operating systems and platforms
  • others as required by law, or as otherwise directed by you

 

4. Internet and electronic network activity information

Description
Including, but not limited to, browsing history, clickstream data, search history, and information regarding interactions with an internet website, application, or advertisement, including other usage data related to your use of any of our Site or other online services.

Categories of third party disclosures

  • vendors and service providers
  • advisors and agents
  • government entities and law enforcement
  • affiliates and subsidiaries
  • advertising networks
  • data analytics providers
  • social networks
  • internet service providers
  • operating systems and platforms
  • others as required by law, or as otherwise directed by you

 

5. Geolocation data

Description
Location information about a particular individual or device e.g., derived from your IP address.

Categories of third party disclosures

  • vendors and service providers
  • advisors and agents
  • government entities and law enforcement
  • affiliates and subsidiaries
  • advertising networks
  • data analytics providers
  • others as required by law, or as otherwise directed by you

 

6. Audio, visual and other electronic data

Description
Includes audio, electronic, visual, thermal or similar information, such as thermal screenings and CCTV footage (e.g., collected from visitors to our stores, offices and premises); photographs and images (e.g., that you provide us or post to your profile) and call recordings (e.g., of customer support calls).

Categories of third party disclosures

  • vendors and service providers
  • advisors and agents
  • government entities and law enforcement
  • affiliates and subsidiaries
  • advertising networks
  • data analytics providers
  • social networks
  • internet service providers
  • operating systems and platforms
  • business customers/clients
  • others as required by law, or as otherwise directed by you

 

7. Professional information

Description
Includes professional and employment-related information such as current and former employer(s) and position(s), job application information, business contact information and professional memberships.

Categories of third party disclosures

  • vendors and service providers
  • advisors and agents
  • government entities and law enforcement
  • affiliates and subsidiaries
  • advertising networks
  • data analytics providers
  • social networks
  • internet service providers
  • operating systems and platforms
  • others as required by law, or as otherwise directed by you

 

8. Profiles and inferences

Description
Including inferences drawn from any of the information identified above to create a profile reflecting a consumer’s preferences, characteristics, behavior or attitudes.

Categories of third party disclosures

  • vendors and service providers
  • advisors and agents
  • government entities and law enforcement
  • affiliates and subsidiaries
  • advertising networks
  • others as required by law, or as otherwise directed by you

 

9. Protected classifications

Description
We collect some information that is considered a protected classification under California/federal law, such as your gender, date of birth, citizenship, and marital status.

Categories of third party disclosures

  • vendors and service providers
  • advisors and agents
  • government entities and law enforcement
  • affiliates and subsidiaries
  • advertising networks
  • data analytics providers
  • social networks
  • internet service providers
  • operating systems and platforms
  • others as required by law, or as otherwise directed by you

 

10. Sensitive personal information

Description
In limited circumstances, we may collect:
Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.

Categories of third party disclosures

  • vendors and service providers
  • advisors and agents
  • government entities and law enforcement
  • affiliates and subsidiaries
  • others as required by law, or as otherwise directed by you

Sales and sharing. California privacy laws define a "sale" as disclosing or making available to a third-party personal information in exchange for monetary or other valuable consideration, and “sharing” broadly includes disclosing or making available personal information to a third party for purposes of cross-context behavioral advertising.  While we do not disclose personal information to third parties in exchange for monetary compensation, we may “sell” or “share” (as defined by the CCPA): identifiers and internet and electronic network activity information to/with third-party advertising networks, analytics providers, and social networks. We do so in order to improve and evaluate our advertising campaigns and better reach customers and prospective customers with more relevant ads and content.  We do not sell or share sensitive personal information, nor do we sell or share any personal information about individuals who we know are under sixteen (16) years old. 

Sources of personal information. In general, we may collect personal information from the following categories of sources:  

  • Directly from the individual
  • Advertising networks 
  • Data analytics providers 
  • Social networks 
  • Internet service providers
  • Operating systems and platforms
  • Fraud prevention service providers 
  • Data brokers 
  • Business customers/clients 

Purposes of collection, use and disclosure.  As described in more detail in Section 2 “How we use personal data” and Section 3 “Who do we share personal data with”, we collect, use, disclose and otherwise process the above personal information for the following business or commercial purposes and as otherwise directed or consented to by you: 

  • Respond to your requests
  • Provide recommendations
  • Manage our relationship with you 
  • Personalize content, ads and experiences
  • Operate and improve the Site and our business
  • Events  
  • Research and customer satisfaction
  • Marketing and advertising 
  • Security and protection of rights
  • Compliance with law and legal process
  • Internal business operations 

Sensitive personal information. Notwithstanding the above, we only use and disclose sensitive personal information as reasonably necessary (i) to perform our services requested by you, (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents, (iii) to detect, prevent and respond to malicious, fraudulent, deceptive, or illegal conduct, (iv) to verify or maintain the quality and safety of our services, (v) for compliance with our legal obligations, (vi) to our service providers who perform services on our behalf, and (vii) for purposes other than inferring characteristics about you.  We do not use or disclose your sensitive personal information other than as authorized pursuant to section 7027 of the CCPA regulations (Cal. Code. Regs., tit. 11, § 7027 (2022)). 

Retention. We retain personal information only as reasonably necessary for the purposes described above or otherwise disclosed to you at the time of collection.   

CCPA rights.  Under the CCPA, California residents have the following rights (subject to certain limitations): 

  • The right to opt-out of our sale and sharing of your personal information.
  • The right to limit our use or disclosure of sensitive personal information to those authorized by the CCPA. 
  • The right to the deletion of your personal information that we have collected, subject to certain exceptions.   
  • The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about you. 
  • The right to correct inaccurate personal information that we maintain about you.  
  • The right not to be subject to discriminatory treatment for exercising their rights under the CCPA.   

Submitting CCPA requests. California residents may make requests to access/know, correct and delete their personal information maintained by us online by emailing customer.experience@thehutgroup.com. Once we receive your request, we will take steps to verify it by asking you to provide information related to your account or your recent interactions with us. We will process your request based upon the personal information in our records that is linked or reasonably linkable to the information provided in your request. In some cases, we may request additional information in order to verify your request or where necessary to process your request. If we are unable to adequately verify a request, we will notify the requestor. If you would like to use an authorized agent to exercise your rights, we may request evidence that you have provided such agent with power of attorney or that the agent otherwise has valid authorization to submit requests on your behalf and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.  

Opt-out requests. Our Site responds to global privacy control—or “GPC”—signals, which means that if we detect that your browser is communicating a GPC signal, we will process that as a request to opt that particular browser and device out of sales and sharing (i.e., via cookies and tracking tools) on our Site. Note that if you come back to our Site from a different device or use a different browser on the same device, you will need to opt out (or set GPC for) that browser and device as well. More information about GPC is available at: https://globalprivacycontrol.org/.  You can also opt out of online tracking on our Site via the cookie preference tool (see Section 5 for details). 

California residents may exercise their right to opt out online by submitting an opt out request to customer.experience@thehutgroup.comWe will apply your opt out based upon the personal information in our records that is linked or reasonably linkable to the information provided in your request.  

For more information about our privacy practices, you may contact us as set out in the “Contact Us” section above.