Politique de confidentialité

VHUES BEAUTY PRIVACY POLICY

EFFECTIVE DATE: April 4, 2025
LAST UPDATED: November 18, 2025

VHUES BEAUTY (“VHUES”, “we”, “us”, “our”) operates this Shopify-powered store and website (the “Services”). This Privacy Policy explains how we collect, use, disclose, and protect your personal information and what choices you have. By using the Services, you acknowledge this Privacy Policy. If this Privacy Policy conflicts with our Terms of Service on privacy matters, this Privacy Policy controls.

Change Note (Nov 18, 2025):
Expanded Section 20 (ReVHUES Beauty Program) to clarify submission timelines, eligible platforms, tag requirements, content usage permissions, and reference to public Program Terms. No change to your core privacy rights.

Change Note (Nov 16, 2025):
Section 20 renamed to ReVHUES Beauty Program (formerly ReVHUES Credit Offer) and aligned with the current program structure. No change to your core privacy rights.

Change Note (Oct 26, 2025):
Section 20 updated to ReVHUES Credit Offer (replaces Creator Collective). Section 5.3 clarified currency handling (CAD in North America; USD elsewhere). Minor consistency edits; no change to your rights.

Change Note (Oct 12, 2025):
Added Section 20 (Creator Collective) — now superseded by ReVHUES. All prior Try-On references remain redacted.

Change Note (Oct 8, 2025):
All references to the former Try-On program removed or marked as [REDACTED — Try-On discontinued Oct 8, 2025].

1) Scope & Definitions

Personal information means information that identifies or can reasonably be linked to a person or household.
Sensitive information includes precise geolocation; government IDs; full payment card numbers with security codes; health, biometric, or genetic data; racial/ethnic origin; union membership; sexual life or orientation; and data from known children under 13.
“Sell” / “Share” follow U.S. state privacy law meanings (e.g., “share” = cross-context behavioral advertising).
Browsing does not require an account; some features (orders, returns, quizzes) do.

2) What We Collect

Contact & account: name, email, phone, billing/shipping address, login, preferences.
Orders & support: items viewed/added/purchased/returned; order IDs; messages to support; return status.
Payments: tokenized/payment-method details via processors; fraud-screen data. We do not store full card numbers.
Device & usage: IP, device/browser, referral URLs, pages viewed, events, approximate location (from IP).
Quiz/forms: responses to our True Match Quiz and other forms (via Typeform).
Inferences: undertone/depth guidance, campaign affinity.

We do not intentionally collect sensitive information nor data from children under 13. If you believe a child provided data, email privacy@vhues.ca for deletion. EEA/UK: we do not knowingly collect data from children under 16 (or higher local age of consent).

3) Sources

You (checkout, account, quiz, messages, returns).
Automatic collection via cookies, pixels, SDKs.
Service providers operating store, payments, analytics, logistics.
Advertising/analytics partners where allowed by law and your consent.

4) Why We Use Information (Purposes) & Legal Bases

We use personal information to:

  • Provide & fulfill (process orders/returns, manage accounts, shipping, [REDACTED — Try-On pre-authorization holds discontinued Oct 8, 2025], support).

  • Improve & personalize (site performance, fraud prevention, recommendations).

  • Marketing & measurement (emails/SMS if opted-in, ads, attribution, analytics).

  • Compliance & security (detect abuse, enforce terms, respond to lawful requests, maintain records).

Text Messaging Opt-In Data. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Legal bases (GDPR/UK/CH where applicable):

  • Contract: provide/fulfill orders, manage accounts, handle returns.

  • Legitimate interests: improve services; secure the Services; prevent fraud; measure performance (balanced against your rights).

  • Consent: non-essential cookies/analytics/ads; email/SMS marketing.

  • Legal obligations: tax, accounting, consumer, and safety laws.

Mapping (illustrative):
Orders/returns/shipping → Contract; records → Legal obligation.
Fraud/security/performance analytics → Legitimate interests (consent where required for analytics/ads).
Email/SMS marketing, retargeting → Consent (opt-in/opt-out per region).

5) Cookies, Pixels, Consent & GPC

We use cookies and similar tech for Essential (cart/checkout/security), Analytics, Personalization, and Advertising. In regions requiring consent (e.g., EEA/UK/CH), our cookie banner lets you choose categories; we honor those choices (including Google Consent Mode). You can revisit preferences via the banner link in our footer.

Global Privacy Control (GPC): Where legally required, we treat GPC signals as an opt-out for that browser/device and, where reasonably linkable, your account.

Cookie details (summary):
Essential: session, cart, checkout, authentication.
Analytics: page views, events, performance metrics (e.g., GA4).
Personalization: saved preferences, quiz continuity.
Advertising: conversion measurement, frequency capping, retargeting (e.g., Meta, TikTok, Pinterest, Google Ads).
Reviews: Trustpilot cookies for verified customer feedback (active only with consent).

Enhanced Conversions for Ads. Where Google Ads tracking is enabled, our site uses Enhanced Conversions. When you complete a purchase or submit a form, certain fields (e.g., email, name, address, phone) may be captured and immediately hashed (SHA-256) before being sent to Google for conversion matching. This occurs only with your consent via our cookie banner and in compliance with Google’s privacy terms.

6) Relationship with Shopify

We host on Shopify, which processes personal information to operate and improve its services across merchants. Shopify may use limited cross-merchant data to provide enhanced features. For details and your rights relating to Shopify’s processing, see Shopify’s Consumer Privacy Policy and Privacy Portal.

7) Third-Party Service Providers (Processors)

We share the minimum necessary data with trusted providers who process it under our instructions.

Commerce & Payments

  • Shopify — storefront, checkout, fraud checks, basic analytics.

  • Shopify Payments / Stripe / PayPal (as enabled) — payment processing, fraud screening.

Marketing, Analytics & Advertising

  • Google (GA4 & Google Ads/YouTube) — analytics, attribution, remarketing; Enhanced Conversions.

  • Meta (Facebook & Instagram Pixel/Conversions API) — ads & measurement.

  • TikTok Ads (Pixel & Events API).
    Where you allow Advertising cookies, our site uses the TikTok Pixel, Events API, and Advanced Matching to measure performance and improve the relevance of the ads you see. When you interact with our site or complete a purchase, certain fields (such as email, phone number, name, and address) may be captured, hashed on your device using SHA-256, and sent to TikTok for conversion matching and attribution. Event data (e.g., page views, add-to-cart, checkout, purchase) and limited order/customer information may also be shared via Shopify’s Customer and Order APIs to enable accurate reporting. This occurs only where permitted by law and your regional cookie settings. VHUES does not permit TikTok to access full payment card numbers or sensitive information.

  • Pinterest Ads — ads & measurement.

  • Klaviyo — email/SMS delivery & analytics.

  • ManyChat — Instagram/Facebook messaging automations.

  • Typeform — True Match Quiz and forms.

Operations & Fulfillment

  • Zapier (if/when used) — automation between tools.

  • Blanka — manufacturing/fulfillment.

  • Carriers (Canada Post/USPS/UPS/FedEx/Chit Chats) — shipping and delivery updates.

Reviews & Reputation

  • Trustpilot — customer reviews, invitations, and verification. Limited order data (e.g., name, email, order reference) may be shared to invite and verify reviews. Trustpilot cookies are non-essential and activate only with your consent via our cookie banner. See Trustpilot’s Privacy Policy.

Text Messaging Opt-In Data. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

We update this list as our stack evolves.

8) Disclosures We May Make

We may disclose personal information to:

  • Vendors/service providers (above) to operate the Services.

  • Business/marketing partners where permitted by law and your settings/consent.

  • Affiliates/corporate transactions (merger, acquisition, restructuring).

  • Legal & safety: comply with law, protect rights, investigate fraud/abuse, respond to lawful requests.

  • With your direction or consent (e.g., creator programs, social features).

SMS/Text Messaging. We use text messaging to provide customer care and order updates. Participation is voluntary and requires explicit opt-in. Reply STOP to opt out; HELP for assistance. We do not share SMS opt-in data with third parties. We minimize data and do not request/store card numbers by SMS. Transactional messages are event-based; promotional messages are sent only to opted-in users and are low frequency.

9) Selling/Sharing, Targeted Ads & Automated Decisions

We do not “sell” personal information for money.
We may “share” identifiers and online activity with advertising partners for cross-context behavioral advertising (retargeting/measurement). Where required, we provide an opt-out in our cookie banner and honor GPC.
We do not use solely automated decisions that produce legal or similarly significant effects about you.

Text Messaging Opt-In Data. Excluded from “sale”/“sharing.”

10) Retention (How Long We Keep Data)

We retain data only as long as needed for the purposes above, then delete or de-identify it. Typical periods:

  • Orders/tax/returns: up to 7 years (legal/accounting).

  • Customer support: up to 24 months after closure.

  • Marketing subscribers: until you unsubscribe or after 24 months of inactivity.

  • Analytics/ads logs: typically 14–26 months (provider defaults) unless you withdraw consent earlier.

  • Quiz responses: up to 24 months to support shade guidance/returns.

11) Security

We use reasonable administrative, technical, and physical safeguards (e.g., HTTPS/TLS, access controls, least-privilege, monitoring). No system is perfect. Avoid sending sensitive data over unsecured channels.

12) Data Breach Notification

If we become aware of a security incident that likely poses a high risk to your rights and freedoms, we will notify affected individuals and/or regulators as required by law, describing the nature of the incident, likely consequences, measures taken, and how you can mitigate potential harm.

13) Your Rights & Choices

Depending on your location (e.g., Canada PIPEDA/BC PIPA; U.S. state laws; EEA/UK/CH GDPR), and subject to limits/exceptions, you may have rights to:

  • Access/Know what we hold about you.

  • Delete personal information.

  • Correct inaccuracies.

  • Portability (receive a portable copy).

  • Opt-out of “sale”/“sharing”/targeted advertising where applicable (via our cookie banner/GPC).

  • Object/Restrict certain processing (GDPR regions).

  • Withdraw consent (GDPR regions) where processing is based on consent.

  • Appeal a denial where required by law.

How to exercise: email privacy@vhues.ca with your name, request type, and the email/phone used with us. We’ll verify your identity (and any agent’s authority) and respond within 30–45 days or the period required by law. We won’t discriminate for exercising rights.
Authorized agents (where allowed): proof of authorization required; we may require direct verification.

SMS/Text Messaging. (same terms as Section 8; unchanged)

Your Choices for Ads & Cookies

  • Use our cookie banner to manage categories.

  • Use Global Privacy Control in supported browsers.

  • Manage ad personalization in platform settings (Google, Meta, TikTok, Pinterest) and device/OS settings.

  • Email/SMS: unsubscribe via the message footer or email privacy@vhues.ca.

14) International Transfers

We are based in Canada and use providers that may process data in the U.S. and other countries. Where required, we use lawful safeguards (e.g., Standard Contractual Clauses) for cross-border transfers.

15) Complaints

Questions or concerns? Contact privacy@vhues.ca. Depending on your region, you may also complain to your local authority (e.g., Office of the Information and Privacy Commissioner for British Columbia; EEA/UK supervisory authorities).

16) Data Protection Officer (DPO)

Status: Not required for VHUES BEAUTY at this time. We do not engage in large-scale processing of special categories of data, nor large-scale systematic monitoring.
If designated later: We will add the DPO’s name, email, and address here and reflect this change in the Change Log.

17) EU/UK Representative

Status: Not appointed at this time. VHUES BEAUTY is not currently established in the EEA/UK and does not actively offer goods/services to, or monitor the behavior of, individuals in those regions.
If that changes, we will appoint an Article 27 representative and update this Policy with their details.

18) Changes to This Policy

We may update this Policy. We’ll revise the “Last updated” date and post the new version here. If changes materially affect you, we’ll provide additional notice where required.

19) Who We Are (Controller) & Contact

Controller: VHUES BEAUTY
Privacy inbox: privacy@vhues.ca
Mailing address: 3680 Wilshire Blvd, Ste P04 – 1712, Los Angeles, CA 90010, United States

Change log:

  • Nov 18, 2025 — Expanded Section 20 (ReVHUES Beauty Program) to clarify submission timelines, eligible platforms, tag requirements, content usage permissions, and reference to public Program Terms; no change to core privacy rights.

  • Nov 16, 2025 — Renamed ReVHUES Credit Offer to ReVHUES Beauty Program and aligned Section 20 terminology with the current program structure; no change to your core privacy rights.

  • Oct 26, 2025 — Replaced Creator Collective with ReVHUES Credit Offer; clarified currency handling (CAD NA / USD rest); consistency edits.

  • Oct 12, 2025 — Added Section 20 (Creator Collective); clarified UGC handling.

  • Oct 8, 2025 — Removed/redacted all Try-On references.

  • Sep 30, 2025 — Consolidated template; added vendor matrix; clarified sell/share & GPC; added GDPR lawful-basis map; set retention windows; added breach notice, appeals/agents; added DPO and EU/UK Rep placeholders.

20) ReVHUES Beauty Program (replaces “Creator Collective”)

20.1 Overview

VHUES BEAUTY operates the ReVHUES Beauty Program to reward verified customers and creators who share authentic User-Generated Content (“UGC”) featuring VHUES products. Participation is voluntary. Submissions are reviewed for authenticity, quality, and compliance with program guidelines.

20.2 What We Collect

When you submit to ReVHUES (via Typeform or similar), we collect:

  • Identity & Contact: name, email, social handle(s).

  • Order Verification: order number, product, shade, country.

  • UGC Links & Metadata: public post URL(s), platform (e.g., Instagram, TikTok, YouTube), caption text (if provided), media metadata.

  • Program Review Data: internal review status, credit amount, gift-card code, redemption history.

20.3 How We Use It

We use the personal information submitted with ReVHUES participation to:

  • Issue program credits for approved submissions, calculated based on what you paid for eligible VHUES products and capped at the credit limits described in the ReVHUES Program Rules and Terms of Service.

  • Verify eligibility and confirm that the post relates to a qualifying VHUES purchase.

  • Review submitted posts for authenticity and compliance with program rules, including:

    • visibility (public status) during review,

    • tag requirements (@vhuesbeauty and #revhues), and

    • platform eligibility (Instagram feed posts/reels, TikTok, and YouTube only; Instagram Stories are not eligible).

  • Issue program credits for approved posts and maintain records of credit limits (up to 2 approvals every 3 months).

  • Communicate program status updates, approvals/denials, and support inquiries.

  • Identify participants eligible for Insider Access benefits (e.g., early access to unreleased shades, credit opportunities).

  • Repost or feature approved UGC on our channels or in paid advertising where permitted by law and/or by obtained consent.

  • Maintain internal records for audit, fraud prevention, program integrity, and operational analytics.

We do not use ReVHUES submission data for advertising targeting or sale/sharing purposes.

20.4 Legal Bases (GDPR/UK GDPR Regions)

  • Contract: administer the program and issue earned credits.

  • Legitimate Interests: promote brand content and ensure program integrity (balanced against your rights).

  • Consent: publish UGC externally or use in marketing materials (where required).

20.5 Retention

Program records (UGC submissions, credit logs) are kept for up to 24 months from submission or until program closure, whichever comes first, then deleted or de-identified.

20.6 Third Parties & Processors

Processed through the same trusted stack listed in Section 7 (e.g., Shopify, Typeform, Klaviyo, Google Sheets via Zapier where applicable). We do not sell or share ReVHUES submission data for advertising purposes.

20.7 Your Choices & Rights

You may withdraw from the program or request deletion of your submission by emailing privacy@vhues.ca. If UGC was already published, we will remove or anonymize it within a reasonable period where technically feasible.

20.8 Program Rules Reference

The full program rules, including posting requirements, platform eligibility, timing windows, credit limits, and usage guidelines, are published at:
https://vhues.ca/pages/revhues-beauty-program

If the Program Terms and this Privacy Policy differ regarding privacy matters, this Privacy Policy controls.