PRIVACY POLICY

Last Updated 02/02/2023

Your privacy is important to us. Rodan & Fields, LLC, including all its subsidiaries and affiliates ("Rodan + Fields," "we," "our," and "us"), has created this Privacy Policy to help you become familiar with how we collect, use, disclose, share, and protect information Personally Identifiable Information (or “PII”, defined below) and otherwise comply with applicable consumer privacy laws. We encourage you to read this Privacy Policy in its entirety before using https://www.rodanandfields.com/ or any other online service (e.g., website or mobile app) that posts a link to this Privacy Policy, opening our e-mails or otherwise submitting PII to us (collectively the “Service”).

By visiting or otherwise using the Service, you agree to the Service’s Terms and Conditions and consent to Rodan + Fields®’s data collection, use, and disclosure practices, and other activities as described in this Privacy Policy, and any additional privacy statements that may be posted on an applicable part of the Service or otherwise at collection. If you do not agree and consent, please discontinue use of the Service, and uninstall Service downloads and applications.

Your State Privacy Rights: Residents of certain U.S. States have certain privacy rights detailed here. To the extent that there is a conflict between this Privacy Policy and the State Privacy Notice, the State Privacy Notice will control for residents of such states.

About Ads and Tracking: Learn about certain choice options regarding Tracking Technologies, including certain sharing of activities for internet-based advertising, including Location-Based Advertising and Cross-Device Matching.

If you have any questions about this Privacy Policy or our privacy practices, please contact us here.

Table of Contents

SCOPE

UPDATES TO THIS PRIVACY POLICY

INFORMATION WE COLLECT ABOUT YOU

1. Information We Collect Automatically
2. Information You Provide to Us
3. Third Parties

HOW WE USE PII

1. Process Transactions and Send Related Notices
2. Provide Marketing and Newsletters
3. Permit E-mails to Friends
4. Send Administrative Communications Regarding The Site, Service-Related Announcements, Etc.
5. Perform Additional Functions

HOW WE SHARE PII WITH OTHER THIRD PARTIES

1. Independent Consultants
2. Friends
3. Corporate Transactions
4. Other Non-Affiliated Parties, Including Service Providers

USE OF COOKIES AND OTHER TRACKING TECHNOLOGIES

1. Cookies
2. Web Beacons / Tracking Pixels
3. In-app tracking methods
4. How we use Tracking Technologies?
5. Location-Based Services
6. Cross-Device Matching
7. Interest-Based Advertising

YOUR CHOICES REGARDING COOKIES AND TRACKING TECHNOLOGIES

1. Tracking Technologies Generally
2. Analytics, Interest-Based Advertising, and Tracking Technologies Opt-Out
3. Device-Based Opt-Out
4. Mobile Apps

TRANSFER OF INFORMATION OUTSIDE YOUR HOME COUNTRY

LAW ENFORCEMENT; EMERGENCIES; COMPLIANCE

CHILDREN

SOLUTION TOOL

THIRD-PARTY SERVICES

HOW WE SECURE YOUR INFORMATION

MEASURES YOU CAN TAKE

UPDATING AND ACCESSING YOUR INFORMATION

OPT-OUT FOR MARKETING & PROMOTIONAL CORRESPONDENCE

YOUR STATE PRIVACY RIGHTS

1. Notice of Data Practices
2. Your Consumer Rights and How to Exercise Them
3. Non-Discrimination
4. Notice of Financial Incentive Programs
5. Our Rights and Rights of Others
6. Additional California Notice for California Residents

CONTACT US

SCOPE

This Privacy Policy governs our practices with regards to PII collected when you access or use the Services, including the Rodan + Fields® website (or any of our international websites or applications) and any products, services, software, tools, applications, features or functionality offered on or through the website or mobile application (including any Rodan + Fields independent sales consultant (“Consultant(s)”) personal web pages provided through the website) (collectively, the “Site”). You may be accessing our Services from a computer or mobile phone device (for example, through an iPhone or iPad application), or through a Rodan + Fields mobile application, and the provisions of this Privacy Policy apply to all such mobile access and use of mobile devices. From time to time, we may add additional products, services, software, tools, applications, features or functionality, offered through our Service, as we expand our offerings, and this Privacy Policy will govern those new products, services, software, tools, applications, features, or functionality when added.

PLEASE NOTE THAT THIS POLICY DOES NOT ADDRESS THE PRIVACY OR INFORMATION PRACTICES OF ANY THIRD PARTIES, INCLUDING, WITHOUT LIMITATION, OUR INDEPENDENT CONSULTANTS AND THIRD-PARTY SERVICES.

Return to navigation

UPDATES TO THIS PRIVACY POLICY

Because our business will continue to evolve, our policies will be reviewed and may be revised from time to time. We may change this Privacy Policy at any time and will notify you by posting an updated version of the Privacy Policy. We recommend that you review this Privacy Policy from time to time during visits to the Site and note any changes before your continued use of the Service. Your continued use of the Service after we post any revisions to this Privacy Policy constitutes your acceptance of the revised terms and conditions as to such continued use. It is your responsibility to periodically check this page so that you are aware of what information we collect, how we use it, and under what circumstances we might disclose it.

Return to navigation

INFORMATION WE COLLECT ABOUT YOU

We collect the following types of data in order to provide the Services, help us personalize and improve your experience, and operate our business. The data we collect includes:

Personally identifiable information, which is information that identifies you personally (“Personally Identifiable Information” or “PII”), such as name, address, phone number, etc. The definition of “personal information” under certain state laws differs from the definition of PII used in this Privacy Policy. You can learn more about your state privacy rights here.

Demographic information, such as your gender, age, ZIP code, interests, and recent upcoming purchases (“Demographic Information”). Except to the extent required by applicable law, Demographic Information not linked to PII is “non-Personally Identifiable Information” or “non-PII” (i.e., data that is not Personally Identifiable Information under this Privacy Policy) PII and therefore, may be used or shared without obligation to you, except as prohibited by applicable law.

PII, once “de-identified” or “aggregated” (i.e., the removal or modification of the personally identifiable elements, or the extraction of non-personally identifiable elements) is also non-PII. Non-PII may be used or shared without obligation to you, except as prohibited by applicable law. For instance, we may aggregate general information such as our customers’ geographic locations, age groups, genders, product and/or cosmetic concerns, and brands and products used in a manner that removes Consumer identities so that the aggregated information is not linked or reasonably linkable to any Consumer or household. Such aggregated information does not constitute PII.

We collect PII and non-PII in a variety of ways, including:

1. Information We Collect Automatically

We may collect information from you automatically when you interact with us, including, without limitation, as follows:

a. Location, device, and connection information

We may collect location data (including IP addresses), and device and connection information (such as referral URL). Your Internet Protocol (“IP”) address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider. This number is identified and logged automatically in our server log files whenever you visit the Service, along with the time(s) of your visit(s) and the page(s) that you visited. We use your IP address, and the IP addresses of all users, for purposes such as calculating Service usage levels, helping diagnose problems with servers, analyzing trends, including suspicious activity detection and prevention, administering the Service, tracking traffic patterns, and gathering geographic information for aggregate and other use. Collecting IP addresses is standard practice on the Internet and is done automatically by many websites. If you access the Service via a mobile device such as a smartphone, the collected information may also include your device identifiers, location, and other similar mobile device data.

b. Environmental variables

We and our service providers may also collect certain environmental variables, such as your MAC address, computer type (Windows or Macintosh), screen resolution, OS version, internet browser, and internet browser version. These environmental variables are collected by most browsers, and may be used to optimize functionality.

c. Cookies and other Tracking Technologies

We, and our service providers and other third parties, may use cookies, web beacons, and similar technologies (“Tracking Technologies”) to collect data while you use our Service. This data is typically collected from the devices (including mobile devices) that you use. Tracking Technologies may track your activities across time and locations. Please see the Cookies and Other Tracking Technologies section below for more information, including regarding choices you have regarding Tracking Technologies.

d. Communications

Additionally, for quality, training and other purposes we may monitor or record our telephone conversations with you or anyone acting on your behalf, as well as monitoring use of the Service. By communicating with Rodan + Fields, or by using our Site, you acknowledge that your communications and activities may be overheard, monitored, or recorded.

2. Information You Provide to Us

We collect information you provide us when you use the Service or otherwise provide information to us, including:

• When you decide to complete a user registration form, complete an online survey, or make a purchase, you may be asked to provide your contact information (e.g., name, e-mail address, mailing address, and telephone number).
• When you place an order, we will also need to know your delivery and billing address, credit card number, and expiration date. Enrolling Consultants must also provide their date of birth, Social Security number, and other PII in order to begin a consultantship.
• When you make a purchase, we collect from you the information required to complete your purchase — such as your full name, e-mail address, credit card number, shipping, and billing addresses.
• When you communicate with us we collect information related to such communications.
  
  

  3. Third Parties

We may collect information from or about you from other sources, including third parties, including our Consultants and third-party data providers. Please note that if you choose to share PII about yourself in an open format, such as through a Third-Party Service like Facebook or Twitter, some of that information could be deemed public.

Return to navigation

HOW WE USE PII

Rodan + Fields may use information about you, including PII, for any purposes not inconsistent with Rodan + Fields’ statements under this Privacy Policy, or otherwise made by us in writing at the point of collection, and not prohibited by applicable law. Our primary purpose in collecting PII is to operate our business and to provide you with a secure, smooth, efficient, and customized experience. We may use your PII to:

1. Process Transactions and Send Related Notices

When you make a purchase, we may collect your credit card number or other payment account number, billing address, and other information related to such purchase (collectively, "Payment Information") from you, and use such Payment Information in order to fulfill your purchase. Please note that, notwithstanding anything to the contrary herein, your credit card or debit card information (“Credit Card Holder’s Information” or “CCHI”) will be used for payment on the spot, and it may be kept in your account in a tokenized format for future payments or regular payments. Rodan + Fields does not handle any CCHI on its own, and such CCHI is handled by external operators that manage the CCHI in accordance with the PCI data security standards and other industrial standards. Rodan + Fields is not responsible for, and makes no representations regarding, the privacy practices and policies, and other policies or business practices, of any third parties.

2. Provide Marketing and Newsletters

If you prefer not to receive commercial (i.e., primarily promotional) e-mails for us, please see the section below entitled Opt-Out For Promotional & Marketing Communications.

3. Permit E-mails to Friends

We may provide the functionality to permit you to send messages regarding Site-related content or our products to a friend through the Service. If you wish to use this feature, you may provide us with your friend's e-mail address so that we can facilitate the sending of your message to your friend. Please note that you are responsible for ensuring you have obtained permission from your friend before sharing your friend’s information with us.

4. Send Administrative Communications Regarding The Site, Service-Related Announcements, Etc.

Sending these communications are necessary to serve you, respond to your concerns, and provide the high level of customer service that Rodan + Fields offers. Because this information is not primarily promotional, you may not opt-out of receiving such communications.

5. Perform Additional Functions

• Provide sales support.
• Verify your identity, including during account creation and password reset processes.
• Manage risk, or to detect, prevent, and/or remediate suspicious account activity or other potentially prohibited or illegal activities.
• Manage and protect our information technology infrastructure.
• Contact you at any telephone number, by placing a voice call or through text (SMS) or e-mail messaging, as authorized by applicable law, our Terms and Conditions, and/or our agreement with Consultants (“Consultant Agreement”).
• Provide targeted marketing and advertising, provide service update notices, and deliver promotional offers based on your communication preferences.
• Detect, prevent, or remediate violations of our Terms and Conditions, our policies and procedures, or Consultant Agreement.
• Otherwise operate our business except as may be inconsistent with the Privacy Policy, applicable notice at collection or applicable law.

We may use non-PII, including non-PII we create from PII, for any purpose not inconsistent with Rodan + Fields’ statements under this Privacy Policy, or otherwise made by us in writing at the point of collection, and not prohibited by applicable law.

Return to navigation

HOW WE SHARE PII WITH OTHER THIRD PARTIES

Except as restricted by applicable law, this Privacy Policy, or an applicable notice at collection, Rodan + Fields may share the PII we collect from you, including your name, contact details, and transactions and activities, in connection with our business, including without limitation:

1. Independent Consultants

Your PII, and other information, may be shared with Consultants, who conduct sales as independent businesses, if you choose to be associated with a Consultant, which will constitute your direction to share your information with your Consultant(s). If you so choose, we may share, for instance, your name, phone number, e-mail address, and other PII with Consultants, who may, in turn, share your PII with their upline organization (those Consultants who directly or indirectly sponsor the Consultant (an “Upline”). Consultants, including those in an Upline, may use this information for the purposes outlined in this Privacy Policy and their Consultant Agreement, including to follow up on orders you placed or contact you with other special offers about our products.

2. Friends

Please note that any PII you provide in connection with sending messages regarding us to a friend through the Service, such as your name and your e-mail address, and any message, will be disclosed to your friend.

3. Corporate Transactions

We reserve the right to transfer any and all information that we collect to a third party in connection with any financing, reorganization, restructuring, bankruptcy, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Rodan + Fields' business, assets or stock (including without limitation in connection with any due diligence related thereto).

4. Other Non-Affiliated Parties, Including Service Providers

a. Suspicious Activity Prevention and Risk Management

We may share PII to help prevent suspicious activity or assess and manage risk. For example, we may engage third-party vendors to assist us with fraud prevention.

b. Shipping

We may share PII in connection with shipping products you may have ordered through the Site. By selecting a third-party shipper you direct us to share your PII with them in connection with the shipping.

c. Other Service Providers

We may share PII to enable service providers under contract with us to support our business operations, such as bill collection, marketing, customer service, and technology services. In connection with digital advertising, analytics and other services, our service providers may also share your PII with other parties. See Use of Cookies and Other Tracking Technologies and State Privacy Rights for certain choices available with respect to cookies and related activities.

Please note that our employees and service providers may be located in foreign jurisdictions, and your PII may be subject to the laws of those foreign jurisdictions and accessible to law enforcement and other authorities.

Except as may be limited by applicable law, or our notice at collection, we may share non-PII for any purpose to any third party.

Return to navigation

USE OF COOKIES AND OTHER TRACKING TECHNOLOGIES

Like many other websites and applications, our Service may, directly or through trusted third parties, use Tracking Technologies, such as cookies, web beacons (also known as “tracking pixels”), device recognition technologies, in-app tracking methods, device and activity monitoring and other tracking technologies now and hereafter developed, for the purposes described in this section and elsewhere in this Privacy Policy.

This section helps you understand what Tracking Technologies are, how we use them, and the options that you have. By using our Services you consent to the Tracking Technologies you may encounter; provided, however, that there are a number of ways explained below in which you can limit Tracking Technologies.

1. Cookies

A cookie is a small text file that is stored on a user’s device, which may be session ID cookies or tracking cookies. Session cookies make it easier for you to navigate the Services and expire when you close your browser. Tracking cookies remain longer and help in understanding how you use the Service and enhance your user experience. Cookies may remain on your hard drive for an extended period of time. If you use your browser’s method of blocking or removing cookies, some but not all types of cookies may be deleted and/or blocked and as a result, some features and functionalities of the Service may not work. A Flash cookie (or locally shared object) is a data file which may be placed on a device via the Adobe Flash plug-in that may be built-in to or downloaded by you to your device. HTML5 cookies can be programmed through HTML5 local storage. Flash cookies and HTML5 cookies are locally stored on your device other than in the browser and browser settings will not control them. To identify certain types of local shared objects on your device and adjust your settings, please visit: www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html. The Service may associate some or all of these types of cookies with your devices. See the Your Choices Regarding Cookies and Tracking Technologies section below to learn more about how you can exercise cookie preferences.

2. Web Beacons / Tracking Pixels

Tracking pixels are small graphic images, also known as “Internet tags” or “clear gifs,” embedded in web pages and e-mail messages. Tracking pixels may be used, without limitation, to count the number of visitors to the Service, to monitor how users navigate the Service, and to count content and e-mail views. We use tracking pixels to provide analytical information concerning the user experience as well as to support customization of our marketing and advertising activities. In contrast to cookies, which are stored on a user's computer hard drive, tracking pixels are embedded invisibly on web pages.

3. In-app tracking methods

There are a variety of Tracking Technologies that may be included in mobile applications, and these are not browser-based like cookies and cannot be controlled by browser settings. Some use device identifier, or other identifiers such as “Ad IDs,” or may use “SDKs,” to associate app user activity to a particular app and to track user activity across apps and/or devices. SDKs are blocks of code that may be installed in our mobile application by third-party companies with which we work. SDKs help us understand how you interact with our mobile application and collect certain information about the device and network you use to access our application, such as the advertising identifier associated with your device and information about how you interact with our application.

4. How we use Tracking Technologies?

Tracking Technologies may be used, for instance, to gather information, customize your visit, and enable us to enhance our services (including through personalized advertisement). For example, we use Tracking Technologies to recognize you as a previous user of the Site so you do not have to enter your PII every time, and to offer you personalized content. We may use the information gathered through Tracking Technologies to create aggregate tracking information reports regarding user demographics, traffic patterns, and purchases. In some cases, we may link tracking information with PII. We may also use these technologies to help us better manage content, such as by improving the user interface. Finally, we and third parties may use these technologies (directly or through other parties and sources) to build a better picture of the type of offers and products that you might be interested in, cross-device matching, and interest-based advertising. See the Choices Regarding Cookies and Tracking Technologies section below to learn more about how you can exercise preferences regarding certain uses.

5. Location-Based Services

GPS (global positioning systems) software, geo-filtering and other location-aware technologies locate you, or make assumptions about your location, for purposes such as verifying your location and delivering or restricting content. Our website and app do not generally use location-specific advertising, except that our “Find a Consultant” feature may access and use information about your device location (such as based on IP address or GPS, as applicable), or your account information, to suggest appropriate Consultants in your area. We may use location information to engage in interactive, real-time discussions with users, which we or the users may initiate. See the Choices Regarding Cookies and Tracking Technologies section below to learn more about how you can exercise preferences regarding certain uses.

6. Cross-Device Matching

Technologies, including application of statistical probability to data sets, as well as linking a common unique identifier to different device use (e.g., Facebook ID), which attempt to recognize or make assumptions about users and devices (e.g., that a user of multiple devices is the same user or household) (“Cross-device Data”).

We may now or in the future use the data collected through Tracking Technologies (directly by us or by our service providers) and other data (i.e. deterministic data such as unique identifiers) to make educated predictions that give us the ability to match your devices. We may then, subject to the limitations otherwise set forth in this Privacy Policy and applicable law, display targeted advertisements to you across your devices (unless you have opted-out for a particular device as described in the options section below.)

7. Interest-Based Advertising

We may use the information we collect (alone or in combination with information provided by third parties and service providers) through Tracking Technologies (which may be combined with other PII such as your e-mail address), and from other sources, to deliver targeted advertising to you when you visit our Site or elsewhere. For example, if you are searching our Site for information on a particular product, we may use that information to cause an advertisement to appear on other websites you view promoting a product that matches your search.

We also partner with third parties that collect information across various channels, including offline and online, for purposes of delivering advertising that is more relevant to you. Our partners may place or recognize a Tracking Technology placed on your computer, device, or directly in our e-mails/communications, and we may share PII with them for interest-based advertising purposes. Our partners may use this information to recognize you across different channels and platforms, including but not limited to, computers, mobile devices, and Smart TVs, over time for advertising, analytics, attribution, and reporting purposes. Rodan + Fields is not responsible for, and makes no representations regarding, the policies or business practices of any third parties, including, without limitation, analytics Service Providers and Tracking Technologies associated with the Service.

See the Choices Regarding Cookies and Tracking Technologies section below to learn more about how you can exercise preferences regarding interest-based advertising.

Return to navigation

YOUR CHOICES REGARDING COOKIES AND TRACKING TECHNOLOGIES

1. Tracking Technologies Generally

Regular cookies may generally be disabled or removed by tools available as part of most commercial browsers and in some instances blocked in the future by selecting certain settings. Browsers offer different functionalities and options, so you may need to set them separately. In addition, tools from commercial browsers may not be effective with regard to Flash cookies (also known as locally shared objects), HTML5 cookies or other Tracking Technologies. For information on disabling Flash cookies, go to Adobe’s website http://helpx.adobe.com/flash-player/kb/disable-third-party-local-shared.html.

You may choose to decline Tracking Technologies by adjusting your browser preferences, and we offer a cookie preference center here: Cookie Settings , that allows you to do so more specifically, but doing either may affect your use of the Service and your ability to access certain features or engage in certain transactions through the Service. If you delete your cookies, change browsers, or change devices, cookies that the Service may have used in the past (or an opt-out cookie) may no longer work.

Some app-related Tracking technologies in connection with non-browser usage (e.g., most functionality of a mobile app) can only be disabled by uninstalling the app. To uninstall the app, follow the instructions from your operating system or handset manufacturer. Apply and Google mobile device settings have settings to limit ad tracking, and other tracking, but these may not be completely effective.

Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no consensus among industry participants as to what “Do Not Track” means in this context. Like many online services, Rodan + Fields’ currently does not alter Rodan + Fields’ practices when Rodan + Fields’ receives a “Do Not Track” signal from a visitor’s browser. This is different from Global Privacy Control signals and Online Privacy Preference Signals explained in the Your State Privacy Rights section below.

Some third parties may offer you choices regarding their Tracking Technologies. One way to potentially identify cookies on our web site is to add the free Ghostery plug-in to your browser (www.ghostery.com), which according to Ghostery will display for you traditional, browser-based cookies associated with the web sites (but not mobile apps) you visit and privacy and opt-out policies and options of the parties operating those cookies. Rodan + Fields’ is not responsible for the completeness or accuracy of this tool or third-party choice notices or mechanisms. For specific information on some of the choice options offered by third-party analytics and advertising providers, see the next section. We may, from time-to-time, offer or point you to tools that allow you to exercise certain preferences regarding cookies and other Tracking Technologies associated with the Services, but such tools rely on third parties and third-party information so we do not guaranty that the tools will provide complete and accurate information or be completely effective. For instance, here is where you can find cookie controls for popular browsers:

• Google Chrome
• Firefox
• Internet Explorer
• Edge
• Safari

We do not represent that these third-party tools, programs or statements are complete or accurate. You will need to do this on each browser that you use to access our Services, and clearing cookies on your browser(s) may disable your preference settings. In addition, our Site may not function properly or as intended if you block all or even certain cookies. Accordingly, you may want to consider the more limited opt-out choices noted in the next section.

2. Analytics, Interest-Based Advertising, and Tracking Technologies Opt-Out

You may exercise choices regarding certain use of cookies from Google Analytics by going to https://tools.google.com/dlpage/gaoptout or downloading the Google Analytics Opt-out Browser Add-on. 

As described in this Privacy Policy, and to the extent permitted by law, we may collect (or allow third parties such as ad networks, web analytics companies, and social networking platforms) to collect information about your online activities over time and across our Site and other third-party online properties or services. These third parties may use information about your visits to our Site and other sites, and general geographic information in order to provide advertisements about goods and services of interest to you, and are treated by us as Third-party Services under this Privacy Policy. You may choose whether to receive some interest-based advertising by submitting opt-outs. For more information about third-party advertisers and how to prevent them from using your information, please visit http://www.networkadvertising.org/choices/. This is a site offered by the Network Advertising Initiative ("NAI") that includes information on how Consumers can opt-out of receiving interest-based advertising from some or all of NAI's members. You can also visit http://www.aboutads.info/choices, which is a site offered by the Digital Advertising Alliance ("DAA") that includes information on how Consumers can opt-out of receiving internet-based advertising from some or all of DAA's participating companies. For Canada, you can visit https://optout.aboutads.info/?c=3&lang=en, which is the site offered by Digital Advertising Alliance of Canada (“DAAC”), that includes information on how Consumers may opt-out of interest-based advertising for companies participating in the DAAC. Opting out of interest-based advertising does not mean that you will no longer see any advertisements; rather, you will still see advertisements that are general and not tailored to your specific interests and activities. Also, if your browsers are configured to reject cookies when you visit these opt-out webpages, or you subsequently erase your cookies, use a different device or web browser or use a non-browser-based method of access (e.g., mobile app), your NAI / DAA browser-based opt-out may not, or may no longer, be effective. Rodan + Fields supports the ad industry’s Self-regulatory Principles for Online Behavioral Advertising and the Canadian Self-Regulatory Principles for Online Behavioural Advertising. We expect that ad networks we directly engage to serve you Interest-based Advertising will do so as well, though we cannot guaranty their compliance. We are not responsible for effectiveness of, or compliance with, any third parties’ opt-out options or programs or the accuracy of their statements regarding their programs.

3. Device-Based Opt-Out

In general, opt-outs must be performed on each device and browser that you wish to have opted-out. For example, if you have opted out on your computer browser that opt-out will not necessarily be effective on your mobile device. In the event we are performing cross-device matching (as described above), once you have opted out on one device (“Opted-Out Device”), we will not use any new data from the Opted-Out Device to identify you on another device for interest-based advertising purposes and we will not use data from another device for interest-based advertising purposes on the Opted-Out Device.

4. Mobile Apps

With respect to Rodan + Fields’ Apps, you can stop all collection of data generated by use of the app by uninstalling the app. Also, you may be able to exercise specific privacy choices, such as enabling or disabling certain features (e.g., tracking across apps and websites owned by other online services, location-based services, push notifications, accessing calendar/contacts/photos, etc.), by adjusting the permissions in your mobile device and/or the app’s settings. For example, to limit receiving Interest-based Advertising on your mobile device, for iOS 14, go to “Settings,” select “Privacy,” select “Tracking,” and then toggle off “Allow Apps to Request to Track.” For earlier versions of iOS dating back to iOS 6, go to “Settings,” select “Privacy,” select “Advertising,” and toggle on “Limit Ad Tracking.” For Android, go to “Settings,” select “Privacy,” select “Ads,” and then toggle on “Opt out of Ads Personalization.” Beware that if GPS precise location services are disabled, other means of establishing or estimating location (e.g., connecting to or proximity to Wi-Fi, Bluetooth, beacons, or our networks) may persist. To learn more about how you can control location permissions using your mobile device’s operating system settings, please visit the following links depending on which device you use:

Android:
For Android 6.0 and above: https://support.google.com/googleplay/answer/6270602?hl=en
For earlier versions of Android: https://support.google.com/googleplay/answer/6014972

iOS: https://support.apple.com/en-us/HT207056

Return to navigation

TRANSFER OF INFORMATION OUTSIDE YOUR HOME COUNTRY

Rodan + Fields is headquartered in the United States. The Services and information we and our service providers collect and process is governed by the laws of the United States. If you are accessing the Service from outside of the U.S., please be aware that information collected through the Service may be transferred to, processed, stored, and used in the U.S., or to other countries or places in which we maintain offices or do business, including Australia, Canada, and Japan. Data protection laws in those jurisdictions may be different from those of your country of residence. Your use of the Service or provision of any information therefore constitutes your consent to the transfer, processing, usage, sharing, and storage of your information, including Personally Identifiable Information, to the U.S. or elsewhere, as set forth in this Privacy Policy.

Return to navigation

LAW ENFORCEMENT; EMERGENCIES; COMPLIANCE

Notwithstanding any other provision of this Privacy Policy to the contrary, we reserve the right to disclose your PII to others as we believe to be appropriate: (a) to comply with legal process; (b) to respond to governmental requests; (c) to enforce our Terms and Conditions; (d) to protect our operations; (e) to protect the rights, privacy, safety or property of Rodan + Fields, you or others; and (f) to permit us to pursue available remedies or limit the damages that we may sustain. We may disclose any information we deem necessary, in our sole discretion, to comply with any applicable law, regulation, legal process, or governmental request.

Return to navigation

CHILDREN

The Service is intended for a general audience and not directed to children less than 13 years of age. We do not knowingly collect information from children under thirteen (13). Under our Terms and Conditions, children are not permitted to use our Site or Service.

Rodan + Fields does not intend to collect personal information as defined by the U.S. Children’s Online Privacy Protection Act (“COPPA”) (“Children’s Personal Information”) in a manner that is not permitted by COPPA. If we obtain knowledge that we have collected Children’s Personal Information in a manner not permitted by COPPA, we will delete such data to the extent required by COPPA.

As described more below California residents under the age of eighteen (18) who have registered to use the Service, and who posted content or information on the Service, can request removal by contacting Rodan + Fields here, detailing where the content or information is posted and attesting that you posted it. Rodan + Fields will then make reasonable good faith efforts to remove the post from prospective public view or anonymize it so the minor cannot be individually identified to the extent required by applicable law. This removal process cannot ensure complete or comprehensive removal. For instance, third parties may have republished or archived content by search engines and others that Rodan + Fields does not control.

SOLUTION TOOL

To provide you with advanced skin diagnostics and personalized recommendations and advice, we offer the use of our Solution Tool. The Solution Tool uses your selfie image to analyze a scan of your face to facilitate your use of the tool and to develop your personalized skincare results and recommendations. We do not use your selfie image or any associated facial data for identification purposes, and we will permanently destroy your selfie image after completion of the skin diagnostics analysis.

THIRD-PARTY SERVICES

We may interact with to you on, or the Site may contain or link to third-party services, including social network and/or commerce providers, and you may interact with R+F independent Consultants on and off of our Site (“Third-party Services”). The use of any features made available to you on our Site by a Third-party Service (e.g., a “like” button or social media plug-in, visiting our branded pages on Third Party Services (e.g., Instagram, Facebook, TikTok, Twitter, Pinterest, and YouTube), or your providing information to Consultants, including through their pages on our Site, may result in information being collected or shared about you by the third party or by us. Third-party Services are not under Rodan + Fields' control and we are not responsible for the privacy or other practices, or the contents of, any such Third-party Service. We provide links or access to Third-party Services only as a convenience, and the inclusion of a link or plug-in on the Site does not imply endorsement of the Third-party Service by Rodan + Fields.

Please read the privacy policies of third-party services because the information they collect and the posts they may publish will be governed by their privacy policies respectively. Except to the extent you provide or disclose your PII to us (e.g., via a private messaging function on a third-party service), our Privacy Policy does not govern third-party service activities.

HOW WE SECURE YOUR INFORMATION

We realize that our customers trust us to protect their PII. We take that task seriously and take reasonable measures to protect PII we collect from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction. We maintain physical, electronic, and procedural safeguards to protect your PII. We implement various security measures and tools, such as firewalls, to help protect against the loss, misuse, and alteration of the information under our control.

Data transmission over the Internet or in a data storage system cannot be guaranteed to be 100% secure. There is always a risk that third parties may unlawfully intercept transmissions or otherwise access data. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account that you might have with us has been compromised), please notify us of the problem by e-mailing us at privacy@rodanandfields.com.

Return to navigation

MEASURES YOU CAN TAKE

It is important for you to play a role in keeping your information safe and secure. When signing up for an online account, please be sure to choose an account password that is hard for others to guess and never reveal it to anyone else. If you use a shared or public computer, never choose to have your login ID or password remembered and make sure to log out of your account every time you leave the computer.

Return to navigation

UPDATING AND ACCESSING YOUR INFORMATION

We will post any changes to this Privacy Policy to the website. The changes will apply prospectively, not retrospectively.

You have the ability to change and/or correct the PII that you provide us by e-mailing us at privacy@rodanandfields.com. Under applicable law, you may have the right to ask in writing whether we hold any PII about you, to see that information, and request additional details as to how we collect, use or disclose your PII. See the Your State Privacy Rights section below for more information. We may not be able to provide you with all the information that you request, depending on the circumstances, and there may be a charge for any copy of PII requested. You may request that we deactivate your account by e-mailing us at privacy@rodanandfields.com.

Please note that we may need to retain certain information for record-keeping purposes, and there may also be residual information that will remain within our databases and other records, which applicable law may allow us to retain. We may contact former users of the Site who have not explicitly withdrawn consent to promotional communications in accordance with applicable laws.

You can make changes to your account profile information through “Account Settings.” This will only change your account profile and not other records. Residents of some states have additional rights as set forth in the State Privacy Notice.

OPT-OUT FOR MARKETING & PROMOTIONAL CORRESPONDENCE

You may opt-out of receiving future commercial (i.e., promotional) e-mails from Rodan + Fields. Please note that this opt-out only applies to Rodan + Fields promotional e-mails. You may opt-out of receiving promotional e-mails by using the opt-out mechanism in the footer of the e-mail itself or by e-mailing us at optout@rodanandfields.com. You may also opt-out of receiving text communications (e.g., SMS) by following the instructions provided in text messages from Rodan + Fields to text the word, “STOP.” If you are using our app and would like to opt-out of push notifications, you may turn off push notifications on the settings of your device and/or the app, as applicable.

We will endeavor to comply with your request as soon as reasonably practicable. Please note that your opt-out is limited to the e-mail address or phone number used and will not affect subsequent subscriptions. If you opt-out of only certain communications, other communications may continue. Even if you opt-out of receiving promotional communications, Rodan + Fields may, subject to applicable law, continue to send you non-promotional communications, such as those about your account, transactions, servicing, or Rodan + Fields’ ongoing business relations with you. In addition, opting-out as described above will not remove your information from our databases or the databases of Consultants or third parties. If you wish to cease receiving marketing-related e-mails from such Consultants or other third parties, please contact such Consultants or third parties directly or utilize any opt-out mechanisms set forth in their respective privacy policies or marketing-related e-mails.

Return to navigation

YOUR STATE PRIVACY RIGHTS

This U.S. State Privacy Notice (“Notice”) applies to “Consumers” as defined under the California Consumer Privacy Act, including as amended by the California Privacy Rights Act (together, the “CCPA”), the Colorado Privacy Act, the Virginia Consumer Data Protection Act, the Utah Consumer Privacy Act, Connecticut’s Act Concerning Personal Data Privacy and Online Monitoring, Chapter 603A of the Nevada Revised Statutes, and all laws implementing, supplementing or amending the foregoing, including regulations promulgated thereunder (collectively, “U.S. Privacy Laws”). Capitalized terms used but not defined in this Notice shall have the meanings given to them under U.S. Privacy Laws.

For purposes of this Notice, the term “Consumers” includes California residents who purchase products from our website in a business-to-business (“B2B”) context, such as individuals who enroll to become R+F Independent Consultants (“Consultants”), individuals who are current or former Consultants, or individuals who register to attend Rodan + Fields Community Events. For more information on how to become a Consultant, click here.

This Notice is designed to meet our obligations under U.S. Privacy Laws and supplements the general privacy policies of Rodan + Fields including, without limitation, our Privacy Policy. In the event of a conflict between any other Rodan + Fields policy, notice, or statement and this Notice, this Notice will prevail as to Consumers unless stated otherwise.

Applicability:

• Section 1 (Notice of Data Practices) of this Notice provides notices of our data practices, including our collection, use, disclosure, and sale of Consumers’ Personal Information or Personal Data (collectively, “PI”). However, Section 1 does not apply to PI collected from our job applicants and current and former employees (“Personnel”). California Personnel may contact our Human Resources Department for a copy of the privacy notice that applies to them.
• Sections 2 (Your Consumer Rights and How to Exercise Them), 3 (Non-Discrimination/Non-Retaliation), 4 (Notice of Financial Incentive Programs), 5 (Our Rights and the Rights of Others) of this Notice provide information regarding Consumer rights (including California Personnel) and how you may exercise them.
• Section 6 (Additional Notice for California Residents) of this Notice provides additional information for California residents.

1. Notice of Data Practices

The description of our data practices in this Notice covers the twelve (12) months prior to the Effective Date and will be updated at least annually. Our data practices may differ between updates, however, if materially different from this Notice, we will provide supplemental pre-collection notice of the current practices, which may include references to other privacy policies, notices, or statements. Otherwise, this Notice serves as our notice at collection.

We may Collect your PI directly from you (e.g., when you register for an account); your devices; our affiliates; service providers; public sources of data; credit reporting agencies; or other businesses or individuals.

Generally, we Process your PI to provide you services and as otherwise related to the operation of our business, including for one or more of the Business Purposes enumerated in the charts that follow. We may also use PI for other Business Purposes in a context that is not a Sale or Share under U.S. Privacy Laws, such as disclosing it to our Service Providers, Contractors, or Processors that perform services for us (“Vendors”), to the Consumer or to other parties at the Consumer’s direction or through the Consumer’s action; for the additional purposes explained at the time of collection (such as in the applicable privacy policy or notice); as required or permitted by applicable law; to the government or private parties to comply with law or legal process or protect or enforce legal rights or obligations or prevent harm; and to assignees as part of an acquisition, merger, asset sale, or other transaction where another party assumes control over all or part of our business (“Corporate Transaction”) (“Additional Business Purposes”). Subject to restrictions and obligations under U.S. Privacy Laws, our Vendors may also use your PI for Business Purposes and Additional Business Purposes and may engage their own vendors to enable them to perform services for us.

We may also use and disclose your PI under this Notice for Commercial Purposes, which may be considered a “Sale” or “Share” under applicable U.S. Privacy Laws, such as when Third-Party Digital Businesses (defined below) Collect your PI via third-party cookies, and when we Process PI for certain advertising purposes.

We provide more detail on our data practices in the charts that follow.

a. PI Collection, Disclosure, and Retention – By Category of PI

Category of PI	Examples of PI Collected and Retained	Categories of Recipients
1. Identifiers	Real name, alias, postal address, unique personal identifiers, online identifier, Internet Protocol address, e-mail address, and account name.	Business Purpose Disclosure: • Vendors (e.g., general IT, data analytics providers, payment processors, fulfillment vendors, and marketing services providers); • Payment vendors to provide commissions and other performance incentives to Independent Consultants; • Other members of our corporate group; • Governmental entities (making requests pursuant to law or legal process); • Third Parties (e.g., Consultants) at the Consumer’s direction; • Other third parties as necessary to provide services to our clients; and/or • Other parties within the limits of Additional Business Purposes. Sale/Share: N/A
2. Personal Records	Name, signature, description, address, telephone number, and financial information (e.g., payment card information). Some PI included in this category may overlap with other categories.	Business Purpose Disclosure: • Vendors (e.g., general IT, data analytics providers, payment processors, fulfillment vendors, and marketing services providers); • Payment vendors to provide commissions and other performance incentives to Independent Consultants; • Other members of our corporate group; • Governmental entities (making requests pursuant to law or legal process); • Third Parties (e.g., Consultants) at the Consumer’s direction; • Other third parties as necessary to provide services to our clients; and/or • Other parties within the limits of Additional Business Purposes. Sale/Share: N/A
3. Personal Characteristics or Traits	In some circumstances, we may Collect PI that is considered protected under U.S. law, such as age range, gender, but only when that information is relevant for our Business Purposes. We abide by the legal requirements imposed under applicable law in regards to such information.	Business Purpose Disclosure: • Vendors (e.g., general IT, data analytics providers, payment processors, and marketing services providers); • Other members of our corporate group; • Third Parties (e.g., Consultants) at the Consumer’s direction; • Other third parties as necessary to provide services to our clients; and/or • Other parties within the limits of Additional Business Purposes. Sale/Share: N/A
4. Customer Account Details / Commercial Information	Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	Business Purpose Disclosure: • Vendors (e.g., general IT, data analytics providers, payment processors, operations and administrative vendors, cloud services providers, fulfillment vendors, and data storage services); • Other members of our corporate group; • Third Parties (e.g., Consultants) at the Consumer’s direction; • Other third parties as necessary to provide services to our clients; and/or • Other parties within the limits of Additional Business Purposes. Sale/Share: N/A
5. Internet Usage Information	When you browse our sites or otherwise interact with us online, we may Collect browsing history, search history, and other information regarding your interaction with our sites, applications, or advertisements.	Business Purpose Disclosure: • Vendors (e.g., general IT, data analytics providers); • Other members of our corporate group; • Third Parties (e.g., Consultants at the Consumer’s direction); • Other third parties as necessary to provide services to our clients; and/or • Other parties within the limits of Additional Business Purposes. Sale/Share: Cookie Operators (but see Do Not Sell section below).
6. Geolocation Data	If you interact with us online we may gain access to the approximate location of the device or equipment you are using.	Business Purpose Disclosure: • Vendors (e.g., general IT, data analytics providers); • Other members of our corporate group; • Third Parties (e.g., Consultants) at the Consumer’s direction; • Other third parties as necessary to provide services to our clients; and/or • Other parties within the limits of Additional Business Purposes. Sale/Share: N/A
7. Sensory Data	We may Collect audio, electronic, or similar information, such as when you contact us through our customer service line, recordings in our facilities for security purposes, and via our Solution Tool if you opt-in to allow us to recommend products to you.	Business Purpose Disclosure: • Vendors (e.g., security vendors and call centers); • Other members of our corporate group; • Governmental entities (making requests pursuant to law or legal process); • Third parties (e.g., Consultants) at the Consumer’s direction; and/or • Other third parties as necessary to provide services to our clients Sale/Share: N/A
8. Inferences from PI Collected	Inferences drawn from PI to create a profile about a Consumer reflecting preferences, characteristics, and behavior.	Business Purpose Disclosure: • Vendors (e.g., marketing services providers); • Other members of our corporate group; • Third Parties (e.g., Consultants) at the Consumer’s direction; and/or • Other third parties as necessary to provide services to our clients Sale/Share: N/A
9. Sensitive PI	Government Issued Identification Numbers (e.g., social security information, driver’s license, state ID card, or passport number)	Business Purpose Disclosure: • Vendors (e.g., general IT, software vendors); • Other members of our corporate group; • Governmental entities (making requests pursuant to law or legal process); and/or • Other parties within the limits of Additional Business Purposes. Sale/Share: N/A

There may be additional PI we collect that meets the definition of PI under the CCPA but is not reflected by a category above, in which case we will treat it as PI as required, but will not include it when we describe our practices by PI category. Because there are numerous types of PI in each category listed above, and various uses for each PI type, our data retention practices vary widely. However, we retain specific Personnel PI pieces based on how long we have a legitimate purpose for the retention.

Return to navigation

b. PI Use and Disclosure – By Processing Purpose

Processing Purpose(s)	Examples(s) of Processing Purpose	Categories of PI Implicated	Categories of Recipients
Performing Services	Provide our services/communicate about our services: to provide you with info or services, to send you electronic newsletters and push notifications (if you have elected to receive such), to communicate with you about your use of the services, to provide you with special offers or promotions Enable additional features of our sites: to enable you to participate in a variety of our site’s features, including the Solution Tool, if you opt-in to allow us to recommend products to you. Process orders: to process or fulfill an order or transaction Contact You: to contact you about your use of our services and, in our discretion, changes to our services or our service’s policies Account management: to process your registration with our services, verify your info is active and valid, manage your account, and to administer our PC Perks Program and any other customer loyalty program. Customer Service: to respond to any questions, comments, or requests you have for us or for other customer service purposes Payment and other purchase-related purposes: to facilitate a purchase made using our services, including payment  Managing Consultant Accounts: To onboard and manage Consultants	• Identifiers • Personal Records • Personal Characteristics or Traits • Customer Account Details/Commercial Information • Internet Usage Information • Geolocation Data • Sensory Data • Inferences from PI Collected • Sensitive PI (i.e., Government-Issued Identification Numbers).	• Vendors (e.g., shipment and delivery services, payment processors, fraud prevention and security providers, marketing services providers, analytics providers, customer service and support providers, and external auditors); • Solution Tool management vendor, if you opt-in to allow us to recommend products to you via the Solution Tool; • Other members of our corporate group; • Consultants; • Public authorities/governmental bodies (making requests pursuant to legal or regulatory process); • Other parties within the limits of Additional Business Purposes; and/or • Third-Party Digital Businesses
Managing Interactions and Transactions	Auditing: related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with user interaction or transaction specifications and standards (e.g., ecommerce activities)	• Identifiers • Internet Usage Information	• Vendors (e.g., fraud prevention and security providers, marketing services providers, analytics providers, and customer service and support providers); • Other members of our corporate group; • Consultants; • Other parties within the limits of Additional Business Purposes; and/or • Third-Party Digital Businesses.
Security	Security/fraud prevention: to protect the security of Company, our services, or its users and to prevent and address fraud	• Identifiers • Personal Records • Customer Account Details/Commercial Information • Internet Usage Information • Sensory Data	• Vendors (e.g., fraud prevention and security providers) • Other members of our corporate group; • Public authorities / governmental bodies (making requests pursuant to legal or regulatory process); and/or • Other parties within the limits of Additional Business Purposes); and/or • Third-Party Digital Businesses
Debugging	Repairs: identify and repair errors that impair existing intended functionality of our services	• Identifiers • Internet Usage Information • Sensory Data	• Vendors (e.g., Service Providers that help identify and repair errors on our services); • Other members of our corporate group; and/or • Other parties within the limits of Additional Business Purposes.
Advertising & Marketing (excluding Cross-Context Behavioral Advertising and Targeted Advertising)	Content and offers customization: to customize your experience on our websites apps, or other services, or to serve you specific content and offers that are relevant to/customized for you (e.g., pricing and discounts based on your profile, location, or shopping history) Advertising, marketing, and promotions: to assist us in determining relevant advertising and the success of our advertising campaigns; to help us determine where to place our ads, including on other websites; for promotional activities such as running sweepstakes, contests, and other promotions.	• Identifiers • Personal Records • Personal Characteristics or Traits • Customer Account Details/Commercial Information • Internet Usage Information • Geolocation Data • Inferences from PI Collected	• Vendors (e.g., shipment and delivery services, payment processors, fraud prevention and security providers, marketing services providers, analytics providers, and customer service and support providers); • Selected marketing partners; • Other members of our corporate group; • Consultants; • Other parties within the limits of Additional Business Purposes; and/or • Third-Party Digital Businesses.
Quality Assurance	Quality and Safety of Service: undertaking activities to verify or maintain the quality or safety of our services, and to improve, upgrade, or enhance our services	• Identifiers • Internet Usage Information • Sensory Data	• Vendors (e.g., Service Providers that help improve the quality of our services) • Other members of our corporate group; and/or • Consultants; • Other parties within the limits of Additional Business Purposes.
Processing Interactions and Transactions	Short-term, transient use: including, but not limited to, non-personalized advertising shown as part of a Consumer’s current interaction with Company and use of our services’ features and functionality (e.g., e-commerce transactions)	• Identifiers • Personal Records • Customer Account Details/Commercial Information • Internet Usage Information • Geolocation Data • Inferences from PI Collected	• Vendors (e.g., shipment and delivery services, payment processors, fraud prevention and security providers, marketing services providers, analytics providers, and customer service and support providers); • Other members of our corporate group; and/or • Consultants • Other parties within the limits of Additional Business Purposes.
Research and Development	Research and analytics: to better understand how users access and use our services, both on an aggregated and individualized basis, to improve our services and respond to user preferences, and for other research and analytical purposes Market research and customer satisfaction surveys: to administer surveys and questionnaires, such as for market research or customer satisfaction purposes	• Identifiers • Personal Records • Personal Characteristics or Traits • Customer Account Details/Commercial Information • Internet Usage Information • Geolocation Data • Sensory Data • Inferences from PI Collected	• Vendors (e.g., customer service and support provider); • Other members of our corporate group; • Public authorities / governmental bodies (making requests pursuant to legal or regulatory process); and/or • Other parties within the limits of Additional Business Purposes. • Third-Party Digital Businesses
Additional Business Purposes	Compliance with legal obligations: to comply with legal obligations, as part of our general business operations, and for other business administration purposes and in response to legal obligations or process Prevention of illegal activities, fraud, injury to others, or violation of our terms and policies: to investigate, prevent or take action if someone may be using info for illegal activities, fraud, or in ways that may threaten someone’s safety or violate of our terms or this Notice Purposes disclosed at PI collection: We may provide additional disclosures at the time of PI collection, such as on a checkout page Related or compatible purposes: for purposes that are related to and/or compatible with any of the foregoing purposes	• Identifiers • Personal Records • Personal Characteristics or Traits • Customer Account Details/Commercial Information • Internet Usage Information • Geolocation Data • Sensory Data • Inferences from PI Collected • Government Issued Identification Numbers for B2B Consumers • Sensitive Personal Characteristics	• Vendors (e.g., shipment and delivery services, payment processors, fraud prevention and security providers, marketing services providers, analytics providers, customer service and support providers); • Other members of our corporate group; • Consultants • Public authorities / governmental bodies (making requests pursuant to legal or regulatory process); and/or • Other parties within the limits of Additional Business Purposes.
Commercial Purposes	Cross-context Behavioral Advertising Targeted Advertising	• Identifiers • Internet Usage Information • Geolocation Data	• Vendors (e.g., customer service and support providers, and external auditors); • Selected marketing partners; • Consultants; and/or • Third-Party Digital Businesses

Return to navigation

2. Your Consumer Rights and How to Exercise Them

As described more below, subject to meeting the requirements for a Verifiable Consumer Request (defined below), Rodan + Fields provides Consumers (including our California Consultants) the privacy rights described in this section where required by the law in the state in which they reside. For residents of states without Consumer privacy rights, we will consider requests but will apply our discretion with respect to and if and how we process such requests. We will also consider applying state law rights prior to the effective date of such laws, but will do so in our discretion.

To submit a request to exercise your Consumer privacy rights, or to submit a request as an authorized agent, use our Consumer Rights Request Portal, or e-mail us at privacy@rodanandfields.com, and respond to any follow-up inquiries we make. Please be aware that we do not accept or process requests through other means (e.g., via fax, chats, social media etc.). More details on the request and verification process is in Section 3. The Consumer rights we accommodate are as follows:

(i) Right to Limit Sensitive PI Processing

We only Process Sensitive PI for purposes that are exempt from Consumer choice under U.S. Privacy Laws, such as, for example, to verify Consultant information in order to comply with applicable federal, state, and local law.

(ii) Right to Know / Access

Residents of California, Virginia, and Colorado are entitled to access PI up to twice in a 12-month period. Residents of Connecticut and Utah are entitled once every 12-month period to access PI maintained by Rodan + Fields, with subsequent requests subject to a service fee. You have a Right to Know (1) the categories (California residents only); and (2) specific pieces of Personal Information maintained by a Business about you.

(1) Right to Know (Categories): California residents have the right to send us a request, no more than twice in a twelve-month period, for any of the following for the period that is twelve months prior to the request date:

• The categories of PI we have Collected about you.
• The categories of sources from which we Collected your PI.
• The Business Purposes or Commercial Purposes for our Collecting, Selling, or Sharing your PI.
• The categories of Third Parties to whom we have disclosed your PI.
• A list of the categories of PI disclosed for a Business Purpose in the prior 12 months and, for each, the categories of recipients, or that no disclosure occurred.
• A list of the categories of PI Sold or Shared about you in the prior 12 months and, for each, the categories of recipients, or that no Sale or Share occurred.

(2) Right to Know (Specific Pieces): Consumers resident of California, Colorado, Connecticut, Virginia and Utah may request to confirm if we are Processing your PI and, if we are, to obtain a transportable copy, subject to applicable request limits, of your PI that we have collected and are maintaining. For your specific pieces of PI, as required by applicable U.S. Privacy Laws, we will apply the heightened verification standards as described below. We have no obligation to re-identify information or to keep PI longer than we need it or are required to by applicable law to comply with access requests.

(iii) Do Not Sell/Share/Target

Under the various U.S. Privacy Laws there are broad and differing concepts of “Selling” PI for which an opt-out is required. California also has an opt-out from “Sharing” for Cross-Context Behavioral Advertising (use of PI from different businesses or services to target advertisements). Other states have an opt-out of “Targeted Advertising” (defined differently but also addressing tracking, profiling, and targeting of advertisements). 

Third-Party digital businesses (“Third-Party Digital Businesses”) may associate cookies and other tracking technologies that Collect PI about you on our services, or otherwise Collect and Process PI that we make available about you, including digital activity information. We understand that giving access to PI on our services, or otherwise, to Third-Party Digital Businesses could be deemed a Sale and/or Share under some state laws and thus we will treat such PI (e.g., cookie ID, IP address, and other online IDs and internet or other electronic activity information) collected by Third-Party Digital Businesses, where not limited to acting as our Service Provider (or Contractor or Processor), as a Sale and/or Share and subject to a Do Not Sell/Share/Target opt-out request. We will not Sell your PI, Share your PI for Cross-Context Behavioral Advertising, or Process your PI for Targeted Advertising if you make a Do Not Sell/Share/Target opt-out request.

Opt-out for non-cookie PI: If you want to limit our Processing of your non-cookie PI (e.g., your email address) for Targeted Advertising, or opt-out of the Sale/Sharing of such data, make an opt-out request here. 

Opt-out for cookie PI: If you want to limit our Processing of your cookie-related PI for Targeted Advertising or opt-out of the Sale/Sharing of such PI, you need to exercise a separate opt-out request on our cookie management tool here: Cookie Settings , which is also accessible via our Your Privacy Choices footer link. This is because we have to use different technologies to apply your opt-out of cookie PI and to non-cookie PI. Our cookie management tool enables you to exercise such an opt-out request and enable certain cookie preferences on your device. You must exercise your preferences on each of our websites you visit, from each browser you use, and on each device that you use. Since your browser opt-out is designated by a cookie, if you clear or block cookies, your preferences will no longer be effective and you will need to enable them again via our cookie management tool. Beware that if you use ad blocking software, our Your Privacy Choices footer link may not appear when you visit our services and you may have to use the link above to access the tool. 

Opt-Out Preference Signals (also known as Global Privacy Control or “GPC”). Some of the U.S. Privacy Laws require businesses to process GPC signals, which is referred to in California as opt-out preference signals (“OOPS”), which are signals sent by a platform, technology, or mechanism, enabled by individuals on their devices or browsers, that communicate the individual’s choice to opt-out of the Sale and Sharing of PI. To use an OOPS/GPC, you can download an internet browser or a plugin to use on your current internet browser and follow the settings to enable the OOPS/GPC. As of the Effective Date, the CCPA's regulations, which are supposed to set forth requirements as to OOPS/GPC, have not yet been finalized. We will process OOPS/GPC as specifically required when the regulations are finalized. In the meantime, to our knowledge, we have configured the settings of our consent management platform to receive and process GPC signals on our website, which is explained by our consent management platform here.

We do not knowingly Sell or Share the PI of Consumers under 16, unless we receive affirmative authorization (“opt-in”) from either the Consumer who is between 13 and 16 years old, or the parent or guardian of a Consumer who is less than 13 years old. If you think we may have unknowingly collected PI of a Consumer under 16 years old, please Contact Us.

We may disclose your PI for the following purposes, which are not a Sale or Share: (i) if you direct us to disclose PI; (ii) to comply with a Consumer rights request you submit to us; (iii) disclosures amongst the entities that constitute Company as defined above, or as part of a Corporate Transaction; and (iv) as otherwise required or permitted by applicable law.

We may disclose your Personal Information for the following purposes, which are not a sale: (i) if you direct us to share Personal Information; (ii) to comply with your requests under the CCPA; (iii) disclosures amongst the entities that constitute Company as defined above, or as part of a merger or asset sale; and (iv) as otherwise required or permitted by applicable law.

(iv) Right to Delete

Except to the extent we have a basis for retention under applicable law, Consumers resident of California, Colorado, Connecticut, Virginia and Utah may request that we delete your PI. Our retention rights include, without limitation:

• to complete transactions and services you have requested;
• for security purposes;
• for legitimate internal Business Purposes (e.g., maintaining business records);
• to comply with law and to cooperate with law enforcement; and
• to exercise or defend legal claims.

Please also be aware that making a deletion request does not ensure complete or comprehensive removal or deletion of PI or content you may have posted.

Note also that, depending on where you reside (e.g., California and Utah), we may not be required to delete your PI that we did not Collect directly from you.

(v) Correct Your PI

Correct Your PI: Consumers may bring inaccuracies they find in their PI that we maintain to our attention and we will act upon such a complaint as required by applicable law. You can also make changes to your online account in the account settings section of the account. That will not, however, change your information that exists in other places.

(vi) Automated Decision Making / Profiling

We do not engage in Automated Decision Making or Profiling.

(vii) How to Exercise Your Consumer Privacy Rights

To submit a request to exercise your Consumer privacy rights, or to submit a request as an authorized agent, please follow the instructions at our Consumer Rights Request Portal, or email us at privacy@rodanandfields.com, and respond to any follow up inquiries we make. Please be aware that we do not accept or process requests through other means (e.g., via fax, chats, social media, etc.).

(1) Your Request Must be a Verifiable Consumer Request

As permitted or required by applicable U.S. Privacy Laws, any request you submit to us be a Verifiable Consumer Request, meaning when you make a request, we may ask you to provide verifying information, such as your name, e-mail, phone number and/or account information. We will review the information provided and may request additional information (e.g., transaction history) via e-mail or other means to ensure we are interacting with the correct individual.

We will not fulfill your Right to Know (Categories), Right to Know (Specific Pieces), Right to Delete, or Right to Correction request unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected PI. We do not verify opt-outs of Sell/Share/Target or Limitation of Sensitive PI requests unless we suspect fraud.

You are not required to create a password-protected account with us to make a Verifiable Consumer Request. If we suspect fraudulent or malicious activity on or from the password-protected account, we may decline a request or request that you provide further verifying information.

We verify each request as follows:

• Right to Know (Categories): If you do not have a password-protected account, we verify your request to Know Categories of PI to a reasonable degree of certainty, which may include matching at least two data points provided by you with data points maintained by us, which we have determined to be reliable for the purpose of verifying you. If we cannot do so, we will refer you to this Notice for a general description of your data practices.


• Right to Know (Specific Pieces): If you do not have a password-protected account, we verify your Request to Know Specific Pieces of PI to a reasonably high degree of certainty, which may include matching at least three data points provided by you with data points maintained by us, which we have determined to be reliable for the purpose of verifying you. If you fail to provide requested information, we will be unable to verify you sufficiently to honor your request, but we will then treat it as a Right to Know (Categories) request if you are a California resident.
• Do Not Sell/Share/Target & Limit SPI: No specific verification required unless we suspect fraud.
• Right to Delete: If you do not have a password-protected account, we verify your Request to Delete to a reasonable degree of certainty, which may include matching at least two data points provided by you with data points maintained by us, or to a reasonably high degree of certainty, which may include matching at least three data points provided by you with data points maintained by us, depending on the sensitivity of the PI and the risk of harm to the Consumer posted by unauthorized deletion. If we cannot verify you sufficiently to honor a deletion request, you can still make a Do Not Sell/Share/Target and/or Limit SPI request.
• Correction: If you do not have a password-protected account, we verify your Request to Correct PI to a reasonable degree of certainty, which may include matching at least two data points provided by you with data points maintained by us, or to a reasonably high degree of certainty, which may include matching at least three data points provided by you with data points maintained by us, depending on the sensitivity of the PI and the risk of harm to the Consumer posed by unauthorized correction.

To protect Consumers, if we are unable to verify you sufficiently, we will be unable to honor your request. We will use PI provided in a Verifiable Consumer Request only to verify your identity or authority to make the request and to track and document request responses, unless you also gave it to us for another purpose.

(2) Agent Requests

You may use an authorized agent to make a request for you, subject to our verification of the agent, the agent’s authority to submit requests on your behalf, and of you. You can learn how to do this by visiting the agent section of our Consumer Rights Request Portal. Once your agent’s authority is confirmed, they may exercise rights on your behalf subject to the agency requirements of applicable U.S. Privacy Laws.

(3) Appeals

Residents of Virginia, Colorado, and Connecticut may appeal Company’s decision regarding a request as will be described in our response to your request.

(viii) Our Responses

Some PI we maintain is insufficiently specific for us to be able to associate it with a verified Consumer (e.g., clickstream data tied only to a pseudonymous browser ID). We do not include that PI in responses to Consumer privacy rights requests. If we deny a request, we will explain the reasons in our response. 

We will make commercially reasonable efforts to identify Consumer PI that we Process to respond to your Consumer request(s). In some cases, particularly with voluminous and/or typically irrelevant data, we may suggest that you receive the most recent or a summary of your PI and give you the opportunity to elect whether you want the rest. We reserve the right to direct you to where you may access and copy responsive PI yourself. We will typically not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded or overly burdensome. If we determine that the request warrants a fee, or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request.

Consistent with applicable U.S. Privacy Laws and our interest in the security of your PI, we will not deliver to you certain sensitive data (e.g., Social Security number, driver’s license number, or other government-issued ID number, credit card number or other financial account number, an account password, security questions or answers) in response to a Consumer privacy rights request; however, you may be able to access some of this information yourself through your account if you have an active account with us.

Return to navigation

3. Non-Discrimination

We will not discriminate against you in a manner prohibited by applicable U.S. Privacy Laws for your exercise of your Consumer privacy rights. We may charge a different price or rate, or offer a different level or quality of good or service, to the extent that doing so is reasonably related to the value of the applicable PI. 

Return to navigation

4. Notice of Financial Incentive Programs

We may offer discounts or other rewards (“Incentives”) from time-to-time to customers that provide us with Personal Information, such as your name, phone number, email address, IP address and location. You may opt-in to incentives by subscribing to our Perks Program or other loyalty and Incentive programs we may offer from time-to-time (“Program(s)”). Each Program may have additional terms, available on the Program page, at Program sign-up, or on the Promotional Terms and Conditions page. We measure the value your PI collected in Programs by the cost of operating the applicable Program (excluding Incentive costs) and/or the cost of providing the Incentive. We deem the value of the PI to be reasonably related to the value of the Incentive, and by subscribing to these Programs you indicate you agree. If you do not, do not subscribe to the Programs. If you subsequently wish to withdraw from the Programs, the method for doing so will be explained in the Program terms. We do not limit Program participation to consumers that do not exercise their CCPA rights. However, a deletion request will not delete Program PI because it’s necessary to maintain your participation in the Program. If you desire to delete Program PI, terminate your participation in the Program before making a CCPA deletion request.

Return to navigation

5. Our Rights and Rights of Others

Notwithstanding anything to the contrary, we may collect, use and disclose your PI as required or permitted by applicable law and this may override your rights under U.S. Privacy Laws. In addition, we are not required to honor your requests to the extent that doing so would infringe upon our or another person’s or party’s rights or conflict with applicable law.

Return to navigation

6. Additional California Notice for California Residents

In addition to the CCPA, certain Californians are entitled to certain other notices. Accordingly, this Notice provides information on our online practices and your California rights specific to our online services. Without limitation, Californians that visit our online services and seek to acquire goods, services, money or credit for personal, family or household purposes are entitled to the following notices of their rights:

a. California Minors

Although our online service(s) are intended for an audience that has reached the age of majority, any California residents under the age of eighteen (18) who have registered to use our online services, and who posted content or information on the service, can request removal by contacting us, detailing where the content or information is posted and attesting that you posted it. We will then make reasonably good faith efforts to remove the post from prospective public view or anonymize it, so the minor cannot be individually identified to the extent required by applicable law. This removal process cannot ensure complete or comprehensive removal. For instance, third parties may have republished or archived content by search engines and others that we do not control.

b. Shine the Light

California residents may request a list of all third parties to which we have disclosed certain personal information (as defined by California’s Shine the Light law), collected via our online service, during the preceding year, for those third parties’ own direct marketing purposes, without your consent or direction. We do not do so. When you choose a Consultant, you direct us to provide your personal information to the Consultant. If you want to confirm this you may contact us at privacy@rodanandfields.com or at RODAN + FIELDS HEADQUARTERS, 60 Spear Street, Suite 600, San Francisco, CA 94105 and put the statement “Shine the Light Request” in the body of your request. In your request, please attest to the fact that you are a California resident and provide a current California address for your response. Please note that we will not accept Shine the Light requests via telephone or by facsimile, and we are not responsible for notices that are not labeled or sent properly, or that do not have complete information.

Return to navigation

CONTACT US

If you have any questions, comments, concerns, or complaints about the Site's privacy practices, please contact us by e-mail at privacy@rodanandfields.com or visit the Contact Us page of our website. Please note that e-mail communications will not necessarily be secure; accordingly, you should not include credit card information or other sensitive information in your e-mail correspondence with us.

Return to navigation