Effective Date: May 15, 2023
Last Revised: April 12, 2023
Fromm International, Inc., (“Fromm”, “we”, “us”, and “our”) is a leading marketer of beauty essentials in the professional beauty industry, with an emphasis on cutlery, salon apparel, combs, brushes, and other salon tools. Fromm products are instrumental to hair stylists in making their clients look beautiful. True to this goal, Fromm’s mission statement is Enhancing Beauty Experiences.
INFORMATION WE COLLECT
Information You Provide
Our Site has a “Let’s Connect” function that allows you to provide us information about you, that we collect and use so we can better assist you with identifying which of our Services best fit your needs. In this process, you may provide to us information about whether you are a distributor wholesaler, student, marketer, media, or other; your first and last name, your email, phone number, and other information you choose to provide that may help us identify which of our Services would be appropriate for you. If you identify as a distributor, you may also provide us with the company upon whose behalf you are contacting us, and the company’s address. If you identify as a school, you may also provide us with the school’s name upon whose behalf you are contacting us, and the school’s address.
When you email or contact us by phone to inquire about our Services, which, may include asking us to send you a catalog or brochure, you may provide and we may, in turn, collect the same information.
While, at some times, you may be providing this information or otherwise engaging with us as an employee of another company or school, the information you provide and that we may collect, may include information including your name, personal or work email, personal or work physical address, personal or work phone number, information about the Services you are/have been interested in. Some of this information, such as your name, is personally identifying information as it identifies you as a natural person
Information We Collect Automatically
When you visit the Site, we automatically collect certain information about the device you are using to access the Site, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information.”
We collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
When you access our Services, we may collect information (either directly or using third party services) using logging and cookies which can sometimes be correlated with personally identifying information. We use this information to monitor and analyze use and interest in the Services.
Information Obtained from our Third-Party Partners
When you engage with us with respect to some of our Services, we work with third party representatives, called service providers, who prospect for us and may collect information about you to better help us provide our Services to you. Our third-party service providers who operate those functions on our behalf may collect information that you provide and then provide it to us.
We also work with Salesforce and WordPress, which collect information about user profiles and share that information with us.
At this time, we do not collect information from third-party social media sites that you may use to get to our Site or otherwise engage with our Services.
HOW WE USE YOUR PERSONALLY IDENTIFYING INFORMATION
We generally use information that we collect for the purposes of fulfilling our contractual obligations to you, in furtherance of our legitimate interests in operating the Services and our business and/or where you have consented to such usage. More specifically, however, we use your personally identifying information in the following ways:
- To fulfill any brochure/catalog requests.
- To provide, update, maintain and protect the Services and our business. This includes to support delivery of the Services, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities or at your request. We may use your email address or phone number to send you notices (including any notices required by law, in lieu of communication by postal mail). If you correspond with us by email, we may retain the content of your email messages, your email address and our responses.
- To personalize your experience and improve customer service. This includes to help us better understand your buying/shopping preferences so that we may be able to advertise other products that you might be of interest. Your information also helps us to more effectively respond to your customer service requests and support needs
- As required by applicable law, legal process or regulation. We may, in certain instances, be compelled by law to process your personally identifying information to comply with a binding order. We will only do so to the extent reasonably required by that order.
- To communicate with you by responding to your transactions, requests, comments and questions. If you contact us, we may use your contact information to respond, including sending you emails to follow-up on connection requests.
- To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our products, and important notices, such as security and fraud notices.
- For marketing purposes. We may use your information to market to you about other products or ours or our third-party partners that we think you might be interested.
- To investigate and help prevent security issues and abuse and to otherwise monitor the Site for violations of our policies or applicable laws. We use the information collected to prevent, detect, mitigate, and investigate fraud, security breaches or other potentially prohibited or illegal activities and/or attempts to harm our users.
- To improve our Site and/or Services. We continually strive to improve our Site offerings and/or our Services based on the information and feedback we received from our users and visitors.
The legal basis for the associated processing of your personally identifying information is Art. 6 (1)(f) GDPR (balancing of interests, based on our legitimate interest in constantly and profitably improving the content, functionality and attractiveness of the app by analyzing your usage) as well as Art. 6 (1)(b) GDPR (performance of a contract) and Art. 6 (1) a) GDPR (your consent).
HOW WE SHARE OR OTHERWISE DISCLOSE YOUR PERSONALLY IDENTIFYING INFORMATION
We may share, transfer and/or disclose your personally identifying information to or with service providers or third parties in order to provide the Services or products requested or purchased by you, and under the following circumstances:
- We share certain personally identifying information with our employees, including our internal sales group, to provide you our Services; third-party partner representatives who may follow-up with you on our behalf to see how we may be able to best provide our Servicers and; other third business partners necessary in order to fulfill an order placed through the Services. These third-party service providers are contractually or otherwise legally prohibited from using your personally identifying information for promotional purposes or from selling your personally identifying information. These service providers may have access to information about you if it is needed to perform their functions for us, but they are not authorized by us to use or disclose such information except as necessary to perform services on our behalf or to comply with legal requirements, and they are required to maintain the information in confidence.
- We may share personally identifying information and other information we collect with our service providers and other third parties in connection with our marketing and business development efforts.
- We share certain information that is traditionally not considered personally identifying information (such as device, analytics, and usage data) for purposes of better understanding the usage of the Services by Users and improving on that experience.
- We may share your personally identifying information in response to legal process, for example, in response to a court order or a subpoena, a law enforcement or government agency’s request or similar request.
- We may share your personally identifying information with third parties in order to investigate, prevent, or take action (in our sole discretion) regarding potentially illegal activities, suspected fraud, situations involving potential threats to any person, us, or the Services, or violations of our policies or the law.
- We may transfer personally identifying information to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personally identifying information held by us about our Users is among the assets transferred.
- We share your personally identifying information with third parties to help us use your personally identifying information, as described above. For example, we use Google Analytics to help us understand how our customers use the Site—you can read more about how Google uses your Personally identifying information here. To learn more about the Company’s use of Google Analytics and what Google Analytics does, please see How Google uses information from sites or apps that use our services.
- All information voluntarily shared by you through forums, comments, or blog posts is publicly available and your username may be visible by other Users. We are not responsible for any information you submit that can be read by other Users and can be used to send you unsolicited information by other Users.
- We do not sell or share (in the context of cross-behavioral advertising which means the targeting of advertising to a consumer based on the consumer’s personal information obtained from the consumer’s activity across businesses including distinctly-branded websites, applications, or services) your personal information, including sensitive personal information, and have not in the immediate twelve months. If we do, you will be notified of it prior to or at the point of such collection for those purposes, and provided a link to opt-out of the selling/sharing of your personal information.
DO NOT TRACK (INCLUDING CALIFORNIA DO NOT TRACK DISCLOSURE)
Do Not Track is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. At this time, we do not respond to web browser “do not track” settings or signals. We deploy cookies and other technologies on our Services to collect information about you and your browsing activity, even if you have turned on the Do Not Track signal.
Personally identifying information to the extent necessary or reasonable to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.
TRANSFER OF DATA
Your information, including Personally identifying information, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.
If you are located outside the United States, please note that we transfer data, including personally identifying information, to the United States and process it there.
By using the Services, you understand and acknowledge that your personally identifying information will be transferred to and processed in the United States, which may have different data protection rules than in your country.
UK/EU/EEA DATA SUBJECT DATA PROTECTION RIGHTS UNDER GENERAL DATA PROTECTION REGULATION (GDPR)
If you are a resident of the United Kingdom, European Union, or European Economic Area (EEA), you may have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your personally identifying information, though understanding that some of these rights to not extend to business to business, also known as B2B data, which is the bulk of the type of information we collect.
If you wish to be informed about what personally identifying information we hold about you, have a copy of it, correct or otherwise rectify it, and/or if you want it to be removed from our systems, please contact us using the contact information set out below.
In certain circumstances, you have the following data protection rights:
- Request access to your personally identifying information (commonly known as a “data subject access request”). This enables you to receive a copy of the personally identifying information we hold about you where we are the data controller and to check that we are lawfully processing it.
- Request correction of the personally identifying information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new information you provide to us.
- Request erasure of your personally identifying information. This enables you to ask us to delete or remove personally identifying information where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personally identifying information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personally identifying information to comply with local law. Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons, which will be explained to you, if applicable, at the time of your request.
- Object to processing of your personally identifying information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground, as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personally identifying information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information, which overrides your rights and freedoms.
- Request that we restrict the processing of your personally identifying information. This enables you to ask us to temporarily stop the processing of your personally identifying information in the following scenarios: (a) if you have concerns about the accuracy of your information and want to have it rectified; (b) where you believe our use of your information may be unlawful but you do not want us to erase it; (c) where you need us to hold the information for the purposes of defending or exercising your rights with respect to a legal claim even though we may no longer need it; or (d) you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to keep it.
- Request the transfer of your personally identifying information to you or to a third party. We will provide to you, or a third party you have chosen, your personally identifying information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personally identifying information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
To submit a request, please click this link.
If you are not satisfied with our response, or believe we are processing your personal information in violation of the law, you have the right to lodge a complaint with the Supervisory Authority (also known as Data Protection Authority) in your EEA country.
You will not have to pay a fee to access your personally identifying information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personally identifying information (or to exercise any of your other rights). This is a security measure designed to ensure that personally identifying information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
CALIFORNIA DATA SUBJECT RIGHTS
Shine the Light Law
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personally identifying information that we share with our affiliates and/or third parties for marketing purposes and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to the following address: 603 Dempster Street, Mount Prospect, IL 60056. We will respond to one request per California customer each year, and we do not respond to requests made by means other than as set forth above.
California Consumer Privacy Act (“CCPA”) “Notice”
If you are a California resident, or were within the last year or at any point since January 1, 2022, we may collected the following information about you:
- Identifiers such as your name, alias, postal address, email address, or other identifiers.
- Commercial information, such as information about products or services purchased from us, obtained or considered or other purchasing or consuming histories or tendencies.
- Internet or other electronic network information, including but not limited to, browsing history, search history, and information regarding you interaction with our Site.
- Profession or employment-related information, including where you work, for whom you work, etc.
- Education information such as whether you are in school, where you attend(ed) school.
Further, you have the following rights under applicable California law in relation to your Personal Information, subject to certain exceptions:
- Right to Know. You have the right to, up to twice in a 12-month period, request what Personal Information we collect, use, disclose, share, and/or sell, as applicable.
- Right to Delete. You have the right to request the deletion of your Personal Information that is collected by us.
- Right to Opt-Out of Sale. You have the right to opt-out of the sale of your Personal Information by a business. However, as noted above, we do not currently sell any Personal Information.
- Right to Non-Discrimination. You have the right not to receive discriminatory treatment for the exercise of the privacy rights described above.
- Right to Correct. You have the right to correct inaccurate Personal Information that we maintain about you.
- Right Not to Be Discriminated Against. You have the right not to receive discriminatory treatment by us for exercising your privacy rights, including the right not to be retaliated against.
Understand, however, that based on the information we gather, and the fact that we do not “sell” or “share” personal information with any third parties as those terms are defined in the CCPA in the preceding 12 months, and we do not have any actual knowledge of selling or sharing the personal information of consumers under 13 years of age. Further, we do not use or disclose sensitive personal information for any purpose.
Any request you submit to us is subject to an identification and residency verification process (“Verifiable Consumer Request”) as permitted by the CCPA. To submit a request, please contact us at 1-800-323-4252 or click this link. In the event you have an authorized representative submit a request to delete, request to correct or request to know on your behalf, you will have to provide written authorization demonstrating this grant of authority, which can include a Power of Attorney. Please have them submit this information by clicking this link. Authorized representatives may not submit any other types of requests on your behalf.
For purposes of requests to delete, correct and to know, we will verify your identity based on information we have collected about you, including your name, address, and phone number, but will not fulfill your request unless you have provided sufficient information that enables us to reasonably verify that you are the consumer about whom we collected the personally identifying information on. If we are unable to verify your identity, we may deny your request.
These rights are also subject to various exclusions and exceptions under applicable laws. For example, we may retain certain elements of your personally identifying information if it is necessary for us or our service providers to:
- Complete the transaction for which the personally identifying information was collected, provide goods or services requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between our business and you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
- Debug to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent.
- To enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us.
- Comply with a legal obligation.
- Otherwise use the personally identifying information, internally, in a lawful manner that is compatible with the context in which you provided the information.
We may also have to delay complying with a request to delete with respect to data stored on an archived or backup system until such time as that system is restored to an active systems or is next accessed or used for sale, disclosure or commercial purpose.
We currently do not collect household data. If we receive a Right to Know or Right to Delete request submitted by all members of a household, we will individually respond to each request. We will not be able to comply with any request by a member of a household under the age of 13 as we do not collect personally identifying information from any person under the age of 13.
We will initially respond to you no later than 10 business days after receiving a request to delete, correct or to know to confirm receipt of the request and provide information about how we will process your request, including any additional information that we may need to verify your identity. We will respond to your request within 45 days after receipt of your request for a period covering 12 months and for no more than twice in a twelve-month period. We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days.
If necessary, we may take an additional 45 calendar days to respond to your request, but, if we do, we will provide you notice of the reason for this additional time needed to process your request.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Requests to Opt-In for Minors
If you are 16 years of age or older, you have the right to direct us not to sell your personal information at any time. We do not and will not sell personally identifying information of consumers we actually know are less than 16 years of age unless we received affirmative authorization from the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age, to opt-in to the sale of their personally identifying information. Upon the receipt of this request to opt-in, we will inform the minor of the right to opt-out later and of the process for doing so.
Sale and Disclosure of Personal Information
Under the CCPA, a “sale” means providing to a third party personally identifying information for valuable consideration. It does not necessarily mean money was exchanged for the transfer of personal information. Due to the complexities and ambiguities in the CCPA, we will continue to evaluate some of our third-party relationships as we wait for final implementing regulations and guidance. For example, it is currently unclear whether the use of certain types of advertising partners would be considered a sale under CCPA. Based on our understanding of the CCPA at this time, in the preceding 12 months or at any point from January 1, 2022 through to the present, we have not sold any personally identifying information to any third parties. In the preceding 12 months or at any point from January 1, 2022 through to the present we have not disclosed personally identifying information to third parties for business purposes. We will continue to update our business practices as regulatory guidance becomes available and provides clarity on what constitutes a sale transaction, particularly in the advertising ecosystem.
NEVADA PRIVACY RIGHTS
Nevada law permits our Users who are Nevada consumers to request that their personally identifying information not be sold (as defined under applicable Nevada law), even if their personally identifying information is not currently being sold. Requests may be sent to 603 Dempster Street, Mount Prospect, IL 60056.
Neither our Site nor our Services are intended for children under 13 (16 in the UK/EU/EEA). No one under age 13 (16 in the EEA) may provide any information to or on the Online Services. We do not knowingly collect personally identifying information from children under 13 (16 in the UK/EU/EEA). If you are parent or guardian and learn we have collected or received personally identifying information from a child under 13 (16 in the UK/EU/EEA) without verification of parental consent, please contact us and we will delete that information.
PROTECTING YOUR INFORMATION
We implement security measures designed to maintain the security of your personally identifying information. These security measures are implemented both during transmission of personally identifying information and once received. The security of your personally identifying information is important to us. However, no method of safeguarding information is completely secure. While we use measures designed to protect personally identifying information, we cannot guarantee that our safeguards will be effective or sufficient. In addition, you should be aware that Internet data transmission is not always secure, and we cannot warrant that information you transmit utilizing the Services is or will be secure.
In some instances, the Site and/or the Services might contain links to other third-party sites and services. When you access these other sites or services, you are leaving the Site, and we are not responsible or liable for the activities on, security or privacy practices of, or content on third party sites. We encourage you to read the privacy statements posted on each such third-party site or service.
EMAIL AND TEXT/SMS COMMUNICATIONS
We may contact you via email or text/SMS message, informing you of new service/ product offerings, offering you targeted advertisements of our Services, and collecting feedback in relation to our Site and the use of our Services, or sharing information with you about certain promotions or features in relation to our Site and our Services. You may receive such communication when you have registered as a user on the Site or otherwise provided your email and telephone number. When providing your telephone number to us, you would have been ask to explicitly consent to us communicating to you via text/SMS for these reasons. Irrespective of the fact if you have also registered yourself under DND or DNC or NCPR service, you still authorize us to give you a call for the above-mentioned purposes. Marketing opt-out requests will only remove you from our list and the list of any Service Provider performing services on our behalf, not from the list of any third party.
You may opt out of receiving marketing or other communications from us at any time by texting “STOP” in response to a marketing text/SMS message, by following the opt-out link or other unsubscribe instructions provided in any email or SMS/text message received, or by contacting us using the contact information provided below.
If you wish to opt out by sending us an email to the address provided below, please include “Opt-Out” in the email’s subject line and include your name and the email address you used to sign up for communications in the body of the email. Note that, even if you opt out of receiving marketing communications from us, we will still send you order confirmations and other non-marketing related messages.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail or by mail using the details provided below:
603 Dempster Street Mt. Prospect, IL 60056