/  Data Rights
September 26, 2025 0 Comments By  Kellen Gardner

Scope and Controller

This Data Protection and Privacy Notice applies to personal data processed in connection with the website hairandbeyond.net and related services offered under the name “Hair and Beyond Rx.” This notice is designed to align with applicable United States privacy laws and, where relevant, the EU/UK General Data Protection Regulation (GDPR) for users located in the European Economic Area (EEA), the United Kingdom, or Switzerland.

The data controller is: Hair and Beyond Rx, owned by Kellen Gardner, 700 Ikea Ct, West Sacramento, CA 95605, United States. Contact: [email protected].

Nature of Our Services

Hair and Beyond Rx provides educational content and medication price comparisons from licensed online pharmacies. We are not a pharmacy, do not dispense medications, and are not a HIPAA-covered entity. Please do not submit medical records or protected health information (PHI) to us.

Applicable Law and Legal Bases

For individuals in the United States, we process personal information in accordance with applicable federal and state privacy laws, including the California Consumer Privacy Act (as amended by the CPRA) and similar state laws, where they apply. For individuals in the EEA/UK/CH, we rely on GDPR legal bases, including consent, contract performance, legitimate interests, and legal obligations.

Categories of Personal Data We Collect

  • Identifiers and contact information: name, email address, and similar details you provide (e.g., via forms or inquiries).
  • Account and preference data: if you create an account or save preferences.
  • Commercial and interaction information: your interactions with price comparison tools, saved items, and communications.
  • Internet or device information: IP address, cookie identifiers, browser and device type, operating system, referrer, pages viewed, time on site, and approximate location derived from IP.
  • User-generated content: questions, reviews, and feedback you submit.
  • Inferences: insights drawn from your use of the site to improve content relevance.
  • Sensitive categories: We do not seek to collect sensitive personal data. However, searches or browsing related to conditions or medications may reveal health-related interests; we treat such signals with heightened care and use them only for the purposes described in this Notice.

Sources of Personal Data

  • Directly from you when you submit forms, contact us, create an account, or interact with features.
  • Automatically through cookies, pixels, and similar technologies.
  • From service providers and partners (e.g., analytics, fraud prevention, and advertising partners). We do not receive your prescription records or PHI.

Purposes of Processing

  • Provide and operate the website, including price comparison tools and educational content.
  • Respond to inquiries and provide customer support.
  • Personalize content, remember preferences, and measure engagement.
  • Conduct analytics, research, and service improvement.
  • Prevent fraud, ensure security, and maintain site integrity.
  • Comply with legal obligations and enforce terms.
  • Provide marketing and interest-based advertising in compliance with applicable laws and your preferences.

Lawful Bases (GDPR Users)

  • Consent: for cookies/trackers not strictly necessary, marketing communications, and any processing requiring consent.
  • Contract: to provide requested services or features.
  • Legitimate interests: to secure services, prevent fraud, analyze and improve performance, and personalize user experience, balanced against your rights.
  • Legal obligation: to comply with applicable laws and requests from authorities.

Cookies and Tracking Technologies

We use the following categories of cookies and similar technologies:

  • Strictly necessary: essential for core functionality.
  • Performance/analytics: to understand usage and improve services.
  • Functional: to remember your preferences.
  • Advertising: to support interest-based advertising and measure marketing effectiveness.

You can manage cookies via your browser settings and, where offered, through on-site controls. If you disable certain cookies, some features may not function as intended.

Disclosures of Personal Data

  • Service providers: hosting, analytics, security, customer support, and similar vendors under contractual confidentiality and use limitations.
  • Advertising and analytics partners: to support measurement and interest-based advertising, where permitted by law and your preferences.
  • Referral or affiliate partners: when you click through to third-party pharmacies or services, we may share limited technical data necessary for referral tracking.
  • Legal and compliance: to comply with law, respond to lawful requests, or protect rights, safety, and property.
  • Business transfers: in connection with a merger, acquisition, or asset sale.

We do not sell personal information for money. Some disclosures for cross-context behavioral advertising or targeted advertising may be considered a “sale” or “sharing” under certain U.S. state laws. You may opt out as described below.

International Data Transfers

We are based in the United States and process data in the U.S. For EEA/UK/CH users, where personal data is transferred outside your jurisdiction, we implement appropriate safeguards, such as European Commission Standard Contractual Clauses (and UK/Swiss equivalents), along with supplementary measures as needed.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Notice, including to meet legal, accounting, or reporting requirements. Criteria include the nature of the data, the length of the relationship, and legal requirements. Typical retention periods are the duration of your account or interaction plus a reasonable period (often up to 36 months) for analytics and backup, unless a longer period is required by law.

Security

We implement administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, disclosure, alteration, and destruction. No internet transmission or storage system can be guaranteed to be 100% secure.

Your Privacy Rights

GDPR Rights (EEA/UK/CH)

  • Access: obtain confirmation and a copy of your personal data.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion where applicable.
  • Restriction: request restricted processing in certain cases.
  • Portability: receive data in a portable format.
  • Objection: object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent: at any time for processing based on consent.
  • Complaint: lodge a complaint with a supervisory authority in your country of residence or work.

U.S. State Law Rights (e.g., CA, CO, CT, VA, UT)

  • Right to know/access: request details about categories and specific pieces of personal information collected, used, disclosed, sold, or shared.
  • Right to delete: request deletion of personal information, subject to exceptions.
  • Right to correct: request correction of inaccuracies.
  • Right to opt out: opt out of sale or sharing for cross-context behavioral advertising/targeted advertising.
  • Right to limit sensitive data use: where applicable by law.
  • Non-discrimination: we will not discriminate against you for exercising your rights.

To exercise rights, email [email protected]. We may request information to verify your identity. Authorized agents may submit requests where permitted by law, subject to verification. If you are a California resident, you may also submit a “Do Not Sell or Share My Personal Information” request via the same email subject line.

Global Privacy Control and Do Not Track

Where technically feasible and legally required, we honor browser-based opt-out signals such as Global Privacy Control (GPC) to effect an opt-out of sale/sharing for the browser or device used to access the site.

Children’s Data

Our services are not directed to children under 13, and we do not knowingly collect personal data from them. If we learn we have collected such data, we will delete it. We do not knowingly sell or share personal information of consumers under 16 years of age.

Automated Decision-Making

We do not use automated decision-making that produces legal or similarly significant effects about you without human involvement.

Managing Preferences and Opt-Outs

  • Marketing communications: you may opt out by following unsubscribe instructions in our emails or by contacting us.
  • Cookies/ads: adjust your browser settings to block or delete cookies; use on-site controls where offered; and, if available, enable Global Privacy Control in your browser.
  • Sale/sharing opt-out: submit a request by emailing [email protected].

California Notice at Collection

We collect the categories of personal information listed above for the purposes described in this Notice. We may disclose personal information to service providers, advertising partners, and affiliates as outlined. We do not sell personal information for monetary consideration; we may “share” personal information for cross-context behavioral advertising. Retention is as described in the Data Retention section.

Financial Incentives

We do not offer financial incentives or price differences in exchange for personal information.

Accessibility

If you need this Notice in an alternative format, please contact [email protected].

Changes to This Notice

We may update this Notice from time to time to reflect legal, technical, or business changes. Material changes will be indicated by updating the “Last Updated” date below and, where required by law, by additional notice or consent.

Last Updated: September 26, 2025

Contact Information

Controller: Hair and Beyond Rx

Owner: Kellen Gardner

Address: 700 Ikea Ct, West Sacramento, CA 95605, United States

Email: [email protected]

About the author

Kellen Gardner
Kellen Gardner

I'm a clinical pharmacologist specializing in pharmaceuticals, working in formulary management and drug safety. I translate complex evidence on medications into plain-English guidance for patients and clinicians. I often write about affordable generics, comparing treatments, and practical insights into common diseases. I also collaborate with health systems to optimize therapy choices and reduce medication costs.

Popular posts
Random posts
Categories
Archives