Privacy Notice

Overview and Scope

At Continual Beauty, Inc., we are committed to handling your personal information or personal data (“Personal Data”) responsibly and transparently. This Privacy Notice (“Notice”) is intended to comply with the
relevant transparency requirements under the applicable privacy or data protection laws. This Notice explains how Continual Beauty, its subsidiaries and assigns (together “we”, “our”, “us”) collect, use, share or otherwise process your Personal Data in connection with your relationship with us. The Notice applies to any Personal Data we may collect from you through our websites or applications, accessed using your device (e.g., mobile, computer) or various other offline means, such as when you attend our events, or when you otherwise interact with us as described below. If you wish to contact the Continual Beauty, Inc. entity that is the data controller for the service relevant to you, see How to exercise your rights or contact us.

Please note in certain jurisdictions, there might be exemptions to the rights we describe below pursuant to applicable privacy laws and regulations. We may amend this Notice from time to time to keep it up to date with legal requirements and the way we operate our business. Please check these pages regularly for the latest version of this Notice.

This Notice contains the following sections:

  • What Personal Data we may collect
  • How we collect your Personal Data
  • Sensitive Personal Data and criminal records
  • How we use your Personal Data
  • Marketing communications and your choices
  • Cookies and online tracking
  • How we share or disclose your Personal Data
  • Categories of third parties to whom we may disclose your Personal Data
  • No Sale of Data
  • How we transfer and store your Personal Data
  • How we protect your Personal Data
  • How long we retain your Personal Data
  • Your rights and choices
  • How to exercise your rights or contact us

What Personal Data we may collect

Subject to the laws or regulations applicable to the relevant jurisdiction, we may collect the following categories of Personal Data about you or your device:

Category Examples
A. Identity information first name, middle name, last name, alias username or similar identifier, marital status, title, date of birth, gender, state or national identification. Some information included in this category may overlap with other categories.
B. Demographic information
Age, race, national origin, citizenship, marital status, sex (including gender).
C. Contact information Billing address, delivery address, email address, or telephone numbers.
D. Biometric information Identifier or identifying information, such as fingerprints, faceprints, voiceprints, and keystroke.
E. Contractual information
Information collected as part of the services we provide to you.
F. Financial information Bank account and payment card details.
G. Internet or another similar network activity
Browsing history, search history, information on a consumer's interaction with a website, application, advertisement, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our websites or applications.
H. Professional or employment-related information
Education, current employment, employment history.

How we collect your Personal Data

We collect your Personal Data in a variety of ways and from various sources. For example, we may collect your Personal Data:

  • Through direct interactions with you, for example, when you fill out a form, send us mail or email, when you call us or in person.
  • Directly from our clients or their agents. For example, from documents that our clients provide to us related to the services for which they engage us.
  • From affiliates and third-party service providers (such as our marketing partners) acting on our behalf in connection with the services we perform.

The Personal Data that we collect from you may include Sensitive Personal Data. We recognize that certain jurisdictions have enacted laws that require higher protection of certain Sensitive Personal Data. Sensitive Personal Data includes categories of information identified by the applicable privacy laws as requiring special treatment or protection. This information may include, but is not limited to, racial or ethnic origin; religious, philosophical, or other similar beliefs; physical or mental health; biometric data; or sexual orientation.

We do not collect, use, share or otherwise process Sensitive Personal Data or criminal records unless required or permitted to do so by law. For example, we may collect, use, share or otherwise process your Sensitive Personal Data or criminal records to perform Know Your Customer (KYC) checks to comply with applicable Anti-Money Laundering (AML) laws.

How we use your Personal Data

We use Personal Data for the following purposes:

  • To fulfil our contractual obligations. For example, if you provide us with Personal Data to open, manage, and administer your account, we will use that Personal Data for such purpose.
  • To comply with a legal obligation that we have, for example, where we are required to report to authorities, to perform KYC checks to comply with applicable AML laws, or to prevent and detect financial crime.
  • You have provided your consent, for example, for a compatible reason as is described to you at the time of collection.
  • For a purpose that is compatible with the original purpose as is described to you at the time of collection.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • For our legitimate interest, as a commercial organization, provided our use is proportionate and respects your privacy rights. Such legitimate interests may, for example, include:
    • To provide you with information on products or services that you request from us.
    • To provide you with, email alerts, event registrations, social media activity, and other notices concerning our products or services, or events or news that may be of interest to you, including through targeted messages and advertisements on or through our websites and apps and through third-party websites and apps
    • To enforce our rights arising from any contracts entered between you or the entity you represent and us, including for billing and collections.
    • To improve our website and present its contents to you in a tailored and personalized manner.
    • or market analysis and product development.
    • Authenticate you as an authorized user and facilitate communications between us.
    • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as an ongoing concern or as part of bankruptcy, liquidation, or similar proceeding, in which your information held by us is among the assets transferred.
    • Monitor and record calls and electronic communications for (a) processing and verification of instructions, (b) investigation and fraud prevention purposes, (c) for crime detection, prevention, investigation, and prosecution, (d) to enforce or defend our company, partners or affiliates’, directly or through third parties to whom they delegate such responsibilities or rights, (e) to comply with any applicable legal obligation, (f) for quality, business analysis, training, and related purposes.
    • To operate our business in a prudent manner in accordance with industry standards and applicable laws, which may include, monitoring and recording calls and electronic communications, responding to inquiries and requests, preventing fraud, research, to obtain advice from our advisors, as well as governance and management purposes.

If you do not provide us with your Personal Data when requested, it may prevent us from being able to carry out the tasks listed above.

Marketing communications and your Choices

We may use your Personal Data to market to you. Specifically, we may collect, use, or otherwise process your Personal Data and share it with our service providers to provide you with thought leadership materials, industry information, invitations to events and webinars, and other communications or solicitations that we believe will be of interest to you. We target and tailor such communications based on your interaction with us, via mail, email, online, telephone, in-person, or through third-party partners or vendors. If you do not wish to receive this information from us, please manage your preferences by clicking on the unsubscribe link in any of our emails.

Cookies and online tracking

We use cookies on our websites or applications. Cookies are small files stored on a computer designed to hold small amounts of data specific to a user and the websites or applications to help tailor that user’s experience.

How we share or disclose your Personal Data

We may disclose the categories of your Personal Data described above to our service providers and other third parties for our business purposes.

When we do so, we will make sure that your Personal Data is used in a manner consistent with this notice or enter into a contract that describes the business purpose and requires the recipient to both keep that Personal Data confidential and not use it for any purpose except performing the contract.

We may also use or disclose your Personal Data:

  • To regulators, government agencies, exchanges, self-regulatory organizations, or law enforcement authorities (as required by law).
  • If we are required to do so by law or if we reasonably believe that such disclosure is necessary or appropriate to prevent physical harm or financial loss in connection with an investigation of suspected or actual illegal activity,
  • When disclosure is necessary to protect our rights or to comply with a judicial or regulatory requirement or to pursue our legitimate interest or the vital interests of a person.

Categories of third parties to whom we may disclose your Personal Data
The following categories are third parties to whom we may disclose your
personal data if required by law:

  • Our affiliates and Service providers with whom we have contracted to perform services on our behalf
  • Third parties, to whom you, your agents, or the company you represent authorize us to disclose your Personal Data in connection with products or services we provide to you
  • Regulators or other government agencies
  • Exchanges or other self-regulatory organizations
  • Law enforcement authorities
  • With a successor entity in the event of a merger, acquisition, or similar transaction

How we protect your Personal Data

      1. Host PIN Protection
      2. Password Complexity Requirements
        • Minimum of eight (8) characters.
        • At least one uppercase letter (A-Z).
        • At least one lowercase letter (a-z).
        • At least one numeric digit (0-9).
        • At least one special character (e.g., !@#$%^&*).
      3. Password History & Reuse Policy
        • The system shall remember and prohibit the reuse of the last five (5) passwords.
        • Users cannot reset to a previously used password within the last five password changes.
      4. Account Lockout & Brute-Force Protection
        • Accounts shall be locked after five (5) consecutive failed login attempts.
        • After an account is locked, access can only be regained via a One-Time Password (OTP) sent to the registered email.
        • Implement progressive delay mechanisms (e.g., increasing wait time after multiple failed login attempts).
        • Enforce rate limiting to prevent brute-force attacks and credential stuffing.
      5. Password Reset & Recovery
        • Users must verify their identity via registered email-based OTP for password resets.
        • Manual password resets require additional identity verification (e.g. two-factor authentication).
        • When changing a password, the user must enter:
        • Current password
        • New password
        • Confirmation of the new password
      6. Session Security & Additional Safeguards
        • Enforce automatic session timeout after a period of inactivity.
        • Require re-authentication for sensitive actions (e.g., changing security settings or payment details).
      7. Regular Security Audits & Monitoring
        • We conduct regular security assessments, vulnerability scans, and penetration tests. We use intrusion detection systems (IDS) and activity logging to monitor for unusual behavior or unauthorized access.
      8. User Rights and Controls
        • You have the right to access, correct, delete, or export your data at any time.
      9. Data Encryption
        • All data is encrypted in transit using TLS (Transport Layer Security) protocols.
        • Sensitive data (including login credentials, personal identifiers, or health-related information) is encrypted at rest using AES-256 encryption standards.

How long we retain your Personal Data

We will retain your Personal Data for as long as necessary to fulfil the purpose for which it was collected, such as providing our services, or as required by applicable laws or regulations. This period may extend beyond the termination of our relationship with you.

Your rights and choices

Depending on the jurisdiction, and subject to certain exceptions, you may have specific rights regarding your Personal Data. This section describes such rights and how you may exercise them.

  • Access to Specific Information
    • You may have the right to request that we disclose certain
      information to you how we use your Personal Data. Once we
      receive and verify your request, we will disclose to you
      (depending on your request or unless an exception applies):
      • The categories of Personal Data we have collected about you.
      • The categories of sources from where the Personal Data was collected.
      • Our purpose for collecting or sharing your Personal Data.
      • The categories of third parties with whom we share your Personal Data.
      • The specific pieces of Personal Data we have collected about you.
  • Where specifically required, we will provide specific pieces of Personal Data we have collected about you in a structure, commonly used or in machine-readable format, and to have it transmitted directly to another person or entity (data portability).
  • Request the Deletion or erasure of your Personal Data in certain circumstances.
  • Request that your Personal Data be rectified where it is inaccurate or incomplete
  • Request restriction or object to the processing of your Personal Data for certain circumstances (for example for marketing purposes)
  • Withdraw your consent for the processing of your Personal Data. If we are relying on your consent to use or share your Personal Data, you have the right to fully or partially withdraw your consent, subject to certain exceptions defined in applicable laws and regulations. Please note however that this will not affect the lawfulness of the processing before its withdrawal.

How to exercise your rights or contact us

The primary point of contact for all issues arising from this Notice is our Data Protection Officer. If you wish to exercise your rights, or have questions or comments about this Notice or about how your Personal Data is processed, please contact our Data Protection Officer by email:

Get notified to get early access!