This privacy notice was last updated March 17, 2025
For employees, this PRIVACY NOTICE FOR CALIFORNIA RESIDENTS (“Notice”) supplements the information contained in the Employee Handbook of Sally Beauty Holdings, Inc. and its subsidiaries (collectively, “Sally,” “we,” “us,” or “our”), and for applicants, this notice supplements the Applicant Privacy Notice. This Notice applies solely to an employee, job applicant, contractor, director, or officer of ours residing in California, to whom the California Consumer Privacy Act and California Privacy Rights Act (collectively, “CCPA”) applies (“consumers” or “you”). We adopt this notice to comply with the CCPA and other California laws. Any terms defined in the CCPA have the same meaning when used in this Notice.
We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
Identifiers
Contact information, such as your name, alias, postal address, and email; unique identifiers, such as a driver's license number, state ID, social security number, or other government-issued ID number; and online identifiers, such as an IP address or social media channel ID.
| Collected? | Yes |
| Source |
From you or your device(s) or our company devices when you provide it to us or interact with us online (such as through our website, internal systems, a job site, email, video call, or our social media) or offline (such as in the course of your employment, in person interaction with us, submission of paper documents, through a retail location, or over the phone). From our service providers, such as a background check provider, or leave or benefits administrator. From third parties such as carriers (e.g. updated address); or information submitted through external recruiters. |
| Purpose of Collection or Use |
Identify and communicate with you. Evaluate applicants' qualifications for employment and pre-employment background and reference checks. Create a talent pool for future job openings. Create and administer accounts. Demonstrate your agreement to or acceptance of documents presented to you (e.g. offer letter, non-disclosure agreement). Comply with applicable law (e.g. California's Fair Employment and Housing Act, EEOC reporting, the Office of Federal Contract Compliance Programs, maintaining your completed Form I-9, W-4, or California's Form DE 4). Facilitate payment of fees or wages to you and comply with our corresponding legal obligations (e.g. tax reporting). Coordinate the benefits (e.g. health insurance) you elect. Administer leave benefits or for workers' compensation purposes. Manage and improve our business operations. Physical security, cybersecurity, incident response, and risk reduction purposes. Legal, recordkeeping, and compliance purposes (e.g. maintenance of business records; collect and remit appropriate taxes; exercise or defend legal claims; reporting due to regulators/government entities; demonstrate compliance with applicable law). Other purposes communicated to you at the time of collection. |
| Retention Period* |
We maintain applicant information for a period of 2 years from the date of application, if the applicant is not hired. If the applicant is hired, this information becomes part of the employee's file, and the retention period below applies. We maintain information contained in an employee's file for the duration of employment and for a period of 7 years thereafter. Information about contractors is retained for the period of their engagement with us, and it may be retained longer depending on the terms of the engagement and any underlying contract between us. We generally maintain our contracts for a period of 10 years after termination. Payroll documents such as a Form W-2, commission statement, garnishee records, stock option documents, direct deposit applications, and general payroll registers and records are maintained for 7 years and they are thereafter deleted upon tax department approval. We retain information related to employee benefits for 7 years. |
| Disclosed to third parties (not service providers) for a business purpose. |
Benefit providers (e.g. health insurance) you elect. Administrators of leave benefits. Delivery or mail providers (e.g. USPS, UPS) when we mail you something. Government entities as necessary for tax reporting, evidencing eligibility for employment, or facilitating unemployment claims. Our affiliates to provide shared business services (e.g. human resources, accounting and tax, legal, loss prevention, information security, IT support). Other third parties (such as law enforcement) as required by law, or as necessary to exercise our legal rights. |
Legally Protected Demographics
These include those described in subdivision (e) of Section 1798.80.
Examples include name, signature, address, and telephone number; unique identifiers, such as a driver's license number, state ID, social security number, or other government-issued ID number; insurance policy number; education, employment, and employment history; bank account number and financial information, such as pay records; medical information; and health insurance information.
| Collected? | Yes |
| Source |
From you or your device(s) or our company devices when you provide it to us or interact with us online (such as through our website, internal systems, a job site, email, video call, or our social media) or offline (such as in the course of your employment, in person interaction with us, submission of paper documents, through a retail location, or over the phone). From our service providers, such as a background check provider, or leave or benefits administrator. Created by us as an employer. From third parties such as carriers (e.g. updated address); or information submitted through external recruiters. |
| Purpose of Collection or Use |
Identify and communicate with you. Evaluate applicants' qualifications for employment and pre-employment background and reference checks. Create a talent pool for future job openings. Create and administer accounts. Demonstrate your agreement to or acceptance of documents presented to you (e.g. offer letter, non-disclosure agreement). Investigate and respond to claims applicable to this information. Comply with applicable law (e.g. California's Fair Employment and Housing Act, EEOC reporting, the Office of Federal Contract Compliance Programs, maintaining your completed Form I-9, W-4, or California's Form DE 4). Facilitate payment of fees or wages to you and comply with our corresponding legal obligations (e.g. tax reporting). Coordinate the benefits (e.g. health insurance) you elect. Administer leave benefits or for workers' compensation purposes. Assist in the administration of leave and disability accommodation requests in accordance with company policy, and state and federal law. Manage and improve our business operations. Physical security, cybersecurity, incident response, and risk reduction purposes. Legal, recordkeeping, and compliance purposes (e.g. maintenance of business records; collect and remit appropriate taxes; exercise or defend legal claims; reporting due to regulators/government entities; demonstrate compliance with applicable law). Other purposes communicated to you at the time of collection. |
| Retention Period* |
We maintain applicant information for a period of 2 years from the date of application, if the applicant is not hired. If the applicant is hired, this information becomes part of the employee's file, and the retention period below applies. We maintain information contained in an employee's file for the duration of employment and for a period of 7 years thereafter. Information about contractors is retained for the period of their engagement with us, and it may be retained longer depending on the terms of the engagement and any underlying contract between us. We generally maintain our contracts for a period of 10 years after termination. Payroll documents such as a Form W-2, commission statement, garnishee records, stock option documents, direct deposit applications, and general payroll registers and records are maintained for 7 years and they are thereafter deleted upon tax department approval. We retain information related to employee benefits for 7 years. EEO-1s are retained for 5 years. Disability records and leave of absence files are retained for 7 years after closure. Employee medical records (including health insurance claims) are retained 7 years after termination. |
| Disclosed to third parties (not service providers) for a business purpose. |
Benefit providers (e.g. health insurance) you elect. Administrators of leave benefits. Delivery or mail providers (e.g. USPS, UPS) when we mail you something. Government entities as necessary for tax reporting, evidencing eligibility for employment, EEOC reporting, or facilitating unemployment claims. Our affiliates to provide shared business services (e.g. human resources, accounting and tax, legal, loss prevention, information security, IT support). Other third parties (such as law enforcement) as required by law, or as necessary to exercise our legal rights. |
Protected Classifications under California or Federal Law
Race, age, religion, sex/gender, pregnancy or childbirth, gender identity/expression, sexual orientation, marital status, medical condition, military or veteran status, national origin, disability and request for leave, including for family care, employee's own serious health condition, and pregnancy disability.
| Collected? | Yes |
| Source |
From you when you provide it to us or interact with us online (such as through our website, internal systems, a job site, email, video call, or our social media) or offline (such as in the course of your employment, in person interaction with us, submission of paper documents, through a retail location, or over the phone). From our service providers, such as a background check provider, or leave or benefits administrator. From you or a third party if there is an injury or illness that occurs on our premises or in the performance of your employment duties. |
| Purpose of Collection or Use |
Evaluate applicants' qualifications for employment and pre-employment background and reference checks. Create a talent pool for future job openings. Investigate and respond to claims applicable to this information. Comply with applicable law (e.g. California's Fair Employment and Housing Act, EEOC reporting, the Office of Federal Contract Compliance Programs, maintaining your completed Form W-4 or California's Form DE 4). Facilitate payment of fees or wages to you and comply with our corresponding legal obligations (e.g. tax reporting). Coordinate the benefits (e.g. health insurance) you elect. Administer leave benefits or for workers' compensation purposes. Address you by your preferred pronouns or name, if you request it. Assist in the administration of religious, leave, and disability accommodation requests in accordance with company policy, and state and federal law. Physical security, cybersecurity, incident response, and risk reduction purposes. Legal, recordkeeping, and compliance purposes (e.g. maintenance of business records; exercise or defend legal claims; reporting due to regulators/government entities; demonstrate compliance with applicable law). Other purposes communicated to you at the time of collection. |
| Retention Period* |
We maintain applicant information for a period of 2 years from the date of application, if the applicant is not hired. If the applicant is hired, this information becomes part of the employee's file, and the retention period below applies. We maintain information contained in an employee's file for the duration of employment and for a period of 7 years thereafter. Information about contractors is retained for the period of their engagement with us, and it may be retained longer depending on the terms of the engagement and any underlying contract between us. We generally maintain our contracts for a period of 10 years after termination. We retain information related to employee benefits for 7 years. EEO-1s are retained for 5 years. Disability records and leave of absence files are retained for 7 years after closure. Employee medical records (including health insurance claims) are retained 7 years after termination. |
| Disclosed to third parties (not service providers) for a business purpose. |
Benefit providers (e.g. health insurance) you elect. Administrators of leave benefits. Government entities as necessary for evidencing eligibility for employment, EEOC reporting, or facilitating unemployment claims. Our affiliates to provide shared business services (e.g. human resources, legal, loss prevention, information security, IT support). Other third parties (such as law enforcement) as required by law, or as necessary to exercise our legal rights. |
Commercial Information
Records of products or services purchased or obtained, such as travel and lodging for applicant interviews, employee travel on behalf of company, authorized contractor expenses, or other expenses incurred on behalf of the business.
| Collected? | Yes |
| Source |
From you or your device(s) or our company devices when you provide it to us or interact with us online (such as through our website, internal systems, a job site, email, video call, or our social media) or offline (such as in the course of your employment, in person interaction with us, submission of paper documents, through a retail location, or over the phone). From our service providers, such as a travel coordinator or credit card account administrators. |
| Purpose of Collection or Use |
Facilitate reimbursement of expenses to you and comply with our corresponding legal obligations (e.g. tax reporting). Manage and improve our business operations. Legal, recordkeeping, and compliance purposes (e.g. maintenance of business records; exercise or defend legal claims; demonstrate compliance with applicable law). Other purposes communicated to you at the time of collection. |
| Retention Period* | We maintain this information for 7 years, and it is thereafter deleted upon tax department approval. |
| Disclosed to third parties (not service providers) for a business purpose. |
Government entities as necessary for tax reporting. Our affiliates to provide shared business services (e.g. human resources, accounting and tax, legal, loss prevention, information security, IT support). If you use a company-issued credit card, information is disclosed to the credit card administrator when you make a purchase. Other third parties (such as law enforcement) as required by law, or as necessary to exercise our legal rights. |
Biometric Information
We have not collected any physiological, biological, or behavioral characteristics, which is used, or is intended to be used, to establish individual identity within the last 12 months in California. Fingerprint information previously collected in California was deleted.
If you have a company-issued device (e.g. cellular phone, laptop), and you directed it to allow use of a fingerprint or facial recognition in place of a password, such information lives on your local device, and you can delete it at any time. We do not collect, use, process, or retain such information.
Internet or other Similar Network Activity
Network telemetry, source and destination IPs, DNS requests, and process information.
| Collected? | Yes |
| Source | From all managed endpoints (i.e. company owned laptops, servers, and desktops) and any devices on our VPN, wifi, or guest wifi. |
| Purpose of Collection or Use |
Security monitoring, alerting, and incident response. Legal, recordkeeping, and compliance purposes (e.g. exercise or defend legal claims; reporting due to regulators/government entities). |
| Retention Period* | We retain this information based on storage space. It is generally retained between 90 days and one year. |
| Disclosed to third parties (not service providers) for a business purpose. |
Our affiliates to provide shared business services (e.g. legal, loss prevention, information security, IT support). Third parties (such as law enforcement) as required by law, or as necessary to exercise our legal rights. |
Geolocation Data
Movements to track mileage driven on behalf of the company; precise geolocation if you're a DSC and you “check in” when visiting accounts; location when you have access to your Sally-issued email account on your device.
| Collected? | Yes |
| Source | From you, through our service providers. It will happen only if (1) you elect to track movements instead of manually reporting mileage, (2) you're a DSC, and you choose to “check in” through Sally-provided software when visiting accounts, or (3) you elect to have access to your Sally-issued email account on your device, and you install the corresponding security application(s). |
| Purpose of Collection or Use |
Reimbursement of expenses related to employee travel on behalf of company. Various analytics related to customer visits and interactions and routes driven, which are used to manage and improve our service to such customers. Physical security, cybersecurity, incident response, and risk reduction purposes. Legal, recordkeeping, and compliance purposes (e.g. exercise or defend legal claims). Other purposes communicated to you at the time of collection. |
| Retention Period* |
We retain movement information for mileage reporting for five years. DSC “check-ins” are associated with the corresponding customer, and we retain our customer records during the time such customer is active. Thereafter, records, or portions thereof may be deleted when there is no longer a legal or compliance reason to retain the data. If a security application uses your location when you have access to your Sally-issued email account on your device, such data is retained while the device is active. When the device is retired, the corresponding information is deleted. |
| Disclosed to third parties (not service providers) for a business purpose. |
Our affiliates to provide shared business services (e.g. human resources, accounting and tax, legal, loss prevention, information security, IT support, full service management). Third parties (such as law enforcement) as required by law, or as necessary to exercise our legal rights. |
Sensory Data
Audio, electronic, visual, or similar information.
| Collected? | Yes |
| Source |
From you or your device(s) or our company devices when you provide it to us or interact with us online (such as through our website, internal systems, a job site, email, video call, or our social media) or offline (such as in the course of your employment, in person interaction with us, submission of paper documents, through a retail location, or over the phone). From our devices in our stores or offices, such as a virtual color expert consultation, Closed Circuit Television systems, devices where an operator interacts verbally and may take pictures, when activated in an emergency, or devices that monitor store traffic patterns. |
| Purpose of Collection or Use |
Identify and communicate with you. Improve our goods or services and train our employees. Manage and improve our business operations. Physical security, cybersecurity, incident response, and risk reduction purposes. Legal, recordkeeping, and compliance purposes (e.g. maintenance of business records; exercise or defend legal claims; demonstrate compliance with applicable law). Other purposes communicated to you at the time of collection. |
| Retention Period* |
Under normal circumstances, voicemails, call recordings, and videos for security purposes are retained for up to one year. Virtual color expert consultations are not retained. |
| Disclosed to third parties (not service providers) for a business purpose. |
Our affiliates to provide shared business services (e.g. human resources, accounting and tax, legal, loss prevention, information security, IT support). Other third parties (such as law enforcement) as required by law, or as necessary to exercise our legal rights. |
Professional or Employment-Related Information and Non-public Education Information
History of employment; current employment records created by us as the current employer; performance evaluations; education transcripts, name of school(s) attended, dates of attendance and graduation date; professional license numbers; certifications (e.g. forklift training); and nature of work performed.
| Collected? | Yes |
| Source |
From you when you provide it to us online (such as through our website, internal systems, a job site, email, video call, or our social media) or offline (such as in the course of your employment, in person interaction with us, submission of paper documents, through a retail location, or over the phone). Created by us as an employer. From our service providers, such as a background check provider. |
| Purpose of Collection or Use |
Evaluate applicants' qualifications for employment and pre-employment background and reference checks. Create a talent pool for future job openings. Evaluate employee performance. Physical security, cybersecurity, incident response, and risk reduction purposes. Legal, recordkeeping, and compliance purposes (e.g. maintenance of business records; exercise or defend legal claims; demonstrate compliance with applicable law). Other purposes communicated to you at the time of collection. |
| Retention Period* |
We maintain applicant information for a period of 2 years from the date of application, if the applicant is not hired. If the applicant is hired, this information becomes part of the employee's file, and the retention period below applies. We maintain information contained in an employee's file for the duration of employment and for a period of 7 years thereafter. |
| Disclosed to third parties (not service providers) for a business purpose. |
Our affiliates to provide shared business services (e.g. human resources, accounting and tax, legal, loss prevention, information security, IT support). Other third parties (such as law enforcement) as required by law, or as necessary to exercise our legal rights. |
Inferences
Inferences drawn to create a profile about an applicant or employee's intelligence, abilities, and aptitudes.
| Collected? | Yes |
| Source |
From you when you provide it to us by participating in a pre-employment or during employment aptitude, intelligence, or abilities test, such as a DiSC assessment. Created by us as an employer. From our service providers, such as test administrators. |
| Purpose of Collection or Use |
Evaluate applicants' qualifications for employment. Create a talent pool for future job openings. Learn about our employees or applicants and provide a tool for our employees to learn about themselves. Other purposes communicated to you at the time of collection. |
| Retention Period* |
We maintain applicant information for a period of 2 years from the date of application, if the applicant is not hired. If the applicant is hired, this information becomes part of the employee's file, and the retention period below applies. We maintain information contained in an employee's file for the duration of employment and for a period of 7 years thereafter. |
| Disclosed to third parties (not service providers) for a business purpose. |
Our affiliates to provide shared business services (e.g. human resources, IT support). Other third parties (such as law enforcement) as required by law, or as necessary to exercise our legal rights. |
Sensitive Personal Information
Your social security number, passport number, or state ID or driver's license number.
| Collected? | Yes |
| Source |
From you when you provide it to us online (such as through our website, internal systems, a job site, email, or video call) or offline (such as in the course of your employment, in person interaction with us, submission of paper documents, through a retail location, or over the phone). From our service providers, such as a background check provider. |
| Purpose of Collection or Use |
Identify you. Pre-employment background and reference checks. Comply with applicable law (e.g. maintaining your completed Form I-9 or W-4 or California's Form DE 4). Facilitate payment of fees or wages to you and comply with our corresponding legal obligations (e.g. tax reporting). Coordinate the benefits (e.g. health insurance) you elect. Legal, recordkeeping, and compliance purposes (e.g. maintenance of business records; collect and remit appropriate taxes; exercise or defend legal claims; reporting due to regulators/government entities). Other purposes communicated to you at the time of collection. |
| Retention Period* |
We maintain applicant information for a period of 2 years from the date of application, if the applicant is not hired. If the applicant is hired, this information becomes part of the employee's file, and the retention period below applies. We maintain information contained in an employee's file for the duration of employment and for a period of 7 years thereafter. Payroll documents such as a Form W-2, commission statement, garnishee records, stock option documents, direct deposit applications, and general payroll registers and records are maintained for 7 years and they are thereafter deleted upon tax department approval. |
| Disclosed to third parties (not service providers) for a business purpose. |
Benefit providers (e.g. health insurance) you elect. Government entities as necessary for tax reporting, evidencing eligibility for employment, or facilitating unemployment claims. Our affiliates to provide shared business services (e.g. human resources, accounting and tax, legal). Other third parties (such as law enforcement) as required by law, or as necessary to exercise our legal rights. |
Your account log-in credentials in combination with your password to access our websites and internal systems.
| Collected? | Yes |
| Source | From you when you provide it to us online or within our systems. |
| Purpose of Collection or Use | Create and administer accounts and accesses in connection with your employment or application. |
| Retention Period* | For so long as you have such accounts with us or within our systems. |
| Disclosed to third parties (not service providers) for a business purpose. |
Our affiliates to provide shared business services (e.g. information security, IT support). Other third parties (such as law enforcement) as required by law, or as necessary to exercise our legal rights. |
Precise geolocation.
| Collected? | Yes |
| Source | From you, through our service providers. It will happen only if you're a DSC, and you choose to “check in” through Sally-provided software when visiting accounts. |
| Purpose of Collection or Use |
Various analytics related to customer visits and interactions and routes driven, which are used to manage and improve our service to such customers. Legal, recordkeeping, and compliance purposes (e.g. exercise or defend legal claims). Other purposes communicated to you at the time of collection. |
| Retention Period* | “Check-ins” are associated with the corresponding customer, and we retain our customer records during the time such customer is active. Thereafter, records, or portions thereof may be deleted when there is no longer a legal or compliance reason to retain the data. |
| Disclosed to third parties (not service providers) for a business purpose. |
Our affiliates to provide shared business services (e.g. human resources, accounting and tax, legal, loss prevention, information security, IT support, full service management). Third parties (such as law enforcement) as required by law, or as necessary to exercise our legal rights. |
Your racial or ethnic origin.
| Collected? | Yes |
| Source | From you when you choose to provide it. |
| Purpose of Collection or Use |
Comply with applicable law (e.g. EEOC reporting). Investigate and respond to claims applicable to this information. Other purposes communicated to you at the time of collection. |
| Retention Period* |
We maintain applicant information for a period of 2 years from the date of application, if the applicant is not hired. If the applicant is hired, this information becomes part of the employee's file, and the retention period below applies. We maintain information contained in an employee's file for the duration of employment and for a period of 7 years thereafter. EEO-1s are retained for 5 years. |
| Disclosed to third parties (not service providers) for a business purpose. |
Our affiliates to provide shared business services (e.g. human resources, legal). Other third parties (such as law enforcement) as required by law, or as necessary to exercise our legal rights. |
Your citizenship or immigration status.
| Collected? | Yes |
| Source |
From you or your device(s) or our company devices when you provide it to us or interact with us online (such as through our website, internal systems, a job site, email, video call, or our social media) or offline (such as in the course of your employment, in person interaction with us, submission of paper documents, through a retail location, or over the phone). From our service providers, such as a background check provider. From third parties such as information submitted through external recruiters. |
| Purpose of Collection or Use |
Comply with applicable law (e.g. maintaining your completed Form I-9, W-4, or California's Form DE 4). Facilitate payment of fees or wages to you and comply with our corresponding legal obligations (e.g. tax reporting). Legal, recordkeeping, and compliance purposes (e.g. maintenance of business records; collect and remit appropriate taxes; exercise or defend legal claims; reporting due to regulators/government entities; demonstrate compliance with applicable law). Other purposes communicated to you at the time of collection. |
| Retention Period* |
We maintain applicant information for a period of 2 years from the date of application, if the applicant is not hired. If the applicant is hired, this information becomes part of the employee's file, and the retention period below applies. We maintain information contained in an employee's file for the duration of employment and for a period of 7 years thereafter. |
| Disclosed to third parties (not service providers) for a business purpose. |
Government entities as necessary for tax reporting, evidencing eligibility for employment, or facilitating unemployment claims. Our affiliates to provide shared business services (e.g. human resources, legal). Other third parties (such as law enforcement) as required by law, or as necessary to exercise our legal rights. |
The contents of mail or email, if you are using the company's address or company issued email address.
| Collected? | Yes |
| Source | From our company systems, devices, and as physically present on our premises. |
| Purpose of Collection or Use |
Manage and improve our business operations, to the extent contents involve our business operations. Physical security, cybersecurity, incident response, and risk reduction purposes. Legal, recordkeeping, and compliance purposes (e.g. maintenance of business records; exercise or defend legal claims; demonstrate compliance with applicable law). Other purposes communicated to you at the time of collection. |
| Retention Period* |
Physical mail would not be retained, unless it relates to our business operations or there is a legal or compliance reason to retain it. The retention period would depend on the contents thereof. Employees usually choose how long to retain their emails, but we may delete emails sooner, depending on current retention rules, available storage, or other factors, in our sole discretion. If an employee deletes an email, such email is retained on backup systems no longer than six months. We may choose to further retain emails sent or received on a company-issued email address for variety of purposes, including but not limited to managing our business operations (e.g. email discussing our business transaction with our vendor) or as necessary to exercise or defend legal claims. |
| Disclosed to third parties (not service providers) for a business purpose. |
Our affiliates to provide shared business services (e.g. human resources, accounting and tax, legal, loss prevention, information security, IT support). Other third parties (such as law enforcement) as required by law, or as necessary to exercise our legal rights. |
Health information including pregnancy or childbirth, medical condition, or disability.
| Collected? | Yes |
| Source |
From you when you choose to provide it. From our service providers, such as a leave or benefits administrator. From you or a third party if there is an injury or illness that occurs on our premises or in the performance of your employment duties. |
| Purpose of Collection or Use |
Investigate and respond to claims applicable to this information. Comply with applicable law (e.g. California's Fair Employment and Housing Act). Coordinate the benefits (e.g. health insurance) you elect. Administer leave benefits or for workers' compensation purposes. Assist in the administration of leave and disability accommodation requests in accordance with company policy, and state and federal law. Legal, recordkeeping, and compliance purposes (e.g. exercise or defend legal claims; demonstrate compliance with applicable law). Other purposes communicated to you at the time of collection. |
| Retention Period* |
We maintain applicant information for a period of 2 years from the date of application, if the applicant is not hired. If the applicant is hired, this information becomes part of the employee's file, and the retention period below applies. We maintain information contained in an employee's file for the duration of employment and for a period of 7 years thereafter. We retain information related to employee benefits for 7 years. Disability records and leave of absence files are retained for 7 years after closure. Employee medical records (including health insurance claims) are retained 7 years after termination. |
| Disclosed to third parties (not service providers) for a business purpose. |
Benefit providers (e.g. health insurance) you elect. Administrators of leave benefits or for workers' compensation purposes. Government entities as necessary for facilitating unemployment claims or evidencing compliance with applicable law. Our affiliates to provide shared business services (e.g. human resources, legal). Other third parties (such as law enforcement) as required by law, or as necessary to exercise our legal rights. |
Your sexual orientation.
| Collected? | Yes |
| Source | From you when you choose to provide it. |
| Purpose of Collection or Use |
Investigate and respond to claims applicable to this information. Other purposes communicated to you at the time of collection. |
| Retention Period* |
We maintain applicant information for a period of 2 years from the date of application, if the applicant is not hired. If the applicant is hired, this information becomes part of the employee's file, and the retention period below applies. We maintain information contained in an employee's file for the duration of employment and for a period of 7 years thereafter. |
| Disclosed to third parties (not service providers) for a business purpose. |
Our affiliates to provide shared business services (e.g. human resources, legal). Other third parties (such as law enforcement) as required by law, or as necessary to exercise our legal rights. |
*Retention Periods: The retention periods disclosed above depend on and may change based on a variety of factors including, but not limited to: our available space to store the records; shortening the period if we determine we no longer have a reasonable need for the information; extending the period if the information is needed for legal purposes (e.g. ongoing litigation), required to be retained by law, needed to exercise our legal rights, part of an unresolved customer service or security issue, or used for internal training purposes; legal requirements that change after the information was collected (e.g. a law that requires us to delete something sooner or save something longer than we originally intended to).
Personal information does not include publicly available information or lawfully obtained truthful information that is a matter of public concern; de-identified or aggregated information; or information excluded from the CCPA's scope, such as information covered by other specifically-named privacy laws, such as GLBA or HIPAA. We collect, disclose, and use this information in accordance with applicable law. If information is in de-identified form, we will not attempt to re-identify the information, except as permitted by the CCPA.
We do not “sell” or “share” your personal information, as those terms are defined by the CCPA.
We do not knowingly accept applications, or otherwise employ or contract with individuals under the age of 16. As such, we do not knowingly collect, sell, or share the personal information of consumers under the age of 16. If you believe we have collected personal information of a consumer under the age of 16, please submit a Request to Delete.
You, or an authorized agent on your behalf, have the right to make requests regarding your personal information. A description and method(s) to submit each type are detailed below.
Right to Opt Out of Sale/Sharing or Limit Use and Disclosure of Sensitive Personal Information
We do not sell or share your personal information, as those terms are defined by the CCPA.
We do not use or disclose your sensitive personal information, except as required to comply with applicable law, or for the other purposes permitted by the CCPA. We do not collect or process any sensitive personal information for the purpose of inferring characteristics about you.
As such, we do not offer these request types.
Right to Correct
Correct inaccurate personal information we maintain about you.
If you're a current employee, you can correct some of your information yourself. To do so, login to the HUB.
If you don't have a HUB login, self-service doesn't meet your needs, or the HUB doesn't have the information or won't let you access the information you need to correct, you can submit a request by:
Clicking here; or
Calling 800-777-5706, Option 2, Option 8.
Right to Delete
Delete personal information we've collected about you.
If you ask us to delete your personal information, we may not be able to honor that request to the extent the information is required to pay wages, comply with tax, audit, legal, or regulatory requirements, otherwise fulfill our obligations as an employer, or other reasons.
To submit a Right to Delete request:
Click here; or
Call 800-777-5706, Option 2, Option 8.
Right to Know
To submit a Right to Know request:
Click here; or
Call 800-777-5706, Option 2, Option 8.
Authorized Agents
If you are an authorized agent, you must provide documentation (e.g. signed permission, power of attorney) showing you are authorized by the consumer, to act on the consumer's behalf.
If you submit your request online, such documentation can be uploaded with the request. For security and legal reasons, we will reject requests that require us to access third-party websites or services.
Appeals
If you live in California, and we decline to fulfill one of the requests above, we'll provide you instructions on how to appeal in such denial. You can also call us at 800-777-5706, Option 2, Option 8 to appeal.
Retaliation
We will not retaliate against you for exercising any of your rights described herein.
Statistics on Consumer Privacy Requests We Receive
We received consumer privacy requests related to an employee, job applicant, contractor, director, or officer of ours residing in California. Below are statistics on the number of requests we've received in California and how they have been fulfilled.
| Requests as of January 1, 2024 – December 31, 2024 | Received | Fulfilled | Denied* | Mean Duration (days) |
|---|---|---|---|---|
| Requests to know | 1 | 1 | 0 | 3 |
| Requests to delete | 0 | 0 | 0 | N/A |
| Requests to opt-out | 0 | 0 | 0 | N/A |
| Requests to correct inaccurate personal information | 0 | 0 | 0 | N/A |
| Requests to limit use and disclosure of sensitive personal information | 0 | 0 | 0 | N/A |
*Lack of verification response; duplicate request; or other permitted reason.
We do not have financial incentive programs applicable to employees, job applicants, contractors, directors, or officers of ours residing in California.
We reserve the right to amend this Notice at out discretion and at any time. We will provide additional notice to you if we make any changes that materially affect your privacy rights.
If you have any questions or comments about this Notice, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact your HR Business Partner. You can also write to us at Sally Beauty Holdings, Inc., 7900 Windrose Ave Plano, TX 75024, Attn: HR File Room.