1. Introduction

Hair by Tuni (“we”, “us”, or “our”) is committed to protecting the privacy and personal information of our customers, website visitors, and all individuals who interact with us through our website at www.hairbytuni.com (the “Website”).

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in compliance with Canada’s federal and provincial privacy legislation, including:

• The Personal Information Protection and Electronic Documents Act (PIPEDA), S.C. 2000, c. 5;
• The Consumer Privacy Protection Act (CPPA), when in force;
• Applicable provincial privacy laws, including Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA) where applicable;
• Canada’s Anti-Spam Legislation (CASL), S.C. 2010, c. 23.

By accessing or using our Website, creating an account, or making a purchase, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described herein.

2. About Us — The Data Controller

Hair by Tuni is the organization responsible for the management and protection of your personal information collected through the Website. For the purposes of applicable Canadian privacy law, Hair by Tuni acts as the “organization” accountable for personal information under its control.

Website: www.hairbytuni.com

Email: hello@hairbytuni.com

If you have any questions or concerns about how we handle your personal information, please contact us at hello@hairbytuni.com. We will respond within 30 days as required under PIPEDA.

3. Personal Information We Collect

“Personal information” means any information about an identifiable individual. We collect personal information only for purposes that a reasonable person would consider appropriate in the circumstances. The categories of personal information we may collect include:

3.1 Information You Provide Directly

• Identity Information: Your first and last name.
• Contact Information: Email address, phone number, mailing address, and province/territory of residence.
• Account Information: Username and password if you create an account on the Website.
• Order & Transaction Information: Products purchased, order history, billing address, and shipping address.
• Payment Information: Payment card details processed securely through our third-party payment processor. We do not store your full card number on our servers.
• Communications: Messages, inquiries, feedback, or other correspondence you send to us via email or contact forms.
• Marketing Preferences: Your consent choices for receiving promotional communications from us.

3.2 Information Collected Automatically

When you visit the Website, we may automatically collect certain technical information, including:

• Device & Usage Data: IP address, browser type and version, operating system, referring URLs, pages viewed, time spent on pages, and clickstream data.
• Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to enhance your browsing experience, analyze site traffic, and support marketing activities. See Section 8 (Cookies) for details.

3.3 Information from Third Parties

We may receive personal information from third-party service providers (such as payment processors, shipping carriers, or analytics providers) that assist us in operating the Website and fulfilling orders. We only work with third parties who handle personal information in a manner consistent with applicable Canadian privacy law.

4. How We Use Your Personal Information

Under PIPEDA, we may only use your personal information for the purposes for which it was collected or for a directly related purpose, unless we obtain your consent for another use, or as permitted or required by law. We use your personal information for the following purposes:

4.1 To Fulfill Your Orders and Provide Services

• Process, fulfill, and ship your orders;
• Send order confirmations, shipping notifications, and delivery updates;
• Manage returns, refunds, and exchanges in accordance with our Refund Policy;
• Respond to your customer service inquiries and resolve disputes.

4.2 To Operate and Improve Our Business

• Maintain and improve the functionality and security of the Website;
• Analyze purchasing trends, customer behavior, and Website performance;
• Conduct internal research, product development, and quality assurance;
• Comply with our legal and contractual obligations.

4.3 To Communicate With You

• Send transactional and account-related communications (e.g., order updates, password resets);
• Send promotional emails, newsletters, or marketing communications — only with your express or implied consent as required by CASL;
• Notify you of changes to our policies or products.

4.4 Legal and Compliance Purposes

• Detect, prevent, and investigate fraud, security incidents, or illegal activity;
• Comply with applicable Canadian federal and provincial laws, regulations, and court orders;
• Enforce our Terms and Conditions and other agreements.

5. Consent

Under PIPEDA, our collection, use, and disclosure of your personal information is based on your knowledge and consent, except where an exception applies. We obtain consent in the following ways:

• Express Consent: Clearly obtained through checkboxes, account registration forms, or opt-in mechanisms (e.g., subscribing to our newsletter).
• Implied Consent: Reasonably inferred from your actions — for example, providing your shipping address to complete a purchase implies consent to use that information for order fulfillment.

You may withdraw your consent at any time, subject to legal and contractual restrictions and reasonable notice, by contacting us at hello@hairbytuni.com. Please note that withdrawing consent may affect our ability to provide you with certain products or services.

6. Disclosure of Your Personal Information

Hair by Tuni does not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may share your personal information only in the following circumstances:

6.1 Service Providers

We share personal information with trusted third-party service providers who assist us in operating the Website and fulfilling orders, including:

• Payment processors (e.g., Stripe, PayPal, or equivalent) for secure transaction processing;
• Shipping and logistics carriers for order delivery;
• Email marketing platforms for sending promotional and transactional communications;
• Website hosting and cloud infrastructure providers;
• Analytics providers for Website performance monitoring.

All service providers are contractually required to handle personal information only as directed by us and in a manner consistent with applicable Canadian privacy law. They may not use your information for their own purposes.

6.2 Legal Requirements

We may disclose your personal information where required or permitted by law, including:

• In response to a valid court order, subpoena, warrant, or other legal process;
• To comply with applicable federal or provincial legislation or regulatory requirements;
• To protect the rights, property, or safety of Hair by Tuni, our customers, or others;
• To detect, prevent, or investigate fraud or illegal activity.

6.3 Business Transfers

In the event of a merger, acquisition, sale of assets, reorganization, or similar business transaction, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Website before your information is transferred and becomes subject to a different privacy policy.

6.4 Cross-Border Transfers

Some of our third-party service providers may be located outside of Canada, including in the United States. Where personal information is transferred outside Canada, we take steps to ensure that it receives a comparable level of protection as required under PIPEDA, including through contractual arrangements with the receiving party. By using the Website, you acknowledge and consent to such transfers as described in this policy.

7. Retention of Personal Information

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements, and to resolve disputes or enforce our agreements.

In general, we retain:

• Order and transaction records for a minimum of 7 years, in accordance with Canadian tax and accounting requirements;
• Account information for as long as your account remains active, and for a reasonable period thereafter;
• Marketing consent records for the duration of our relationship and for a period thereafter as required by CASL;
• Customer service communications for a period sufficient to resolve any related issues.

When personal information is no longer required, we securely destroy or anonymize it in a manner that prevents unauthorized access or reconstruction.

8. Cookies and Tracking Technologies

8.1 What Are Cookies

Cookies are small text files placed on your device when you visit a website. They help the website remember your preferences and understand how you interact with it. We use the following types of cookies:

• Strictly Necessary Cookies: Essential for the Website to function (e.g., maintaining your shopping cart and session).
• Performance and Analytics Cookies: Help us understand how visitors use the Website (e.g., Google Analytics).
• Functional Cookies: Remember your preferences and settings to improve your experience.
• Marketing and Targeting Cookies: Used to deliver relevant advertisements and track the effectiveness of marketing campaigns, only with your consent.

8.2 Your Cookie Choices

You may control or disable cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or receive a warning before a cookie is placed. Please note that disabling certain cookies may affect the functionality of the Website.

Where required by applicable law, we will obtain your consent before placing non-essential cookies on your device.

9. Your Privacy Rights

Under PIPEDA and applicable provincial privacy laws, you have the following rights with respect to your personal information:

9.1 Right of Access

You have the right to request access to the personal information we hold about you. Upon receiving a written request, we will provide you with the information within 30 days, along with an account of how it has been used and to whom it has been disclosed, to the extent permitted by law.

9.2 Right to Correction

If you believe that any personal information we hold about you is inaccurate, incomplete, or out of date, you have the right to request that we correct it. We will promptly update our records and notify any third parties to whom the information was disclosed, where appropriate.

9.3 Right to Withdraw Consent

You may withdraw your consent to the collection, use, or disclosure of your personal information at any time, subject to legal and contractual restrictions. Withdrawal of consent may affect our ability to provide you with certain services.

9.4 Right to File a Complaint

If you believe your privacy rights have been violated, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada (OPC):

Office of the Privacy Commissioner of Canada

30 Victoria Street, Gatineau, Quebec  K1A 1H3

Toll-free: 1-800-282-1376  |  Website: www.priv.gc.ca

We encourage you to contact us first at hello@hairbytuni.com so that we can address your concerns directly before escalating to the OPC.

9.5 How to Exercise Your Rights

To exercise any of the rights described above, please submit a written request to hello@hairbytuni.com. We may require you to verify your identity before processing your request. We will respond within 30 days of receiving your request.

10. Security of Personal Information

Hair by Tuni takes the security of your personal information seriously. We implement and maintain commercially reasonable physical, administrative, and technical safeguards designed to protect your personal information against unauthorized access, use, disclosure, modification, or destruction.

These measures include, but are not limited to:

• SSL/TLS encryption for all data transmitted between your browser and the Website;
• Secure storage of personal information on protected servers;
• Restricted access to personal information on a need-to-know basis;
• Use of PCI-DSS compliant third-party payment processors for all financial transactions.

Despite our efforts, no method of transmission over the internet or method of electronic storage is 100% secure. In the event of a security breach involving personal information that poses a real risk of significant harm to you, we will notify you and report the breach to the Office of the Privacy Commissioner of Canada as required under PIPEDA’s mandatory breach reporting provisions (effective November 1, 2018).

11. Children’s Privacy

The Website is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at hello@hairbytuni.com. We will take prompt steps to delete such information from our records.

12. Third-Party Websites and Services

The Website may contain links to third-party websites, plug-ins, or applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party sites you visit.

13. Marketing Communications and CASL Compliance

We will only send you commercial electronic messages (CEMs) — such as promotional emails or newsletters — if we have your express or implied consent as defined under CASL. Each CEM we send will include:

• Clear identification of Hair by Tuni as the sender;
• Our mailing address and contact information;
• A clear and simple mechanism to unsubscribe from future messages.

You may withdraw your consent to receive marketing communications at any time by clicking the “unsubscribe” link in any marketing email, or by contacting us at hello@hairbytuni.com. We will process your unsubscribe request within 10 business days as required by CASL.

Please note that withdrawing consent to marketing communications will not affect our ability to send you transactional or service-related messages (e.g., order confirmations, shipping notifications).

14. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Last Updated” date at the top of this policy and, where required by applicable law, notify you by email or through a prominent notice on the Website.

We encourage you to review this Privacy Policy periodically. Your continued use of the Website following any changes constitutes your acceptance of the updated policy. If you do not agree with the updated terms, you should discontinue use of the Website and contact us if you wish to have your personal information removed from our records.

15. Accountability

Hair by Tuni has designated a Privacy Officer responsible for the organization’s compliance with this Privacy Policy and applicable Canadian privacy legislation. Our Privacy Officer oversees our privacy practices, handles access and correction requests, and manages complaints relating to personal information.

If you have a privacy-related inquiry, complaint, or wish to exercise any of your rights under this policy, please contact our Privacy Officer:

Privacy Officer, Hair by Tuni

Email: hello@hairbytuni.com

Website: www.hairbytuni.com

We will acknowledge receipt of your inquiry promptly and provide a substantive response within 30 days, or notify you if additional time is required.

Hair by Tuni  |  www.hairbytuni.com  |  hello@hairbytuni.com

This Privacy Policy was last updated on February 28, 2026.