- the type of information about you that we collect
- how that information is used
- who will have access to that information
- how long we will hold your personal information for
- our security measures for protection of that information
- how our processing of your personal data is lawful, and
- your rights under the Data Protection Laws.
The term “personal data” means any information from which a living individual can be identified such as name, contact details and photographs. “Special categories of personal data” relates to more sensitive types of personal data including (amongst others) racial or ethnic origin, physical or mental health or condition and sexual life. These terms are defined in the Data Protection Laws.
Categories of information collected
We will collect and hold these categories of personal data about you:
- General enquiries or complaints: If you submit a general enquiry, or if you need to make a complaint, we will need to collect your:
- contact details (address, phone number, email address), and
- the details of your enquiry or complaint.
- Account details: We collect the following information in order to create and maintain your account and enable the medical services provided to you:
- your first and last names
- your email address, username and password
- your date of birth
- your phone number
- your marketing preferences.
- Medical information: In order to assess whether you can be prescribed with the product you have requested, you need to complete our medical questionnaire which collects medical information about you. This is a special category of personal data and may include photographs that you submit in connection with your medical consultation.
- Purchase of prescription products: We will collect the following information to administer any purchases you wish to make from us:
- your contact and delivery details (phone number, email address and postal address)
- your purchase information (product, date, amount)
- The prescription issued by a GP. The GP who assesses your medical information will decide if you can be safely prescribed the product you want.
- Payment information: We do not store your payment card details within your account as all payment is dealt with directly by Stripe Payments Europe, Ltd. Stripe notifies us whether a transaction is successful or not.
- Surveys: We may from time to time ask you to provide feedback on the quality of our service. To do this we will need to collect your:
- contact details (address, phone number, email address), and
- information in relation how you came across us, how you have found us and how you think we can improve our services.
- Information collected automatically: When you visit our site or use our services, we will automatically collect some information from the hardware and software you use at that time, which together with the other information we collect may constitute “personal data” for the purposes of the Data Protection Laws. If you are an unregistered user, we will still collect the following data (which alone is unlikely to constitute “personal data” for the purposes of the Data Protection Laws, but that we wish to be transparent about in any case):
- your browsing history on our websites
- the information provided by your device and browser, including referrer and tracking data, and
- your ip address.
Use of information collected
Dermaskin uses your personal data for the following purposes set out below. We are allowed to do so on certain legal bases (please see section “Lawful basis for processing your personal data” for further detail):Storage and sharing of information collected. Dermaskin shares your personal information with Dermaskin’s service providers who process your data as part of the services they offer to us. We take steps to ensure that our service providers treat your data in accordance with the law, only use it in accordance with our contract with them and keep it secure.Like any business, we use many other providers to help us operate our business and who process your personal data as part of providing their services to us. Those providers fall into the following categories:
- Braze – for customer engagement services including email and SMS storage
- Google Analytics and Tag Manager – to analyse and develop our web services
- Amplitude – to analyse and develop our product strategy
- AWS (eu-west-2) – for data storage and hosting
- Google Cloud – for web hosting
- Facebook – for advertising and marketing
- Google AdWords – for advertising and marketing
- Looker – for our own business intelligence purposes
In addition, we share your personal data with the following organisations who act as separate controllers of your personal data. You should review their privacy policies to find out how they process your personal data. If you have any queries or complaints about how they process your personal data by them, please contact them separately using the contact information provided on their website.
- SEREN PLUS LIMITED, trading and Health Plus Pharmacy and its associated pharmacies – sells and delivers the prescription products to you
- Stripe Payments Europe, Ltd. – takes payment for the products
We also share data as necessary to enforce our legal rights, defend legal claims and if required by law to disclose to courts, police, law enforcement agencies or regulators.
The list below provides details about how long we will process your data security. Dermaskin implements security measures to help protect the personal information we hold. We do this by implementing and using the appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing.We also aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data. We do this by following recognised industry practices for protecting our IT environment and physical facilities: for example, we encrypt the transmission of information through the website and app by using secure socket layer (SSL) technology and utilise AWS and Aptible to provide ISO 27001, and SOC2 compliance for the personal data that we store on your behalf.To help maintain the security of your personal information, We ask that you please notify us immediately of any unauthorised visit, access or use of the website or the loss or unauthorised use of your username or password using the contact information that appears below.
Lawful basis for processing your personal data
Account details, Purchase of prescription products, Payment information, Medical Information
|Personal Data||Contract: Processing your personal data is necessary for our performance of our contract with you. These obligations include facilitating the process of obtaining a consultation with a doctor and purchasing prescription products from our associated pharmacy. If you do not provide your personal data to us, we will not be able to carry out our obligations under the terms of the contract.Legal claims: We need to process your personal data to defend or establish a legal claim (for example, claims relating to our services under contract law).|
|Special Categories of Data||Express consent: We process your special categories of personal data with your explicit consent for the purpose of facilitating your access to a doctor to obtain a consultation and potentially a prescription and purchase the relevant prescription product from our associated pharmacy. Please note that you have the right to withdraw this consent at any point. However, if you do withdraw your consent it means that we will not be able to carry out our obligations.Legal claims: We need to process your personal data to defend or establish a legal claim (for example, claims relating to our Membership service under contract law).|
General enquiries or complaints and survey
|Personal Data||Legitimate interests: We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in our interest. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. Our legitimate interest is to provide you with information you have requested, provide effective and helpful customer support and improve our products, services and marketing. You can object to the processing that we carry out on the grounds of legitimate interests. See the section “Your Privacy Rights under the Data Protection Laws” below to find out how.|
- those that are strictly necessary for the operation of our site, including those that enable you to login to the user area, use the shopping cart or make purchases
- analytical and performance cookies which allow us to track the use of our site before, during and after accessing them and in turn allow us to improve it
- cookies that increase functionality and the user experience for you, including remembering you when you visit the site and personalising it based on your previous use and preferences, and
- targeting cookies, which record your visit to our site, the pages visited and the links followed and are used to provide you relevant advertisements and information where possible.
At present, the following approved third parties may also set cookies when you use our services:
- to show personalised advertisements: Facebook, Google AdWords and Bing
- to carry out testing of our services: Visual Website Optimizer
- for our own internal web analytics purposes: Google Analytics and Amplitude
- for customer engagement purposes: Braze
- for payment processing: Stripe
Your privacy rights under the Data Protection Laws
You have the following rights under the Data Protection Laws. We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months. Please be aware that there are exemptions in relation to some of these rights which we will apply in accordance with the Data Protection Laws.
- Right to access your personal data: You may ask to see what personal data we hold about you and be provided with: – a copy – details of the purpose for which it is being or is to be processed – details of the recipients or classes of recipients to whom it is or may be disclosed, including if they are overseas and what protections are used for those oversea transfers – the period for which it is held (or the criteria we use to determine how long it is held) – any information available about the source of that data, and – whether we carry out an automated decision-making, or profiling, and where we do information about the logic involved and the envisaged outcome or consequences of that decision or profiling. To help us find the information easily, please provide us as much information as possible about the type of information you would like to see.
- Right to rectification: You can require us to correct any mistakes in your information which we hold free of charge. If you would like to do this, please let us know the information that is incorrect and what it should be replaced with.
- Right to erasure (‘the right to be forgotten’): You can ask us to erase your personal data where:
- if you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data;
- you object to our processing and we do not have any legitimate interests to process your personal data; or
- your personal data has been processed unlawfully or have not been erased when it should have been.
- Right to restrict processing: You may request that we stop processing your personal data temporarily if:
- you do not think that your data is accurate. We will start processing again once we have checked whether or not it is accurate;
- the processing is unlawful but you do not want us to erase your data; or
- we no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims.
- Right to data portability: You may ask for an electronic copy of your personal data which you provide to us, which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party.
- Right to object to processing of your personal data: You may object to us processing your personal data where we rely on a legitimate interest as our lawful basis for processing. If you object to us processing your personal data we must demonstrate compelling grounds for continuing to do so. We believe we have demonstrated compelling grounds in the section ‘Lawful basis for processing your personal data’.
- Rights in relation to automated decision making: We do not make any automated decisions about you so this right does not apply.
- By post: Dermaskin Limited with a subject line containing “Data Protection” at LGF York Court, Schooner Way, Cardiff CF10 4DY
- By email: email@example.com, with a subject line containing “Data Protection.”
These User Terms are important so please read them carefully. They apply when you browse our website at dermaskin.co.uk (“Website”). By using our site, you confirm that you accept these User Terms and that you agree to comply with them. If you do not agree to these terms, you must not use our site. We recommend that you print a copy for your records.We may change these User Terms from time to time so you should check back regularly to see if anything has changed. The changes will become effective from the next time that you access the website. The User Terms were last updated on the date set out above.We may also make changes to the Website from time to time and will try to notify you of any significant changes on the Website.
- Who we are, what we do and contacting us
- We are Dermaskin Clinic and with registered address:1 LGF York Court, Schooner Way, Cardiff CF10 4DY (“Company”, “we”, “us”).
- Through our Website, we provide a platform to enable users to create an account and obtain (i) online physician consultations, (ii) if prescribed by the online physician, certain prescription medications from third-party service providers, and (iii) certain other products or services made available by us on the Website (the “Services”).
- The terms by which you can order Services and by which we provide the Services to you are set out in our Service Terms.
- If you have any questions about anything in these User Terms or if you have technical issues or wish to make a complaint, then just contact us at firstname.lastname@example.org.
- Your rights and restrictions
- The Website is for your own personal and non-commercial use only.
- The Website is intended for use only in the United Kingdom
- When using the Website and your Account, you agree not to:
- attempt to undermine the security or integrity of the Website, Company’s computing systems or networks or, where the Services or Website are hosted by a third party, that third party’s computing systems and networks. Company will report any security breach to the relevant law enforcement authorities and will co-operate with those authorities by disclosing your identity to them;
- use, or misuse, the Services or Website in any way which may impair the functionality of the Services or Website, or other systems used to deliver the Services or Website or impair the ability of any other user to use the Services or Website;
- attempt to gain unauthorised access to any materials other than those to which You have been given express permission to access or to the computer system on which the Services or Website are hosted;
- transmit, or input into the Services or Website, any files or data that may damage any other person’s computing devices or software, content that may be offensive, or material or data in violation of any law (including data or other material protected by copyright or trade secrets which you do not have the right to use);
- create links to the Website unless Company gives you prior written consent;
- attempt to modify, copy, adapt, reproduce, disassemble, decompile or reverse engineer any computer programs used to deliver the Services or to operate the Website except as is strictly necessary to use either of them for normal operation and other than as permitted by law;
- impersonate any other person while using the Website;
- conduct yourself in a vulgar, offensive, harassing or objectionable manner while using the Website; or
- use the Website for any unlawful purpose.
- If you use any communication tools available through the Website (such as any forum, questionnaire or message centre), you agree only to use such communication tools for your domestic purposes and in accordance with the law. You must not use any such communication tool for posting or disseminating any material unrelated to the Website or for advertising or marketing purposes.
- When you make any communication on the Website, you represent that you are permitted to make such communication. Any communications shall be conducted in a courteous manner. Company is under no obligation to ensure that the communications on the Website are legitimate or that they are related only to the use of the Services.
- You may have other rights granted by law, and these User Terms do not affect these except if the two are inconsistent. If this is the case then these User Terms will override any other rights which you may have, unless this is not permitted by law.
- Your personal information
- Other than as set out in these User Terms the Website is provided on an “as is” and “as available” basis. Company makes no representations or warranties of any kind, express or implied, as to the operation of the Website or the Services or any information, content, materials or products included or referenced on the Website.
- Company does its best to ensure that the information accessed through the Website is accurate and up to date but cannot guarantee that this will always be the case.
- Company aims to make the Website available to you all the time but sometimes it may be unavailable due to maintenance or to factors outside of Company’s control, such as the internet.
- Company follows industry standards and processes to prevent against the introduction of viruses, malware and malicious attacks that may harm the Website or the device that you use to access the Website, but Company cannot guarantee that the application will be totally free from viruses and malware.
- Company does not guarantee that the Website will be compatible with all hardware and software that you may use.
- The Website may contain links to third party web sites or programs that are not controlled by Company. Company is not responsible for the content, terms and conditions, offers or privacy policies of such sites and programs. Your dealings with third party sites are solely between you and the applicable third party and you should read their terms and conditions and policies before using them.
- Company’s rights and obligations
- Company may change, modify, amend or remove some or all of the functionality or content on the Website at any time.
- Company reserves the right to remove any communication or any material held within the Website at any time in its sole discretion.
- You agree that Company is free to use any comments, information or ideas contained in any communication you may send to us without compensation, acknowledgement or payment to you for any purpose whatsoever, including, but not limited to, developing, manufacturing and marketing products and services and creating, modifying or improving the Website, Services or other products or services.
- Company and/or Company’s licensors are the owners of the Website, which includes (but without limitation) any software, applications and domains made available through it.
- All intellectual property rights in the Website, and the content (except the personal information of you and other users contained your and their accounts), video, audio, graphics, logos, icons and service names which appear on the Website belong, or are licensed, to Company. You do not have any rights to such intellectual property except as expressly set out in these User Terms.
- Our liability to you
- These User Terms do not exclude or limit Company’s liability (if any) for:
- death or personal injury caused by Company’s negligence;
- fraudulent misrepresentation; or
- any matter which it would be illegal for Company to exclude or attempt to exclude Company’s liability.
- Company is only liable to you for losses which you suffer as a direct result of Company’s breach of these User Terms and which are reasonably foreseeable. Loss or damage is foreseeable if either it is obvious that it will happen or if, at the time you accepted the User Terms was made, both we and you knew it might happen.
- These User Terms do not exclude or limit Company’s liability (if any) for:
- These User Terms and all communications between us will be in English. No other languages will apply to these User Terms.
- You may not transfer any of your rights under these User Terms to any other person.
- We may transfer any of our rights under these User Terms to any person or ask any person to fulfil any aspect of it so long as the performance of these User Terms is not affected.
- Only you and we have any rights under these User Terms. No other person shall have any rights under these Terms.
- Each of the paragraphs of these User Terms operates separately. If any court or relevant authority decides that any of them are unlawful, the remaining paragraphs will remain in full force and effect.
- These User Terms will be governed by English law and you may bring legal proceedings in respect of these User Terms and/or the supply of services by us in the English Courts. If you live in Scotland you can bring legal proceedings in respect of the supply of services by us in either the Scottish or the English courts. If you live in Northern Ireland you can bring legal proceedings in respect of the supply of services by us in either the Northern Irish or the English courts.