Privacy Policy

PRIVACY POLICY
www.4derma.eu

This is our Privacy Policy. Herewith we explain the ways we collect and process the personal data of our visitors. The Policy also provides information about the data subject’s rights and our contact details.

What types of data do we collect?
The Website may require certain information about you in order to provide a maximum user experience and full access to our services. If a certain service on the Website requires that we may ask you to provide certain personal information, such as: 1) names; 2) valid e-mail address; 3) preferences or feedback; 4) delivery address; 5) additional data (user content and/or inquiry). Personal data may also be collected upon request related to the exercise of your data subject rights as described below.

How do we collect this data?
Personal data can be collected in the following ways (jointly and separately): 1) when provided personally and voluntarily by you; 2) via cookies and other similar solutions intended at optimizing the Website performance.

For the performance of certain features, our Website may collect data from your end device while performing standard activities for the normal functioning of WEB operations. This way, additional data may also be collected, such as: 1) IP address; 2) type of browser; 3) language settings; 4) type of device; type of operating system.

Purposes, legal basis and retention period
We use the information described above for different purposes based on the relevant legal bases, namely:
 

Operating System

Personal data: IP address, Browser type, Language settings, Duration of user sessions
Method of collection: Provided personally by the visitor or collected via cookies and other similar solutions.
Purpose: for the purposes of providing the full functionality of the Website
Legal Basis under GDPR: art. 6, par. 1 b) – for the performance of a contract (service provision – using a website)
Retention period: up to 24 months* ( *after the end of a user session)

 

Personal data: Name and surname, E-mail address
Method of collection: Provided personally by the visitor or through a contact form
Purpose: for the purposes of establishing contact; for official, legal and/or system warnings, legal purposes.
Legal Basis under GDPR: art. 6, par. 1 a) – provided consent to the processing of the data; art. 6, par. 1 c) – for compliance with a legal obligation applicable to the data controller; art. 6, par. 1 f) - for the purposes of our legitimate interests 
Retention period: up to 24 months* ( * or until consent withdrawal) 

 

Personal data: E-mail address
Method of collection: Provided personally by the visitor through  the registration form
Purpose: for the purposes of creating a user profile on the Website
Legal Basis under GDPR: art. 6, par. 1 b) – for the performance of a contract (service provision – using a website)
Retention period:  up to the deactivation of the user profile

 

Personal data: E-mail address
Method of collection: Provided personally and voluntarily by the visitor through  the subscription form
Purpose: for the purposes of subscribing to newsletters
Legal Basis under GDPR: art. 6, par. 1 a) – provided consent to the processing of the data
Retention period: until consent withdrawal 

 

Personal data: E-mail address
Method of collection: Provided personally by the visitor upon registration
Purpose: for the purposes of sending account and service updates, policy changes, updates to our T&Cs; sending system notifications and messages related to the use of the Website
Legal Basis under GDPR: art. 6, par. 1 b) – for the performance of a contract (service provision – using a website)
Retention period: up to the deactivation of the user profile

 

Personal data: E-mail address, Delivery address, Tracking number, Order and payment status
Method of collection: Provided personally by the visitor upon placing orders
Purpose: for the purposes of concluding a contract (delivery of goods)
Legal Basis under GDPR: art. 6, par. 1 b) – for the performance of the contract (delivery of goods)
Retention period: for up to 60 months* ( *or until settlement of a legal dispute between the parties)

Data protection
Personal data protection and information security are among our top priorities. We implement and apply adequate technical and organizational measures to guarantee the security of your personal data and protect it from any accidental or unlawful destruction, loss, alteration, misuse, or unauthorised access/disclosure. 


Who do we share your data with?
We will only process and share personal data in accordance with applicable data protection and privacy laws. In certain situations where the relevant legal bases are present, we can share your personal data with public authorities (public administration, judicial or law enforcing authorities). We reserve the right to share personal data and/or other visitors’ information: 1) in response to subpoenas or court orders, to establish, protect, or exercise our legal rights or defend against legal claims; 2) if necessary to investigate, prevent or take action regarding illegal activities, fraud or situations involving potential threats to the safety of any person or property; 3) to protect and defend our legal rights or property, our services or their users, or any other party. 

When you place an order your personal information will be shared with or directly collected by our service providers, such as: payment services providers, warehouses and delivery companies. These third parties have their own privacy policies and any data processing activities will be carried out in accordance with their respective privacy rules.

Data subjects' rights
The Website visitors are data subjects under The General Data Protection Regulation (GDPR). Each data subject has the following rights: 1) Right to be informed; 2) Right to access; 3) Right to rectification; 4) Right to erasure; 5) Right to restriction of processing; 6) Right to data portability; 7) Right to object; 8) Right not to be subject of processing, including profiling; 9) Right to lodge a complaint.

In order to learn more about their rights as data subjects, visitors can visit the information website of the European Data Protection Board or the website of their national supervisory authority.

Visitors can exercise their data subject rights at any time. They can send us a request by standard mail or by e-mail to info@4derma.eu.  

To avoid any misuse, we reserve the right to request additional data to establish the identity of the person who submitted the request and the data subject whom it concerns. We will respond to requests within two months. If we find it necessary to extend the indicated term, visitors will be notified of the extension and the reasons therefor.

We may refuse to process requests that are unreasonably repetitive or threaten the privacy of other data subjects. We will provide data subjects with a free copy of the personal data that is being processed, but we reserve the right to charge a proportional fee in the event of recurrence or excessiveness of the requests.

Should you have any questions or comments concerning this Privacy Policy, you can reach out to us.

Published

01.10.2023