Privacy policy

This privacy policy (the "Privacy Policy") describes our current policies and practices with regard to Personal Information collected by us from you through the Website.

The term "Personal Information" refers to personally identifiable information about you, such as your name, date of birth, e-mail address or mailing address, telephone number and payment details.

This Privacy policy was last updated May 2018.

SECTION 1 – INFORMATION WE MAY COLLECT

We may collect and process the following Personal Information about you:

i. information you provide to us for the purpose of registering with us, including your name, e-mail address and postal address;
ii. any questions, suggestions and comments you send to us;
iii. information relating to what products you prefer when you view, buy and review them on our website;
iv. information relating to transactions carried out between you and us on or in relation to this Website, including information relating to any purchases you make of our goods;
v. Cookie information, if accepted, about your computer and about your visits to and use of our Website, including your IP address, login information, browser type, operating system, platform, geographical location, length of visit to certain pages and number of page views;

vi. information regarding your health obtained through the completion of surveys that we use for research.

SECTION 2 - WHAT DO WE DO WITH YOUR INFORMATION?

We may use your Personal Information:

i. to create and update your profile/account and to administer the Website. This is so we, for example, can answer your inquiries and register your preferences when you’ve made a purchase or left a product review;
ii. to enable your use of the services available on the Website and to notify you about changes to our services;
iii. to supply you with any goods ordered on the Website;
iv. to carry out obligations arising from any contracts entered into between you and us; and
v. with your consent, to send you marketing communications to provide you with information about goods and services which may be of interest to you.
vi. to create insights around the behavior on our website and to target our website towards the recipient, e.g. by recommending products based on your data.

SECTION 3 - CONSENT

How do you get my consent?
By using the Website and by providing us with Personal Information to post a review, complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, you give your consent for us to process your Personal Information in the manner and for the purposes described in this Privacy Policy. If you do not agree with the use of your Personal Information as set out in this Privacy Policy we cannot provide our service and would kindly request you to not use the Website.

We may also use your Personal Information to notify you of new products or services and special offers we think you may be interested in. However, you will only receive these communications where you consented to receive such communication either at the point of registration or at any point after. You can unsubscribe from such communications at any time directly within the communication or by contacting us at contact@helloskinshop.co.uk or at HelloSkin ApS, Silkegade 8, DK-1113 Copenhagen, Denmark. However, if you do unsubscribe we cannot send you personalised recommendations and you may miss out on some great offers.


SECTION 4 - DISCLOSURES

You understand and hereby consent that your Personal Information will be made accessible:

i. to third parties providing technical support (e.g., SHOPIFY Inc., which provides hosting services) and service providers assisting HelloSkin or to send communications to you;
ii. to third party fulfillment partners who handle the packages we send to you when buying products;
iii. to any proposed assignee, transferee or purchaser of HelloSkin that processes your Personal Information in accordance with this Privacy Policy;
iv. to any governmental, administrative, judicial or regulatory authority to co-operate in proceedings, inquiries and investigations by such authorities or to comply with any legal or regulatory requirements.

You understand that these recipients may be located in countries outside of the European Economic Area (“EEA”), including in the United States of America, which may not have laws equivalent to data protection laws in the EEA. In such cases HelloSkin has made appropriate contractual agreements with these providers. Data you provide voluntarily through the surveys (e.g., sensitive information around your health), we will make sure is securely stored within the EEA.
In all cases, only Personal Information that is required by the third party will be made available for them to fulfill their services.

SECTION 5 – SHOPIFY AND PAYMENT PROCESSING

Our Website is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.

Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.

Payment:
Depending on the payment option you select, that specific payment gateway stores your credit card data. We use ePay for normal credit and debit card payments and Stripe for subscription payments. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS) and is not accessible by HelloSkin. Your purchase transaction data (like credit card data) is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
For more insights on our payment options, you may also want to reads ePay’s Terms of Service and Privacy Policy
(http://www.epay.dk/om-epay-betalingssystem/betingelser-for-brugen-af-epay.asp in Danish);
and Stripe’s Terms of Service and Privacy Policy
(https://stripe.com/gb/privacy)


SECTION 6 - EXTERNAL LINKS
The Website may, from time to time, contain links to external sites operated by third parties. We are not responsible for these third party sites or the content of such third party sites. Once you have left our Website, we cannot be responsible for the protection and privacy of any information which you provide. You should exercise caution and look at the privacy statement for the website you visit. For other terms relating to use of links see our Terms of Use.

SECTION 7 - SECURITY

To prevent unauthorised access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online. [Note: the information you submit as part of product reviews may become public information and you should exercise caution when submitting reviews and consider carefully before disclosing Personal Information.]
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

SECTION 8 - COOKIES

Cookies are small information units - bits of information - which the Services may place on your browser or your computer, smartphone or other electronic equipment with memory. Cookies contain information that the Services use to, for example, make communication between you and your web browser more efficient. Cookies are common technology on the Internet and are also used in our Services.

"Session cookies" are temporary bits of information which are deleted when you exit the Services. Session cookies are typically used to improve navigation and to collect statistics. The Services uses session cookies.

"Persistent cookies" are more permanent bits of information that are stored and remain on your electronic device until they are deleted by you. Persistent cookies delete themselves after a certain period of time but are renewed each time you visit the Services. This type of cookie store information on your computer/phone for a number of purposes; e.g. for users automated login.

Google Analytics https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
to track how Website is used with enhanced ecommerce tracking.

Google Adwords http://google.com/intl/en/policies/technologies/ads/
to track how many products are bought coming from different ads. Used to display ads when searching on Google.

DataFeed Watcher https://www.datafeedwatch.com/privacy-policy/
to track how many products are bought coming from different ads. Used to synchronise our product feed (our product catalogue) when used with display ads.

OptinMonster https://optinmonster.com/privacy/
to collect newsletter signups on our Website.

Yotpo (https://www.yotpo.com/privacy-policy/)
to collect and manage product reviews on our Website.

Special Offers https://www.suppleapps.com/special-offers/
to manage and track on-site marketing promotions like volume discounts, BOGO and similar promotions.

Doubleclick https://policies.google.com/technologies/ads
to manage display ads outside of our Website and track their performance.

Facebook Custom Audiences https://www.facebook.com/help/cookies/
to manage our Facebook ads for ensure accurate targeting and higher relevance.

Microsoft Bing https://advertise.bingads.microsoft.com/en-us/resources/policies/remarketing-in-paid-search-policies
to track how many products are bought coming from different ads. Used for displaying ads when using Bing search engine.

Klaviyo https://www.klaviyo.com/privacy
to track email campaign performance and what products are viewed. Used for sending emails, e.g. Newsletters.

Clerk.io https://clerk.io/privacy
to track what products you viewed, clicked and bought. Used for product recommendations.

Typeform https://admin.typeform.com/to/dwk6gt
used for tracking the performance of our custom surveys.

SECTION 9 - AGE OF CONSENT

By using the Website, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use the Website.

SECTION 10 - CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the Website. If we make material changes to this Privacy Policy, we will notify you by means of a prominent notice on the Website prior to the change becoming effective.

SECTION 11 – YOUR RIGHTS AND RESPONSIBILITIES

You may request us or any third party instructed by us to:

i. provide you with information on the Personal Information that are being processed about you; the purposes of the processing; the categories of recipients of the data; and any available information as to the source of such data;
ii. correct, erase or block Personal Information we or any third party instructed by us hold about you if these turn out to be inaccurate or misleading; and
iii. at any time to withdraw the consent you have given with respect to our use of your Personal Information. If you have requested to receive information from us, e.g. newsletters etc., and do not wish to be receive further information, you can easily opt out of receiving further information from us by sending an email to address set out below or by clicking the unsubscribe link in the newsletter.If the Personal Information we or any third party instructed by us have about you changes please let us know as soon as possible so that we can keep our records up to date.

QUESTIONS AND CONTACT INFORMATION
The data controller responsible for this Website is HelloSkin ApS.

If you would like to: exercise any of your data protection rights, register a complaint, or simply want more information contact us at contact@helloskinshop.co.uk or at HelloSkin, Silkegade 8, 1113 Copenhagen DK