
Privacy Policy
SUMMARY
-
General statement
-
What personal data do we collect?
-
How do we use personal data?
-
Legal basis for processing personal data
-
Do we share personal data with third parties?
-
Where do we store and transfer personal data?
-
How long do we keep personal data?
-
What are the rights of the data subject?
-
How do we protect personal data?
-
Changes to our Privacy Statement
-
Contact
HELVETICA SKIN specializes in the production and distribution of certified professional cosmetics.
We attach great importance to the security and confidentiality of personal data.
This privacy statement describes the categories of personal data collected, the use we make of it, the persons with whom we share it if necessary and the possibilities for the data subject to exercise his rights regarding the processing of this data as well as the various rights related to the use we make of this data. It also specifies the measures taken to protect personal data, their retention period with us and the means of contacting our company.
We recommend that you read this privacy statement carefully, as it contains important information about personal data. If you have any questions, you can contact us via the channels specified in the "Contact" section below.
HELVETICA SKIN is a trademark whose data controller (“we”) is:
Derma Molecular SA
Transjurane Route 20b,
2855 Glovelier - Switzerland
Personal data may be collected directly (e.g. data provided by customers when purchasing a product in a shop) or indirectly (e.g. data received from electronic devices connected to our websites).
In the event of communication of data from third parties (for example when ordering products for someone else or when involving another person in communication with our company), our interlocutor is obliged to check the accuracy of this data and to have authorisation to share it with us. These third parties must be informed that we are processing their data.
As far as companies are concerned, we process less personal data, as data protection legislation only applies to the data of natural persons. We do, however, process the data of people with whom we are in contact, such as name, contact details, business details and communication information, as well as data on members of the management, as part of the general information on the companies with which we work.
Except in situations where it is necessary to comply with a contractual obligation, the provision of data is optional. However, we must process data for legal or other reasons when concluding and executing contracts. Furthermore, the use of our websites would be impossible without your consent.
2.1 Directly communicated personal data
We process personal data provided when you register or create a customer account on our websites, during the ordering and purchasing process, by means of a form on our websites, for example the contact form, when you subscribe to our newsletter, when you use our digital platforms or during any other communication with us. The personal data communicated to us or collected by us is as follows:
-
surname and first name of the person concerned ;
-
e-mail address
-
date of birth
-
telephone number
-
postal address;
-
credit card payment information when making a purchase on our sites;
-
e-mail address of the PayPal account used to make a purchase on our sites;
-
when required by law: a tax identification number or identity document in order to comply with legal billing requirements.
2.2 Personal data communicated indirectly
We also collect information relating to visits to our websites, traffic data recorded on the sites, location data, log files and the IP address of users of our sites via cookies installed on their devices. Some cookies are essential for the proper functioning of our digital platforms and others are used for analytical purposes to enable us to offer more personalised services and a better digital experience. Our cookie policy details everything you need to know about cookies and how to change your cookie preferences.
The personal data collected is used to register our customers, accept purchases, deliver our products, correspond with our customers, improve our services, carry out marketing operations, guarantee data security, detect fraud and other abuses, comply with current legislation and protect our legitimate interests. To this end, we process the data collected in order to :
optimise certain displays or functionalities of our websites ;
improve the browsing experience on our media;
enable the sale of our products;
communicate with our customers and manage our relationship with them;
offer competitions and loyalty programmes;
analyse the audience or produce statistics;
to send our newsletter to subscribers. In addition to the name and e-mail address of the users of our sites, we also process information relating to the services used, the opening of our newsletters and the links consulted. It is possible to object to this by configuring the email programme accordingly (e.g. by deactivating the automatic downloading of images);
to verify the identity of users of our sites and to protect them and us against fraud or other illegal activity, unauthorised transactions, complaints and other liabilities and to manage the exposure of data to risk;
guarantee and improve the quality and safety of our products and services;
to comply with our legal and regulatory obligations;
better target the information or products we offer in order to tailor our offering to the interests of users of our sites who have previously agreed to receive this type of information from us;
to optimise the customer experience by monitoring the quality of our offers and services.
In the context of a contract, we may, if necessary, consult public registers (e.g. the commercial register), the media and the Internet in order to obtain additional data.
In the event of a problem with an order or an interaction with our websites, we may use the personal data of our customers to ask our subsidiary best able to respond to the request to contact the person concerned.
In the context of recruitment, we process the relevant data in order to examine and evaluate the applications received and to sign an employment contract with the successful candidate. In addition to contact and communication data, we process data contained in application documents such as CVs, as well as additional data that may come from professional social networks, the Internet and references provided (with the candidate's consent).
In accordance with applicable law, data processing must be based on legal grounds. This obligation does not arise from Swiss law but from the EU General Data Protection Regulation (GDPR) when our data processing is subject to it (to be defined on a case-by-case basis). In this case, our data processing is necessary to conclude and perform contracts (Article 6(1)(b) GDPR), for the purposes of the legitimate interests pursued by our company or by a third party (e.g. optimizing our websites, improving our products and services and the browsing experience of Internet users, offering competitions and loyalty programs, analyzing audiences or keeping statistics, preventing fraud, optimizing quality and security) or for compliance with Swiss law (Article 6(1)(f) GDPR), for the exercise and defense of its rights (Articles 6(1)(f) and 9(2)(f) GDPR) or for compliance with applicable European laws (Articles 6(1)(c) and 9(2)(g) GDPR). Apart from these situations, we may also process personal data when the data subject has expressly consented to it (Articles 6(1)(a) and 9(2)(a) GDPR).
We do not sell or disclose any personal information except as described herein or as otherwise specified at the time of collection.
We use external service providers, in particular for IT services (e.g. hosting providers or data analysis services), shipping and logistics services and banking and postal services or consulting services, etc.
We may disclose personal information in our possession
to the staff of our boutiques and partner spas so that they offer the best possible service;
if applicable law or legal process requires or authorizes us to do so;
to judicial and other authorities or other parties involved in legal proceedings in order to respond to a legitimate legal request and if this proves necessary to exercise or defend a legal right;
in connection with an investigation into suspected fraud or illegal activity;
in case of justifiable reason, such as an overriding private or public interest;
to other persons to whom we sell or acquire businesses, parts of businesses, assets or companies or with whom we enter into a partnership;
in any other situation where we have collected the consent of the data subject.
Not all recipients of the data are located in Switzerland. This is particularly the case for certain service providers (particularly in the IT sector). These service providers may be domiciled within the EU or the EEA, but also anywhere in the world. We may also share our data with authorities abroad if we are legally obliged to do so or, for example, in the context of a sale of assets or legal proceedings (see point 5). Not all of these countries offer adequate data protection. This is why we apply appropriate safeguards, in particular EU standard contractual clauses available here . In some cases, we may share data with third parties located abroad without such safeguards, as permitted by applicable data protection law, for example with the consent of the data subject or where disclosure of the data is necessary for the performance of the contract, the establishment, exercise or defense of a legal claim or in case of overriding public interests.
To the extent permitted by applicable law, we retain personal data
as necessary for the purposes for which we obtained them, in accordance with the provisions of this declaration of conformity.
we have another legal basis specified in this privacy statement (point 4) which allows us to retain such data beyond the period necessary to fulfil the initial purpose for which the personal data was obtained.
Data subjects may request the erasure of their personal data at any time (see sections “What are the rights of the data subject?” and “Contact”).
Within the limits and exceptions provided by applicable law, the data subject may:
request access to, modification, updating and correction of personal data concerning them via the dashboard of their customer account or by contacting us using the contact details mentioned below; and
ask us to erase or limit personal information via our online contact form or by contacting us using the contact details provided below.
In cases provided for by law, the data subject may at any time withdraw his or her consent to the processing of his or her personal data for legitimate reasons relating to particular circumstances and we will apply the individual's preferences if appropriate.
It is possible to unsubscribe from the newsletter by clicking on the appropriate link at the bottom of the newsletter. We ask those who continue to receive our newsletter despite withdrawing their consent to contact us.
In order to protect the privacy of our customers and users of our websites, we may implement several measures to verify the identity of data subjects before granting them access to data. Depending on their geographic location, individuals who are not satisfied with our response may file a complaint with the relevant national data protection authority (e.g. the Federal Data Protection and Information Commissioner for Switzerland).
We have implemented various appropriate safeguards in accordance with legal requirements and the state of the art at each stage of the processing of personal data. These measures are intended to protect the personal data communicated to us from destruction, loss, modification, unauthorized access, use or disclosure. Our websites use a series of appropriate technical safeguards, communication protocols and organizational measures. Authentication tools are encrypted to ensure the security of personal data.
It is essential that the password used to register on one of our websites and to access certain parts of the site remains confidential.
The protection and confidentiality of personal data depend on it. Users of our websites should also be aware that the transmission of data via the Internet is never 100% secure and that we cannot guarantee the security of data transmitted to us by e-mail or through our websites.
This Privacy Statement does not form part of any contract with our customers or users of our websites and may therefore be updated without notice to adapt our practices to legal data protection requirements or in the event of changes to our business activity.
For any questions or comments regarding this privacy statement or to assert your rights regarding personal data, we can be reached by mail or e-mail at the following addresses:
DERMA MOLECULAR SA – Route de la Transjurane 20b, 2855 Glovelier - Switzerland
Email: hello@helveticaskin.com