GENERAL PRIVACY POLICY

1) Introduction and Controller

The right to privacy, and specifically the right to the protection of personal data, is one of the values of ISDIN, S.A. (hereinafter, “ISDIN”), which is set out in our Code of Ethics. Our representative in the United Kingdom is ESPÈRE HEALTHCARE LIMITED corporation with registered office at Shefford House, 15 High Street, Shefford, SG17 5DD (United Kingdom), recorded at the Registrar of Companies in England and Wales under Company Number 5032968, with tax identification number GB 829 9242 90 Contact details: rp@esperehealth.co.uk.

The purpose of this policy is to explain how ISDIN will process, as controller, personal data that may be collected through the various forms and activities that may be found on the ISDIN website: https://www.isdin.com/en-GB and other forms for collecting personal data, where applicable. Your personal data will be processed confidentially and only for the purposes explained below in this policy.

2) Commitment to privacy.

ISDIN is fully committed to complying with applicable data protection regulations, being this is a priority goal for ISDIN.

ISDIN has therefore determined to implement the following principles; being privacy the basis on which all processing is configured:

  • Transparency, fairness and lawfulness in data processing is one of our priorities, so whenever we collect personal data about you, we will duly inform you in the relevant privacy policy of the purposes of such processing.
  • Data will always be collected for specified, explicit and legitimate purposes and will not be further processed in a way incompatible with those purposes.
  • We will always process data that is strictly adequate, relevant and limited to what is necessary to carry out the informed processing, and we will never oblige you to provide personal data unless it is really necessary to provide the service you request from us.
  • The data will always be accurate and, if necessary, kept up to date. Wherever possible, we will provide you with simple ways to keep track of your personal data. Therefore, the data will be kept in a form that allows the identification of data subjects for no longer than is necessary for the purposes of the processing of the personal data.
  • We will process the data in a way that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

3) Purposes and lawful bases for processing.

The main purposes for the processing of your personal data and applicable lawful bases are:

  • Participation in product tests. In this case, we may process data such as your full name, ID or email address.
    The lawful basis for this processing will be your express consent derived from the clear affirmative action of participating in the initiative.
  • Participation in activities such as beauty routine tests or tools that can help you select the products that best suit your needs. This type of test is based on questions such as: your age range, skin care habits, lifestyle, hobbies, as well as questions related to your skin, which are intended to help you find the most suitable products according to your needs.
    We will also send you by email your personalized beauty routine or products selected on the basis of the needs detected. These communications are essential for the proper use, exploitation and correct functionality of the platform.
    The lawful basis for this processing will be your express consent derived from the clear affirmative action of participating in the activities.
    In addition and as further explained below, if you give your express consent, we will send you personalized commercial communications according to your profile based on the information you provide during the activities in which you participate, as well as according to your browsing habits and preferences with respect to ISDIN products (in accordance with our Cookie Policy).
  • To manage the commercial relationship with you, the commercial visits of our sales force, deliveries of product, starter doses or promotional samples and invoicing.
    The lawful basis for this processing is the performance of the (pre)contractual relationship with you or, where applicable (e.g. in very early stages of our relationship), our legitimate interest in developing a commercial relationship with you.
  • Send you surveys. ISDIN strives for quality in all its services, so we may send you surveys to find out your level of satisfaction with the brand, navigation on its platforms, product quality, among other things.
    The lawful basis for this processing is the legitimate interest of the controller in the best performance of our business activity and provision of products and services, or consent, as appropriate.
  • Send you personalized communications with information about products and services and information that may be of interest to you. We want to communicate with you in a way that is tailored to your preferences and interests, offering you experiences and communications about ISDIN products that match your preferences and interests through the various channels for which you give us your contact information. If you expressly give authorisation to do so, we may create a profile based on the data that ISDIN has about your activity, including information provided by you (such as age, gender, skin type, skin care habits, hobbies), as well as information derived from participation in other activities or campaigns promoted by ISDIN, beauty routines, surveys, browsing habits and preferences for consumption of ISDIN products (in accordance with our Cookie Policy), as well as personal data derived from de QR Scan of ISDIN’S products (including the processing of special categories of personal data such as health data, to the extent you provide us with your explicit consent) so that they can be consulted together and allow ISDIN to communicate in a way that is tailored to your interests.
    The lawful basis for this processing is your consent; which you may withdraw at any time, by means of the link or button for this purpose in each of the communications, or by communicating your wish to withdraw your consent via the email indicated below in the section on “Exercise of rights and complaints”.
  • To deal with and manage your complaints, queries and requests about products or services. This processing may involve the processing of special categories of personal data.
    The lawful basis for this processing is your consent derived from the clear affirmative action implied by the use of the contact form and voluntarily providing certain information (which may include special categories of personal data) for such purposes.
  • To deal with and manage your queries about possible adverse effects of our products.
    The lawful basis for this processing is compliance with the legal obligations established in the legislation in force on pharmacovigilance. Likewise, in relation to the special categories, and in particular, the health data that the processing may entail, the circumstances that enable the processing thereof relates to the public interest in the area of public health, as well as those aimed at ensuring high standards of quality and safety of health care and of medicinal products and medical devices.
  • To attend to and manage your application as an employee, if you send us your curriculum vitae.
    The lawful basis for this processing is the consent of the data subject derived from the clear affirmative action involved in sending his or her curriculum vitae.

On some occasions it may be necessary for us to process your personal data in order to comply with legal obligations under which we operate.

Where we process your personal data in fulfillment of our own legitimate interests, we carry out a balancing test (available upon request) to verify that said legitimate interests are not overridden by your interests or rights.

4) Sharing of data.

Your data may be disclosed / made available to:

  • Other ISDIN group companies for internal administrative purposes based on our legitimate interest to manage our global business or even sometimes as necessary for the performance of the contractual relationship with you or due to legal obligations.
  • Certain suppliers who provide services to our company, such as sending personalized communications, storing data or web pages, but who will not process the data for their own purposes.
  • Competent judicial and/or administrative authorities: (i) if required to do so by law or legal process, or (ii) in response to a request from the competent public authorities, or (iii) in the framework of a judicial or administrative procedure.
  • Insurers with whom insurance has been contracted to whom the data will be disclosed in the event of an adverse reaction, in order to take the necessary steps in accordance with the insurance contract.

5) International transfers of personal data.

Some of the data recipients mentioned in the section above may be located in countries that do not have an adequate level of protection (such as the United States, China or LATAM countries including Mexico and Colombia). For example, it may be necessary to provide such data to international service providers, either as necessary to provide you with the requested service or in order to provide you with the highest quality standards.

In any event, ISDIN will ensure that appropriate safeguards are put in place in accordance with applicable legal requirements to ensure that your data is adequately protected, such as:

  • EU/UK-approved standard clauses: These are contracts approved by the European and UK regulators (as applicable), and which provide sufficient guarantees to ensure that the processing complies with the requirements set out in the General Data Protection Regulation or UK General Data Protection Regulation (as applicable).
  • Third party certifications.

For more information on the appropriate safeguards in place, please contact us at the details below.

6) Duration of the processing and retention period.

ISDIN is committed to processing personal data for as long as it is really useful to us and we can provide you with a quality service through its use. We will therefore make all appropriate and reasonable efforts to minimize the processing and retention period of personal data. In this regard, on each data collection form we will inform you of the expected period of processing and/or retention of your personal data. In relation to the processing activities described under this policy, ISDIN will retain your personal data in accordance with the following criteria:

  • In the case of customer services, your data will be kept for as long as the relationship with you lasts and, afterwards, for the maximum prescription period under which any liability may arise from your consultation or use of our products and, in any case, for the legally established period.
  • For processing which is based on your consent (e.g. the receipt of marketing communications), we will retain your personal data until you withdraw such consent; or, for processing of personal data which is based on our legitimate interest, we will retain it until you object to such processing (and for as long as such legitimate interest overrides your interests and rights).
  • With regard to the data processed to manage adverse reactions, your data will be kept for as long as any liability may arise from your consultation or use of our products and, in any case, for the legally established period.

In any case, and even if you request us to delete your data, we may retain and keep them, under appropriate blocking, for the period necessary to comply with our legal obligations and to make them available to the Authorities with competence in the different applicable matters.

7) Exercise of rights and complaints.

As a result of ISDIN’s processing of your personal data, you have a number of rights under applicable law. Below is a summary explanation of each right, in order to make it easier for you to exercise them:

  • Right of access: You have the right to obtain confirmation as to whether or not ISDIN is processing your personal data and to access to such personal data.
  • Right to rectification: Your data will always remain yours, and as such, you can ask us to rectify it at any time if the data in our records is inaccurate or incomplete.
  • Right to erasure: You may request, at any time, that your personal data be deleted from our files. However, as indicated in the section on data retention above, please note that in certain circumstances, compliance with current legislation may prevent the effective exercise of this right.
  • Right to object: You may object to the processing of your data, on grounds relating to your particular situation, at any time to processing of personal data concerning you based on public interest or legitimate interest.
  • Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you or similarly significantly affects you.
  • Right to restriction of processing: You may request the restriction of the processing of your data under certain circumstances, in which case we will only keep them for the exercise or defense of claims.
  • Right to data portability: You have the right, under certain circumstances, to receive your personal data in a structured, commonly used and machine-readable format, and transmit it to another controller.

Insofar as we process your data on the basis of your consent, you may also withdraw your consent at any time.

You may exercise your rights by contacting ISDIN at the e-mail address privacy@isdin.com with proper identification.

Please note that you can always, in any case, lodge a complaint with the competent data protection authority if you believe that we have not processed your data lawfully or that we have not complied with your requests or rights. In the United Kingdom, the competent data protection authority is the Information Commissioner’s Office (https://ico.org.uk/).

8) Confidentiality and Security in data processing.

Your personal data is very important to us, and we undertake to process the same with the utmost confidentiality and discretion and to implement all security measures that we deem appropriate and reasonable.

In this regard, ISDIN declares and guarantees that it has established all the technical means at its disposal to prevent the loss, misuse, alteration, unauthorized access and theft of the data provided by users.

9) Source of your data.

We may have obtained your personal data (name, surname, and email) from other sources different than you due to the fact that you were subscribed to our partner’s CW Publishing Ltd database and you gave explicit consent for the disclosure of data to CW’s partners for these purposes.

10) Social networking.

Social Networks are part of the daily lives of many Internet users, and we have created different ISDIN profiles for them.

All users have the opportunity to join ISDIN’s pages or groups on different social networks.

However, you should bear in mind that, unless we request your data directly (for example, through marketing actions, competitions, promotions, or any other valid way), your data will belong to the corresponding Social Network, so we recommend that you carefully read its terms of use and privacy policies, as well as make sure to configure your preferences regarding the processing of data.

11) Contact ISDIN.

If you have any queries or concerns about the processing of your personal data please contact us through: