If and to the extent you are in the European Union (an “EU Individual”), this Policy provides you with the information required by the “GDPR”, Regulation (EU) 2016/679 of the European Parliament and Council on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation).
This policy explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others, how we keep it secure, who we share it with and how long we keep it for. If you are an EU Individual it also explains the lawful basis on which we do this under GDPR and informs you of certain rights you have regarding your personal information under EU data protection law.
In this policy, we refer variously to ‘personal information,’ ‘data,’ ‘personal data’ and ‘details.’ We use these terms interchangeably to mean information capable of identifying you, which is personal data as defined in the GDPR. We also sometimes refer to “processing” such data. This means any operation we perform on it, such as collection, organizing, storing, updating, using, disclosing and erasing. These concepts are relevant in particular where you are an EU Individual.
Who we are and How to Contact Us
In relation to our processing of your personal information or any other data protection or data privacy matters, our contact details are as follows:
2929 Oak View Drive
Omaha, Nebraska 68144
Purposes for which we Process Your Personal Information
We process your personal information for the following purposes:
- to enable you to purchase our products
- to accept your registration or create an account on our site
- to provide you with any features or tools on our site
- to make our services more rewarding and relevant for you to use
- to track your purchase history
- to contact you for account and promotional purposes.
- to deliver products you have purchased and otherwise fulfil your orders
- to enable you to participate in contests, sweepstakes, giveaways or other promotions
- to communicate with you and respond to your requests
- to inform you about our products and services, including by direct marketing
- to manage our relationship with you
- if necessary, to comply with any legal obligations we may have including requests from law enforcement agencies or to comply with legal processes
- for internal administration
- to improve our services
- to detect and prevent fraud
- to exercise our rights, including to investigate potential non-compliance with or otherwise enforce our Terms of Service or any other contract we have with you
- to protect the rights, property or personal safety of our other users, employees, business partners, visitors, and the general public
- to determine the effectiveness of promotional campaigns and advertising
- for purposes related to our proposed corporate activities, such as a sale or merger.
Some of these, and the processing of your personal information involved, are set out in more detail below, as follows.
For some of the above purposes and depending on how you use LovelySkin.com, we may ask you to provide us with personal information and preferences. Whether you choose to provide us with that information is your choice. If you choose to withhold information, it may affect your ability to use some of our services.
Our Legal Basis for Processing Personal Information of EU Individuals
If you are an EU Individual, the legal bases on which we process your personal information are as follows, depending on the purpose of the processing:
- Performance of a contract - Often we need to process your personal information to perform a contract we have with you, in particular to fulfill your orders or to take steps at your request before entering into a contract.
- Consent - In certain specific situations, we may process your data with your specific freely given consent. When doing so, we will inform you of the purpose of the processing, and you can withdraw consent at any time.
Recipients of Your Personal Information
We may transfer your personal information to the following recipients:
- third-party service providers for the purposes of completing tasks and providing services to you on our behalf (for example, to process payments or shipping and send you email confirmations)
- Social Media and Other Third Party Sites (see below for how we work with certain Third Party Sites and the purposes of that work)
- public authorities where we are required to do so pursuant to a lawful request by them, for the purposes of that request
Examples of Processing Related to the Above Purposes
We will ask you to provide us with personal information if you use one or more of the following services:
Creating an Account on LovelySkin.com
To create an account on LovelySkin.com, you need to share some of your personal information, including your name and email address. You do not have to register for an account to visit or check out on the website. You will have to create an account in order to obtain account services and benefits such as LovelySkin rewards.
Once you create a LovelySkin.com account, you will use your email address and a selected password to access that account. You cannot use another person’s account without permission and you cannot create duplicate accounts with the same email address. You should keep your account information complete and up-to-date to ensure the best service. You are responsible for maintaining the confidentiality of your account information and password.
Making a Purchase on LovelySkin.com
When you place an order with LovelySkin, you must provide us with your billing address, phone number, email address, shipping address and payment information. If you have created an account with us, you can choose to store your ordering information (saved payment methods, shipping address, etc.) in your account. To access this section, you must log-in to your account. If you place an order using the guest user functionality, you can access the status of your order by using your email address and the order number.
Contests, Sweepstakes and Giveaways on LovelySkin.com
If you enter a contest, sweepstakes or giveaway on LovelySkin.com, we will ask you to create an account. We may ask you for additional information and answers in order to participate in the contest. If you do not create an account, you will be unable to enter the contest. We use the information you provide to analyze and administer contests, sweepstakes or giveaways, to resolve any reported issues and to communicate with you.
If you take a survey, you have the option of providing your personal information, and we may use this for internal research purposes.
Your website usage
We collect information on IP addresses and information regarding what pages on our site are accessed and when. This information is recorded and sent to third-party processors for the purposes of fulfilling your order, data analysis, to improve our marketing efforts and to make recommendations to you on products of interest. We may also obtain information about your device used to access and how you use our website. This data may be processed for the purposes of analyzing the use of the website and services and personalizing your experience.
We obtain any information you provide by sending us messages through our website or through other electronic communications. We may keep a record of these.
Third Party APIs on LovelySkin.com
Newsletters, Emails and Other LovelySkin Materials
We use email addresses and mailing addresses to send out newsletters, promotional offers, postcards and other messages with information about our latest products, gifts, sales and special events. After you create an account with us, you can choose not to receive these messages by opting-out of delivery. If you receive an email and want to avoid further messages, look at the end of the email for instructions on how to unsubscribe from the mailing list. You can also edit your email preferences in your account.
When you create an account on LovelySkin.com, you have the option to provide us with information that will be made public to other users on the site. LovelySkin may, consistent with its then policies, allow the uploading and posting of user or customer photographs or likenesses, endorsements and possible profiling of such persons onto the LovelySkin website. Such user or customer recognizes that such photographs, likenesses, profiles or product comments will be subject to public visibility and consents to its presentation on the website. Where you are an EU Individual we will obtain your specific consent for this at the time. The user or customer further agrees that by that uploading and posting these items that LovelySkin.com shall have the non-exclusive right, without limitation as to time, to use and display such person’s photograph, likeness or any endorsement of product made by such person for the purpose of promoting, publicizing, and advertising the LovelySkin website and its products. LovelySkin shall not have the right to use, or authorize the use of the photograph, likeness or endorsement, in any other commercial method beyond its website without the user or customer’s written consent.
Please note that if you choose to share information about yourself in an open format, such as through a Third Party Site like Facebook, Twitter, YouTube, Pinterest and Instagram or in the user-generated content portions of our own site, we consider that information to be public information as well.
For EU Individuals: Privacy Shield Notice for Personal Data Transfers to the United States
The types of personal data we collect under Privacy Shield include your name, mailing and email address, payment details and any other information about yourself which you choose to send us. We collect and use such personal data for the purposes set out above.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, LovelySkin is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the Privacy Shield Frameworks, EU individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to customercare@LovelySkin.com. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data (“special categories” of data as described in GDPR), before we share your data with third parties other than our agents, service providers or other recipients described above, or before we use it for a purpose other than which it was originally collected or subsequently authorized. Such sharing or use will in any event be subject to our having a legal basis for the required processing. To request to limit the use and disclosure of your personal information, please submit a written request to CustomerCare@LovelySkin.com.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
LovelySkin’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, LovelySkin remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless LovelySkin proves that it is not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, LovelySkin commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union individuals with Privacy Shield inquiries or complaints should first contact LovelySkin by email at customercare@LovelySkin.com or via post at:
2929 Oak View Drive
Omaha, Nebraska 68144
LovelySkin has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
How Long Do we Store Your Personal Information For?
If you are an EU Individual, we will delete your personal information once it is no longer proportionate for us to store it for the purposes of the processing, in accordance with our retention policy.
This policy currently states that if you purchase a product from us we will usually retain your personal information for [six years] from the date of delivery. Otherwise, we will usually delete your data [two years] from the date on which we last received a communication for you. This is however subject to the requirements of applicable data protection laws and the purpose for which the data is collected and used, taking into account legal and regulatory requirements to retain the data for a minimum period, limitation periods for taking legal action, good practice and LovelySkin’s business purposes.
Your Rights if You Are an EU Individual
If you are an EU Individual, you have the following rights:
- to obtain confirmation as to whether we process your personal information
- to access a copy of your personal information that we do process, along with information on what personal information we use, why we use it, who we share it with and, how long we keep it for
- to request the correction of inaccurate personal information we hold about you
- to request that we delete your data, or stop processing it or collecting it, in some circumstances
- in any specific case where we have obtained your consent for the purposes of the processing, the right to withdraw such consent, without affecting the lawfulness of processing before such withdrawal
- in certain cases, to request that we transfer or port elements of your data either to you or a third party providing you with similar products
- to lodge a complaint with your local data protection regulator — in the UK, the Information Commissioner’s Office.
You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
Privacy Rights for California Residents
In addition to the right described elsewhere in this Policy, California residents have the right to request that we disclose what Personal Information we collect, use, disclose or sell. We do not sell your personal information to third parties without your prior consent. California residents also have the right to request the deletion of their Personal Information that we have collected or maintained. If you wish to make a request for information or to delete your account, or for any questions about our privacy practices and compliance with California law, please contact us at customercare@LovelySkin.com. Prior to responding to your request, we will verify your identity by matching any requested identifying information you provide against the information we have about you. We will not subject you to discriminatory treatment as a result of your choice to exercise your privacy rights.
Right to Removal of Posted Information--California Minors
If you are under 18 years of age, reside in California, and have a registered account with us, you have the right to request removal of unwanted information that you publicly post. To request removal of such information, you can contact us as provided above. Upon receiving such a request, we will make sure that the information is not publicly available, but the information may not be completely or comprehensively removed from our systems and databases.
Protecting Your Information
We know the importance of patient and customer privacy. Under the direction of Dr. Schlessinger (board-certified dermatologist / board-certified cosmetic surgeon), we also operate a dermatology and cosmetic surgery practice, a research center and a day spa. We handle every patient's medical information securely, under our HIPAA compliance, on a daily basis and treat our online customer's information with the same importance.
We use industry-standard Secure Sockets Layer ("SSL") authentication to guarantee the confidentiality of online transactions made on our website. SSL authentication and encryption of the data that you send to us over the Internet help protect your online transaction information from being intercepted by third parties.
We are also PCI compliant and will continue to run our business with this in mind. The Payment Card Industry (PCI) data security standard is a new security standard for how your credit card information is handled, stored, processed and transmitted. Our PCI compliance is verified by ScanAlert (now owned by McAfee) who also provides our HackerSafe certification that verifies our site is secure and ensures the safety of your information from hackers. Because of the number of transactions we process, we are required to follow these PCI compliance standards. These standards include a 12 step questionnaire about business practices as well as an entire network scan to ensure no vulnerability. Most sites are either not required to adhere to these standards due to their small volume or from the use of third party software. However, we guarantee the accuracy of our compliance and, more importantly, the safety of your personal and financial information.
We host and operate our website in-house and do not use third party hosting or networking services. This allows us to have full control over our website and makes your information more secure. Many companies will use a third party hosting company to store their website and your information where multiple people unaffiliated with the business may have access to your information.
Children Under 13
We comply with the Children's Online Privacy Protection Act of 1998. If you are under the age of 13, you can look at our website but cannot place an order. You also cannot create an account or participate in any of our services that ask for personal information. This policy is designed to protect children. Federal law requires us to take special steps to safeguard children's privacy.
Social Media and Other Third Party Sites
We work with trusted third parties, including social network sites like Facebook, Twitter, Pinterest, Instagram and YouTube. All of these companies operate as Third Party Sites. We provide access to this site by third parties and business partners so we can generate interest in our products among members of your social networks and to allow you to share those interests with friends in your network.
The use of any features made available to you by a third party may result in information being collected or shared about you by us or by the third party. Information collected or shared through any such third party features is considered "public information" by us because the Third Party Sites made it publicly available. If you do not want us to be able to access information about you from Third Party Sites, you must instruct Third Party Sites not to share the information. We cannot control how your data is collected, stored, used or shared by Third Party Sites or to whom it is disclosed. Please be sure to review the privacy policies and privacy settings on your social networking sites to make sure you understand the information they are sharing. If you do not want a Third Party Site to share information about you, you must contact that site and determine whether it gives you the opportunity to opt out of sharing such information. LovelySkin is not responsible for how these third parties may use information collected from or about you. However, we do identify any areas on our Sites where third parties share information about you.
We also allow you to use Facebook’s “like” feature while on our website. Know that Facebook may collect that information and post it to your "News Feed" on Facebook and possibly to your Facebook profile's "Wall" and "Info" pages. Finally, by "liking" one of our products, blogs or videos, you consent to the display of that information on our site. If you do not wish this to happen, you should not click that you "like" a product, blog or video and you should review your privacy settings on Facebook (or similar Third Party Site). Note that we do not have to display someone's name, profile photo or other "public" Facebook profile information on our website even if that Facebook user "likes" one of our products, blogs or videos. We reserve the right to remove the information of any person that we deem to be inconsistent with our ideals or otherwise inappropriate for public association with our company. These rules govern all of our interactions with Third Party Sites, including Twitter and Pinterest. We may remove from our site, at our sole discretion, any product offering or any photo or that does not comply with this policy.
Effective Date of This Policy