CONFIDENTIALITY POLICY

DERMATATTOO, hereinafter referred to as “We”, attaches great importance to protecting and respecting your privacy.

We hereby wish to provide you with clear and precise information concerning the collection and processing of personal data that you may provide to us via the {site_name} site (hereinafter referred to as the “Site”).

Article 1 - Confidentiality rules
The General Data Protection Regulation of April 27, 2016 (hereinafter the GDPR) applies from May 25, 2018. It imposes strict rules and conditions on companies and merchants when processing the personal data of their customers and prospects, in order to protect their privacy. 

Article 2 - The data controller
The “data controller” of your personal data is DERMATATTOO, responsible for the site {site_name} that you consult and to which you communicate data.

Article 3 - Legal basis for data processing and use
We may only use your personal data for purposes that are both legitimate and necessary (art. 6 RGPD). In concrete terms, this means that we process your personal data, whether or not in electronic form, for legitimate purposes in the context of the contractual relationship, business and security/safety.
These purposes include, but are not limited to, the following :
 

• To process and fulfill your orders and contracts; 
• To manage your account and business relationship;
• To send you commercial, promotional or advertising information, or information about the use of our services;
• Communications in the performance of a contract;
• Improve the design, layout and overall functionality of the site;
• To analyze data for statistical purposes.

Article 4 - What is personal data?
Personal data includes all information concerning you on the basis of which you can be identified (hereinafter referred to as “data”). Anonymous data, which does not allow you to be identified, is therefore not considered personal data.
Your personal data may therefore include :

• Data relating to your identity (surname, first name, address, VAT number, company number, etc.);
• Personal status data (telephone number, personal e-mail, etc.);
• Financial and transaction data (payment details, bank account number, billing details, etc.);
• Data relating to the performance of the contract concluded with us (purpose of the contract, billing address, professional data, etc.);
• Data relating to the use of electronic equipment, such as computers (password, log data, electronic identification data, billing details, ...) ;

Sensitive data:
The processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning the sex life or sexual orientation of a natural person are prohibited.
We undertake to comply strictly with this prohibition. 

Article 5 - Sources and origins of personal data
In principle, the data we hold comes from you, when you fill in a form. If you do not intend to provide the mandatory or necessary information, you may lose the benefit of certain advantages and/or we may decide to terminate our services to you or we will be unable to perform the contract.

Article 6 - Access to personal data - With whom do we share your information?
In accordance with the regulations in force, data may be transmitted to the competent authorities upon request, and in particular to public bodies, exclusively to meet legal obligations, law enforcement officers, ministerial officers and bodies responsible for debt recovery, as well as in the case of the search for the perpetrators of offences committed on the Internet.

Your data is mainly used internally.
We may communicate your data to third-party companies, who will be able to process it, for legitimate reasons and in particular for the proper execution of the contract, when we call on service providers and subcontractors to carry out the order or services provided by us (technical services, payment service, securing payment, deliveries, sending commercial prospecting, etc.).

We send them only the data they need to perform their services.
However, we will ensure that our subcontractors comply with RGPD regulations.
The processing of data by the latter is governed by a strict legal framework.

Article 7 - Data retention period
We take all necessary steps to ensure that the storage of personal data for the purposes described above does not exceed the legal periods.

Article 8 - What are your rights?
We undertake to take appropriate technical and organizational measures to guarantee the security of the processing of everyone's personal data (Art. 32 of the RGPD).

In accordance with applicable laws and regulations on the protection of personal data, you benefit from a number of rights relating to your personal data, namely:

Right of access (Art. 15 of the RGPD) and information
You have the right to be informed in a concise, transparent, intelligible and easily accessible manner of how your data is processed.
You also have the right to obtain confirmation that data relating to you is being processed and, where applicable, to access your own personal data and the right to obtain or make a copy thereof as far as is reasonable.

Right of rectification (Art. 16 RGPD)
You have the right to obtain rectification of inaccurate data concerning you. You also have the right to complete incomplete data.

Right to be forgotten (or Right to erasure - Art. 17 RGPD) and Right to restriction of processing (Art. 18 RGPD)
- We undertake to grant the erasure of your personal data in particular in the following cases:
- Data no longer being necessary with regard to the purposes for which they had been collected or processed;
- You object to the processing;
- Your personal data has been processed unlawfully.

Right of portability (Art. 20 RGPD)
You have the right to receive your data in a structured, commonly used and machine-readable format, for your personal use or to transmit it to a third party of your choice.

Right to withdraw consent at any time (Art.7 RGPD)
You may withdraw your consent to the processing of your data where the processing is based on your consent.
Withdrawal of consent does not affect the lawfulness of processing based on consent carried out prior to such withdrawal.

Right to lodge a complaint (Art. 77 RGPD)
Customers have the right to lodge a complaint with the Privacy Commission at any time if they consider that the processing of their personal data constitutes a breach of the RGPD.

To exercise your rights, you can contact us by email: contact

Article 9 - Our commitment
We aim to implement security techniques to protect stored data against unauthorized access, inappropriate use, alteration, illegal or accidental destruction and accidental loss.

Article 10 - Procedure in the event of breaches
It is always possible that personal data processed within the framework of the contractual relationship may fall into the wrong hands as a result of human error, computer error, etc., or that the data may be lost or stolen. 
Where the violation poses a high risk to the individual's rights and freedoms, we will immediately inform him or her of the facts and measures taken.
We will ensure that the necessary steps are taken with regard to the notification of the violation in question to the Privacy Commission within 72 hours of becoming aware of it, unless the violation does not present a high risk to the rights and freedoms of the individual (Art. 32-34 RGPD). 

Article 11 - Consent
You give your express, informed and unambiguous consent to the processing of personal data as described in this Privacy Notice. You have the right to withdraw your consent at any time, by simple written request. We reserve the right to modify this Privacy Notice.

Article 12 - Modification of our Privacy Policy
We may occasionally modify the present Privacy Policy, in particular in order to comply with any regulatory, jurisprudential, editorial or technical developments.

Article 13 - Contact us
For any questions relating to this Privacy Policy, or for any request relating to your data, you can contact us:

By e-mail at the following address: contact@dermatattoo.com