Full privacy statement
For the purpose of the Data Protection Act 1998 (the Act) and from the 25 May 2018, the EU General Data Protection Regulation 2016/679 (the GDPR), the data controller is Skoosh Skin Limited (company no. 11682440), having its registered office at 78 York Street, London W1H 1DP United Kingdom (“Company/we/us”).
Aggregate Information: information that has been combined with that of other users and analysed or evaluated as a whole, such that no specific individual may be reasonably identified.
De-identified Information: information that has been stripped of your Registration Information (e.g., your name and contact information) and other identifying data such that you cannot reasonably be identified as an individual, also known as pseudonymised information.
Individual-level Information: information about a single individual's traits/characteristics, but which is not necessarily tied to Registration Information.
Personal Information: information that can be used to identify you, either alone or in combination with other information. Skoosh Skin collects and stores the following types of Personal Information:
- Registration Information: information you provide about yourself when registering for and/or purchasing our Services (e.g. name, email, address, user ID and password, and payment information).
- Self-Reported Information: information you provide directly to us, including your skin conditions, other health-related information, personal traits, ethnicity, and other information that you enter into surveys, forms, or features while signed in to your Skoosh Skin account.
- Sensitive Information: information about your health, and certain Self-Reported Information such as racial and ethnic origin, sexual orientation, and political affiliation.
- User Content: all information, data, text, software, music, audio, photographs, graphics, video, messages, or other materials - other than Self-Reported Information-generated by users of Skoosh Skin and transmitted, whether publicly or privately, to or through Skoosh Skin
- Web-Behaviour Information: information on how you use Skoosh Skin Services collected through log files, cookies, web beacons, and similar technologies, (e.g., browser type, domains, page views).
Information we collect
Information you provide directly to us:
- Registration Information: When you use our Services or create a Skoosh Skin account, we collect Personal Information, such as your name, date of birth, billing and shipping address, payment information (e.g., credit card) and contact information (e.g. email, phone number and license number).
- Self-Reported Information: You have the option to provide us with additional information about yourself through surveys, forms, features and applications. For example, you may provide us with information about your personal traits (e.g. skin conditions) and ethnicity.
- Social media features and widgets: Our Services include Social Media Features, such as the Facebook "Like" or "Share" button and widgets ("Features"). These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. They may also allow third-party social media services to provide us information about you, including your name, email address, and other contact information. The information we receive is dependent upon your privacy settings with the social network. Features are either hosted by a third-party or hosted directly on our site. Your interactions with these Features are governed by the privacy statements of the third party companies providing them. You should always review and, if necessary, adjust your privacy settings on third party websites and services before linking or connecting them to our website or Service.
- Third party services (e.g., social media): If you use a third party site, such as Facebook or Twitter, in connection with our Services to communicate with another person (e.g., to make or post referrals or to request that we communicate with another person), then in addition to that person's name and contact information, we may also collect other information (e.g., your profile picture, network, gender, username, user ID, age range, language, country, friends lists or followers) depending on your privacy settings on the third party site. We do not control the third party site's information practices, so please review the third party’s privacy statement and your settings on the third party’s site carefully.
- Referral information and sharing: When you refer a person to Skoosh Skin or choose to share your Skoosh Skin results with another person, we will ask for that person's email address. We will use their email address solely, as applicable, to make the referral or to communicate your sharing request to them, and we will let your contact know that you requested the communication. By participating in a referral program or by choosing to share information with another person, you confirm that the person has given you consent for Skoosh Skin to communicate (e.g., via email) with him or her. The person you referred may contact us at email@example.com to request that we remove this information from our database.
- Customer service: When you contact Customer Care or correspond with us about our Service, we collect information to: track and respond to your inquiry; investigate any breach of our Terms of Service, Privacy Statement or applicable laws or regulations; and analyse and improve our Services.
- help us recognize you when you use our Services;
- customize and improve your experience;
- provide security;
- analyse usage of our Services (such as to analyse your interactions with the results, reports, and other features of the Service);
- gather demographic information about our user base;
- offer our Services to you;
- monitor the success of marketing programs; and
- serve targeted advertising on our site and on other sites around the Internet.
We may receive reports based on the use of these technologies from third party service providers as de-identified, Individual-level Information or as Aggregate Information (as described in section 4.c). We and our third party service providers do not use your Sensitive Information for targeted advertising.
Google Analytics: Google Analytics is used to perform many of the tasks listed above. We use the User-ID feature of Google Analytics to combine behavioural information across devices and sessions (including authenticated and unauthenticated sessions). We do not merge information collected through any Google advertising product with individual-level information collected elsewhere by our Service. Learn more about how Google collects and uses data here. To opt out of Google Analytics Advertising Features please use Google Ad Settings. To opt out of Google Analytics entirely please use this link.
Other Types of Information: We continuously work to enhance our Services with new products, applications and features that may result in the collection of new and different types of information. We will update our Privacy Statement and/or obtain your prior consent to new processing, as needed.
How we use your information
Skoosh Skin will use and share your Personal Information with third parties only in the ways that are described in this Privacy Statement.
To provide you with Services and analyse and improve our Services
We use the information described above to operate, provide, analyse and improve our Services. These activities may include, among other things, using your information in a manner consistent with this Privacy Statement to:
- open your account, enable purchases and process payments, communicate with you, and implement your requests (e.g., referrals);
- enable and enhance your use of our website and mobile application(s), including authenticating your visits, providing personalized content and information, and tracking your usage of our Services;
- contact you about your account, and any relevant information about our Services (e.g. policy changes, security updates or issues, etc.);
- enforce our Terms of Service and other agreements;
- monitor, detect, investigate and prevent prohibited or illegal behaviours on our Services, to combat spam and other security risks; and
- perform research & development activities, which may include, for example, conducting data analysis and research in order to develop new or improve existing products and services, and performing quality control activities.
For individuals located in the European Economic Area (“EEA”), United Kingdom, or Switzerland (collectively the “Designated Countries”): We process your Personal Information in this way to provide our Services to you in accordance with our Terms of Service.
To provide customer support
When you contact Customer Care, we may use or request Personal Information, including Sensitive Information, as necessary to answer your questions, resolve disputes, and/or investigate and troubleshoot problems or complaints. In some instances, we may be required to process one customer’s Personal Information to resolve another customer’s dispute or request. For example, if a customer reports behaviour that violates our Terms of Service, we will separately process both customers’ Personal Information and respond separately to each individual as appropriate. We will not share your Personal Information with another customer without your consent.
For individuals located in the Designated Countries: Our legal basis for processing your Personal Information for the purpose described above depends on the nature of the customer support request. Our legal basis can be to satisfy our contractual or legal obligations and/or our legitimate interest to improve our Services.
To conduct surveys or polls, and obtain testimonials
We value your feedback and may send you surveys, polls, or requests for testimonials to improve and optimize our Services. You are in control of the information you would like to share with us.
For individuals located in the Designated Countries: Our legal basis for processing your Personal Information for the purpose described above is based on our legitimate interest. We think it is important to continue improving our Services to ensure your continued enjoyment.
To provide you with marketing communications
By creating a Skoosh Skin account, you are agreeing that we may send you product and promotional emails or notifications about our Services, and offers on new products, services, promotions or contests. You can unsubscribe from receiving these marketing communications at any time. To unsubscribe, click the email footer “unsubscribe” link. You may not opt-out of receiving non-promotional messages regarding your account, such as technical notices, purchase confirmations, or Service-related emails.
Individuals located in Designated Countries should review Section 9.c. to understand our marketing practices in relation to the Designated Countries.
Information we share with third parties
General service providers
We share the information described above with our third party service providers, as necessary for them to provide their services to us and help us perform our contract with you. Service providers are third parties (other companies or individuals) that help us to provide, analyse and improve our Services. While Skoosh Skin directly conducts the majority of data processing activities required to provide our Services to you, we engage some third party service providers to assist in supporting our Services, including in the following areas:
- We use Shopify to power our online store--you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
- Customer Care support. Our Customer Care team uses a number of tools to help organize and manage the requests we receive. These tools help to ensure we provide timely, high quality support.
- Cloud storage, IT, and Security. Our cloud storage providers provide secure storage for information in Skoosh Skin databases, ensure that our infrastructure can support continued use of our Services by Skoosh Skin customers, and protect data in the event of a natural disaster or other disruption to the Service. Our IT and security providers assist with intrusion detection and prevention measures to stop any potential attacks against our networks. We have these third party experts perform regular penetration tests and periodically audit Skoosh Skin’s security controls.
- Marketing and analytics. When you use our Services, including our website or mobile app(s), our third party service providers may collect Web-Behaviour Information about your visit, such as the links you clicked on, the duration of your visit, and the URLs you visited. This information can help us improve site navigability and assess our Marketing campaigns. Per applicable data protection regulations, our UK website presents visitors with a cookie opt in to allow the processing described above via Functionality and Advertising Cookies.
NOTE: Our service providers act on Skoosh Skin's behalf. We implement procedures and maintain contractual terms with each service provider to protect the confidentiality and security of your information. However, we cannot guarantee the confidentiality and security of your information due to the inherent risks associated with storing and transmitting data electronically.
We may share Aggregate Information, which is information that has been stripped of your name and contact information and combined with information of others so that you cannot reasonably be identified as an individual, with third parties. This Information is different from "Individual-level" information and is not Personal Information because it does not identify any particular individual or disclose any particular individual’s data. For example, Aggregate Information may include a statement that "40% of our users have dry skin," without providing any data or testing results specific to any individual user. In contrast, Individual-level Information or Self-Reported Information consists of data about a single individual's traits/characteristics information and could reveal whether a specific user has a particular skin trait. Skoosh Skin does not and will not share Individual-level Information or Self-Reported Information with any third party, other than our service providers as necessary for us to provide the Services to you.
As required by law
Under certain circumstances your Personal Information may be subject to processing pursuant to laws, regulations, judicial or other government subpoenas, warrants, or orders. For example, we may be required to disclose Personal Information in coordination with regulatory authorities in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Skoosh Skin will preserve and disclose any and all information to law enforcement agencies or others if required to do so by law or in the good faith belief that such preservation or disclosure is reasonably necessary to: (a) comply with legal or regulatory process (such as a judicial proceeding, court order, or government inquiry) or obligations that Skoosh Skin may owe pursuant to ethical and other professional rules, laws, and regulations; (b) enforce the Skoosh Skin Terms of Service and other policies; (c) respond to claims that any content violates the rights of third parties; or (d) protect the rights, property, or personal safety of Skoosh Skin, its employees, its users, its clients, and the public.
In the event that Skoosh Skin goes through a business transition such as a merger, acquisition by another company, or sale of all or a portion of its assets your Personal Information will likely be among the assets transferred. In such a case, your information would remain subject to the promises made in any pre-existing Privacy Statement.
Access to your account: We provide access to your Skoosh Skin data within your Skoosh Skin account. If you lose access to your account or account email address, please contact Customer Care for assistance. If you lose access to your Skoosh Skin account, in certain circumstances, we may require that you submit additional information sufficient to verify your identity before providing access or otherwise releasing information to you. If you choose not to submit the required documentation, or the information provided is not sufficient for the purposes sought, Skoosh Skin will not be able to sufficiently verify your identity in order to complete your request.
You may access, correct or update most of your Registration Information on your own within your Skoosh Skin Account Settings. You may be able to correct Self-Reported Information entered into a survey, form, or feature within your account, such as on the profiles page, by clicking “Edit.”
Individuals located in Designated Countries should review “Information for Customers in Designated Countries” to understand their rights to access Personal Information.
Marketing communications: As noted, you may be asked to opt-in to receive product and promotional emails or notifications when creating your Skoosh Skin account depending on where you are located. Otherwise, you may click the "unsubscribe" button at the bottom of promotional email communications.
Sharing outside of Skoosh Skin Services: You may decide to share your Personal Information with friends and/or family members and/or other individuals outside of our Services, including through third party services such as social networks and third party apps that connect to our website and mobile apps through our application programming interface ("API"). These third parties may use your Personal Information differently than we do under this Privacy Statement. Please make such choices carefully and review the privacy statements of all other third parties involved in the transaction. Skoosh Skin does not endorse or sponsor any API applications, and does not affirm the accuracy or validity of any interpretations made by third party API applications. In general, it can be difficult to contain or retrieve Personal Information once it has been shared or disclosed. Skoosh Skin will have no responsibility or liability for any consequences that may result because you have released or shared Personal Information with others.
Account deletion: If you no longer wish to participate in our Services, or no longer wish to have your Personal Information be processed, you may delete your Skoosh Skin account and Personal Information by sending us an email at firstname.lastname@example.org. Once you submit your request, we will send an email to the email address linked to your Skoosh Skin account detailing our account deletion policy and requesting that you to confirm your deletion request. Once you confirm your request to delete your account and data, your account will no longer be accessible while we process your request. Once you confirm your request, this process cannot be cancelled, undone, withdrawn, or reversed. When your account is deleted, all associated Personal Information is deleted.
You should be aware that the internet is an insecure environment. We have implemented technology and employee policies to help safeguard your privacy from unauthorised access and improper use. We will continue to update these measures, as appropriate, when new technology becomes available.
Please recognise that protecting your Personal Information is also your responsibility. We ask you to be responsible for safeguarding your password, secret questions and answers, and other authentication information you use to access our Services. You should not disclose your authentication information to any third party and should immediately notify Skoosh Skin of any unauthorised use of your password. Skoosh Skin cannot secure Personal Information that you release on your own or that you request us to release.
Your information collected through the Service may be stored and processed in the United Kingdom or any other country in which Skoosh Skin or its subsidiaries, affiliates or service providers maintain facilities and, therefore, your information may be subject to the laws of those other jurisdictions which may be different from the laws of your country of residence.
Skoosh Skin is committed to protecting the privacy of children as well as adults. Neither Skoosh Skin nor any of its Services are designed for, intended to attract, or directed toward children under the age of 18. A parent or guardian, however, may create an account for, and provide information related to, his or her child who is under the age of 18. The parent or guardian assumes full responsibility for ensuring that the information that he/she provides to Skoosh Skin about his or her child is kept secure and that the information submitted is accurate.
Skoosh Skin provides links to third party websites operated by organisations not affiliated with Skoosh Skin. Skoosh Skin does not disclose your information to organisations operating such linked third party websites. Skoosh Skin does not review or endorse, and is not responsible for, the privacy practices of these organisations. We encourage you to read the privacy statements of each and every website that you visit. This Privacy Statement applies solely to information collected by Skoosh Skin and our service providers on our behalf.
Information for Customers in Designated Countries
This section only applies to individuals located in the European Economic Area (“EEA”), United Kingdom, or Switzerland (the “Designated Countries”).
Our relationship with you
We are the “controller” with respect to your Personal Information because we determine the means and purposes of processing your information when using our Services.
Legal bases for processing Personal Information from the EU
We describe how we process your Personal Information in Sections 2 through 4 of this Privacy Statement. We may process your Personal Information if you consent to the processing, to satisfy our legal obligations, if it is necessary to carry out our obligations arising from any contracts we entered with you or to take steps at your request prior to entering into a contract with you, or for our legitimate interests to protect our property, rights or safety of Skoosh Skin, our customers or others.
We will obtain your consent where required to send you marketing communications using electronic means. You may withdraw your consent at any time via the e-mail unsubscribe link. We will only contact you by electronic means (email, push notification, SMS, etc.) with information about our Services that are similar to those which were the subject of a previous sale or negotiations of a sale to you.
We will only share your Personal Information with third parties for marketing purposes with your explicit consent. If you do not want us to use your Personal Information in this way, please e-mail us at email@example.com. You may raise such objection with regard to initial or further processing for purposes of direct marketing at any time and free of charge. The withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.
Other marketing activities will happen based on the legitimate interests of Skoosh Skin. E.g., where we tailor marketing communications or send targeted marketing messages via post, phone or social media and other third party platforms; and in providing existing customers with information (via email or other channels) about similar products and services.
Transferring your personal information outside the European Economic Area
We may need, as part of the services offered to you though our Site, to communicate your details outside the European Economic Area (“EEA”).
We are obliged to satisfy ourselves before transferring your information to a country outside the EEA that it provides adequate protection for your data protection rights. Skoosh Skin only transfers your personal information to those third parties where we can be sure that we can protect your privacy and your rights, for example the third party is located in a country which the EU has deemed to have adequate data protection laws in place, where that third party is certified on the EU-US Privacy Shield or where we have a contract in place with that third party which includes the European Commission's standard data protection clauses.
You can exercise your privacy rights by following the instructions below. We will handle your request under applicable law. When you make a request, we may verify your identity to protect your privacy and security. In particular, You have the rights to:
- Withdraw your consent to Our processing your personal Information at any time. You can do this at any time by contacting us at firstname.lastname@example.org. Your withdrawal will not affect the lawfulness of our processing based on consent before your withdrawal. In certain circumstances, We can process your personal Information without your consent in line with the lawful processing requirements in GDPR. These include (amongst other reasons) where processing is necessary to comply with a legal obligation, or to protect your vital interests.
- Ask us to rectify inaccurate or incomplete personal Information. Our site allows you to access and rectify certain Registration Information within your Account Settings, and your Self-Reported Information by going to the profiles page, and other information as required by applicable law. If you would like to access or rectify any other information, contact Customer Care and we will do our best to assist you without undue delay. We would seek to rectify the data as soon as possible and usually within one month unless the request is complex. We may reject part or all of your request if responding to your request could adversely affect the rights and freedoms of others.
- Ask us to erase your personal Information. This is commonly referred to as the right to be forgotten. This right is only applicable where there is no compelling reason for the continued processing of your personal Information. There are some circumstances where this right to erasure does not apply and in such cases We would notify You of the reason(s) why We need to retain your personal Information (unless prevented to do so by law)
- Restrict processing of your personal Information. You can restrict our processing of your Personal Information where one of the following applies: (a) you dispute the accuracy of Personal Information processed by Skoosh Skin (for a period enabling us to verify its accuracy); (b) the processing is unlawful and you oppose the erasure of the Personal Information and request the restriction of its use instead; (c) Skoosh Skin no longer needs the Personal Information for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims; and (d) you have objected to certain processing relying on legitimate interest, pending the verification whether Skoosh Skin’s legitimate grounds override your rights. Restricted Personal Information shall only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will notify you if the restriction is lifted.
- Ask us not to process your personal Information for marketing purposes (including profiling). We will usually inform You (before collecting your data) if We intend to use your data for such purposes or if We intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms We use to collect your data. You can also exercise the right at any time by contacting us at email@example.com
- Ask us not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects on you, except as allowed under applicable data protection laws.
- Request access to your personal Information via a subject access request. Your request should be made to us in writing and We may ask you for proof of your identity before providing You with the data. There is usually no fee for making such a request however, in limited circumstances, We can charge an administrative fee (which will be based on the administrative cost of providing the information)
- Obtain and reuse your personal Information for your own purposes across different services (right to data portability). This right is only applicable to data that You have provided to us, where We are processing the data based on your consent or for the performance of a contract and when the processing is carried out by automated means. Where this right applies, the data will be provided to You in a structured, commonly used and machine-readable format
Please be aware that we will need to verify your identity before providing any personal information to you. We do this to protect your information. We may also ask you to provide us some additional voluntary information to help us process your request more efficiently.
Unless you delete your account or delete certain Personal Information (i.e., User Content, etc.), we will store your Personal Information as long as your account is open. If you delete your account, we will take the steps described under “Your Choices – Account Deletion” and delete all your Personal Information, unless a longer retention period is required or permitted by law.
The rights described above may be limited by local laws. Further, your right of access and deletion is not absolute and may not be available if fulfilment of such right would, among other things:
- cause interference with execution and enforcement of the law and legal private rights (such as in the case of the investigation or detection of legal claims or the right to a fair trial);
- breach or prejudice the rights of confidentiality and security of others;
- prejudice security or grievance investigations, corporate re-organizations, future and ongoing negotiations with third parties, the compliance with regulatory requirements relating to economic and financial management; or
- otherwise violate the interests of others or where the burden or cost of providing access would be disproportionate.
If at any time you would like to contact us with your views about our privacy practices, or with any enquiry relating to your personal information, you can do so by sending an e-mail to us at firstname.lastname@example.org.
If you have any complaints regarding our handling of your personal Information, we would appreciate the chance to deal with your concerns in the first instance. However, if you wish, you may make a complaint directly to the Information Commissioner’s Office, the UK supervisory authority for data protection issues (www.ico.org.uk or 0303 123 1113)
Changes to this Privacy Statement
*This Privacy Statement was last updated on February 2020.