PRIVACY POLICY

Dermalogica (UK) Limited (“Dermalogica”) is committed to protecting and respecting the privacy of its customers (“Customers”). This policy sets out the basis on which any personal data Dermalogica collects from its customers, or that Customers provide to Dermalogica, will be processed by Dermalogica. For the purpose of the Data Protection Act 1998 (the Act), the data controller is Dermalogica (UK) Limited of Caxton House, Randalls Way, Leatherhead, Surrey, KT22 7TW. INFORMATION DERMALOGICA MAY COLLECT FROM CUSTOMERS Dermalogica may collect and process the following data about Customers:

• a) information that Customers provide by filling in forms on the Sitess www.dermalogica.co.uk (“the Sites”) or that Customers have already provided at the time of becoming an account holder. Dermalogica may also ask Customers for information when Customers report a problem with Dermalogica’s Sites;
• b) if Customers contact Dermalogica , Dermalogica may keep a record of that correspondence;
• c) details of transactions Customers carry out through Dermalogica’s Sites and of the fulfilment of Customers’ orders;
• d) details of Customers’ visits to Dermalogica’s Sites including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for Dermalogica’s own billing purposes or otherwise and the resources that Customers access.

IP ADDRESSES AND COOKIES

Dermalogica may collect information about Customers’ computers, including where available Customers’ IP addresses, operating systems and browser types, for system administration. This is statistical data about Dermalogica’s users‘ browsing actions and patterns, and does not identify any individual.

For the same reason, Dermalogica may obtain information about Customers’ general internet usage by using a cookie file which is stored on the hard drive of Customers’ computer. Cookies contain information that is transferred to Customers’ computer’s hard drive.

They help Dermalogica to improve Dermalogica’s Sites and to deliver a better and more personalised service. They enable Dermalogica :

• a) to estimate Dermalogica’s audience size and usage pattern;
• b) to store information about Customers’ preferences, and so allow Dermalogica to customise Dermalogica’s Sites according to Customers’ individual interests;
• c) to speed up Customers’ searches; and
• d) to recognise Customers when Customers return to Dermalogica’s Sites.

Customers may refuse to accept cookies by activating the setting on their browsers which allows them to refuse the setting of cookies. However, if Customers select this setting they may be unable to access certain parts of Dermalogica’s Sites. Unless Customers have adjusted their browser settings so that they will refuse cookies, Dermalogica’s system will issue cookies when Customers log on to Dermalogica’s Sites.

WHERE DERMALOGICA STORE CUSTOMERS’ PERSONAL DATA

The data that Dermalogica collect from Customers may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for Dermalogica or for one of Dermalogica’s suppliers. Such staff maybe engaged in, among other things, the fulfilment of Customers’ order, the processing of Customers’ payment details and the provision of support services. By submitting Customers’ personal data, Customers agree to this transfer, storing or processing. Dermalogica will take all steps reasonably necessary to ensure that Customers’ data is treated securely and in accordance with this privacy policy.

All information Customers provide to Dermalogica is stored on Dermalogica’s secure servers. Any payment transactions will be encrypted. Where Dermalogica have given Customers (or where Customers have chosen) a password which enables Customers to access certain parts of Dermalogica’s Sites, Customers are responsible for keeping this password confidential. Dermalogica ask Customers not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although Dermalogica will do Dermalogica’s best to protect Customers’ personal data, Dermalogica cannot guarantee the security of Customers’ data transmitted to Dermalogica’s Sites; any transmission is at Customers’ own risk. Once Dermalogica have received Customers’ information, Dermalogica will use strict procedures and security features to try to prevent unauthorised access.

USES MADE OF THE INFORMATION

Dermalogica use information held about Customers in the following ways:

• a) to ensure that content from Dermalogica’s Sites is presented in the most effective manner for Customers and for Customers’ computers;
• b) to provide Customers with information, products or services that Customers request from Dermalogica or which Dermalogica feel may interest Customers, where Customers have consented to be contacted for such purposes;
• c) to carry out Dermalogica’s obligations arising from any contracts entered into between Customers and Dermalogica; and
• d) to notify Customers about changes to Dermalogica’s service.

If Customers are existing customers of Dermalogica, Dermalogica will only contact Customers by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale to Customers. If Customers are new customers of Dermalogica, Dermalogica will contact Customers by electronic means only if Customers have consented to this.

DISCLOSURE OF CUSTOMERS’ INFORMATION

Dermalogica may disclose Customers’ personal information to any member of Dermalogica’s group, which means Dermalogica’s subsidiaries, Dermalogica’s ultimate holding company and its subsidiaries, as defined in section 736 of the UK Companies Act 1985.

Dermalogica may disclose Customers’ personal information to third parties:

• a) in the event that Dermalogica sell or buy any business or assets, in which case Dermalogica may disclose Customers’ personal data to the prospective seller or buyer of such business or assets;
• b) if Dermalogica or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
• c) if Dermalogica are under a duty to disclose or share Customers’ personal data in order to comply with any legal obligation, or in order to enforce or apply Dermalogica’s terms of use and other agreements; or to protect the rights, property, or safety of Dermalogica, Dermalogica’s customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

CUSTOMERS’ RIGHTS

Customers have the right to ask Dermalogica not to process Customers’ personal data for marketing purposes. Dermalogica will usually inform Customers (before collecting Customers’ data) if Dermalogica intend to use Customers’ data for such purposes or if Dermalogica intend to disclose Customers’ information to any third party for such purposes. Customers can exercise Customers’ right to prevent such processing by checking certain boxes on the forms Dermalogica use to collect Customers’ data. Customers can also exercise the right at any time by contacting Dermalogica at [enquiry@dermalogica.co.uk].

Dermalogica’s Sites may, from time to time, contain links to and from the websites of Dermalogica’s partner networks, advertisers and affiliates. If Customers follow a link to any of these websites, please note that these websites have their own privacy policies and that Dermalogica do not accept any responsibility or liability for these policies. Please check these policies before Customers submit any personal data to these websites.

ACCESS TO INFORMATION

The Act gives Customers the right to access information held about Customers. Customers’ right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet Dermalogica’s costs in providing Customers with details of the information Dermalogica hold about Customers.

CHANGES TO DERMALOGICA’S PRIVACY POLICY

Any changes Dermalogica may make to Dermalogica’s privacy policy in the future will be posted on this page and, where appropriate, notified to Customers by e-mail.