Privacy Policy
Welcome to our website https://eu.drsturm.com/ (hereinafter the “Website”). Please read this Privacy Policy carefully.
1. Our commitments
Everyone has the right to protection of their personal data, which is defined as any information that relates to an identified or identifiable living individual (hereinafter “Personal Data”). We respect users' right to be informed regarding the collection of, and other operations involving their Personal Data. In using data that may directly or indirectly identify you personally, we will apply a principle of strict necessity. For this reason, we have designed the Website in such a way that the use of your Personal Data will be kept to a minimum and will not exceed the purposes for which your Personal Data was collected and/or processed; we do not process your Personal Data when we can provide you with services through the use of anonymous or traffic data (such as marketing research made for improving our services, browsing data processed to provide you with customised contents or offers adapted to your preferred language, your location, etc.) or by other means which allow us to identify you, apart from when it is strictly necessary or upon request by competent public authorities or the police (for example, in case of traffic data or your IP address).
2. Data Controller
For the purposes of the Data Protection Legislation (as defined below), Antonio Puig, S.A.U. - a Spanish company with registered office at Plaza Europa 48-48, 08902 Hospitalet de Llobregat, Barcelona (Spain), incorporated with the register of trade and companies of Barcelona under number A08158289 (hereinafter “Dr. Sturm”, “us”, “we” or “our”) is the controller of your Personal Data.
This Privacy Policy relates to Personal Data collected and processed when a user accesses our Website including but not limited to purchasing goods and/or filling out forms. This Privacy Policy is designed to help you understand how Dr. Sturm collects and processes your Personal Data, the purposes for which it is collected, the legal basis and to set out the rights you have in relation to your Personal Data.
To ensure the accuracy of your Personal Data in our files, please communicate any changes to our customer service department, the contact details of which are below. This allows us to ensure that the information contained in our files is up-to-date and accurate. We reserve the right to suspend or interrupt the provision of the requested services should you knowingly provide inaccurate Personal Data, without prejudice to any action allowed by law.
3. Applicable law
Any and all Personal Data processed by Dr. Sturm through the Website and/or the course of the purchase of products will be collected and/or processed by Dr. Sturm pursuant to the applicable laws to the state/country of residence of the user, including: (i) residents of the European Economic Area, EU Regulation 2016/679 (“GDPR”) without prejudice however to any applicable local mandatory laws benefitting to consumers, in accordance with EU Regulation 593/2008 (“ROME I”); or (ii) any other conflict of laws rules applicable (together, “Data Protection Legislation”).
4. Purpose(s) of Processing of Personal Data and legal basis
The purposes for which Dr. Sturm collects and processes Personal Data and the respective legal basis tare listed below.
· Online Sales: Your Personal Data may be processed to provide you with e-commerce services, e.g. to fulfil placed orders for products, to contact you in case of any order issues or where we need to provide your Personal Data to our service providers to fulfil your order (“Commercial Purposes"). This data processing is based on the fulfilment of our contractual obligations with the client in relation to the order.
Please note that any Online Sales delivered to one of the following countries are subject to the specific Privacy Policies detailed below:
o United Kingdom – Privacy Policy
o United States of America – Privacy Policy
· Marketing Purposes: Whenever you expressly give us your consent on the Website, our social media pages, computerized devices in stores or when permitted by applicable laws without your consent (for example, by having previously purchased on our Website a similar product) your Personal Data may also be processed:
o To send you by postal mail, text messages, email, push notifications or other digital communications (including ads on social media platforms) commercial information and/or updates on our products, offers, exclusive sales, promotional campaigns and/or information on events and similar initiatives organized by Dr. Sturm. For this purpose, we occasionally may use your email address to customize ads for your interests or to generate a "lookalike audience" or similar audience through the Facebook, Instagram, Google, Snapchat, Pinterest or TikTok advertising platforms (“Third-Party Digital Businesses”) based on your consent. This allows us to target advertisements on those platforms to potential customers who appear to have shared interests or similar demographics to you, based on the platforms' own data. It is the policy of these Third-Party Digital Businesses to hash your email address prior to uploading it, match the hashed data against their own customers, generate the lookalike audience, then delete the uploaded email address and use it for no other purpose. We do not have access to the identity of anyone in the lookalike audience unless they choose to click on the ads. We are not responsible for these Third-Party Digital Businesses, including without limitation their data security practices and/or failure to comply with your or our opt-out instructions
If you wish to opt out, please contact us as per the “Contact” section below or, alternatively, by clicking the 'unsubscribe' link which is included in all of our marketing communications.
o We may also collaborate with third parties to provide us with browsing data (“Traffic Data”) resulting from the use of the Website and of our services to provide us analytics services and serve Dr. Sturm's ads and banners when you are browsing on apps and other websites. We do this by way of various ad exchanges and digital marketing networks. We and our advertising partners use various advertising technologies, for instance, ad tag, cookies, pixels, identifiers and web beacons (“Tracking Technologies”). This information may be used by Dr. Sturm to analyse and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our Website and other websites, and better understand your online activity. The ads and banners you see are based on information that we hold about you, or on your prior use of our Website, for example, products you have browsed previously, content you have read on our Website, or on Dr. Sturm’s banners or ads that you have engaged with in the past. We may also work with and use services offered by Third-Party Digital Businesses to serve ads to you as part of a customised campaign on those third-party sites and platforms. As part of these ad campaigns, we or the Third-Party Digital Businesses may convert information about you, such as your email address and phone number, into a unique value that can be matched with a user account on these platforms to allow us to learn about your interests and to serve you advertising that is customised to your interests.
Legal basis is your consent to the respective Tracking Technologies which is obtained via our cookie management tool on our Website in which you can declare / withdraw your consent. Further information can be obtained in our Cookies Policy
o We may offer sweepstakes, contests, and other promotions (each, a “Promotion”), including Promotions jointly sponsored or offered by third parties, which may require submitting Personal Data. If you voluntarily choose to enter a Promotion, your information, including Personal Data, may be disclosed to us, co-sponsors, service providers, and other third parties, including for administrative purposes and as required by law (e.g., on a winners list). By entering, you are agreeing to the official rules that govern that Promotion, which may include consent to additional or differing data practices from those contained in this Privacy Policy. Please review those rules carefully.
· Security Purposes: In addition, and based on our legitimate interest, your Personal Data may be processed for:
o detect fraudulent activity and to keep the Website and online sales away from attackers who may try to access your account by impersonating you. In particular, we may use IP address, device, profile, usage, and other data to prevent and detect malicious or unsafe activities (e.g. payment fraud, identity fraud, account hacking, phishing, incentive abuses); and
o monitor all actions that could cause fraud or in the commission of a criminal offence related to the payment method employed by you; if any irregularities are detected, we reserve our right to retain the data provided and share it with the competent authorities in order to carry out the relevant investigation.
· Routine Finder tool: If you use our Routine Finder tool, we may collect Personal Data related to your identity and physical characteristics. This may involve the use of ‘profiling’ or automated decision making to predict your interests and personalise recommendations. We use this Personal Data to provide you with a personalised skincare routine and for the Marketing Purposes described above.
We will only process Personal Data collected through the Routine Finder tool with your consent. You have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. This tool is not intended to be used by those under the legal age.
5. What Happens if You Do Not Disclose Your Personal Data to us?
Granting your Personal Data to us (e.g. your personal details, your e-mail address, your address, etc.) is necessary for processing your order for the purchase of products on the Website, supplying other services provided on the Website upon your request, or when your Personal Data is needed to fulfil obligations required by law or regulations. The refusal to provide us with some of your Personal Data necessary for performing the above purposes may consequently prevent us from processing your order for the purchase of products sold on the Website or fulfilling obligations required by law and other regulations etc. Therefore, failing to provide Personal Data may constitute, in some cases, a legitimate and justified reason for not processing your order for the purchase of products sold on the Website or not providing the Website’s services.
Disclosure of further Personal Data to us other than that required for fulfilling legal or contractual obligations is, on the contrary, optional and does not have any effect on the use of the Website and of its services or on the purchase of products on the Website. We will inform you at every step whether disclosing your Personal Data to us is compulsory or optional by marking with an appropriate symbol (*) the information that is compulsory, or data needed for the purchase of products on the Website.
6. To whom your Personal Data will be disclosed
Your Personal Data may be disclosed to trusted third party providers that provide sufficient guarantees requested by Data Protection Legislation and with whom we have concluded data processing agreements, if required by Data Protection Legislation, and who perform a range of business operations (hereinafter, the "Recipients"), such as:
· Customer service, for purposes related to the shipping, delivery and return of products purchased on the Website and customer service to users of the Website.
· Computer services, for purposes related to hosting Dr. Sturm servers.
· Payment platforms, for purposes related to the payment method and its execution.
· Logistic services, for purposes related to shipping and delivery and return of the products purchased on the Website.
· Marketing services, for the analysis of use of our Website, sending communications, managing advertising content, etc.
· Promotion services.
· Security services, for purposes related to payment fraud, identity fraud, account hacking, phishing, incentive abuses, etc. (“Fraud Detectors”). Fraud Detectors collect Personal Data from the Website (e.g., identifiers and contact information, personal records, commercial information, internet activity, geolocation data, and inferences) and elsewhere and use that data to analyze, evaluate, and predict whether a particular transaction is unusual for a particular consumer or otherwise indicative of fraudulent activity, such as if a credit card is suddenly used for multiple transactions in different locations within a short period, or if the proposed transaction does not align with the prior purchase behavior of a particular consumer, including spending patterns, location, transaction amounts, frequency of transactions, and types of merchants. If the Fraud Detectors detect fraud or illegal activity, then you may be prevented from completing a transaction/purchase. This Fraud Detector activity is beneficial to consumers because it is meant to prevent misuse of consumers’ credit card information on our Website and to otherwise protect consumers’ other Personal Data.
Moreover, your Personal Data may be disclosed to the police or to judicial authorities, according to applicable laws and upon a formal request by such entities, for example in the event we need to prevent fraud on the Website.
7. Security Measures and retention period
We have adopted security measures to protect Personal Data against accidental or unlawful destruction, accidental loss, alteration, unauthorised disclosure, or access and against all other reasons for data processing that do not comply with our Privacy Policy.
For the best possible protection of your Personal Data outside the limits of our control and management of the same, it is advisable that your computer be provided with software devices that protect network data transmission/receipt (such as updated antivirus systems) and that your Internet service provider take appropriate measures for the security of network data transmission (such as, for example, firewalls and anti-spam filtering).
We will only hold your Personal Data for so long as is necessary for us to fulfil the purposes set out in this Privacy Policy (e.g., in case of online sales for as long as required by local tax, corporate and warranty laws; in case of a consent as long as you revoke your consent). Where we no longer need to process your Personal Data for the purposes set out in this Privacy Policy, then we will delete your Personal Data from our system.
8. Transfer of your Personal Data to other countries
Your Personal Data is held within the European Economic Area ("EEA") or within countries outside the EEA with an adequate level of data protection. Your Personal Data may also be processed by data recipients mentioned above which are located in third countries but only if they provide appropriate safeguards in accordance with Data Protection Legislation. For further information, please contact us as per the “Contact” section below.
9. Your rights in relation to your Personal Data
We set out below a summary of the rights available in connection with your Personal Data, subject to the applicable laws to the state/country of your residence.
For your convenience, and without prejudice to certain formal requirements set out in the Data Protection Legislation, you can exercise your rights by contacting us as per the “Contact” section below.
· Right to withdraw your consent:
You may withdraw the consent you give to Dr. Sturm for processing your Personal Data at any time. Please note, however, that where you do withdraw your consent, this may affect our ability to provide you with the services requested or affect the functionality of our Website.
In addition, if you want to stop receiving future marketing messages, communications, and materials at any time, you can do so alternatively by clicking the 'unsubscribe' link, which is included in all our email marketing messages.
· Right to access your Personal Data in our possession:
You are entitled to obtain, at any time, confirmation from us as to whether or not we are processing your Personal Data and, where that is the case, access such Personal Data.
Moreover, you are entitled to receive from us information on the source of your Personal Data; the purposes and way of processing your Personal Data; the logic involved in any electronic data processing; details of the data controller and of the data processors; the names of the entities and categories of entities to whom your Personal Data may be disclosed or who may access your Personal Data, for example, as a data controller or a party so appointed.
· Right to have inaccurate Personal Data rectified:
You have the right to obtain from us without undue delay the rectification of inaccurate Personal Data that we hold and which concerns you. This includes the right to request that incomplete Personal Data is completed.
· Right to erasure:
You have the right to obtain from us the erasure without undue delay of Personal Data that we hold, and which concerns you, in the circumstances as provided by Data Protection Legislation.
· Right to restriction of processing:
You have the right to restrict the way we process your Personal Data in the circumstances as provided by Data Protection Legislation.
· Right to data portability:
You have the right to receive from us the Personal Data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from us. This right shall include the right to require us to transmit the relevant Personal Data to another controller on your behalf, where technically feasible. This right only applies to personal data that: (i) we gain your consent to process; or (ii) we obtain to perform our contractual obligations to you, and in each case to the extent we process your Personal Data by automated means.
· Right to lodge a complaint:
You are entitled to exercise your right to lodge a complaint to the competent supervisory authority, depending on your habitual residence, if you consider that the processing of your personal data infringes the Data Protection Legislation.
10. Contact
If you have any questions about your Personal Data or the contents of this Privacy Policy, please contact us at [email protected].
You can also contact our Data Protection Officer at [email protected] or by writing to us at: Puig Brands, S.A. - Data Protection Officer, Plaza Europa, 46/48, 08902, L'Hospitalet de Llobregat, Barcelona, Spain.
Last update: 1st October 2024
© Antonio Puig, S.A.U. 2024. All rights reserved.