General
updated: 09 January 2020

This privacy and cookies policy ("Privacy Policy") details data used on our Website and App (together, the “Platform”).

We are committed to protecting the privacy of our users and customers. This Privacy Policy is intended to inform you how we gather, define, and use information that could identify you, such as your name, email address, address, other contact details or online identifiers, other information that you provide to us when using the Platform ("Personal Information") and also what Cookies we use. Please take a moment to read this Privacy Policy carefully.

Continuous technological development, changes to our services, changes to laws, or other reasons may require us to amend our Privacy Policy. We will make changes to this Privacy Policy regularly and we ask that you keep yourself informed of its contents.
The Data Controller for your information is:

COMPANY NAME:
skin242 Limited
("skin242", "we", "our" or "us").

COMPANY NUMBER:
13933468

COMPANY ADDRESS:
242 Mollison Way
Edgware
Middlesex
United Kingdom
HA8 5QY

COMPANY EMAIL:
hello@skin242.com

1. Party responsible for data processing
2. Data protection officer point of contact
You can reach our data protection officer at h.com with the subject ‘Privacy Query’.‍
You have the following rights with respect to your personal data:

3.1 General rights

You have the right to information, access, correction, deletion, restriction of processing, objection to processing, and data portability. If processing is based on your consent, you have the right to revoke it at any time.

3.2 Rights to object to processing of data based on legitimate interests

Article 21(1) EU General Data Protection Regulation (EU) 2016/679 (“GDPR”) gives you the right to object at any time for reasons arising out of your particular situation against the processing of personal data relating to you when your data is processed under Article 6(1)(e) or Article 6 (1)(f) GDPR. This also applies to profiling. If you object, we will no longer process your personal data unless we can establish compelling and legitimate grounds for processing that outweigh your interests, rights and freedoms, or if the processing aids the enforcing, exercising or defending of legal claims.

3.3 Rights to object to direct marketing

3.3.1 If we process your personal data for the purpose of direct marketing Article 21(2) GDPR gives you the right to object at any time to the processing of your personal data for the purpose of direct marketing; this also applies to profiling, insofar as it is associated with direct marketing.

3.3.2 If you object to processing for the purpose of direct marketing, we will no longer process your personal data for this purpose.

3.4 Right to complain to a supervisory authority

You also have the right to complain to a relevant data protection supervisory authority about our processing of your personal data.
3. Your rights
4. The processing of personal data when using the Services
4.1 We process your personal data using the legitimate interests legal basis, except in specific circumstances where you provide consent or where the processing is necessary for a contract that you have with us or where you have asked us to take specific steps prior to entering into a contract. We apply appropriate safeguards to protect your privacy and we process your personal data only for the limited purpose of providing our Services to you.

4.2 When you use our Services, we process these types of personal data:Personal Identifying information such as your name, addresses, telephone numbers or email addresses.Personal details such as age, sex, date of birth.Electronic identification data such as IP addresses, cookies, connection moments, device ID’s mobile advertising identifiers, date and time of the inquiry, time, request contents, (concrete page), access status/HTTP status code, amount of data transferred, website receiving the request, browser software and version, operating system and its interface, and language.Data that your browser or device makes available.Electronic localization data such as GPS data and locational data.Financial identification data such as credit or debit card numbers.Data about your interaction with our services.Security details such as passwords related to our Services.
5.1 When you contact us by e-mail or through a contact form, we will store the data you provide (your e-mail address, possibly your name and telephone number) so we can answer your questions. Insofar as we use our contact form to request entries that are not required for contacting you, we have always marked these as optional. This information serves to substantiate your inquiry and improve the handling of your request. Your message may be linked to various actions taken by you on the Platform. Information collected will be solely used to provide you with support relating to your booking and better understand your feedback. A statement of this information is expressly provided on a voluntary basis and with your consent, art. 6 par. 1a GDPR. As far as this concerns information about communication channels (such as your e-mail address or telephone number), you also agree that we may also, where appropriate, contact you via this communication channel to answer your request. You may of course revoke this consent for the future at any time.

5.2 We delete the data that arises in this context after saving is no longer required, or limit processing if there are statutory retention requirements.
5. Contact by e-mail or contact form
6. Newsletter
6.1 General information

6.1.1 With your consent under Art. 6 par. 1 a GDPR, you can opt in to our newsletter, which will inform you about our current deals.

6.1.2 To sign up for our newsletter, we use the “double opt-in” method. This means that after you have signed up, we will send you an e-mail to the e-mail address specified, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your sign-up within [24 hours], your information will be locked and automatically deleted after one month.

6.1.3 In addition, we save the IP addresses you used and the times of sign-up and confirmation. The purpose of the procedure is to verify your sign-up and, if necessary, to inform you about possible misuse of your personal data.

6.1.4 The only requirement for sending the newsletter is your email address. The specification of additional, separately marked data is voluntary and will be used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is art. 6 par. 1 a GDPR.

6.1.5 You may revoke your consent to the sending of the newsletter at any time and opt out of the newsletter. You can declare the revocation by clicking the link provided in each newsletter e-mail or by contacting the aforementioned data protection officer.

6.2 Newsletter Tracking

6.2.1 Please note that we evaluate your user behavior when sending the newsletter. For this evaluation, the emails sent include “web beacons” or tracking pixels, which are stored on our website. For the evaluations, we link the data mentioned and the web beacons with your e-mail address and an individual ID.

6.2.2 With the data obtained in this way, we generate a user profile to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters, which links you click on in them and deduce your personal interests. We link this data with actions you have taken on our website.

6.2.3 You can object to this tracking at any time by clicking on the separate link provided in each e-mail. The information will be saved as long as you have opted in to the newsletter. After you log out, we save the data purely statistically and anonymously.

6.2.4 Also, such tracking is not possible if you've deactivated image viewing by default in your e-mail application. In this case, the newsletter will not be displayed in full and you won’t be able to use all the features. If you display images manually, the above tracking will take place.
7.1 skin242 User Account

7.1.1 You can create an skin242 User Account. If you create an skin242 User Account you will receive personal, password-protected access and can view and manage the data you have stored in your account. User Account creation is voluntary but may be required to fully use the functionality of some of our Services.

7.1.2 If you create a User Account, we will send you our newsletter and other direct marketing. You can unsubscribe from the newsletter or delete your User Account at any time.

7.1.3 You can manage, modify and delete all information in your User Account. The legal basis for this processing is Article 6(1)(a), (b), and (f) GDPR.
7. Specific functions of the Services
8. Use of social plug-ins
8.1 Social plug-ins typically collect data from you as standard, and transmit it to the respective vendor’s server. We have taken technical measures to ensure the protection of your privacy, which guarantee that your data cannot be collected by the vendors of the respective plug-ins without your consent. These will initially be deactivated when you visit a site connected to the plug-ins. The plug-ins will not be activated until you click on the respective symbol, and by doing so, you give your consent to have your data transmitted to the respective vendor. The legal basis for plug-in use is article 6, par. 1 a and f of the GDPR.8.3 Once activated, the plug-ins also collect personally identifiable information, such as your IP address, and send it to the respective vendor’s server, where it is saved. Activated social plug-ins also set a cookie with a unique identifier when you visit the respective website. This allows the vendor to generate profiles of your user behavior as well. This occurs even if you are not a member of the respective vendor’s social network. If you are a member of the vendor’s social network and you are logged into the website during your visit, your data and information about your visit to the website can be linked with your profile on the social network. We do not have any influence over the exact extent to which your data is collected by the respective vendor. For more information about the extent, nature, and purpose of data processing and about the rights and setting options for protecting your privacy, please see the data protection notices for the respective social network vendor.
9.1 We offer you the option of enrolling and signing in through your Facebook account. If you enrol via Facebook, Facebook will ask you for your permission to release certain data in your Facebook account to us. This may include your first name, last name, and e-mail address so your identity and gender can be verified, as well as general location, a link to your Facebook profile, your time zone, your date of birth, your profile picture, your “Like” information, and your friends list.

9.2 This data will be collected by Facebook and transmitted to us in compliance with the policies in the Facebook privacy policy. You can control the information that we receive from Facebook through the privacy settings in your Facebook account.9.3 This data will be used to establish, provide, and personalise your account. The legal basis is article 6, par. 1 a, b, and f of the GDPR.9.4 If you enroll with us through Facebook, your account will automatically be connected to your Facebook account and information about your activities on our website, if applicable, will be shared on Facebook and published on your timeline and news feed.
9. Facebook Connect
10. Use of cookies
Cookies will be stored on your device during the use of our website. Cookies are small text files that are stored on your hard drive assigned to the browser you use, and through which the place where the cookie is set accrues certain information. Cookies cannot run any programs or transmit any viruses to your device. They serve to make the website more user-friendly and efficient overall. We also use cookies to be able to identify you in subsequent visits.This website uses the following types of cookies, whose extent and function are explained in the following:

10.1 Transient cookies

These cookies are automatically deleted when you close your browser. This includes session cookies in particular. These save a “session ID” with which different requests from your browser can be assigned to the joint session. This allows your device to be recognized again when you return to our website. Session cookies are deleted when you log out or close your browser.

10.2 Persistent cookies

These cookies are automatically deleted after a set duration that can vary depending on the cookie. You can delete cookies in your browser security settings at any time.

10.3 Flash cookies

Flash cookies used are not collected through your browser, but through your Flash plug-in. In addition, we use HTML5 storage objects that are stored on your terminal. These objects save the necessary data independent of the browser you use and have no automatic expiration date. If you do not want Flash cookies processed, you must install a suitable add-on, such as "Privacy Badger” for Mozilla Firefox (https://www.eff.org/privacybadger) or Adobe Flash Killer Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by setting your browser to private mode. We also recommend that you manually delete your cookies and browser history on a regular basis.

10.4 Preventing cookies

You can configure your browser and App settings as you wish and, for example, decline to accept third-party or all cookies. Please note that you may not be able to use all of the website’s functions in this case.

10.5 Legal bases and storage period

The legal bases for possible processing of personally identifiable information and its storage period vary and are described in the following sections.
For the purposes of analysing and optimising our websites, we use different services that are described in the following. This allows us to analyse, for example, how many users visit our site, which information is requested the most, and how users find the website. The data that we collect includes the websites from which a person in question arrives at a website (“referrer”), which subpages on the website are accessed and how often, and the length of time for which a subpage is viewed. This helps us to develop and improve our website to be more user-friendly. The data collected does not serve to personally identify individual users. Anonymous or highly pseudonymous data will be collected. The legal basis for this is article 6, par. 1 f of the GDPR.

11.1 Google Analytics

11.1.1 This website uses Google Analytics, a web analysis service of Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). This use covers the Universal Analytics operating mode. This makes it possible to assign data, sessions, and interactions across multiple devices to a pseudonymous user ID and thus analyse a user’s activities across devices.

11.1.2 Google Analytics uses cookies that allow your use of the website to be analyse. The information generated by the cookie through your use of this website is generally transmitted to a Google server in the USA and stored there. If IP anonymisation is activated on this website, however, your IP address will be truncated in advance within the member states of the European Union or other contracting states party to the Agreement on the European Economic Area. Only in exceptional circumstances will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted from your browser in the context of Google Analytics will not be conflated with other Google data. Google will use this information in this website operator’s order to evaluate your use of the website so that reports about website activity can be compiled and other services connected to website and internet use can be rendered for the website operator. Our legitimate interest in data processing is also for these purposes. The legal basis for the use of Google Analytics is article 6, par. 1 f of the GDPR. The data sent by us and connected to cookies, user information (such as user ID), and promotional IDs are deleted after 14 months after the last use of our services. Data whose storage period has expired is automatically deleted once a month. More information on the terms and conditions of use and data protection can be found at https://www.google.com/analytics/terms/us.html and https://policies.google.com/?hl=en.

11.1.3 You can prevent cookies from being stored through the relevant setting in your browser software; however, please note that if you do so, not all functions of the website may be able to be used to their full extent. You can also prevent the data generated by the cookie and related to your use of the website (including your IP address) from being collected and processed by Google by downloading and installing https://tools.google.com/dlpage/gaoptout?hl=en. Opt-out cookies prevent the future collection of your data when visiting this website. To prevent Universal Analytics collection across various devices, you must perform the opt-out on all systems in use. Set the opt-out cookie by clicking here: Deactivate Google Analytics.

11.2 Google Tag Manager

For transparency reasons, we would like to mention that we use Google Tag Manager. Google Tag Manager does not itself collect any personally identifiable information. Tag Manager makes it easier for us to incorporate and manage our tags. Tags are small elements of code that serve to measure traffic and user behaviour, record the effects of online advertising and social channels, establish re-marketing and focus on target groups, and test and optimise websites, among other things. If you have deactivated, this will be taken into account by Google Tag Manager. For more information about Google Tag Manager, see: https://www.google.com/analytics/tag-manager/use-policy/

11.3 eTracker

11.3.1 Data is collected and stored for marketing and optimisation purposes on this website using technologies from etracker GmbH (https://www.etracker.com/en/). This data can be used to generate usage profiles under a pseudonym. Cookies may be used for this purpose. The data collected with eTracker technologies is not used for the purpose of personally identifying visitors to this website and will not be conflated with personally identifiable information about the bearer of the pseudonym without the explicit consent of the individual in question. You may object to the collection and storage of data at any time with effect for the future. Please exclude me from the etracker count.

11.3.2 We use eTracker so we can analyse the use of our website and make regular improvements. The statistics we gather allow us to improve our website and develop it to be more interesting for you as a user. The data collected will be stored permanently and analysed under a pseudonym. The legal basis for the use of eTracker is article 6, par. 1 f of the GDPR. Third party partner information: etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg; https://www.etracker.com/en/data-privacy/.
11. Analysis
12. Advertising
We use cookies for marketing purposes to approach our users with advertising that is more tailored to their interests. We also use cookies to reduce the likelihood of ads playing and to measure the effectiveness of our advertising measures. This information may also be shared with third parties, such as ad networks. The legal basis for this is article 6, par. 1 a and f of the GDPR. The goals intended in data processing serve the legitimate interest of direct marketing. You are entitled to file an objection to the processing of your data for the purposes of such advertising at any time. We provide the following opt-out options for the respective services for this purpose. Alternatively, you can prevent cookies from being set in your browser and App settings.We use Google AdSense, a service for integrating ads. Google AdSense uses cookies and web beacons (invisible graphics). These web beacons allow the analysis of information such as visitor traffic on the pages of this website. The information generated by cookies and web beacons via the use of this website (including user IP addresses) and the distribution of ad formats is transferred to a Google server in the USA and stored there. Google can pass this information on to their affiliates. However, Google will not conflate your IP address with your other stored data. Users can prevent cookies from being installed through the relevant setting in their browser software and App settings; however, please note that if this is done, not all functions of the website may be able to be used to their full extent. By using this website, the user agrees to the processing of their data collected by Google in the manner and for the purpose described above.

12.1 Google AdWords and Conversion Tracking

12.1.1 To draw attention to our services, we place Google AdWords display ads and, within this context, use Google conversion tracking for the purposes of personalised online ads based on interests and location. The option to anonymise IP addresses is controlled through Google Tag Manager, via an internal setting that is not visible in the source of this page. This internal setting is set so that the anonymisation required by privacy laws covers IP addresses.

12.1.2 Ads are displayed based on search requests on websites in the Google ad network. We have the ability to combine our ads with certain search terms. With the use of cookies, we are able to place ads based on previous user visits to our website.

12.1.3 When a user clicks on an ad, Google places a cookie on the user’s device. For more information on the cookie technology used, please see Google’s statements on website statistics and their data privacy policy.

12.1.4 With the use of this technology, Google, and we as their customer, receive the information that a user has clicked on an ad and was redirected to our websites. The information acquired this way is solely used for statistical analysis related to ad optimisation. We do not receive any information that would allow us to personally identify a visitor. The statistics provided to us by Google include the total number of users who have clicked on one of our ads and, where applicable, whether they were redirected to a page on our website that has a conversation tag. These statistics allow us to track which search terms most often lead to our ads receiving clicks, and which ads lead to the user contacting us via the contact form.

12.1.5 If you do not want this, you can prevent the storage of the cookies required for this technology by, for example, using the settings in your browser or your App. Should you do so, your visit will not be incorporated into user statistics.

12.1.6 You also have the option to choose the types of Google ads or deactivate interest-based ads on Google through ad settings. Alternatively, you can deactivate third-party use of cookies by using the Network Advertising Initiative’s opt-out tool.

12.1.7 However, we and Google will still receive statistical information about how many users visit this site and when. If you do not want to be included in these statistics either, you can prevent this by using additional programs for your browser (such as the Ghostery add-on).

12.2 Google DoubleClick

12.2.1 We use DoubleClick, a service of Google Inc. DoubleClick uses cookies to place user-based web ads. The cookies detect which ads have already appeared in your browser and whether you visited a website via an ad placed. In doing so, the cookies do not collect any personally identifiable information, nor are they able to link to any.

12.2.2 If you do not want to receive any user-based advertising, you can disable the placement of ads by using Google’s ad settings.

12.2.3 For more information about how Google cookies are used, please refer to Google’s privacy statement.

12.3 Google Dynamic Re-marketing

12.3.1 We use the dynamic re-marketing function of Google AdWords on our website. This technology allows us to place automatically generated ads oriented towards target groups after you visit our website. Ads are oriented towards products and services that you clicked on during your last visit to our website.

12.3.2 Google uses cookies to generate interest-based ads. Cookies are small text files that are stored in your browser when you visit our website. In this process, Google typically stores information such as your web request, IP address, browser type, browser language, and the date and time of your request. This information only serves the purpose of mapping the web browser to a specific device. It cannot be used to identify an individual.

12.3.3 If you do not want to receive user-based advertising from Google, you can disable the placement of ads by using Google’s ad settings.

12.3.4 For more information about how Google cookies are used, please refer to Google’s privacy statement.
13.1 Your data will not be transmitted to third parties as a general rule unless we are legally obligated to do so or the transfer of data is necessary for implementing the contractual relationship or you have given prior express consent to have your data transferred.

13.2 External service providers and affiliated companies, such as online payment vendors communication agents, will only receive your data to the extent necessary to process your request. In these cases, however, the extent of data transmitted is kept to the necessary minimum. If our service providers come into contact with your personally identifiable information, we will make sure that this complies with the regulations of data protection laws in the same way through the course of processing the order in accordance with article 28 of the GDPR. Please note the vendor’s respective data privacy policy as well. The respective vendor is responsible for the content of third-party services, although we review services for compliance with legal requirements to a reasonable extent.

13.3 We emphasize processing your data within the EU/EEA. However, it may happen that we use service providers who process data outside the EU/EEA. In these cases, we make sure that a reasonable level of data protection is established with the recipient before transmitting your personally identifiable information. This means that a level of data protection is reached through EU standard contracts or an adequacy decision that is comparable to the standard within the EU.
13. Data transmission
14. Data security
We have taken extensive technical and operational security precautions to protect your data from being accidentally or intentionally manipulated, lost, destroyed, or accessed by unauthorised persons. Our security measures are reviewed regularly and updated in keeping with technological advances.