I. Data of the Personal Data Administrator
We kindly inform you that the controller of your personal data is Derma Medica AS with its registered office in Oslo: Bygdøy alle 60 b, NIP: 925403210, hereinafter referred to as “Administrator”.
Contact regarding data protection is possible at the following email address: email@example.com
II. Purposes and basis of processing of personal data
Your personal data is processed in case:
- subscribing to the newsletter (Newsletter) or using the contact form, on the basis of the consent you give, i.e. on the basis of Article 6(1)(a) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, hereinafter: “RODO”;
- account registration in the Online Shop, in order to create and manage an individual account, as this is necessary for the performance of the contract for the provision of the Account service to which you are a party (Article 6(1)(b) of the RODO).
- placing an order in the Online Shop, as this is necessary for the performance of the sales contract to which you are party (Article 6(1)(b) of the RODO).
In addition, personal data may also be processed in order for the Administrator to fulfil obligations provided for by law (Article 6(1)(c) of the RODO), as well as to enable the Administrator’s legitimate interests (Article 6(1)(f) of the RODO) expressed in the establishment of contact, correspondence and communication in the broadest sense, and to assert claims to which the Administrator is entitled.
- On our website, as well as other entities, we use so-called cookies, i.e. short text information stored on your computer, phone, tablet or other device. They can be read by our system and also by systems belonging to other entities whose services we use (e.g. server hosting).
- Cookies have a number of functions on a website, the most useful of which we will try to describe below
- providing security – cookies are used to authenticate users and prevent unauthorised use of the customer panel. They therefore serve to protect the user’s personal data against unauthorised access;
- impact on the processes and efficiency of the use of the website – cookies are used for the smooth operation of the website and to make it possible to use the functions available on it, which is possible, among other things, thanks to remembering the settings between successive visits to the website. Cookies therefore allow you to navigate the website and its various pages efficiently;
- session status – cookies often store information about how visitors use a website, e.g. which pages they view most often. They also make it possible to identify errors displayed on certain pages. Cookies used to store the so-called “session state” therefore help to improve services and enhance the browsing experience;
- maintaining the session state – if a client logs in to his/her panel, cookie files make it possible to maintain the session. This means that after moving to another subpage you do not have to re-enter your login and password each time, which contributes to the comfort of using the website;
- creation of statistics – cookies are used to analyse how users use the website (how many open the website, how long they stay on it, which content arouses most interest, etc.). This allows us to continually improve the website and adapt it to users’ preferences.
3. Importantly, many cookies are anonymised for us – without additional information, we cannot identify your identity from them.
IV. Right of withdrawal of consent
- If the processing of personal data is based on consent, you may withdraw this consent at any time – at your own discretion.
- If you would like to withdraw your consent to the processing of your personal data, simply send an email directly to firstname.lastname@example.org.
- If the processing of personal data took place on the basis of consent, the withdrawal of consent does not render the processing of personal data until that point illegal. In other words, we are entitled to process your personal data until you revoke your consent and revoking your consent does not affect the lawfulness of the previous processing.
V. Requirement to provide personal data
- The provision of any personal data is voluntary. However, in some cases, the provision of certain personal data is necessary in order to meet your expectations for the performance of any contract (including, but not limited to, the conclusion of a contract), contact, including the use of a contact form or Newsletter, or to take other actions in accordance with your expectations.
- The provision of personal data is necessary for the registration of a Customer Account, placing orders and their subsequent fulfilment.
- In order to use the contact form or Newsletter, it is also necessary to provide the data indicated therein – without this, we are unable to send you feedback or take the action you request.
VI. Automated decision-making and profiling
Our website uses analytical tools to manage advertising and marketing of the services and products provided. These tools process your data in an automated manner (profiling). These tools include, for example, those provided by Google, tools that enable remarketing of our products and that record your traffic on the site. All this information helps us to improve our offer to you, to verify errors that occur in the functionality of the Website and to respond to them.
VII. Recipients of personal data
- Our website transfers the data obtained to IT service providers and suppliers of IT systems for the Administrator – including third parties providing technological tools for information distribution and hosting, persons authorised by the Administrator or entities providing advisory or marketing services for the Administrator.
- Personal data is also transferred to the following categories of recipients:
- Suppliers making deliveries of Goods, for the purpose of delivering them to the Customer, to the extent necessary for the delivery of the Goods.
- Providers of third party payment systems to process payments for orders, to the extent necessary to process payments.
- In addition, it may happen, for example, that we have to pass on your personal data to other entities, whether public or private, on the basis of a relevant legal provision or a decision of a competent authority.
VIII. Transfers of personal data to third countries
We kindly inform you that your personal data is not transferred outside the European Economic Area.
IX. Period of processing of personal data
- In accordance with current legislation, we only process data that are necessary for the purposes for which they are processed (data minimisation) for no longer than is necessary for the purposes for which the data are processed. After this period, your personal data will be irreversibly deleted or destroyed.
- When we do not need to perform operations on personal data other than storing it, we additionally secure it – through pseudonymisation – until it is permanently deleted or destroyed. Pseudonymisation consists in encrypting personal data or a set of personal data in such a way that it cannot be read without an additional key, so that such information becomes completely useless to an unauthorised person.
- Regarding the individual periods of personal data processing, we kindly inform you that personal data, depending on the legal basis of their processing, are processed for the duration of the authorized person’s consent, the period necessary to perform the contract or take action in accordance with your request, the period necessary to comply with the legal obligations incumbent on the Administrator or to make an effective objection to their processing.
- In the case of personal data whose processing is based on the consent of the authorised person or is necessary for the performance of a contract, such data may be processed, also after the withdrawal of consent, for a period of time corresponding to the period of limitation of claims that may be raised against the Administrator.
X. Rights of data subjects
We kindly inform you that you have the right to:
- access to their personal data;
- rectification of personal data;
- erasure of personal data;
- to restrict the processing of personal data;
- object to the processing of personal data;
- portability of personal data.
- We respect your rights under data protection legislation and endeavour to facilitate the exercise of these rights as far as possible.
- We would like to point out that these rights are not absolute and that we may therefore legitimately refuse to comply with them in certain situations. However, if we refuse to comply with a request, it is only after careful consideration and only if it is necessary to refuse the request.
- Regarding your right to object, we explain that you have the right to object at any time to the processing of personal data on the basis of the legitimate interest of the Personal Data Controller in relation to your particular situation. However, you must bear in mind that, according to the regulations, we may refuse to take the objection into account if we show that:
- there are legitimate grounds for the processing which override your interests, rights and freedoms, or
- there are grounds for the establishment, exercise or defence of claims.
5. Furthermore, you can object to the processing of your personal data for marketing purposes at any time. In this case, we will cease processing for this purpose upon receipt of your objection.
6. You can exercise your rights by sending an email directly to email@example.com.
XI. Right to lodge a complaint
If you believe that your personal data is processed in violation of applicable law, you may lodge a complaint with the President of the Norwegian Data Protection Authority.
XII. Final provisions