Privacy Policy for SkinDiv

1. Introduction

At SkinDiv, we hold the privacy and protection of your personal data as a fundamental priority. We are committed to safeguarding your personal information in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy explains how we collect, use, disclose, and protect your information when you visit or interact with our website, skindiv.com, or otherwise engage with us. Our practices are designed to ensure that your rights are respected and your data is handled responsibly.

2. Scope of Policy and Data Controller Role

This Privacy Policy applies to all personal data processed by SkinDiv in connection with the use of our website, services, and communications. SkinDiv is the data controller for the purposes of GDPR and is responsible for determining the means and purposes of processing your personal data. For queries regarding this policy or your rights, please contact us at [email protected].

3. Categories of Data Processed

We may collect and process the following categories of personal data:

a) Usage Data
Includes information about how you interact with our website, such as browser type, IP address, pages visited, time spent on pages, session durations, and referring URLs.

b) Account Data
Includes data provided when creating or managing an account, such as your full name, email address, telephone number, residential or billing address, and login credentials.

c) Profile Data
Includes information such as preferences, purchase history, user settings, browsing behavior, and feedback provided via surveys or reviews.

d) Communication Data
Includes information contained in support requests, emails, chat records, and other communications between you and SkinDiv through skindiv.com or our representatives.

e) Technical Data
Includes details about the device used to access our services, operating system, device identifiers, browser configuration, and similar system-related data.

f) Transaction Data
Includes payment information (excluding full payment card numbers, which are processed by our payment providers), shipping addresses, transaction records, and delivery tracking.

g) Preference Data
Includes marketing preferences, newsletter opt-in status, communication frequency selections, product interests, and related engagement responses.

4. Legal Bases for Processing

We process your personal data under the following legal bases:

a) Consent
When legally required or when no other lawful basis is applicable, we will obtain your explicit consent to collect and process your data (e.g., for optional cookies or marketing communications).

b) Contractual Necessity
Data processing necessary for the performance of a contract with you or to take steps, at your request, prior to entering into such a contract (e.g., order fulfillment, account management).

c) Legitimate Interests
Where legally permitted, we process certain data based on our legitimate interests, such as enhancing user experience, preventing fraud, improving services, and ensuring the security and integrity of our platform.

d) Legal Obligation
We may process personal data to comply with applicable laws, regulatory requirements, and lawful government requests.

5. Your Rights

You have the following rights regarding your personal data:

– Right of Access – You may request access to the personal data we hold about you.
– Right to Rectification – You may request correction of inaccurate or incomplete information.
– Right to Erasure – You have the right to request deletion of your data in accordance with applicable laws.
– Right to Restriction – You may ask us to restrict processing where you have contested the accuracy or objected to processing.
– Right to Portability – You may request that we provide your data in a structured, commonly used, machine-readable format or transfer it to another data controller.

To exercise these rights, please contact us at [email protected]. We may verify your identity before processing your request.

6. Security Measures

We implement a strict set of technical and organizational measures to protect personal data, including:

– Use of encryption technologies (SSL/TLS) to protect data in transit;
– Controlled access to data and segregation of duties;
– Enforced password protocols and multi-factor authentication;
– Regular data backups and secure storage;
– Staff privacy training and restricted internal access policies;
– Continuous monitoring for threats, vulnerabilities, and unauthorized access.

7. International Transfers

Where we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place. These may include:

– Standard Contractual Clauses (approved by the European Commission);
– Transfers to jurisdictions recognized as having adequate protection levels;
– Binding corporate rules, where applicable.

Residents of California and other jurisdictions with specific cross-border data protections may refer to their respective local provisions regarding international transfers.

8. Data Retention

SkinDiv retains personal data only for as long as necessary for the purposes for which it was collected, subject to applicable legal, regulatory, contractual, or audit obligations:

– Usage Data: retained for up to 13 months for analytics purposes;
– Account Data: retained as long as the account exists and for up to 7 years post-deletion for legal or contractual reasons;
– Profile and Preference Data: retained for active user duration or until consent is withdrawn;
– Communication Data: retained for 3 years following last user interaction;
– Transaction Data: retained for a minimum of 7 years for tax and financial reporting purposes;
– Technical Data: retained per session and anonymized for performance optimization.

9. Cookie Policy

Our website uses cookies and related technologies to enhance user experience and gather analytical insights. Cookies may be categorized as:

– Essential Cookies: Required for core website functionality, such as user authentication and secure transactions.
– Functional Cookies: Support user preferences, language settings, and enhanced functionalities.
– Analytics Cookies: Help us understand website usage and improve usability via aggregated visitor behavior.
– Performance Cookies: Monitor system performance, loading times, and error management.

We do not use cookies that directly identify individual users without prior consent where required.

10. Cookie Management and Compliance

To comply with GDPR and CCPA, we offer mechanisms to manage your cookie preferences. When you first visit skindiv.com, you will be presented with a Cookie Banner allowing you to accept or reject non-essential cookies. Users may also manage their preferences at any time via our Cookie Settings panel or by modifying browser settings to block or delete cookies.

Do Not Track (DNT) signals are honored where technically feasible unless overridden by user consent.

11. Protection of Children

Our website and services are not directed to or intended for children under the age of 13. In compliance with the Children’s Online Privacy Protection Act (COPPA), we do not knowingly collect or solicit information from individuals in this age group. If we become aware that personal information of a child under 13 has been collected, we will promptly delete such information. If you believe your child has provided us with personal data, please contact us at [email protected].

12. Policy Updates and Notifications

We reserve the right to update, modify, or revise this Privacy Policy as necessary to reflect changes in our practices or legal obligations. Any substantial changes will be communicated through prominent notices on skindiv.com or via email communication, where appropriate. Continued use of the website or our services after such updates constitutes acceptance of the revised policy.

13. Contact

SkinDiv welcomes inquiries, concerns, and requests regarding this Privacy Policy and the handling of your personal data. You may contact us at:

Email: [email protected]

Compliance

SkinDiv is committed to maintaining full compliance with applicable data protection laws, including GDPR and CCPA. If you have questions about how your data is managed or wish to assert your legal rights, we encourage you to contact us. We are here to respect your privacy and promote trust in every interaction.