SKIN TRUST CLUB services provided have not been reviewed by the European Medicines Agency. SKIN TRUST CLUB services allow users to access genome sequencing to understand the unique characteristics of their skin and identify skincare products and routines that suit their unique skin microbiome. SKIN TRUST CLUB services are not intended to diagnose, treat, cure or prevent any disease. SKIN TRUST CLUB services should not be used to make medical decisions.
The information provided in SKIN TRUST CLUB services is not intended to substitute for such consultations with your healthcare practitioner nor medical advice specific to a skin condition.
SKIN TRUST CLUB disclaim any liability arising out of your use of SKIN TRUST CLUB services or for any adverse outcome from your use of the information provided by SKIN TRUST CLUB services for any reason, including but not limited to any misunderstanding or misinterpretation of the information provided through SKIN TRUST CLUB services.
*SKIN TRUST CLUB do not make any claims, representations or provide any warranty regarding the use or results for any SKIN TRUST CLUB product suggestions and we disclaim any responsibility or liability to you whatsoever regarding your use of these suggested products.
Data protection and the security of your personal data are important to us and we implement appropriate technical and organisational measures to protect personal data that is subject to our access.
We, the Controller, (also referred to as “[Controller]”; “we”; “us”; or “our”), would like to inform you below about the type and extent of the processing of personal data when you visit and use our website.
This Policy also contains information about your data protection rights, including a right to object to some of the processing which Skin Trust Club carries out. More information about your rights, and how to exercise them, is set out in the “Your Rights” section.
1. Controller (the responsible person)
Skin Trust Club.
York Biotech Campus,
Phone +44 (0) 1904 40 4036
2. Data we collect and process via the website, the purposes of processing and legal bases
Only by using our website
Your visit to our website will be logged. Initially, the following data, which your browser transmits to us, is mainly recorded:
- date and time of request (including Time zone difference to Greenwich Mean Time (GMT))
- browser type, version and language
- operating system of your PC
- the pages you are viewing
- Access status/HTTP status code
- name and size of the requested file(s)
- and, if applicable, the URL of the referring web page
- Skin Trust Club will use location data only when the app is in use to identify the Air Quality Index and UV Index in your area if the permission you gave us expressly permits such collection. If you decline permission for us to collect your geolocation, we will not collect it.
This data is only collected for data security purposes, to improve our website and for error analysis. As we pursue our legitimate business interests when processing your personal data for these purposes, we rely on the basis of Art. 6 par. 1 lit f) GDPR for doing this.
If you are using our Contact Form or if you are registered in our contact list
Personal data (e.g. your name, address data or contact data) that you voluntarily provide to us, e.g. in the context of an enquiry by e-mail to the contact persons named on our homepage, or that has been made available to us by other means and you have confirmed that we may process for the specified purposes, is stored with us and processed only for correspondence with you and only for the purpose for which you have made this data available to us. Therefore, we may use your information to provide products and services you have requested, if any, (Art. 6 par. 1 lit. b) GDPR). We may also process your data for responding to any comments or complaints you may send us or send you information on products and services provided by us, our affiliates and carefully selected partners. As all this is required by us to conduct our business and pursue our legitimate interest, we base the respective processings on Art. 6 par. 1 lit f) GDPR. In respect to the sending of direct marketing communication, you have the right to object to such processing. Please find further information on this right in the “Your rights” section below.
If you give us your consent, we may process your data based on Art 6 par. 1 lit a) GDPR for performing direct marketing via email or telephone in relation to our relevant products and services, or other products and services provided by us or our affiliates.
If you are registering on our website
You can register on our website to use additional features on the site (e.g. for using our web portal as described above). We only use the data entered for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration is marked with an asterisk under the data field and must be given in full. Otherwise, we will reject the registration. For important changes, such as the scope of the offer or for technical changes, we use the e-mail address specified during registration to inform you in this way. The processing of the data entered during registration takes place on the basis of Art. 6 par. 1 lit. f) GDPR, as the processing is necessary for pursuing our legitimate business interest in providing the additional services available for our registered users.
If you are subscribing to our Newsletter
We offer you the possibility to subscribe to our newsletter via our homepage. We will only send you our newsletter if you consent us to do so, the respective data processing is based on Art. 6 par. 1 a) GDPR. To subscribe we need at least your e-mail address. To ensure that the Newsletter was requested by you or from your e-mail address, you will first receive a confirmation e-mail. Only when you click on the activation link will you be added to our e-mail distribution list and receive the newsletter. The subscription to the newsletter is logged for verification purposes (IP address, date, time). You can unsubscribe from the newsletter at any time by contacting us directly or by notifying us using the link at the end of each newsletter.
If you allow the permission to use location data on our apps
Skin Trust Club collects location data to identify environmental information such as Air Quality Index and UV Index in your area. This location data is then used alongside your physical skin microbiome sample to produce your microbiome index score. Your location and environment has a significant impact on your skin health and Skin Trust Club uses this location data to help you better understand elements that impact your skin.
Skin Trust Club will use location data only when the app is in use to identify the Air Quality Index and UV Index in your area if the permission you gave us expressly permits such collection. If you decline permission for us to collect your geolocation, we will not collect it.
If you do not wish cookies to be used, you can set your browser so that cookies are not accepted.
4. Recipients of personal data
Your personal data may be shared with other entities of Skin Trust Club when insofar as answering your question or providing you the service you requested requires the involvement of other group entities. Except from Skin Trust Club, we will only be passed on to third parties if it is necessary for the execution of a contract and/or its technical processing, which regarding the website, includes our suppliers in charge of processing your data for the dispatch of the newsletter and for the hosting and maintenance of our website. When we subcontract such activities, we make sure your data is managed in compliance with the GDPR rules and this includes, where information is transferred outside the EEA, and where this is to a stakeholder or vendor in a country that is not subject to an adequacy decision by the EU Commission, that data is adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or a vendor’s Processor Binding Corporate Rules.
5. Your rights
According to Art. 15-21 GDPR you can assert the following rights with regard to the personal data processed by us if the conditions described there are met.
1.1 Right to access (Art. 15 GDPR). You have the right to be informed about the personal data concerning you that is processed by us and be provided with a copy of your personal data we hold about you.
1.2 Right to rectification (Art. 16 GDPR). You may request the rectification of inaccurate personal data, or to complete personal data when it is incomplete.
1.3 Right to erasure (Art. 17 GDPR). You may be entitled to ask for the deletion of personal data concerning you, in particular if one of the following reasons exists:
- Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- You revoke your consent on which the processing of your data is based.
- You have asserted a right to object to the processing and there are no overriding legitimate grounds for the processing, or you asserted your right to object where your personal data is processed for direct marketing purposes.
- Your data has been processed unlawfully.
However, the right to deletion does not exist if this conflicts with the legitimate interests of the responsible party. These could be e.g.:
- if personal data is required to assert, exercise or defend legal claims.
- if deletion is not possible due to storage obligations.
If data cannot be deleted, however, there may be a right to restrict processing (see below).
1.4 Right to restriction of processing (Art. 18 GDPR). You have the right to request us to restrict the processing of your personal data under following circumstances:
- you contest the accuracy of your personal data and we therefore verify the accuracy of your personal data for a period,
- the processing is unlawful and you oppose the erasure of your personal data and instead request the restriction of their use,
- we no longer need the data, but you do need it to establish, exercise or defend legal claims,
- you have objected to the processing of your data pursuant to Art. 21 par. 1 GDPR and it is not yet clear whether our legitimate grounds override those of yours.
1.5 Right to data portability (Art. 20 GDPR). You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit this data to another controller without our interference, provided that the processing is based on your consent (e.g. Art. 6 par. 1 lit a) GDPR)) or a contract (Art. 6 par. 1 lit b) GDPR) and the processing is carried out by us with the help of automated means.
1.6 Right to object (Art. 21 GDPR). You have the right to object at any time to the processing of personal data relating to you on the basis of Art. 6 par. 1 e) or f) GDPR for reasons arising from his particular situation, including profiling based on those provisions. Where your personal data is processed for direct marketing purposes without your consent and based on our legitimate interests, you have the absolute right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing (Art. 21 par. 2 GDPR). The respective personal data will no longer be processed for direct marketing purposes then.
1.7 Right to revoke consent (Art. 7 par. 3 GDPR). If you have consented to the processing of your personal data by us, you have the right to revoke your consent at any time. The legality of processing your personal data before revocation remains unaffected. We may further process such data pursuant to another applicable legal basis, e.g. for the fulfilment of our legal obligations.
1.8 Right to lodge a complaint with a supervisory authority (Art. 77 GDPR). If you have not received an answer after a reasonable period of time from the DPO, or have received an answer which is incomplete or unsatisfactory in your view, you shall have the right to lodge a complaint with a supervisory authority, in accordance with Art. 77 GDPR, if you consider that the processing of personal data relating to you infringes the GDPR. Such complaint may be lodged in particular with the supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.
Questions and how to assert your rights. If you have any questions regarding data protection, or want to exercise one of your rights or to lodge a complaint we will be happy to assist you: info(@)skintrustclub.com
6. Standard periods for the deletion of data:
1.1 If a legal regulation for the retention of data does not exist, the data will be deleted or destroyed if they are no longer necessary to achieve the above described purposes of data processing. Different periods apply to the storage of personal data, for instance due to tax law or according to some commercial law regulations. Finally, the storage period can also be based on the statutory limitation periods according to the respective applicable national laws.
1.2 The data collected during registration (financial data) will be stored by us as long as you are registered on our website and will subsequently be deleted 7 years after this, beginning with end of the respective year.
1.3 Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data indefinitely so that we can respect your request in future.
1.4 Where we process personal data for site security purposes, we retain it for 12 months.
1.5 Where we process personal data in connection with performing a contract, we keep the data as required according to the statutory retention period.
Changes to this Data Privacy Statement