AlumierMD International Privacy Policy

Revision Date: 2018/05

Alumier Group Holdings Limited and all Alumier entities (hereinafter, "AlumierMD") are committed to protecting the privacy, confidentiality, accuracy and security of personal information in our possession. This Privacy Policy explains our information practices and how AlumierMD collects, uses and discloses the personal information you may choose to provide to us, whether online or otherwise.


EU GENERAL DATA PROTECTION REGULATION

Effective from the 25th May 2018, the new General Data Protection Regulation (GDPR) gives the power back to you as an individual. The new law will mean that any company in the world, who is holding any form of personal data on someone residing in the EU, must comply with these strict laws whereby they cannot request or share any data, without one or more “lawful bases” (aka, a reason) for processing your data. It is also important to note that this only applies to your “personal information”.

The GDPR Owner is responsible for ensuring that this notice is made available to data subjects prior to AlumierMD collecting/processing their personal data. All Employees/Staff of AlumierMD who interact with data subjects residing in the EEA, are responsible for ensuring that this notice is drawn to the data subject’s attention. AlumierMD’s GDPR Owner and data protection representative is:

Project and Systems Manager
datasecurity@alumierlabs.com
+44 (0) 3332 412656


COOKIE POLICY

What are Cookies?

A cookie is a small file that a website can send to your browser, which may then store it on your system or your mobile device. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information.

How does AlumierMD use Cookies?

AlumierMD uses first-party cookies (which are necessary) to provide you with the services available through the website. Without these cookies, services you have asked for, like shopping carts and secure customer account pages, would not be possible.

AlumierMD also uses first-party analytical cookies, which allow us to recognise and count the number of visitors to the site, as well as to see how visitors move around our website when using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. This data is aggregated and anonymised, which means we cannot identify you as an individual.


PERSONAL DATA

Under GDPR personal data is defined as:

“Any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

AlumierMD is committed to collecting, using and disclosing personal information responsibly. Personal information that you provide, or which has been obtained via your Skincare Professional, will be used and disclosed only for the purposes intended to provide a required service.

The Personal Data we will collect and process on you is:

Personal data type: Source:
First and Last Name Either your skincare professional or by entering the information onto www.alumiermd.com yourself
Address Either your skincare professional or by entering the information onto www.alumiermd.com yourself
Email Address Either your skincare professional or by entering the information onto www.alumiermd.com yourself
Contact Telephone Number Either your skincare professional or by entering the information onto www.alumiermd.com yourself

The personal data we collect will be used for one or more of the following purposes:

  • To register your account with AlumierMD and to ensure you are linked to your Skincare Professional online
  • To fulfill and deliver an order
  • In the event of an adverse skin reaction, your skincare professional may contact AlumierMD for advice
  • If you have signed up to our newsletter, we will contact you with relevant AlumierMD information
  • To contact and correspond with you
  • To confirm your identity
  • To notify you of website updates
  • To respond to your service request or complaint; or
  • Personal information may also be used for other purposes, in which case we will inform you and, if appropriate, request your consent.

AlumierMD may collect personal information about you when you register to become an AlumierMD Skin Care Professional or Customer. In addition, we keep a record of the emails coming into the business and we may use the personal information internally for risk mitigation purposes. AlumierMD also collects both aggregate and journey-specific information from the web pages accessed or visited, and any information volunteered by visitors to the website, such as marketing survey information and contest application information.

In the event of a service request or complaints, AlumierMD may collect personal information from you if you contact us with a request or complaint. The information collected may include your name, address, telephone number, email address, and the necessary facts to enable us to deal with your request or complaint.

AlumierMD may collect information about you if you consent to participate in any of our marketing initiatives, research, contests or promotions. With your consent, we may also send you email promotions and other information that may be of interest to you from AlumierMD.

Our legal basis for processing your personal data is:

  • Legitimate Interest
  • Consent

If you have a treatment with your skincare professional, there may be some data asked of you which is classed as “Special Category” personal data. These may be:

  • Are you currently using, or have you used Accutane in the last 6 months?
  • Are you pregnant or breastfeeding?
  • Do you have a cold sore today?
  • Do you have allergies? If yes, please list
  • What is the ethnic background of your parents?

These are vital questions to help ensure the correct treatment programme is in place.

AlumierMD’s aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, the information you provide to us, or which comes to us via your skincare professional, will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.


YOUR RIGHTS AS A DATA SUBJECT

At any point while we are in possession of, or processing your personal data, you, the data subject, have the following rights:

  • Right of access – you have the right to request a copy of the information that we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
  • Right to judicial review: in the event that AlumierMD refuses your request under rights of access, we will provide you with a reason as to why and you have the right to complain.

Please contact us at datasecurity@alumierlabs.com if you wish to exercise these rights.

All of the above requests will be forwarded on should there be a third party involved.


CONSENT TO USE PERSONAL INFORMATION

When we require your consent to collect, use and disclose your information, such consent may be expressed in writing.

Skin Care Professionals consent to the collection of personal information in accordance with the AlumierMD Limited License and Distribution Agreement executed by them when registering with AlumierMD. Customers consent to the collection of personal information in accordance with the Terms and Conditions of the Customer Application executed by them when registering with AlumierMD.

We will retain this personal information only for as long as it may be required for the purposes described above, unless you ask us to delete it by contacting us at the address below, or for as long as we are required to do so by law. AlumierMD will hold inactive data no longer than 6 years.

UK and Ireland: datasecurity@alumierlabs.com
Canada: help@alumiermd.ca


ARBITRATION

You and Alumier agree that we will resolve any disputes between us through binding and final arbitration instead of through court proceedings. You and Alumier hereby waive any right to a jury trial of any Claim. All controversies, claims, counterclaims, or other disputes arising between you and Alumier relating to the Service or this Agreement (each a "Claim") shall be submitted for binding arbitration. The arbitration will be heard and determined by a single arbitrator. The arbitrator's decision in any such arbitration will be final and binding upon the parties and may be enforced in any court of competent jurisdiction. The parties agree that the arbitration will be kept confidential and that the existence of the proceeding and any element of it (including, without limitation, any pleadings, briefs, documents, or other evidence submitted or exchanged and any testimony or other oral submissions and awards) will not be disclosed beyond the arbitration proceedings, except as may lawfully be required in judicial proceedings relating to the arbitration or by applicable disclosure rules and regulations of securities regulatory authorities or other governmental agencies.

This arbitration agreement does not preclude you from seeking action by federal, state, or local government agencies. You and Alumier also have the right to bring qualifying claims in small claims court. In addition, you and Alumier retain the right to apply to any court of competent jurisdiction for provisional relief, including pre-arbitral attachments or preliminary injunctions, and any such request shall not be deemed incompatible with this Agreement, nor a waiver of the right to have disputes submitted to arbitration as provided in this Agreement. Neither you nor Alumier may act as a class representative or private attorney general, nor participate as a member of a class of claimants, with respect to any Claim. Claims may not be arbitrated on a class or representative basis. The arbitrator can decide only your and/or Alumier's individual Claims. The arbitrator may not consolidate or join the claims of other persons or parties who may be similarly situated.

If any provision of this Section is found to be invalid or unenforceable, then that specific provision shall be of no force and effect and shall be severed, but the remainder of this Section shall continue in full force and effect. No waiver of any provision of this Section will be effective or enforceable unless recorded in a writing signed by the party waiving such a right or requirement. Such a waiver shall not waive or effect any other portion of this Agreement. This Section will survive the termination of your relationship with Alumier.


SHARING PERSONAL INFORMATION WITH OTHERS

We will not sell, any personal information about you to any third parties. In providing our services, we may need to disclose the personal information we collect to other service providers or agents (data processors) who perform various functions for us, such as fulfilling orders, delivering packages, email administrative functions, processing credit card payments, and providing customer service, provided such suppliers agree to keep all personal information private, confidential and secure. AlumierMD may also disclose your personal information to third parties who administer contests, promotions and on-line activities on our behalf.

These companies are contractually obliged to adhere to the privacy safeguards, except under circumstances as may be required by law or to protect legal rights.

The following third parties will receive your personal data for the following purpose(s) as part of the processing activities:

Third party & country Safeguards in place to protect your personal data
DPD Local, UK Contract
The Rocket Science Group LLC – MailChimp, UK Contract
HelloSign, US Contract
Paylution/Hyperwallet, US Contract
Authorize.net, US Contract
EventBrite, US Legitimate Interest

Personal Information that is accessible to our Canadian company or stored in Canada, may be subject to disclosure to Canadian government, courts or law enforcement or regulatory agencies for purposes of law enforcement.

In certain circumstances, we may provide personal information to third parties for legal or regulatory purposes, or as otherwise required or permitted by law.

If AlumierMD or its assets were to be sold, the purchaser is entitled to conduct a "due diligence" review of our records to ensure we are a viable business honestly portrayed to the purchaser. This due diligence review may involve some review of our accounting and client files. Before being provided access to our records, the potential purchaser would be required to agree in writing to keep all information confidential.


OPT OUT POLICY

You may opt out of receiving certain communications from us at any time (i.e. email promotions and other information that may be of interest to you from AlumierMD or from its approved partners) by contacting us at the below. You can also unsubscribe from newsletters via the link at the bottom of each email.

Canada:
AlumierMD Labs, Inc.
436 Limestone Crescent
North York, ON, Canada
M3J 2S4
Attn: Information Security Officer
help@alumierlabs.com

UK and Ireland:
Alumier Labs UK Ltd.
Vale Park, South Conference Way
Units B2 & B3
Evesham
Worcester, WR11 1LB
United Kingdom
Attn: Customer Service
+44 (0) 3332 412656
datasecurity@alumierlabs.com


LINKS TO OTHER SITES

The website may contain links to other websites. AlumierMD is not responsible for the privacy practices or content of such other websites.


SECURITY SAFEGUARDS

AlumierMD understands the importance of protecting your personal information. We use Internet security protocols to protect personal information collected through our websites. However, AlumierMD does not represent or warrant the complete security of the personal information provided to us through our websites. You understand that you are providing such information to us at your own risk


KEEPING INFORMATION ACCURATE

It is important that your personal information is accurate and complete. Having accurate information about you enables us to give you the best possible service. With some exceptions prescribed by law, you have the right to access, verify or challenge the information we have about you and have it amended if appropriate. You can help us keep personal information up-to-date by keeping us informed of any changes, such as a change of address, telephone number or any other circumstances. Please contact us at:

Canada:
AlumierMD Labs, Inc.
436 Limestone Crescent
North York, ON, Canada
M3J 2S4
Attn: Information Security Officer
help@alumierlabs.com

UK and Ireland:
Alumier Labs UK Ltd.
Vale Park, South Conference Way
Units B2 & B3
Evesham
Worcester, WR11 1LB
United Kingdom
Attn: Customer Service
+44 (0) 3332 412656
datasecurity@alumierlabs.com


CONTACT INFORMATION

If you have any questions, concerns or complaints regarding this Privacy Policy, please contact us by mail, email, or telephone as follows:

Canada:
AlumierMD Labs, Inc.
436 Limestone Crescent
North York, ON, Canada
M3J 2S4
Attn: Information Security Officer
help@alumierlabs.com

UK and Ireland:
Alumier Labs UK Ltd.
Vale Park, South Conference Way
Units B2 & B3
Evesham
Worcester, WR11 1LB
United Kingdom
Attn: Customer Service
+44 (0) 3332 412656
datasecurity@alumierlabs.com

AlumierMD may modify or revise its Privacy Policy from time-to-time without any notice to you. The revised Privacy Policy shall be posted on our websites. You should review the Privacy Policy on a regular basis for any such changes. You agree that your continued use of our websites after the revised Privacy Policy has been posted constitutes your consent to such revised Privacy Policy.

PLEASE PRINT A COPY OF THIS PRIVACY POLICY FOR YOUR RECORDS AND PLEASE CHECK THE WEBSITES FREQUENTLY FOR ANY CHANGES TO THIS PRIVACY POLICY.