The following data protection provisions inform you about the type and scope of the processing of personal data by NinaperfectSkin, owned by MG DIGITAL GROUP LLC, 120 Madeira Drive Northeast STE 220, Albuquerque, NM 87108, UNITED-STATES, registered in ALBUQUERQUE, NEW Mexico, under EIN number: 35-2719181
Data processing by NinaperfectSkin may be divided into two categories :
All the data necessary for theexecution of a contract with NinaperfectSkin will be processed for the execution of the contract and/or the preparation of the contract. If external service providers are also involved in the processing of the contract, e.g. payment service providers, optimization services, hosting providers, etc., your data will be passed on to them to the extent required.
- When you use our offer, various information is exchanged between your terminal and our server or the server of the services we use. This may also include personal data. The information thus collected is used in particular to further optimize our offer.
According to GDPR requirements, you have different rights that you can assert with us. This includes the right to withdraw your consent at any time regarding the processing of selected data, in particular the processing of data for advertising purposes. The possibility of withdraw your consent is always highlighted typographically. Further information on your rights can be found below in an additional paragraph and in the individual descriptions of the respective data processing.
Our offer is only accessible to people who have reached the age of 16. If you have not yet reached the said minimum age requirement, you may use our Offers only if and insofar as your parents have expressly consented thereto and if you have provided us with sufficient proof of such consent.
- Name and contact details of the controller and the company's data protection officer
- Purposes of data processing, legal bases and legitimate interests pursued by us or by a third party and categories of recipients.
3.1. USE OF OUR OFFER
When you use our Offer, in particular our website or our application, the information is automatically sent to our servers by the application or the browser used on your terminal and stored temporarily in a log file. The following information are recorded without your intervention and stored in the log file until they are automatically or manually cleared:
- the IP address of the device used,
- the date and time of access,
- the name and URL of the accessed file, the website/application from which the access took place (referrer URL),
- the unique identifier of the browser you are using,
- the name of your internet service provider.
Le processing of the aforementioned data is carried out in accordance with Article 6, paragraph 1, point f) of the GDPR. Our legitimate interest stems from the purposes of data collection listed below. At this point, we would like to point out that the data collected does not allow us to identify you personally or to draw any conclusions about it. We use the IP address of your terminal and the other data listed above for the following purposes:
- guarantee the correct establishment of a connection,
- guarantee comfortable use of our Offer,
- assess the security and stability of the system and,
- perform other administrative tasks.
3.2. CONCLUSION, EXECUTION OR TERMINATION OF A CONTRACT
Data processing when concluding the contract
We define our services as personalized health tracking technology: our technology provides an array of information about your health and well-being based on your metrics and data.
In such a context, we process the data necessary to the conclusion, performance or termination of a contract. Said data includes in particular:
- first and last name, if applicable,
- billing and payment data,
- data entered by you and generated by the use of our Offer, such as gender, age and height, weight, etc.
The legal basis used is Art. 6 Para. 1 point a), point b) of the GDPR and Article 9 paragraph 2 point a) of the GDPR. Insofar as we do not use your contact details for customer support (see in detail section 3.3.), we keep the data collected for the processing of the contract until the end of the said contract or until the expiration of any contractual warranty and warranty rights. After the expiry of the said period, we will retain the personal data required by law for the prescribed legal duration. During such a period (usually six to ten years from the conclusion of the contract), the data will only be reprocessed in the event of control by the tax authorities.
3.3. DATA PROCESSING FOR CUSTOMER SUPPORT OR CUSTOMER SERVICE
3.3.1. Informational purposes
Insofar as you have registered for our Offer, we guide you as an existing customer. In such a case, we process your contact details in order to send you information, for example about new, extended or improved functions, products and services.
3.3.2. TARGETED ADVERTISING
To ensure that you only receive information that is intended to be of interest to you, we categorize and complete your customer profile with other information. We use statistical information as well as information about you (for example, referral data or basic data from your customer profile). The objective is to optimize our Offer according to your real or supposed centers of interest and/or personal needs and to provide you with appropriate recommendations so that you are not bored with useless promotions.
The legal basis for the aforementioned processing is Article 6(1)(b) and (f) GDPR as well as Article 9(2)(a) GDPR. The processing of existing customer data for advertising purposes is considered a recognized legitimate interest in accordance with recital 47 of the GDPR.
3.3.3. Customer Support
We use the ticketing system of Gorgias, 768 Harrison St, San Francisco, CA 94107, USA (“Gorgias”) to process service, support and other user requests based on Article 6(1)(b) GDPR. If you submit a support request through one of our channels (e.g. our contact form, live chat, email, etc.), the following data (depending on content and selected contact channel ) will be processed through the Gorgias servers:
- the data you have entered,
- your name,
- Your email address,
- information about your browser,
- your IP address.
3.3.4. Sending the Newsletter
We offer interested customers the opportunity to subscribe to our Newsletter . In order to ensure that the e-mail address entered is actually associated with the interested customer, we use the double opt-in procedure: once you have entered your e-mail address in the registration field, we will send you a confirmation link. It is only when you click on this confirmation link that your e-mail address will be added to our mailing list. We retain data collected through this process for documentation and verification purposes only. Said data includes in particular:
- the e-mail address transmitted,
- the IP address of the device used,
- the date and time of the recording,
- how to address,
- the date, content and time of the confirmation email,
- the IP address of the device used for confirmation,
- and the date and time of your confirmation.
The legal basis used is Article 6(1)(a) GDPR. We keep this data until the end of the contractual relationship because we can thus prove the legality of sending the Newsletter. After the expiry of the said period, we will retain the personal data required by law for the prescribed legal duration. During such a period (usually ten years from the conclusion of the contract), the data will only be processed again in the event of an audit by the tax authorities. You can withdraw your consent at any time with effect for the future. To do this, simply click on the unsubscribe button in the corresponding e-mail or send a short notification by e-mail. To do this, please use the contact details of our Data Protection Officer.
3.3.5. Right of objection
You can withdraw your consent to the processing of data for the aforementioned purposes at any time free of charge, separately for the respective communication channel and with effect for the future. All you need to do is send an e-mail or a letter to the contact details given in point 1.
In the event of a dispute, we will block the relevant contact address for further processing of promotional data. We will process your objection as soon as possible and implement the corresponding blocking measures immediately after verification. We draw your attention to the fact that, in exceptional cases, information or product recommendations may still be sent even after receipt of your objection. This is only done for technical reasons and does not mean that we will not implement your dispute. Thank you for your understanding.
- Data processing for the provision of our services
In the following, we would like to inform you about the processing of data necessary for the provision of our Offer:
4.1. ONLINE PRESENCE AND WEBSITE OPTIMIZATION
We do not sell or rent your data to third parties for marketing purposes without your express consent. In order to provide our customers with the best possible product, to improve the quality of our Offering from time to time and to protect the interests of our customers, we will, under certain circumstances, disclose certain data to third parties; however, such disclosure will always be subject to strict restrictions, which are further described below:
4.1.1. Cookies – General information
4.1.3. Facebook Pixel
In order to use, further optimize and evaluate the conversion of our Facebook campaigns as needed, we use an individual behavior pixel from Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“ Facebook”) in accordance with Article 6, paragraph 1, point f of the GDPR. This pixel is embedded in the code of our website. This allows us to verify that the Facebook ads we initiate are only displayed on the page of users who have shown an interest in our services. In doing so, we ensure that our Facebook advertisements arouse the potential interest of the user and do not disturb him. We also track the actions of Facebook users after they have seen or clicked on one of our Facebook advertisements. This allows us to evaluate the conversion of the respective campaign for statistical, market research and billing purposes. The following information is processed:
- the URL,
- campaign information (including print specification, form field, activated button).
The data collected in this way is anonymous and does not allow us to draw any conclusions as to the identity of the user. Processing for the purposes of behavioral and interest-based advertising is considered a recognized legitimate interest in accordance with recital 47 of the GDPR. The data is stored in accordance with the retention periods provided for by law and is then automatically deleted.
4.1.4. Facebook Lookalike Audiences Campaigns
In order to use, further optimize and evaluate the conversion of our Facebook campaigns as needed, we use an individual behavior pixel from Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“ Facebook”) in accordance with Article 6, paragraph 1, point f of the GDPR. You can find more information about Facebook's Lookalike Audiences campaigns at: https://www.facebook.com/business/help/365463786964246
Such processing for the purposes of behavioral and interest-based advertising is considered a legitimate interest recognized in accordance with recital 47 of the GDPR. If you are a Facebook lookalike audience, we will pass your email address and device ID to Facebook. You can withdraw your consent at any time regarding special data processing by changing your Facebook settings: https://www.facebook.com/settings/?tab=ads or by simply telling us that you no longer wish to do so in the future. To do this, please use the contact details of our Data Protection Officer.
4.1.5. Pinterest Tag
In order to use, further optimize and evaluate the conversion of our Pinterest campaigns as needed, we use a Pinterest tag, an individual code snippet, from Pinterest Inc., 635 High Street, Palo Alto, CA, States United States, (“Pinterest”) which is integrated into the content of our website, in accordance with Article 6, paragraph 1, point f of the GDPR. This allows us to verify that the Pinterest ads we initiate only appear on the page of users who have shown an interest in our services. In doing so, we ensure that our Pinterest advertisements engage the user's potential interest and do not disturb them. We also track the actions of Pinterest users after they have seen or clicked on one of our Pinterest advertisements. This allows us to evaluate the conversion of the respective campaign for statistical, market research and billing purposes. The following information is processed:
- device information (e.g. type, brand),
- the operating system used (for example, iOS 11),
- the IP address of the device used,
- the time of use of our Offer,
- The type and content of the campaign and
- the reaction to the respective campaign (e.g. button click).
The data collected in this way is anonymous and does not allow us to draw any conclusions as to the identity of the user. Such processing for behavioral and interest-based advertising purposes is considered a recognized legitimate interest in accordance with recital 47 of the GDPR. The data is stored in accordance with the retention periods provided for by law and is then automatically deleted.
- browser type/version,
- the operating system used,
- the referring URL (the previously visited page),
- the host name of the accessing computer (IP address),
- the time of the server request.
are transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the Offerings, compile reports on activities and provide other services related to the use of the Offering for the purposes of market research and needs-based design. This information may also be passed on to third parties if required by law or if third parties are commissioned to process this data. Your IP address will never be merged with other Google data. IP addresses are anonymized, so that a allocation is not possible (so called IP masking).
4.1.7. Google Tag Manager
4.1.8. Stripe payment processing service
We use a text messaging platform, which is subject to the following terms and conditions. By opting in to our text marketing and notifications, you agree to these terms and conditions.
By entering your phone number during checkout and initiating a purchase, subscribing via our subscription form or a keyword, you agree that we may send you SMS notifications (for your order, including reminders abandoned cart service) and SMS marketing offers. You acknowledge that consent is not a condition of any purchase.
Your phone number, name and purchase information will be shared with our SMS platform "SMSBump Inc, a European Union company with an office in Sofia, Bulgaria, EU. This data will be used to send you Targeted marketing messages and notifications.When sending the text messages, your phone number will be passed to a text messaging operator to complete their delivery.
If you wish to unsubscribe from receiving text messages and notifications, reply STOP to any mobile message we send to you or use the unsubscribe link we have provided to you in one of our messages. You understand and agree that other opt-out methods, such as using alternative words or requests, will not be considered a reasonable way to unsubscribe. Message and data charges may apply.
For any questions, send "HELP" to the number from which you received the messages. You can also contact us for more information. If you wish to opt out, please follow the procedures above.
- Recipients outside the EU
As indicated in points 3.4 and 3.5 above, the data may also be transmitted to recipients located outside the European Union or the European Economic Area. This applies in particular to the processing of the mentioned analysis and targeting technologies, which may result in the transmission of data to the servers of the service providers. Affiliated service providers that we need to provide our services, such as hosting providers, CRM tools or analytics service providers may be other recipients. These servers may be located outside the European Union, in particular in the United States. We ensure that said service providers guarantee data protection standards equivalent to those of the GDPR and that the applicable directives are complied with. Thus, we only work with certified service providers. For said certification, the European Commission has established the adequacy of the level of data protection under the number C(2016) 4176) in accordance with Article 45 of the GDPR. The use of these certified service providers thus complies with the European standard for processing data in accordance with the law. In addition, service providers based outside the European Union have granted us adequate contractual guarantees guaranteeing compliance with these European standards and the adoption of the rights of data subjects, for example by relying on the standard contractual clauses of the European Commission.
- Your rights
Apart from the right of contestation to the consents you have given us, you can exercise the following rights if the respective legal conditions are met:
- The right to information about your personal data stored with us according to Article 15 of the GDPR,
- In the event of transmissions in accordance with Articles 46, 47 or 49, paragraph 1, point 2 of the GDPR, the right to information or reference to the appropriate or adequate guarantees and the possibility of obtaining a copy of the said guarantees or if the said guarantees are available,
- Your personal data stored with us in accordance with Article 15 of the GDPR,
- The right to correct inaccurate data or to complete the correct data in accordance with Article 16 of the GDPR,
- The right to delete your data stored with us in accordance with Article 17 of the GDPR,
- The right to limit the processing of your data in accordance with Article 18 of the GDPR,
- The right to data portability in accordance with Article 20 of the GDPR.
6.2. RIGHT TO CONTEST
Under the conditions provided for in Article 21, paragraph 1 of the GDPR, it is possible to withdraw your consent to the processing of data for reasons relating to the particular situation of the data subject.
- Data security
We use the highest standards of information security for our infrastructure and the processing of your data. For example, we use computer protection mechanisms, such as firewalls and data encryption. Our buildings and data are subject to physical access controls. Only employees who need access to our customers' personal data to carry out their activities can access it.
All data that you personally transmit to us, including your payment information, is transmitted via the general and secure standard SSL (Secure Socket Layer). SSL is a secure and proven standard, which is used in particular for online banking transactions. You will recognize an SSL connection in particular by noticing the s after http (https://…) in the address bar of your browser or at the lock symbol at the bottom of the browser.
For the rest, we use appropriate technical and organizational security measures to protect your personal data stored with us against manipulation, partial or complete loss and unauthorized access by third parties. Our security measures are constantly monitored against technological progress, regularly adapted to the respective risks and, if necessary, improved.
Protecting the privacy of young children is particularly important. For this reason, we do not knowingly collect or solicit personal information from anyone under the age of 16 or knowingly allow them to register. If you are under 16, please do not send us any information about yourself, including your name, address, telephone number or email address. No one under the age of 16 is permitted to provide any personal information to the Services. If we learn that we have collected personal information from a child under the age of
16 years old without verification of parental consent, we will delete this information as soon as possible. If you believe we may have any information about or relating to a child under 16, please contact us at firstname.lastname@example.org
Last update 19/07/2022