Privacy Policy

Effective May 23, 2025

Welcome to Dermxell
Your trust means everything to us, and we know privacy is a big part of that trust. This notice explains—in clear, straightforward terms—what information we collect online, why we collect it, and the choices you have. If you have questions at any point, just email support@dermxell.com and we’ll help.

1. Who We Are (Data Controller)

  • Dermxell is a skincare brand (“Dermxell,” “we,” “our,” “us”).
  • For visitors in the EEA and United Kingdom we appoint an EU/UK representative (contact details available via support@dermxell.com).

2. Scope of This Policy

  • Applies to personal data collected online through dermxell.com, its sub-domains, and official Dermxell apps or widgets.
  • Does not cover offline activities or third-party sites and services we do not control.
  • By using our site, you confirm that you have read, understood, and agree to this Policy.

3. How We Obtain Personal Data

  • Directly from you – account signup, checkout, newsletter opt-in, support requests, reviews, job applications.
  • Automatically – IP address, device identifiers, browser type, pages viewed, time-stamps, cookies, and similar data.
  • From third parties – social-login providers, ad networks, payment processors, fulfilment partners.
  • We do not knowingly collect data from children under 13; please email support@dermxell.com if you believe a child has submitted data so we can delete it.

4. What We Collect (examples)

  • Identity & contact details (name, email, phone, company name, mailing address).
  • Account data (login credentials, preferences, saved addresses).
  • Transaction data (order totals, items purchased, payment method via PCI-compliant vendors).
  • Device & usage data (IP, device IDs, session logs).
  • Marketing data (consents, opt-outs, cookie choices, campaign engagement).
  • User-generated content (reviews, photos, attachments).
  • Sensitive data: we do not request health info; if you share it voluntarily, we process it only to fulfil your request.

5. Why & How We Use Your Data (Lawful Bases)

  • Contract – fulfil orders, manage returns, provide support.
  • Legitimate interests – secure/improve the site, prevent fraud, personalise content, send product-recommendation emails (opt-out available).
  • Consent – marketing newsletters, non-essential cookies, referral programmes (withdraw anytime).
  • Legal obligation – tax, accounting, consumer-protection, regulatory compliance.
  • No solely automated decisions with legal or similarly significant effects; ad-profiling is limited and opt-out is offered (see § 9).

6. Cookies & Tracking Technologies

  • Essential (login, cart, fraud prevention).
  • Analytics (Google Analytics 4, Hotjar).
  • Advertising (Meta, Google Ads, TikTok, Outbrain).
  • Consent banner appears for EEA/UK & relevant U.S. states; manage preferences via “Cookie Settings” or your browser.

7. Sharing & Disclosure

  1. Service providers (payments, warehousing, email, cloud hosting, analytics) under contract.
  2. Advertising partners (independent controllers) for ad delivery/measurement.
  3. Affiliates or successors in a merger, acquisition, or asset transfer (we will notify users).
  4. Authorities to comply with law or defend legal claims.

8. International Transfers

  • Data may be processed in the United States or other countries.
  • For EEA/UK data we rely on Standard Contractual Clauses, the UK Addendum, or adequacy decisions.

9. Your Privacy Rights 

EEA / UK (GDPR)

  • Access, rectification, erasure, restriction, objection, portability, withdraw consent.
  • Right to lodge a complaint with a supervisory authority (e.g., UK ICO).

United States

  • California CPRA/CCPA – know, correct, delete, opt-out of “sale” or “sharing,” limit sensitive-data use.
  • Colorado, Connecticut, Utah, Virginia – access, delete, correct, portability, opt-out of targeted ads/profiling; right to appeal.

Other regions – we honour applicable local laws.

How to exercise: email support@dermxell.com or submit a request via dermxell.com/privacy-request. We verify identity (e.g., matching email/order) and respond within statutory timeframes.

10. Data Retention

  • Orders/invoices: 7 years.
  • Marketing logs: until withdrawal or 3 years after last interaction.
  • Support tickets: up to 2 years post-resolution.
  • Analytics logs: 26 months unless anonymised.
  • Data is deleted or anonymised once retention ends unless legal or security reasons require longer storage.

11. Security Measures

  • TLS 1.3 in transit; AES-256 at rest.
  • Role-based access controls, MFA for staff.
  • Regular penetration tests and vulnerability scans.
  • Incident-response plan; breach notifications per law.

12. Children’s Privacy (COPPA)

  • Site not directed to children under 13.
  • Age-gate and parental-consent workflows where required.
  • Contact support@dermxell.com to remove any child data.

13. Accessibility

  • Screen-reader friendly.
  • For alternative formats or disability accommodation, email support@dermxell.com

14. Changes to This Policy

  • Updates posted with a new “effective date.”
  • Material changes announced by banner or email 30 days in advance.
  • Archived versions available on request.

15. Contact Us
Email: support@dermxell.com

Dermxell⁺ reserves the right to revise, renew, or replace this return procedure at any time, with or without prior notice.