Privacy Policy
Welcome to our website https://en.drsturm.com hereinafter, the “Website”). Please read this Privacy Policy carefully.
1. Our commitments
Everyone has the right to protection of their personal data, which is defined as any information that relates to an identified or identifiable living individual (“Personal Data”). We respect users' right to be informed regarding the collection of, and other operations involving their Personal Data. In using data that may directly or indirectly identify you personally, we will apply a principle of strict necessity. For this reason, we have designed the Website in such a way that the use of your Personal Data will be kept to a minimum and will not exceed the purposes for which your Personal Data was collected and/or processed; we do not process your Personal Data when we can provide you with services through the use of anonymous or traffic data (such as marketing research made for improving our services, browsing data processed to provide you with customised contents or offers adapted to your preferred language, your location, etc.) or by other means which allow us to identify you, apart from when it is strictly necessary or upon request by competent public authorities or the police (for example, in case of traffic data or your IP address).
For the purposes of the Data Protection Legislation (as defined below) companies of the PUIG Group that may need to have access to and process the Personal Data collected on the Website for one of the purposes listed below shall be considered as separated and independent controller of your Personal Data. In this context, the following companies (hereinafter, jointly referred as to the “Companies”) may be classified as controller of your Personal Data with respect to the following data processing activities:
· Marketing purposes (as defined below) (including general Online Customer and Information/Complaint Services regarding the Website): ANTONIO PUIG S.A. - a Spanish company with registered office at Plaça d’Europa 46-48, 08902, L’Hospitalet de Llobregat, Barcelona, Spain, holder of Tax Identification Number nº A08158289 and intra-European number VAT: ESA08158289, recorded with the Commercial Registry of Barcelona (hereinafter referred to as “APSA”);
· Online Sales (as defined below): Online Store – United Kingdom (including customer service functions provided in conjunction with online sales): PUIG UK Limited. – a United Kingdom company with its registered office at 5th floor, Russell Square House, 10-12, London (UK) WC1BEH (hereinafter referred to as “PUIG UK”).
This Privacy Policy relates to Personal Data collected when a user accesses our Website including purchasing goods and/or filling out forms. This Privacy Policy is designed to help you understand how the Companies collect and use your Personal Data, the purposes for which it is collected, and to set out the rights you have in relation to your Personal Data.
To ensure the accuracy of your Personal Data in our files, please communicate any changes to our customer service department, the contact details of which are below. We reserve the right to suspend or interrupt the provision of any requested services should you provide inaccurate Personal Data. This is without prejudice to any other cause of action we may have.
2. Applicable law
Any and all Personal Data sent to the Companies through the Website and/or the course of the purchase of products will be collected and/or processed by the Companies pursuant to the laws applicable to the state/country of residence of the customer including, as it pertains to residents of the European Union, EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or GDPR) and the Data protection Act 2018 (UK GDPR), without prejudice however to any applicable local mandatory laws benefitting to consumers, in accordance with EU Regulation 593/2008 (“ROME I”) of 17 June 2018, or any other conflict of laws rules applicable in the United Kingdom (together, “Data Protection Legislation”).
3. Collection of Information
The purposes for which the Companies collect Personal Data are listed below. The responsible controller is specified for each particular purpose.
· Online Sales: Your Personal Data may be processed to provide you with e-commerce services, e.g. to fulfil placed orders for products, to contact you in case of any order issues or where we need to provide your Personal Data to our service providers to fulfil your order (“Commercial Purposes"). This data processing is based on the fulfilment of our contractual obligations with the client in relation to the order.
At times we may be the recipient of Personal Data of third parties when disclosed by a user of our website, for example when a customer purchases a product to be delivered to a friend as a gift, or a customer provides a friend’s email address to receive promotional email addresses.
In this case, please make sure you receive the consent of such individuals before disclosing their Personal Data to us and make sure you inform them about this Privacy Policy; you will be the only person liable in connection with the disclosure of information and data regarding such third parties if they have not provided you with their prior explicit consent for it and for any improper and unlawful use of that information. In any event, we shall fulfil any obligation to inform third parties required by law and, when necessary, shall request their explicit consent upon registering in their archives the Personal Data of the User indicated.
PUIG UK, which is acting as a seller, shall be considered as the controller of the Personal Data collected and processed on the Website for Commercial Purposes, as it will determine the purposes and means of processing such data.
· Marketing Purposes:
Whenever we request, and you expressly give us your consent on the Website, our social media pages, computerized devices in stores or when permitted by applicable regulations (for example, by having previously purchased on our Website) your Personal Data may also be processed:
o To send you by postal mail, text messages, email, push notifications or other digital communications (including ads on social media platforms), related to commercial information and updates on our products, offers, exclusive sales, promotional campaigns and on events and similar initiatives organized by APSA. For this purpose, we occasionally may use your email address to customize ads for your interests or generate a "lookalike audience" or similar audience through the Facebook, Google, Snapchat, Pinterest or TikTok advertising platforms. This allows us to target advertisements on those platforms to potential customers who appear to have shared interests or similar demographics to you, based on the platforms' own data. These third parties’ policy is to irreversibly hash (encrypt) your email address prior to uploading it, match the hashed data against their own customers, generate the lookalike audience, then delete the uploaded email address and use it for no other purpose. We do not have access to the identity of anybody in the lookalike audience, unless they choose to click on the ads.
If you wish to opt out, please contact us as per the “Contact” section below or, alternatively, by clicking the 'unsubscribe' link which is included in all of our marketing communications.
o We may also collaborate with third parties to provide us with browsing data (“Traffic data”) resulting from the use of the Website and of our services to provide us analytics services and serve APSA ads and banners when you are browsing on apps and other websites. We do this by way of various ad exchanges and digital marketing networks. We and our advertising partners use various advertising technologies, for instance, ad tag, cookies, pixels, identifiers and web beacons. This information may be used by APSA to analyse and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our Website and other websites, and better understand your online activity. The ads and banners you see are based on information that we hold about you, or on your prior use of our Website, for example, products you have browsed previously, content you have read on our Website, or on APSA banners or ads that you have engaged with in the past. We may also work with and use services offered by other third parties to serve ads to you as part of a customised campaign on third-party sites and platforms (such as Facebook and Instagram). As part of these ad campaigns, we or the third parties may convert information about you, such as your email address and phone number, into a unique value that can be matched with a user account on these platforms to allow us to learn about your interests and to serve you advertising that is customised to your interests.
If you wish to opt, please visit our Cookies Policy and use our cookie management tool to manage your preferences.
APSA shall be considered as the controller of your Personal Data collected and processed on the Website, our social media pages, computerized devices in stores or when permitted by applicable regulations for Marketing Purposes, as it determines the purposes and means of processing such data.
· Security Purposes: In addition, and based on APSA legitimate interest, your Personal Data may be processed for:
o detect fraudulent activity on your device and to keep the Website and online sales away from attackers who may try to access your account by impersonating you. In particular, APSA may use IP address, device, profile, usage, and other data to prevent and detect malicious or unsafe activities (e.g. payment fraud, identity fraud, account hacking, phishing, incentive abuses); and
o monitor all actions that could cause fraud or in the commission of a criminal offence related to the payment method employed by you; if any irregularities are detected, APSA reserves the right to retain the data provided and share it with the competent authorities in order to carry out the relevant investigation.
4. What Happens if You Do Not Disclose Your Personal Data to us?
Granting your Personal Data to us (e.g., your personal details, your e-mail address, shipping address, your telephone number, etc.) is necessary for processing your order for the purchase of products on the Website, supplying other services provided on the Website upon your request, or when your Personal Data is needed to fulfil obligations required by law or regulations. The refusal to provide us with some of your Personal Data necessary for performing the above purposes may consequently prevent us from processing your order for the purchase of products sold on the Website, sending you requested Newsletters or fulfilling obligations required by law and other regulations etc. Therefore, failing to provide Personal Data may constitute, in some cases, a legitimate and justified reason for not processing your order for the purchase of products sold on the Website or not providing the Website’s services.
Disclosure of further Personal Data to us other than that required for fulfilling legal or contractual obligations and to be properly browse our services with necessary traffic data is, on the contrary, optional and does not have any effect on the use of the Website and of its services or on the purchase of products on the Website. We will inform you at every step whether disclosing your Personal Data to us is compulsory or optional by marking with an appropriate symbol (*) or label of Optional the information that is compulsory, or data needed for the purchase of products on the Website.
5. To whom your Personal Data will be disclosed
Your Personal Data will be disclosed to trusted third party providers that perform a range of business operations on behalf of the Companies (hereinafter, the "Processors"), such as:
· Customer service, for purposes related to the shipping, delivery and return of products purchased on the Website and customer service to users of the Website;
· Computer services, for purposes related to hosting Companies servers;
· Payment platforms, for purposes related to the payment method and its execution;
· Logistic services, for purposes related to shipping and delivery and return of the products purchased on the Website;
· Marketing services, for the analysis of use of our Website, sending communications, managing advertising content, etc.
The above-mentioned Processors have been chosen because of their experience in processing Personal Data and they provide sufficient guarantees regarding compliance with Data Protection Legislation. We regularly check that our Processors comply with our instructions and that they continue to provide sufficient guarantees regarding their full compliance with Data Protection Legislation on Personal Data processing.
Aside from the Processors, your Personal Data will be disclosed to third-parties -as independent controllers- for purposes related to supplying services requested by you: for purchase transactions according to our Terms and Conditions for Sales, for example.
Moreover, your Personal Data may be disclosed to the police or to judicial authorities, according to applicable laws and upon a formal request by such entities, for example in the event we need to prevent fraud on the Website.
6. Security Measures and length of conservation
We have adopted security measures to protect Personal Data against accidental or unlawful destruction, accidental loss, alteration, unauthorised disclosure, or access and against all other reasons for data processing that do not comply with our Privacy Policy.
For the best possible protection of your Personal Data outside the limits of our control and management of the same, it is advisable that your computer be provided with software devices that protect network data transmission/receipt (such as updated antivirus systems) and that your Internet service provider take appropriate measures for the security of network data transmission (such as, for example, firewalls and anti-spam filtering).
We will only hold your Personal Data for so long as is necessary for us to fulfil the purposes set out in this Privacy Policy (e.g., in case of online sales for as long as required by local tax, corporate and warranty laws; in case of a consent as long as you revoke your consent). Where we no longer need to process your Personal Data for the purposes set out in this Privacy Policy, then we will delete your Personal Data from our system.
7. Transfer of your Personal Data to other countries
The Personal Data we collect from you is currently held within the European Economic Area (‘EEA’). However, said data may be processed by our trusted third party providers operating from the EEA, countries with an adequate level of data protection or third countries by providing the appropriate safeguards in accordance with Data Protection Legislation.
Please note that some cookie providers and data recipients may be in the United States or other countries which may have a lower level of data protection. For further information, click on "Cookie Settings” in the Cookie Banner. However, we will take reasonable steps to ensure that your Personal Data is given equivalent protection in accordance with the Data Protection Legislation, by implementing adequate contractual conditions in our agreements with business partners dealing with transfer of Personal Data to ensure that Personal Data are processed according to our instructions, and in such a way to maintain their integrity and security.
For further information, please contact us as per the “Contact” section below.
8. Routine Finder Tool:
If you use our Routine Finder we may collect personal data related to your identity, health and physical characteristics. This may involve the use of ‘profiling’ or automated decision making in order to predict your interests and personalise recommendations. We use this personal data for the purpose of providing you with an ayurvedic dosha profile and a personalised skincare routine, and to provide you with personalised marketing communications by email, SMS, post, social media ads or other digital channels from APSA about the brand.
We will only process personal data collected through the Routine Finder tool with your express consent, which is the legal ground that we rely on to process this personal data. You have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. This tool is not intended to be used by those under the age of 18.
9. Your rights in relation to your Personal Data
We set out below a summary of the rights available to you in connection with your Personal Data.
For your convenience, and without prejudice to certain formal requirements set out in the Data Protection Legislation, you can exercise any of these rights by contacting us as per the “Contact” section below.
· Right to withdraw your consent:
You may withdraw the consent you give to the Companies for processing your Personal Data at any time. Please note, however, that where you do withdraw your consent or otherwise object to our processing of your Personal Data then this may affect our ability to provide you with goods and services or affect the functionality of our Website.
In addition, if you want to stop receiving future marketing messages, communications, and materials at any time, you can do so alternatively by clicking the 'unsubscribe' link, which is included in all our email marketing messages.
· Right to access your Personal Data in our possession:
You are entitled to obtain, at any time, confirmation from us as to whether or not we are processing your Personal Data and, where that is the case, access such Personal Data.
Moreover, you are entitled to receive from us information on the source of your Personal Data; the purposes and way of processing your Personal Data; the logic involved in any electronic data processing; details of the data controller and of the data processors; the names of the entities and categories of entities to whom your Personal Data may be disclosed or who may access your Personal Data, for example, as a data controller or a party so appointed.
· Right to have inaccurate Personal Data rectified:
You have the right to obtain from us without undue delay the rectification of inaccurate Personal Data that we hold and which, which concerns you. This includes the right to request that incomplete Personal Data is completed.
· Right to erasure:
You have the right to obtain from us the erasure without undue delay of Personal Data that we hold, and which concerns you, in the circumstances as provided by Data Protection Legislation.
· Right to restriction of processing:
You have the right to restrict the way we process your Personal Data in the circumstances as provided by Data Protection Legislation.
· Right to data portability:
You have the right to receive from us the Personal Data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from us. This right shall include the right to require us to transmit the relevant Personal Data to another controller on your behalf, where technically feasible. This right only applies to personal data that: (i) we gain your consent to process; or (ii) we obtain to perform our contractual obligations to you, and in each case to the extent we process your Personal Data by automated means.
· Right to lodge a complaint about us:
You are entitled to exercise your right to lodge a complaint with a competent supervisory authority, in particular in the Member State or in the UK depending on your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes Data Protection Legislation.
The relevant authority in the UK to make a complaint is the Information Commissioner Office (ICO).
10. Opt-in/Opt out
Each time your consent is required, the Companies will inform you in advance and will give you the option to either provide or refuse your consent for the use of your Personal Data, including your e-mail address, for the above purposes, by ticking the appropriate boxes.
We wish to inform you that we may process your Personal Data also without your consent in certain circumstances, such as when such processing is necessary for performing a legal obligation to which we are subject or when such processing is necessary for performing obligations undertaken in contracts with the users.
11. Contact
If you have any questions about your Personal Data or the contents of this Privacy Policy, please contact us at:
· Email: [email protected]
· Phone: +447432333638
You can also contact our Data Protection Officer at [email protected] or by writing to us at:
Puig Brands, S.A. - Data Protection Officer
Plaza Europa, 46/48, 08902, L'Hospitalet de Llobregat, Barcelona, Spain
12. Amendments and updating of this Privacy Policy
We may amend or simply update all or part of this Privacy Policy, including when amendments are made to legal provisions or regulations, which govern data protection and protect your rights. The amendments and the updating of the Privacy Policy shall be binding as soon as they are published on the Website in this section. Therefore, you are requested to regularly access this section to check the publication of the most recent and updated Privacy Policy.
Last update: October 2024
© ANTONIO PUIG S.A. 2024. All rights reserved.