Privacy policy

The headline informs you about its Privacy Policy regarding the processing and protection of personal data of users and customers that may be collected during browsing, when purchasing a product, or when contracting a service through the Website: https://dermcontrol.inveskin.com

In this regard, the Holder guarantees compliance with current regulations on the protection of personal data, as reflected in Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Guarantee of Digital Rights (LOPD GDD). It also complies with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data (GDPR).

The use of this Website implies the acceptance of this Privacy Policy as well as the conditions included in the Legal Notice.

Identity of the responsible

• • Responsible: Instituto Investigacion Biotec. Farma y MH.

• • NIF: B18984963

• • Postal address: Avenida del Conocimiento, 34, Granada – España.

• • E-mail: inveskin@invesbiofarm.com

• • Contact telephone number: +34 958 637 152

• • Web Site: https://dermcontrol.inveskin.com

Data processing principles

When processing your personal data, the Data Controller will apply the following principles, which comply with the requirements of the new European Data Protection Regulation (GDPR):

• • Principle of legality, loyalty, and transparency: The Holder will always require consent for the processing of personal data, which may be for one or more specific purposes about which the Holder will inform the User in advance with absolute transparency.

• • Data minimisation principle: The Data Controller shall request only the data that are strictly necessary for the purpose(s) for which they are requested.

• • Principle of limitation of the storage period: The controller shall keep the personal data collected for the time strictly necessary for the purpose or purposes of the processing. The data controller shall inform the user of the relevant retention period according to the purpose.
    In the case of subscriptions, the data controller shall periodically review the lists and delete those records that have been inactive for a significant period of time.

• • Integrity and confidentiality principles: The personal data collected shall be treated in such a way as to guarantee their security, confidentiality and integrity.
    The Data Controller shall take the necessary precautions to prevent unauthorized access or misuse of its users’ data by third parties.

Collection of personal information

You do not need to provide any personal information to browse the site.

Your rights

The data controller informs you that you have the right to:

• • Request access to the data stored.

• • Request rectification or deletion.

• • Request the restriction of its processing.

• • Object to the processing.

You may not exercise the right to data portability.

The exercise of these rights is personal and must therefore be carried out directly by the interested party, by applying directly to the Data Controller, which means that any customer, subscriber or collaborator who has provided their data may, at any time, contact the Data Controller and request information about the data stored and how it was obtained, request rectification of the data, oppose its processing, limit its use or request its deletion from the Data Controller’s files.

To exercise your rights, you must send your request along with a photocopy of your National Identity Document or equivalent to the email address: inveskin@invesbiofarm.com

The exercise of these rights does not include data that the Data Controller is obliged to keep for administrative, legal or security purposes.

You have the right to effective judicial protection and to lodge a complaint with the supervisory authority, in this case the Spanish Data Protection Agency, if you consider that the processing of personal data concerning you is in breach of the Regulation.

Purpose of processing personal data

When you connect to the Website to send an email to the Owner, subscribe to its newsletter or purchase a product or service, you are providing personal information for which the Owner is responsible. This information may include personal data such as your IP address, first and last name, physical address, email address, telephone number and other information. By providing this information, you agree that your information may be collected, used, managed and stored by – OVH – only as described on the pages:

• • Legal notice

• • Privacy policy

The personal data and the purposes of the processing by the data controller vary according to the system for collecting the information:

• • Product or service contract forms: The Data Controller requests personal data, which may include: name and surname, identity document (tax number, alien number, passport or residence permit), e-mail address, postal address, telephone number and payment details (payment method or bank details), in order to maintain a commercial relationship with the User, to carry out the dispatch of orders, to provide the contracted services and to carry out the invoicing and collection of the contracted products or services.

There are other purposes for which the data controller processes personal data:

• • To ensure compliance with the conditions set out on the Legal Notice page and with applicable law. This may include the development of tools and algorithms to help the Website ensure the confidentiality of the personal data it collects.

• • To support and improve the services provided by this website.

• • To analyse user browsing. The Holder collects other non-identifiable data obtained through the use of cookies that are downloaded to the User’s computer when browsing the Website, whose characteristics and purpose are detailed on the Cookies Policy page.

Security of Personal Information

To protect your personal data, the Data Controller will take all reasonable precautions and follow industry best practices to prevent its loss, misuse, unauthorised access, disclosure, alteration or destruction.

The Website is hosted by: OVH. The security of the data is guaranteed as they take all the necessary security measures. You can consult their privacy policy for more information.

The Owner informs the User that their personal data will not be transferred to third parties, except when such transfer is covered by a legal obligation or when the provision of a service implies the need for a contractual relationship with a data processor. In the latter case, the transfer of data to the third party will only take place if the data controller has the express consent of the user.

However, in some cases, collaboration may be carried out with other professionals; in such cases, the consent of the user will be required, informing him/her of the identity of the collaborator and the purpose of the collaboration. This will always be done with the strictest security standards.

Content from other websites

Pages on this website may contain embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the same way as if you had visited the other website.

These websites may collect information about you, use cookies, embed additional third-party tracking code, and use this code to monitor your interaction.

Cookie policy

In order for this website to function properly, it is necessary to use cookies, which are pieces of information stored on your web browser.

You can consult all the information related to the policy of collection and processing of cookies on the Cookie Policy page.

Legitimacy of data processing

The legal basis for processing your data is:

• • The data subject’s consent.

• • Performance of the contract or pre-contractual activities with the data subject for the provision of a product or service purchased from the data controller.

• • Compliance with legal obligations.

Categories of personal data

The categories of personal data processed by the data controller are

• • Identification data.

• • No specially protected categories of data are processed.

Retention of personal data

Personal data provided to the Data Controller will be kept until the Data Controller requests its deletion.

Web browsing

When you browse the Website, non-identifying information may be collected, including IP address, geolocation, a record of how services and pages are used, browsing habits and other data that cannot be used to identify you.

The Website uses the following third party analytics services:

The Owner uses the information obtained to gather statistics, analyse trends, administer the site, study browsing patterns and gather demographic information.

The Owner is not responsible for the processing of personal data by websites that you may access through the various links contained on the Website.

Accuracy and truthfulness of personal data

You undertake to provide the Owner with true, complete, accurate and up-to-date information and to keep it updated.

As a user of the Website, you are solely responsible for the truthfulness and accuracy of the data provided to the Website and you release the Owner from any liability in this regard.

Acceptance and consent

As a user of the website, you declare that you have been informed of the conditions regarding the protection of personal data and that you accept and consent to the processing of such data by the owner in the manner and for the purposes indicated in this privacy policy.

In order to contact the Owner, subscribe to a newsletter or make comments on this website, you must accept this Privacy Policy.

Changes to the Privacy Policy

The Owner reserves the right to modify this Privacy Policy in order to adapt it to new legislation or jurisprudence, as well as to industry practices.

This policy will remain in effect until it is superseded by another duly published policy.