App Privacy Policy

SKIN ROCKS

PRIVACY AND COOKIE POLICY

(Last updated 14th March 2024)

  1. INTRODUCTION

 

Who are we?

We are Skin Rocks Ltd a company registered in England and Wales. Our company registration number is 11155429 and our registered office is at 1 Mountview Court, 310 Friern Barnet Lane, London, N20 0LD. Where we decide the means or purpose of processing your personal data, we are the data "controller."

What’s this policy about?

This policy explains how we process your personal data as a data controller when you make use of the Skin Rocks mobile app (the “Service”). We update this policy from time to time so please check back in.

How do you contact us? (if you have questions about this policy or to exercise your rights)

Write to us at: privacy@skinrocks.com.

If we can’t resolve your issue, you can also get in touch with the Information Commissioner’s Office: https://ico.org.uk/concerns.

What are your rights?

 

You have the following rights, although these rights may be limited in some circumstances:

● Ask us to send a copy of your data to you or someone else

● Ask us to restrict, stop processing, or delete your data

● Object to our processing of your data

● Object to use of your personal data for direct marketing

● Ask us to correct inaccuracies.

 

If we rely on consent to process data, or send direct marketing, you can withdraw consent by email to the address above.

  1. YOUR PERSONAL DATA AND HOW WE USE IT

 

 

Your data 

How we use it

Sources and recipients

Enquiry data (information we receive when you get in touch) including:

● Name

● Contact details

● Other personal data you send to us as part of enquiries.

How long we keep it 6 years from when our relationship with you ends.

We process this information to respond to your support and other enquiries.

Legal basis

We may process this data in accordance with the terms of our contract with you (where we need this information to provide the Service to you) or to take steps at your request prior to entering into a contract.

We also use this to pursue our legitimate interests, including: (a) our interest in responding to enquiries to ensure smooth operation of our business and services; and (b) to understand our customers and improve our website and Services, by taking on-board your feedback.

More information

You may be required to provide us with certain information for us to respond to your enquiries.

Sources

● We collect this information from you when you send it to us.

Recipients

We may store this information with ZenDesk.

Account data

(information we receive when you set-up and use your account) including:

● Name

● Age, gender

● Credentials (username & password)

● Subscription type (whether you have subscribed for premium content/features)

● User ID and/or email address (used to link your user account with your subscription)

● Preferences (e.g. types of product you may be interested in, or skin and other conditions you are concerned about)

● Contact details (email)

How long we keep it

We keep your account data for 7 years from when our relationship with you ends.

 

We process this information to set-up your account, enable you to use the Service (for example, to show you content and recommend products which are more relevant to you), and to allow you to manage and pay for your subscriptions.

Legal basis

We process this information in accordance with the terms of our contract with you to provide the Service to you where we need it to deliver functionality you have requested.

Where you provide certain more sensitive “special category” data to us, including skin or other conditions you are concerned about (“Concerns”), we process that information where you have given your consent.

We may anonymise & aggregate Concerns, Preferences, age and gender details, across all users to use it in pursuit of our interest in understanding the types of products and concerns users tend to have so we can decide which content and products to feature in the Service.

More information

You may be required to provide us with certain information for us to respond to your enquiries and to register an account.

 

Sources

● We collect this information from you when you register and use the Services.

Recipients

We use the following service providers to help us provide our Services and they may process this information on our behalf:

● Amazon Web Services

● RevenueCat, Inc.

Analytics

Information about how users interact with the app namely:

● the content you view; ● the features of the app you use; ●  City; ● Region; ● Country; ● Geo source; ● App build number; ● App version; ● Carrier; ● iOS Version; ● Manufacturer; ● Lib version; ● Mixpanel library; ● Model; ● Device model; ● Device ID; ● User ID; ● Operating system; ● Radio; ● Screen height; ● Screen width; ● Wifi; ● Processing time; ● Profile users; ● IOS Timezone; ● iOS app release; ● iOS app version; ● iOS device model; ● iOS Lib version; ● iOS Version; ● Last seen; ● Total app sessions; ● Total app sessions length; ● First app open date; ● Version App; ● Build number; ● Bluetooth; ● Bluetooth version; ● Brand; ● Carrier; ● Has NFC; ● Has telephone; ● Lib version; ● Manufacturer Model; ● Screen DPI; ● Google play services.

How long we keep it

After 5 years underlying data is deleted, but we may retain aggregate statistics generated from it which are anonymous.

When you request content or use features in the app, our servers record which content and features you interact with.

We use this to understand how people use the Service, and to help improve and maintain the Service.

Legal basis

We process this data where you have given your consent.

Sources

We use the service providers listed below to collect this data from you.

Recipients

We use the following service providers to help us process this information on our behalf:

● Mixpanel

● Branch

● Amazon Web Services 

● Planes Limited

● Facebook

● Google

Marketing

We process the following information about you to send you emails or push notifications, to let you know about news, content and updates relating to the Service:

● Name

● Contact information (such as email address or device ID for push notifications)

● Marketing segment (details of the context in which you consented to marketing, for example whether this was in relation to a paid subscription)

We process this information to send you promotional material.

Legal basis

We process your personal data for this purpose where you have consented to email or push notifications.

We may use information as described elsewhere in this policy to determine the content of marketing messages.

More Information

You can withdraw your consent at any time by dropping us a line or changing your preferences through the Service. 

Sources

We collect this information from you.

Recipients

We use the following service providers to help us process this information on our behalf:

● OneSignal 

● Klaviyo

Consent

● Records of whether you have consented to marketing or cookies

 

We record whether you have given consent to our use of cookies or to direct marketing.

Legal basis

We process this data to comply with our legal obligations.

Sources

We collect this information from you.

Recipients

We use the following service providers to help us process this information on our behalf:

● OneTrust

● Klaviyo

Where explicit retention periods are not described above, we hold data for as long as necessary bearing in mind the purpose for which it was collected. To determine the appropriate period, we consider the amount, nature, and sensitivity of the data, the potential risk of unauthorised access, and legal requirements.

 

  1. COOKIES, ANALYTICS AND SIMILAR TECHNOLOGIES

Cookies, pixels and other technologies store and access data on your device to help websites and apps work. This table explains their purpose, how long they last, and who else can access their data. We get your consent to use them unless they are essential for our sites, apps or services.

Most browsers allow control over cookies, for more information: Google Chrome | Microsoft Edge | Mozilla Firefox | Microsoft Internet Explorer | Opera | Apple Safari.

Other settings to disable certain similar technologies: Windows Advertising ID | iOS and Mac OS Ad Tracking | Google Analytics | Your Ad Choices.

 

 

Cookie/data

Duration

Purpose

Access

JWT

5 years

Authentication - To deliver our Service and keep you logged-in.

N/A

Device ID (and, if you agree to share tracking data on iOS, your device IDFA) and identifiers to indicate where in the app you follow links, and, to the extent available based on your device settings, the information listed under “Analytics” in the table above.

5 years

Content - To record which content and features you use in the app, to provide the Service and ensure you receive the type of content you are interested in.

Mixpanel

Branch

OneSignal

 

  1. TRANSFERS AND DISCLOSURE

 

Transfers

Your data is generally stored in the UK. Where we use data processors outside the UK and transfer personal data to a country which does not provide an adequate level of protection, we use contracts approved by the UK Information Commissioner’s Office and European Commission which give personal data protection similar to that which it has in the UK and Europe. For more information drop us a line using the contact details at the start of this policy.

Disclosure 

Other than as set out above, we may disclose your personal data:

● Where required by law, government, competent authorities or the courts or to establish, exercise or defend our legal rights, and for the purposes of preventing crime and fraud (for example, we may share personal data with our professional advisors, investigators, or credit reference agencies).

● With members of our corporate group, our suppliers, and subcontractors, as necessary for the purposes set out in this policy.

● If involved in an investment, merger, acquisition, or sale of our organisation or assets, personal data we hold may be shared based on the legitimate interests of us, our shareholders, customers and other parties to a transaction, unless those interests are outweighed by prejudicial impacts upon you.