Privacy Policy – Skin Rocks

Privacy Policy

SKIN ROCKS
PRIVACY AND COOKIE POLICY
(Last updated 28th June 2022)
1. INTRODUCTION
 
Who are we?
We are Skin Rocks Ltd a company registered in England and Wales. Our company registration number is 11155429 and our registered office is at 1 Mountview Court, 310 Friern Barnet Lane, London, N20 0LD. Where we decide the means or purpose of processing your personal data, we are the data "controller."
What’s this policy about?
This policy explains how we process your personal data as a data controller when you make use of the Skin Rocks mobile app (the “Service”). We update this policy from time to time so please check back in.
How do you contact us? (if you have questions about this policy or to exercise your rights)

Write to us at: privacy@skinrocks.com.

If we can’t resolve your issue, you can also get in touch with the Information Commissioner’s Office: https://ico.org.uk/concerns.
What are your rights?

 

You have the following rights, although these rights may be limited in some circumstances:

● Ask us to send a copy of your data to you or someone else

● Ask us to restrict, stop processing, or delete your data

● Object to our processing of your data

● Object to use of your personal data for direct marketing

● Ask us to correct inaccuracies.

 

If we rely on consent to process data, or send direct marketing, you can withdraw consent by email to the address above.
2. YOUR PERSONAL DATA AND HOW WE USE IT

 
Your data 
How we use it
Sources and recipients

Enquiry data (information we receive when you get in touch) including:

● Name

● Contact details

● Other personal data you send to us as part of enquiries.

How long we keep it 6 years from when our relationship with you ends.

We process this information to respond to your support and other enquiries.

Legal basis

We may process this data in accordance with the terms of our contract with you (where we need this information to provide the Service to you) or to take steps at your request prior to entering into a contract.

We also use this to pursue our legitimate interests, including: (a) our interest in responding to enquiries to ensure smooth operation of our business and services; and (b) to understand our customers and improve our website and Services, by taking on-board your feedback.

More information

You may be required to provide us with certain information for us to respond to your enquiries.

Sources

● We collect this information from you when you send it to us.

Recipients

We may store this information with ZenDesk.

Account data

(information we receive when you set-up and use your account) including:

● Name

● Age, gender

● Credentials (username & password)

● Preferences (e.g. types of product you may be interested in, or skin and other conditions you are concerned about)

● Contact details (email)

How long we keep it

We keep your account data for 7 years from when our relationship with you ends.

 

We process this information to set-up your account, enable you to use the Service (for example, to show you content and recommend products which are more relevant to you), and to allow you to manage and pay for your subscriptions.

Legal basis

We process this information in accordance with the terms of our contract with you to provide the Service to you where we need it to deliver functionality you have requested.

Where you provide certain more sensitive “special category” data to us, including skin or other conditions you are concerned about (“Concerns”), we process that information where you have given your consent.

We may anonymise & aggregate Concerns, Preferences, age and gender details, across all users to use it in pursuit of our interest in understanding the types of products and concerns users tend to have so we can decide which content and products to feature in the Service.

More information

You may be required to provide us with certain information for us to respond to your enquiries and to register an account.

 

Sources

● We collect this information from you when you register and use the Services.

Recipients

We use the following service providers to help us provide our Services and they may process this information on our behalf:

● Amazon Web Services

Analytics

Information about how users interact with the app namely:

● the content you view; ● the features of the app you use.

How long we keep it

After 5 years underlying data is deleted, but we may retain aggregate statistics generated from it which are anonymous.

When you request content or use features in the app, our servers record which content and features you interact with.

We use this to understand how people use the Service, and to help improve and maintain the Service.

Legal basis

We process this data in pursuit of our legitimate interests in understanding which content and features are more relevant to our users, so that we can focus on providing a better experience, and so that we can recommend particular content and products to you based on your interests.

Sources

We use the service providers listed below to collect this data from you.

Recipients

We use the following service providers to help us process this information on our behalf:

● Mixpanel

● Branch

● Amazon Web Services 

● Planes Limited

● Facebook

● Google

Marketing

We process the following information about you to send you emails or push notifications, to let you know about news, content and updates relating to the Service:

● Name

● Contact information (such as email address or device ID for push notifications)

We process this information to send you promotional material.

Legal basis

We process your personal data for this purpose where you have consented to email or push notifications.

We may use information as described elsewhere in this policy to determine the content of marketing messages.

More Information

You can withdraw your consent at any time by dropping us a line or changing your preferences through the Service. 

Sources

We collect this information from you.

Recipients

We use the following service providers to help us process this information on our behalf:

● OneSignal 
Where explicit retention periods are not described above, we hold data for as long as necessary bearing in mind the purpose for which it was collected. To determine the appropriate period, we consider the amount, nature, and sensitivity of the data, the potential risk of unauthorised access, and legal requirements.

 

3. COOKIES, ANALYTICS AND SIMILAR TECHNOLOGIES
Cookies, pixels and other technologies store and access data on your device to help websites and apps work. This table explains their purpose, how long they last, and who else can access their data. We get your consent to use them unless they are essential for our sites, apps or services.
Most browsers allow control over cookies, for more information: Google Chrome | Microsoft Edge | Mozilla Firefox | Microsoft Internet Explorer | Opera | Apple Safari.
Other settings to disable certain similar technologies: Windows Advertising ID | iOS and Mac OS Ad Tracking | Google Analytics | Your Ad Choices.

 

 
Cookie/data
Duration
Purpose
Access
JWT
5 years
Authentication - To deliver our Service and keep you logged-in.
N/A
Device ID (and, if you agree to share tracking data on iOS, your device IDFA) and identifiers to indicate where in the app you follow links
5 years
Content - To record which content and features you use in the app, to provide the Service and ensure you receive the type of content you are interested in.

Mixpanel

Branch

OneSignal

Including:

City

Region

Country

Geo source

IOS

App build number

App version

Carrier

iOS Version

Manufacturer

Lib version

Mixpanel library

Model

Device model

Device ID

User ID

Operating system

Radio

Screen height

Screen width

Wifi

Processing time

Profile users

IOS Timezone

iOS app release

iOS app version

iOS device model

iOS Lib version

iOS Version

Last seen

Total app sessions

Total app sessions length

First app open date

Android App

Version App

Build number

Bluetooth

Bluetooth version

Brand

Carrier

Has NFC

Has telephone

Lib version

Manufacturer Modell

Device ID

User ID

Mixpanel Library

Operating System

OS version

Screen DPI

Screen Height

Screen Width

Wifi

Google play services

Processing time

 

4. TRANSFERS AND DISCLOSURE

 
Transfers
Your data is generally stored in the UK. Where we use data processors outside the UK and transfer personal data to a country which does not provide an adequate level of protection, we use contracts approved by the European Commission which give personal data protection similar to that which it has in Europe. For more information drop us a line using the contact details at the start of this policy.
Disclosure 

Other than as set out above, we may disclose your personal data:

● Where required by law, government, competent authorities or the courts or to establish, exercise or defend our legal rights, and for the purposes of preventing crime and fraud (for example, we may share personal data with our professional advisors, investigators, or credit reference agencies).

● With members of our corporate group, our suppliers, and subcontractors, as necessary for the purposes set out in this policy.

● If involved in an investment, merger, acquisition, or sale of our organisation or assets, personal data we hold may be shared based on the legitimate interests of us, our shareholders, customers and other parties to a transaction, unless those interests are outweighed by prejudicial impacts upon you.