Privacy Policy
Chroma Derm (“we,” “us,” “our”) is fully committed to protecting and safeguarding your privacy. This Privacy Policy explains how we process, store, and protect your personal data when you visit or make use of the services provided on our website, chroma-derm.com. We are dedicated to maintaining transparency, accountability, and compliance with applicable data protection regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Commitment to Privacy and Data Protection
Your privacy is of paramount importance to us. We collect and process your personal data in a manner that ensures appropriate security and confidentiality. Our approach is guided by the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and accountability.
2. Scope of This Policy and Data Controller Role
This Privacy Policy applies to all users of chroma-derm.com and to all personal data collected through or in connection with our website and services. Chroma Derm is the Data Controller of the personal information you voluntarily provide or that we collect for specified business or operational purposes. For users in the European Economic Area (EEA) or United Kingdom, this means that Chroma Derm determines why and how your personal information is processed.
3. Categories of Personal Data We Process
We may collect and process the following categories of personal data depending on your interactions with our website:
– Usage Data: Includes data such as your IP address, browser type, time zone settings, referring URLs, pages visited, session duration, and interaction information.
– Account Data: Includes your full name, billing and shipping addresses, email address, and phone number provided when registering or placing orders.
– Profile Data: Includes preferences, purchase history, saved wishlist items, user behavior patterns, and service feedback.
– Communication Data: Includes messages sent to our support team, feedback submissions, contact form inquiries, and correspondence history.
– Technical Data: Includes device type, operating system, device model, browser plug-in types, screen resolution, language settings, and system diagnostics.
– Transaction Data: Includes order history, payment details (partially masked where appropriate), delivery tracking data, and fulfillment status.
– Preference Data: Includes marketing preferences, communication opt-ins, frequency settings, product or brand interests, and survey responses.
4. Legal Bases for Processing Personal Data
We process your personal data under a variety of lawful bases, including:
– Consent: Where applicable, we obtain your explicit consent to process your data, especially for marketing or analytics.
– Contractual Necessity: To fulfill our contractual obligations (e.g., delivering purchases, providing services).
– Legal Obligation: Where we are legally obliged to retain or disclose certain data.
– Legitimate Interests: For purposes such as fraud prevention, website security, service optimization, customer insight development, and business administration, provided these interests are not overridden by your rights.
5. Your Data Protection Rights
Depending on your jurisdiction, you may exercise various data rights, including:
– Right of Access: You have the right to request access to the personal data we hold about you.
– Right to Rectification: You may correct inaccurate or incomplete information.
– Right to Erasure: You may request deletion of your personal data where legally permissible.
– Right to Restrict Processing: You may request that we restrict how your data is processed.
– Right to Data Portability: You may request to receive your data in a structured, commonly used, machine-readable format for transmission to another controller.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
Chroma Derm employs commercially reasonable administrative, technical, and physical safeguards to ensure the confidentiality, integrity, and availability of your data. Our measures include:
– Encryption of data in transit and at rest
– Secure socket layer (SSL) protocols
– Access control and authentication protocols
– Regular software updates and system hardening
– Routine data backups and disaster recovery protocols
– Staff training on privacy and security standards
7. International Data Transfers
As an entity operating in multiple jurisdictions, your personal data may be transferred and stored in countries outside your own, including countries outside the European Economic Area (EEA). In such instances, we use standard contractual clauses or other legally approved mechanisms to ensure that a similar degree of protection is afforded to your personal data.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with applicable legal and regulatory obligations. The retention period varies by data type:
– Usage and Technical Data: up to 24 months
– Account and Transaction Data: up to 7 years (for legal and financial compliance)
– Communication Data: up to 24 months
– Marketing Preferences and Profile Data: until consent is withdrawn or the account is inactive for 24 months
9. Cookie Policy
We use cookies and similar technologies on chroma-derm.com to enhance your experience, provide essential functionality, analyze site usage, and support marketing initiatives. Cookies may include:
– Essential Cookies: Necessary for site functionality and security
– Functional Cookies: Enable personalization and enhanced features
– Analytics Cookies: Collect aggregated data to analyze website performance
– Performance Cookies: Monitor and improve site responsiveness
10. Cookie Management and GDPR/CCPA Compliance
You are granted full control over the use of cookies. Upon first visit, chroma-derm.com displays a cookie consent banner enabling you to grant or withhold permission for non-essential cookies. You may also adjust cookie preferences via your browser settings or through our cookie management panel.
Under GDPR and CCPA, you may request to opt out of data sales, withdraw cookie consent, or direct us not to track your behavior for targeted advertising by contacting us.
11. Children’s Privacy
Chroma Derm does not knowingly collect or solicit personal data from children under 13 years of age. If we become aware that we have collected data from a child under the age of 13 without appropriate parental consent, we will take steps to delete such information promptly. Parents or guardians who believe their child has provided us with personal information should contact us at [email protected].
12. Updates to This Policy
We reserve the right to revise this Privacy Policy to reflect changes in legal, regulatory, or technological environments, or changes in our business practices. Any modifications will be posted on this page. Where required by law, we will notify you through direct communication or prominent notice on chroma-derm.com.
13. Contact Us
If you have any questions about this Privacy Policy, your personal data, or if you wish to exercise your rights, please contact our privacy team at:
Email: [email protected]
Website: https://www.chroma-derm.com
Chroma Derm is committed to full compliance with data protection regulations including GDPR and CCPA. Your trust is important to us, and we encourage you to reach out with any privacy-related concerns.