www.dermahkmacau.com Privacy Policy

This website collects personal data from users.

This document can be printed out for reference using the print command in any browser setting.

Owner and Data Controller

GRACE KAILY LTD.

GRACE KAILY (HK) LIMITED.

Contact email address: info@dermahkmacau.com

Types of Information Collected

The types of personal data collected by this website, either by itself or through third parties, include: cookies; usage information; first name; last name; gender; date of birth; telephone number; email address; password; country; user ID; billing address; shipping address; point of sale related information; various types of information; unique device identifiers for advertising (such as the Google Advertiser ID or IDFA); and geolocation.

Complete details on the various types of personal data collected will be provided in the dedicated sections of this privacy policy or in specific explanation texts displayed prior to data collection.

Personal data may be freely provided by the user, but in the case of usage data, it is collected automatically when using this website.

Unless otherwise specified, all information requested by this website is mandatory and without its provision the website may not be able to provide the service. If this website explicitly states that certain information is not mandatory, the User may not provide it without affecting the availability or functionality of the Service.

If the User is unsure about what Personal Data must be provided, the User is welcome to contact the Owner.

Any use of Cookies – or other tracking tools – by this Website or by owners of third-party services used by this Website, in addition to any other purposes described in this document and in the Cookie Policy (if any), is for the purpose of providing the service requested by the User.

Users are responsible for any third-party personal data obtained, published or shared through this website and confirm that they have obtained the third party's consent to provide the information to the Owner.

How and where your data is processed

Treatment

The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of the Information.

Data processing is carried out using computers and/or information technology tools, following organizational procedures and models and strictly in accordance with the stated purposes. In addition to the Owner, in some cases the Data may be accessed by certain types of persons in charge, involved in the operation of this Website (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail service operators, hosting providers, IT companies, communications agencies), appointed, if necessary, as Data Processors by the Owner. The Owner may request an update to the list of these agencies at any time.

To protect your privacy, our company will never disclose your personal information to any group or other third party. The personal information you provide will only be used internally. Except for providing it to relevant service partners such as credit card centers and delivery companies to complete transactions or membership services, it will never be leaked or provided to third parties at will.
This website only complies with the provisions of the Personal Data (Privacy) Ordinance (Chapter 486 of the Laws of Hong Kong). The Company ensures that its employees strictly follow the standards of security and confidentiality of customers' personal data.

Legal Basis for Processing

The Owner may process Personal Data of Users if any of the following applies:

The user has consented to one or more specific uses. Note: Under some legal provisions, the Owner may process Personal Data until the User objects to the processing (“opt-out”), without having to rely on consent or any other of the following legal bases. However, this does not apply when the processing of personal data is subject to European data protection laws.

The provision of information is necessary for the performance of an agreement with the user and/or any pre-contractual obligations;

Processing is necessary for compliance with a legal obligation to which the Owner is subject;

Processing is carried out for a task carried out in the public interest or in the exercise of official authority vested in the Owner;

Processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.

In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Place

The Data is processed at the Owner’s operating offices and any other locations where the parties involved in the processing are located.

Depending on where the User is located, data transfer may involve transferring the User's data to a country other than their own. For more details on the place where the transferred Data is processed, Users may review the section containing details of the processing of Personal Data.

Users are also entitled to learn about the legal basis for the transfer of their Data to a country outside the EU or to any international organisation governed by public international law or established in two or more countries, such as the United Nations, and about the security measures taken by the Owner to protect their Data.

If any such transfer occurs, Users may review the relevant sections of this document for more information or ask the Owner using the information provided in the contact section.

Retention time

Personal data shall be processed and stored for the period required for the purposes for which they were collected.

therefore:

Personal Data collected for the performance of a contract between the Owner and the User shall be retained until such time as the contract has been fully performed.

Personal Data collected for the purposes of the Owner’s legitimate interests shall be retained for the period necessary to fulfill those purposes. Users may find specific information on the legitimate interests pursued within the relevant sections of this document or contact the Owner.

The Owner may retain the Personal Data for a longer period, provided that the User has consented to the processing and that consent has not been withdrawn. Furthermore, the Owner may be required to retain the Personal Data for a longer period where required by a legal obligation or order of an authority.

Once the retention period expires, the personal data will be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability are not enforceable after the expiration of the retention period.

Processing purpose

The relevant User Data is collected to allow the Owner to provide the Services, comply with legal obligations, respond to law enforcement requests, protect its rights and interests (or the rights and interests of its users or third parties), detect any malicious or fraudulent activity, as well as: advertising, analytics, displaying content on external platforms, tag management, remarketing and behavioral targeting, hosting and backend infrastructure, processing payments, traffic optimization and distribution, heatmaps and session recording, registration and authentication, content commenting, interaction with external social networks and platforms, location-based interaction, commercial associations, interaction with instant messaging platforms, interaction with support and opinion platforms, managing support and contact requests, infrastructure monitoring, spam protection and contacting users.

For specific information on the personal data used for each purpose, users can refer to the "Detailed information on personal data processing" section.

Details of personal data processing

Personal data is collected for the following purposes and services:

advertise

This type of service allows user information to be displayed on this website in the form of banners and other advertisements, which may include advertising based on the user's interests.

This does not mean that all personal data is used for this purpose. The information and conditions of use are as follows.

Some of the services listed below may use cookies to identify users or may employ behavioral retargeting techniques, i.e. displaying advertisements based on users’ interests and behavior, including interests and behavior detected outside of this website. For more information, please review the privacy policy of the relevant service.

In addition to the opt-outs offered by any of the services listed below, users may opt-out of a third-party service’s use of cookies by visiting the Network Advertising Initiative’s opt-out page.

Google AdSense (Google Inc.)

Google AdSense is an advertising service provided by Google. This service uses "Doubleclick" cookies to track usage of this website and user behavior regarding advertisements, products and services.

Users can decide to deactivate all Doubleclick cookies by clicking on: google.com/settings/ads/onweb/optout.

Processed personal data: Cookies; Usage Data.

Place of processing: United States – Privacy Policy – ​​Opt-out.

Microsoft Advertising (Microsoft Corporation)

Microsoft Advertising is an advertising service provided by Microsoft Corporation.

Processed personal data: Cookies; Usage Data.

Place of processing: United States – Privacy Policy – ​​Opt-out. Privacy protection participants.

Criteo (Criteo SA)

Criteo is an advertising service provided by Criteo SA.

Processed personal data: Cookies; Usage Data.

Place of processing: France – Privacy Policy – ​​Opt-out.

Google Ad Manager (Google Inc.)

Google Ad Manager is an advertising service provided by Google LLC, which allows the Owner to jointly operate advertising campaigns with external advertising networks. Unless otherwise stated in this document, the Owner has no direct relationship with the external advertising networks. In order to avoid being tracked by various advertising networks, users can use "Your Online Choices". To learn more about Google's use of data, please refer to Google's Partner Policy.

This service uses the "DoubleClick" cookie to track the use of this website and user-related advertisements, products and services. Users can decide to deactivate all DoubleClick cookies by clicking on: www.google.com/settings/ads/onweb/optout?hl=en.

Processed personal data: Cookies; Usage Data.

Place of processing: United States – Privacy Policy. Privacy protection participants.