Menu 
Monderma
Last Updated: September 2024
1.1. There is a controller responsible for your privacy
Monderma Limited, herein referred to as “Monderma”, “we”, “us”, or “our”, is the controller and responsible for your personal information. We have a Data Protection Officer (DPO) who is oversees questions about our Privacy Policy. If you have any queries regarding our Privacy Policy or wish to exercise your legal rights, please contact us.
1.2. Monderma respects your privacy and is committed to protecting your personal information
This Privacy Policy will inform you how we manage your personal information when you visit our website, regardless of where you visit it from, as well as your your privacy rights and how the law protects you.
1.3. The purpose of this Privacy Policy
This Privacy Policy outlines how Monderma collects and processes your personal information when you visit our website, including information you provide when you sign up to our newsletter, register an account, purchase a product or service, or enter a competition. It is important that you read this Privacy Policy, as well as our Terms and Conditions to understand how and why we use your information. This Privacy Policy supplements and does not supersede our Terms and Conditions in any way. Our website is not intended for use by anybody under the age of 16. If you are under the age of 16, your parent or guardian must consent to and complete the consultation on your behalf. We do not knowingly collect information relating to children. Customers may include teenagers aged 16 and 17, and we have taken extra care to ensure that we operate fairly and transparently.
2.1. The information we collect about you
Personal information, otherwise known as personal data, is any information about an individual that identifies that person. It excludes information in which the identity has been removed, known as anonymous data. We may collect, use, store, transfer, and destroy different types of personal information about you, as detailed below.
| Type of information | What this includes |
| Identity | Your first name, last name, date of birth, and gender |
| Contact | Your shipping address, billing address, email address, and telephone number |
| Financial | Your bank account details and payment card details |
| Transaction | Details of payments to and from you, and other details of products and services you have purchased from us |
| Technical | Your operating system and platform, internet protocol (IP) address, browser type and version, browser plugin types and versions, time zone setting and location, your login information, and other technology on the devices you use to access our website |
| Usage | Your password, orders, interests, preferences, feedback, and survey responses. This includes information about how you use our website, products, and services. The information used to deliver the service includes the consultation and images you have shared, and emails about delivering the service |
| Communications | Your preferences for receiving marketing from us and our third parties, and your communication preferences |
2.2. We collect, use, and share aggregated information such as statistical and demographics
Aggregated information can be derived from your personal information, but is not deemed as such under the law because it does not directly or indirectly reveal your identity. For example, we may aggregate your usage information to determine the percentage of users that use a specific website feature. However, if we combine or connect aggregated information with your personal information in such a way that it can directly or indirectly identify you, we treat the combined information as personal information which will be used in accordance with this Privacy Policy.
2.3. We may collect special types of personal information to deliver a service to you
This information is not used for any other purposes. This can be collected from the health information you supply to us including through the consultation and images you share, for example information to be considered by a Dermatologist or Pharmacist. This includes any health information shared as part of the Custom Formula service or another personalised service. We do not collect information about your sexual orientation, religious or philosophical beliefs, political opinions, or trade union membership. Nor do we collect any information about criminal convictions and offences.
2.4. If you fail to provide personal information
If we are required by law or under the terms of a contract we have with you to collect personal information and you do not provide that information when requested, we may be unable to perform the contract we have or are trying to enter into with you, such as providing you with products or services. In this case, we may have to cancel a product or service that you have with us, but we will notify you if this is necessary at the time.
3.1. We collect information about you using different methods, including direct interactions
You may provide us with your Identity, Contact, and Financial Information by filling in forms or communicating with us through our website, social media, by email, phone, post, or other means. This includes personal information you provide when you have a consultation or speak with a Dermatologist or Pharmacist, create an account on our website, purchase one of our products, subscribe to our products or services, request marketing materials, enter a competition, promotion, or survey, or contact us.
3.2. We use automated technologies
As you interact with our website, we will automatically collect technical information about your equipment, browsing actions, and patterns. We collect this personal information by using cookies, server logs, and other similar technologies. Please see our Cookie Policy below for more information. We collect Technical information from analytics providers such as Google, based outside the UK. We collect Contact, Financial, and Transaction Information from providers such as LexisNexis and Stripe.
3.3. Our website uses cookies to distinguish you from other users on our website
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you consent. Cookies contain information that is transferred to your computer’s hard drive, which enables us to provide you with a good browsing experience while also allowing us to improve our website. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookies Policy below.
3.4. We use the following types of cookies
The table below provides information about the different types of cookies we use.
| Type of cookie | What this includes |
| Strictly necessary cookies | These cookies are essential for the proper functioning of our website. They include cookies that enable you to log in to secure areas of our website, use a shopping cart, or make use of e-billing services. |
| Analytical or performance cookies
|
These cookies allow us to recognise and count the number of visitors to our website, as well as see how they navigate it. This helps us to improve the functionality of our website, such as ensuring that users can easily find what they are looking for. |
| Functionality cookies
|
These cookies are used to recognise you when you return to our website. This allows us to personalise our content for you, and remember your preferences. |
| Targeting cookies | These cookies record your visit to our website, including the pages you visited and the links you clicked. We use this information to tailor our website and the advertising that appears on it more relevant to your interests. We may share this information with third parties for this purpose. |
3.5. Each cookie serves a specific purpose
The table below contains more information about the individual cookies we use and their purposes.
| Name of cookie | What its purpose is |
| WordPress_[hash] | This cookie allows the interface to recognise you as a logged-in user and determine which account and preferences to use for different features. |
| wp-settings-{time}-[UID] | This cookie facilitates the customisation of your view of the admin and main website interfaces. The number UID represents an individual user ID from the user database table. |
| google-analytics_v4_60a4__engagement | This cookie monitors usage and page views for analytics purposes, and is only active while you use our website. |
3.6. We have no control over third parties cookies
Please note that third parties may also use cookies, over which we have no control. These named third parties may include advertising networks and providers of external services such as web traffic analysis services. These third party cookies are likely to be analytical, performance, or targeting cookies. To deactivate the use of third party advertising cookies, click the cookies button in the bottom right corner of the website. If you set your browser settings to block all cookies, including essential cookies, you may be unable to access all or parts of our website. Except for essential cookies, all cookies expire after 6 months.
4.1. We will only use your personal information as legally permitted
We typically use your personal information to perform the contract with you, to protect our legitimate interests or those of a third party and your interests and fundamental rights do not override those interests, or to comply with a legal obligation.
4.2. Purposes for which we use your personal information
We outline the ways we use your personal information below, as well as the legal bases for doing so. We have identified our legitimate interests, where appropriate. Please keep in mind that, depending on the purpose for which we use your information, we may process it under more than one lawful ground. Please contact us if you require more information about the legal basis on which we are processing your personal information, where more than one ground has been specified.
| Type of information | Purpose or activity | Lawful and legitimate basis of interest |
| Identity, Contact | To register you as a new customer | For the performance of a contract with you |
| Identity, Contact, Financial, Transaction, Communications | To process and deliver your orders, manage payments, fees, and charges, and collect and recover money owed to us | For the performance of a contract with you, and recovering debts owed to us |
| Identity, Contact, Usage, Communications | To manage our relationship with you by notifying you of changes to our Terms & Conditions and Privacy Policy, and soliciting reviews or surveys | For the performance of a contract with you, comply with legal and regulatory obligations, and for our legitimate interests to keep our records updated and study how customers use our products and services |
| Identity, Contact, Usage, Communications | To allow you to partake in a prize draw, competition, or complete a survey | For the performance of a contract with you, and for our legitimate interests to study how customers use our products and services in order to develop them and grow our business |
| Identity, Contact, Technical | To administer and protect our business and website, including system maintenance, hosting of information, testing, troubleshooting, support, data analysis, and reporting | For our legitimate interests in running our business, the provision of administration and IT services, network security, preventing fraud and in the context of a business reorganisation or group restructuring exercise, and complying with legal and regulatory obligations |
| Identity, Contact, Technical, Usage, Communications | To deliver relevant website content and advertisements to you, and measure or understand the effectiveness of the advertising we serve you | For our legitimate interests to study how customers use our products and services, to develop them, to grow our business and to inform our marketing strategy |
| Technical, Usage | To use data analytics to improve our website, products and services, marketing, customer relationships, and experiences | For our legitimate interests in defining types of customers for our products and services, keeping our website updated and relevant, developing our business and informing our marketing strategy |
| Identity, Contact, Technical, Usage, Communications | To suggest and recommend products and services that may be of interest to you | For our legitimate interests to develop our products and services and grow our business |
4.3. Change of purpose for which personal information was collection
We only use your personal information for the purposes for which it was collected, unless we reasonably believe that we need to use it for another reason, which is compatible with the original purpose. If you would like an explanation of how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal information for an unrelated purpose, we will notify you and explain the legal basis for doing so. Please note that we may process your personal information without your knowledge or consent in accordance with the above rules, if required or permitted by law.
4.4. We may share your personal information with external third parties
We may share your personal information with external third parties such as HM Revenue & Customs (HMRC), regulators and other authorities based in the UK or equivalent elsewhere who under law require reporting of processing activities in certain circumstances, Dermatologists and Pharmacists, service providers acting as processors who provide IT and system administration services, or professional advisers acting as processors or joint controllers including lawyers, bankers, auditors, and insurers. This may also include third parties to whom we may sell, transfer, or merge parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may continue to use your personal information in accordance with this Privacy Policy. We require that all third parties respect the security of your personal information and treat it in accordance with the law. We do not allow our third party service providers to use your personal information for their own purposes, and they are only permitted to process your personal information for specific purposes, in accordance with our instructions.
4.5. We promote our website through marketing and advertising services
Generally, we do not rely on consent as a legal basis for processing your personal information although we will get your consent before sending third party direct marketing communications to you by email or text message. You have the right to withdraw consent to marketing at any time by contacting us. We strive to provide you with choices about how your personal information is used, particularly for marketing and advertising. We will obtain your express opt-in consent before we share your personal information with any third party for marketing purposes.
4.6. We sometimes offer promotional offers for our products and services
We may use your Identity, Contact, Technical, or Usage Information to determine what we believe you may want or need, or what may be of interest to you. This is how we determine which products, services, and promotions may be relevant to you. We will send you marketing communications if you have requested information from us or purchased products or services from us and you have not opted out of receiving them.
4.7. Opting out of communications
You can request that we or third parties stop sending you marketing communications at any time by following the opt-out links or responding to any email or text message sent to you. If you opt out of receiving these marketing messages, this will not apply to personal information provided to us as a result of a product or service purchase, warranty registration, product or service experience, or other transactions.
4.8. We reserve the right to make international transfers if necessary
We share your personal information with Dermatologists and Pharmacists, which does not involve transferring your information outside of the UK. If our external third parties are based outside of the UK, their processing of your personal information will involve a transfer of information outside of the UK. Whenever we transfer your personal information out of the UK, we ensure that it receives a similar degree of protection by only transferring it to countries that have been deemed to provide an adequate level of protection for personal information, or where we use certain service providers, we may use specific contracts approved for use in the UK which give personal information the same protection as it does in the UK. Examples include the EU Standard Clauses or the UK International Data Transfer Agreement. Please contact us if you require any further information about the specific mechanism used by us when transferring your personal information outside of the UK.
5.1. You must protect your account information
Make sure you are using a trusted device, have a secure internet connection, choose a strong password, enable two-factor authentication, and keep your software and operating systems updated. Use a reputable antivirus software and keep it updated. For more information, visit the National Cyber Security Centre website.
5.2. Our information security measures comply with legal and regulatory requirements
We have implemented appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorised manner, altered, or disclosed. In addition, we restrict access to your personal information to a ringfenced group of employees, contractors, agents, and other third parties. They will only process your personal information on our instructions and are bound to a duty of confidentiality. We have procedures in place to deal with any suspected personal information breach and we will notify you and any applicable regulator of a breach if we are legally required to.
5.3. We have an information retention procedure
We are required by law to keep basic information about our customers, including Identity, Contact, Financial, and Transaction Information, for 6 years after they cease being customers for tax purposes. In some circumstances, you can request that we delete your information, which is detailed in Your Legal Rights below. In some cases, we will anonymise your personal information so that it cannot be associated with you for research or statistical purposes, and we may use this information indefinitely without further notice to you.
6.1. You have legal rights under data protection laws regarding your personal information
You have the right to request access, request correction, request erasure, request restriction of processing, object to processing, request transfer, and withdraw consent to the processing of your personal information. Please click on the links to learn more about these rights on the Information Commissioner’s Office (ICO) website. You have the right to request access to your personal information, commonly known as a “Data Subject Access Request (DSAR)”. This enables you to receive a copy of the personal information we hold about you and ensure that we are processing it lawfully. If you wish to exercise any of the rights listed above, please contact us.
6.2. No fee is usually required
You will not be required to pay a fee to access your personal information or exercise any other rights. If your request is clearly unfounded, repetitive, or excessive, we may charge you a reasonable fee. Alternatively, we could refuse to comply with your request in these circumstances.
6.3. What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information or exercise any of your other rights. This is a security measure to ensure that personal information is not disclosed to any person who does not have the right to receive it. We may also contact you to request additional information regarding your request to expedite our response.
6.4. We have a time limit to respond
We try to respond to all legitimate requests within 1 month. If your request is particularly complex or you have made several requests, it may take us more than a month to process. In this case, we will notify and keep you informed.
6.5. You have options to resolve questions or disputes with us
Please contact us in the first instance, and we will do our best to resolve any issue you may have with us or our products. We would appreciate the chance to address your concern. If you are still dissatisfied with the outcome, you can make a complaint to the ICO, the UK’s regulator for data protection and information rights.
