Privacy Policy

INTRODUCTION

 

At Skin Tech Pharma Group, we value your privacy. This policy is designed to provide you with clear and transparent information about what personal data we collect, how we collect it, the purposes for which we use it, and other relevant details so that you have full knowledge and control over how your data is processed.

 

We recommend that you review this Privacy Policy periodically and whenever you provide us with personal data, as it may be subject to changes. We reserve the right to update or modify this Privacy Policy at any time without prior notice. Any changes will be published directly on this website, which will serve as sufficient notification.

 

WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA?

 

Entity: SKIN TECH PHARMA GROUP, S.L.U.

Company number: B-17470261

Registered office: Pla de l’Estany, 29, 17486, Castelló d’Empúries, Girona, Spain              

Data Protection Officer (DPO): PYMELEGAL, S.L.

DPO Contact: gdpr@skintechpharmagroup.com

 

SKIN TECH PHARMA GROUP, S.L.U., as the entity responsible for this website, in compliance with Regulation (EU) 2016/679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data, as well as all other applicable data protection regulations, and Spanish Law 34/2002 of July 11 on Information Society Services and Electronic Commerce, has implemented the necessary technical and organizational security measures to ensure and safeguard the confidentiality, integrity, and availability of your data.

 

WHAT PERSONAL DATA DO WE PROCESS, HOW DO WE COLLECT IT, AND WHY?

 

  1. If you contact us:

 

  • Purpose: Whether you reach out through our contact form, by email, or by phone, we will collect and process your data to provide the requested information, respond to your inquiries, and/or handle any complaints
  • Required data: Your first and last name, along with the contact details you provide (such as phone number and/or email address)
  • Legal basis: Consent of the data subject

 

  1. If you subscribe to our newsletter:

 

  • Purpose: By subscribing to our newsletter, we will contact you to share information of interest about our events, products, and services, as well as promotional communications via electronic means
  • Required data: First name, last name, phone number, email address and country
  • Legal basis: Consent of the data subject
  • Additional information regarding our newsletter: You can unsubscribe from our newsletter and stop receiving updates at any time by sending us an email with the subject line “Unsubscribe” or by using the unsubscribe button included at the bottom of all our communications. In accordance with Spanish Law 34/2002 of July 11 on Information Society Services and Electronic Commerce, we do not engage in spam practices. Therefore, we will never send you commercial communications by email without your prior request or authorization

 

  1. If you register on any of our intranets (Medinet or Distrinet):

 

  • Purpose: If you register on any of our intranets, we will collect and process your data to create a user account and enable access to its features
  • Required Data: For Medinet: identification and professional contact details (such as full name and email address), country of practice, professional license number, specialty, and clinic name. For Distrinet: identification and professional contact details
  • Legal Basis: Consent of the data subject
  • Additional Information about our intranets: You will need to accept the terms of use and data processing when registering on the intranet. We reserve the right to block or cancel your account if we suspect misuse of the intranet or if the information you have provided is believed to be inaccurate

 

  1. If you enter into a contractual relationship with us:

 

  • Purpose: If you enter into a contractual relationship with us, we will collect and process your data in order to manage such relationship and carry out all related tasks (administrative, tax, accounting, and similar)
  • Required data: Identification and contact details (full name, ID/passport number, email and/or postal address, phone number), as well as any information necessary for administrative and accounting management
  • Legal basis: Consent of the data subject and the contractual relationship with him/her

 

  1. If you wish to participate in one of our events or training sessions:

 

  • Purpose: When you provide your personal data to participate in any of our events or training sessions, we will collect and process this information to manage your registration and participation. If we also arrange accommodation and/or travel, your data will be used to coordinate these services related to your attendance
  • Required data: We will collect the identifying information necessary to manage your participation in the event, such as your name, surname, email address, and contact details. If we organize accommodation and/or transportation, we may also collect additional information required to make these reservations (for example, travel dates or identification details for tickets or hotel bookings)
  • Legal basis: Contractual relationship, even if the event is free of charge
  • Additional information regarding events: During events and training sessions, photographs and/or videos may be taken and later published on our social media channels or websites. Attendees will be informed about image capture during the event, and forms will be provided for those who do not wish to be recorded or photographed. In such cases, no identifiable images of those individuals will be taken

 

  1. If you notify us about adverse events:

 

  • Purpose: We are fully committed to the safety of our products. Therefore, any personal data you provide through the web form, as well as any additional information you share later, will be used exclusively to identify, quantify, assess, and prevent potential risks associated with the use of our products. This data will also be processed to monitor the specific case when necessary
  • Required data: Contact details, including name or initials, surname, phone number, email address, and country of the person reporting the adverse event. For the individual affected by the adverse event, we may collect name or initials, surname, date of birth, gender, weight, type and details of the adverse event, concurrent medication, relevant medical history, and any other information necessary for case assessment
  • Legal basis: Compliance with our legal obligations regarding medical device vigilance and cosmetovigilance
  • Additional information on vigilance: For more details, please refer to the section “We ensure the safety of our products” in this policy

 

  1. If you access our premises:

 

  • Purpose: We use video surveillance cameras in our facilities to ensure the safety of individuals, property, and the premises themselves
  • Required data: Image of the data subject
  • Legal basis: The company’s legitimate interest
  • Additional information on video surveillance: Informational signs are placed in visible locations near each camera, indicating that our premises are under video surveillance. No data transfers are foreseen except to law enforcement authorities, and no international transfers will be made. Images will be retained for a maximum of 30 days from the date of capture. After this period, the images will be blocked and made available only to public authorities, judges, and courts to address potential liabilities arising from processing, for the legally established limitation period. Once this period has expired, the images will be permanently deleted

 

  1. If you wish to work with us:

 

  • Purpose: If you send us your résumé (CV), we will use the data you provide to assess your professional profile and, where appropriate, include you in current or future recruitment processes. Your information will be analyzed to identify potential opportunities that match your experience and qualifications
  • Required data: Identification and contact details (name, surname, email address, phone number), professional and academic information included in your CV, and any other data you provide related to your work experience
  • Legal basis: Application of pre-contractual measures at the request of the data subject and, in the case of unsolicited applications, the data subject’s consent
  • Additional information on CVs: We will retain your CV for the duration of the selection process and for a maximum of one year after its conclusion, after which it will be securely deleted, ensuring confidentiality during both processing and destruction. If you wish to continue participating in future processes, you will need to send us your CV again once this period has expired

 

Unless otherwise stated in our communications, we will not use your personal data for purposes other than those described above, except where required by law or by a court order.

 

Your personal data will not be used for automated decision-making.

 

If you do not provide the requested data or do not accept this Privacy Policy, we will be unable to fulfill the purposes indicated.

 

HOW LONG WILL WE KEEP YOUR DATA?

 

We will retain your data for as long as necessary to fulfill the purpose for which it was collected, to comply with legal obligations or court requirements, and while you have not withdrawn your consent or exercised your rights to erasure, objection, or restriction of processing. Once these conditions are met, we will keep your data only for the periods established by applicable regulations.

 

WHO MAY WE SHARE OR TRANSFER YOUR DATA TO?

 

We will provide any information required to law enforcement authorities under a court order or legal obligation. The information disclosed will be limited to what we have at that time.

 

We may carry out international data transfers when using the following tools necessary for our business activities, which may store your data:

 

  • Google Analytics: Used to analyze and measure website usage through cookies. The information generated and collected by these cookies (including IP address) will be transmitted to and stored by Google, Inc., located at 1600 Amphitheatre Parkway, Mountain View, California, CA 94043, USA, on its U.S. servers. Google, Inc. adheres to the EU–U.S. Data Privacy Framework approved by the European Commission.

 

  • Mailchimp, Used for mailing services, with servers located in the U.S. The company (The Rocket Science Group, LLC) adheres to the EU–U.S. Data Privacy Framework approved by the European Commission.

 

Information you provide through this website will be hosted on our servers, contracted from the company providing our web hosting services.

 

The processing of data by the entities mentioned above, as well as any other tools we use, is governed by a data processing agreement.

 

WHAT RIGHTS DO YOU HAVE REGARDING YOUR DATA AND HOW CAN YOU EXERCISE THEM?

 

You may exercise the following rights by sending a written request to the postal address indicated at the beginning of this policy or by emailing gdpr@skintechpharmagroup.com, with the subject line: “DATA PROTECTION: EXERCISE OF RIGHTS”. To protect your privacy, we will take all reasonable measures to verify your identity. If necessary, we may request additional information to confirm you are the data subject.

 

  • Right of Access: To know and obtain information about your personal data being processed.
  • Right of Rectification: To correct errors and modify inaccurate or incomplete data.
  • Right of Erasure: To delete data that is inappropriate or excessive.
  • Right to Object: To prevent or stop the processing of your personal data.
  • Restriction of Processing: To mark stored personal data to limit its future processing for the exercise or defense of claims.
  • Data Portability: To receive your processed data so you can transmit it to another controller without hindrance.
  • Right not to be subject to automated individual decisions (including profiling): To avoid decisions based solely on automated processing that produce effects or significantly affect you.

 

You may withdraw your previously granted consent at any time, without affecting the lawfulness of processing carried out before withdrawal. This revocation will never have retroactive effect.

 

Finally, if you believe your data protection rights have been violated, you may file a complaint with the competent supervisory authority.

 

INFORMACIÓN ADICIONAL

 

Security Measures

 

The data you provide will be treated confidentially. We have adopted all necessary technical and organizational measures, as well as all required levels of protection, to ensure data security and prevent alteration, loss, theft, unauthorized processing, or access, in accordance with the state of the art and the nature of the stored data. Furthermore, processing and storage in files, programs, systems, equipment, facilities, and premises comply with the integrity and security requirements established by current regulations.

 

Presence on Social Media

 

We may have an active presence on various social media platforms. If you follow our official accounts or interact with us on these platforms, our relationship will be governed by the terms outlined in this section, in addition to the terms of use, privacy policies, and rules of each social network, which you have previously accepted. We will use your data to: properly manage our presence on the social network; inform you about activities, products, or services; and for any other purpose permitted by the respective platform’s regulations.

 

It is strictly prohibited to publish content that: is allegedly unlawful under national, EU, or international regulations, or that promotes illegal activities or actions contrary to good faith; infringes fundamental rights, shows disrespect, harasses, or generates negative opinions toward other users or third parties, or that we deem inappropriate; or violates principles of legality, honesty, responsibility, human dignity, protection of minors, public order, privacy, consumer rights, or intellectual property rights.

 

We reserve the right to remove, without prior notice, any content we consider inappropriate from our website or social media accounts.

 

If you send us personal information through a social network, we are not responsible for the security measures applied by that platform. To learn more, please review the specific terms and conditions of the relevant social network.

 

We ensure the safety of our products

 

We are fully committed to the safety of our products. To this end, we provide a web form where you can report suspected adverse events, lack of efficacy, exposure during pregnancy or breastfeeding, or any other incident related to our medical or cosmetic products. Once we receive the form, we may contact you using the details you provide to gather additional information if necessary.

 

The purpose of this processing is to identify, quantify, assess, and prevent potential risks associated with the use of our products, as well as to monitor the case when appropriate. This enables us to ensure safety and comply with our legal obligations.

If you are the person reporting the adverse event (whether a healthcare professional, distributor, or authorized third party), we collect your contact details: name or initials, surname, phone number, email address, and country.

 

If you are the person affected by the adverse event, we collect data such as name or initials, surname, date of birth, gender, weight, type and details of the event, concurrent medication, relevant medical history, and any other information necessary to document and assess the incident. These data are generally collected in a pseudonymized form (without information that directly identifies you), unless you notify us directly, in which case the data will be identifiable.

Personal data of the affected individual will be retained only for the time necessary to monitor the case. Once monitoring is complete, the data will be anonymized (removing any element that allows identification) and incorporated into our safety database, ceasing to be considered personal data. Data from healthcare professionals reporting an adverse event will be retained for the commercial life of the product plus ten (10) years.

 

Your personal data will not be disclosed to third parties except where required by law to share with health authorities or public administrations. However, we may share them with companies that assist us in managing the notification, case monitoring, and data anonymization, always under contracts that ensure confidentiality and compliance with applicable regulations. If it is necessary to transfer information outside the European Economic Area to countries without an adequacy decision by the European Commission, we will apply safeguards such as standard contractual clauses approved by the European Commission or binding corporate rules.

 

Governing Law and Jurisdiction

 

For the resolution of disputes or issues related to this Privacy Policy, Spanish law shall apply, to which the parties expressly submit. The Courts and Tribunals of Barcelona shall have jurisdiction to resolve all conflicts arising from or related to its use.

Up