This policy ("Policy") sets out how Dermagram (Hong Kong) Company Ltd and it operates website www.dermagramswiss.com , www.dermagramswiss.com.hk , shop.dermagramswiss.com or cn.dermagramswiss.com ("we", "our" or "us") collects, uses, stores and handles personal data.

A. Commitment to Personal Data Protection

We are committed to protecting the privacy of the personal data ("Personal Data") we hold. To ensure that you can make informed decisions and feel confident about providing your Personal Data to us, we outline in this Policy our practices and the choices you have concerning the collection and use of your Personal Data.

B. Collection policy

To safeguard your personal data privacy rights, we ensure that policies and practices in the collection, use, retention, transfer and access to personal data are in line with the provisions of Chapter 486, Laws of Hong Kong Personal Data (Privacy) Ordinance.

C. The Personal Data We Collect

The types of Personal Data we collect from you will depend on the specific type of services and products as requested by, or provided to, you. The types of Personal Data may include (without limitation) the following:

a. your personal information (e.g. your name, gender, age, ID card or passport no. and date of birth);

b. your contact information (e.g. telephone numbers, mailing addresses, email addresses and fax numbers);

c. your business information (e.g. company name, business title and associated contact information);

d. your health records, interests, personal preferences or comments;

e. your credit card details;

f. information when you use our websites or other services or products (e.g. behavioural information, location information, browser details, IP addresses).

Certain Personal Data (e.g. relating to your personal information and contact information) are required for specific services and if you fail to supply such Personal Data as requested from each specific service, we may not be able to deliver you the services or products. By providing your Personal Data to us, you acknowledge that such provision is fair and reasonable in the circumstances.

D. Purposes for which your Personal Data are Collected and Used

Your personal data may be collected when you make a purchase on treatment packages, products or apply to be our member. The purposes for which we may use your personal data are divided into obligatory purposes and voluntary purposes. If personal data is to be used for an obligatory purpose, these personal data will not be marked as “optional” in the Members Application Form and you MUST provide your personal data to us if you want us to provide the service for which you are applying. If personal data is only to be used for a voluntary purpose, it is entirely up to you to decide whether you want to provide such information to us or not.

Purposes for which it is obligatory for you to provide your personal data are:

a. enrolment into and maintaining your membership as our member;

b. provision of our treatment services;

c. accumulating bonus points as our member;

d. provision of after-care and follow up services after our treatment;

e. communicating to you your entitlements and privileges;

f. redemption of privileges as a member;

g. notification of any amendment to the treatment plans and products information;

h. relationship building;

i. data cleansing and customers profile updates;

j. handle benefit from the service or relevant aspect;

k. provide the service analysis, to verify and / or check your credit, payment and / or condition;

l. handle your request of payment instructions, direct debit facilities and / or credit facilities;

m. facilitate the daily operation of your account and / or related services to receive the amount due in your account;

n. communicate with you by email, mail, fax, phone or other means, including contacting you regarding your enquirers;p>

o. for making disclosures when required by law, regulation, or court order of any jurisdiction and/or as requested by any government, regulatory or law enforcement authority or administrative organisation, which may be within or outside The Hong Kong Special Administrative Region of the People’s Republic of China ("Hong Kong");

p. for establishing legal claims or defences, obtaining legal advice, and/or exercising, defending and/or protecting the rights or properties of any member of Dermagram (Hong Kong) Company Limited, including identifying, contacting or bringing legal action against any person who may be causing interference with such rights or properties (whether intentionally or otherwise) or where any other person could be harmed or property of any other person could be damaged by such interfering activities;

q. for the use by any member of Dermagram (Hong Kong) Company Limited in connection with any of the above purposes and/or any of the Services that any member of Dermagram (Hong Kong) Company Limited may offer or supply to you from time to time; and/or

r. for any other incidental or associated purposes relating to the above, or any other purposes as specified in a personal information collection statement when your Personal Data is being collected, or any other purposes which you may from time to time agree;

s. we will not knowingly or intentionally use, share or sell your Personal Data in ways which are unrelated to the above purposes (or purposes as specified in a personal information collection statement when we collect your Personal Data) without your prior consent.

Purposes for which it is only voluntary for you to provide your personal data are:

a. provide the most suitable treatment and product suggestions to you;

b. to enable us better to understand the demographics of our customers for internal research and analysis to enable us to provide rewards, services and product information or offerings better tailored to your needs;

c. market research;

d. to distribute customer satisfaction survey;

e. to send out VIP newsletters and VIP program updates; and

f. direct marketing including :

a. communicating to you regarding new product launch and other promotional offers, including where applicable, skincare products, body care products, hair care products, health supplements and facial services, body care services and hair removal services;

b. communicating on-counter or out of counter services and events related to skincare, body care, hair care products for promotion or reward purpose;

c. marketing reward programs, birthday celebration offers, free sampling, digital campaigns, roadshow/outpost, in store promotion updates;

d. communicating joint promotion or events with shopping malls, department stores, credit cards, banks, trades, celebrities, magazines, television, websites, mileage programs, cultural, art or musical societies/organizations, charities or nonprofit organizations

E. Disclosure and Transfer of Personal Data

To facilitate the purposes mentioned under "D. Purposes for which your Personal Data are Collected and Used", we may transfer, disclose, grant access to or share your Personal Data with third parties located within or outside Hong Kong, and your Personal Data may be transferred within or outside Hong Kong. These third parties may include the following:

a. any member of Dermagram (Hong Kong) Company Limited;

b. provides administrative, distribution, data processing, telemarketing, telecommunications, computer, or other services to or support the operation of Dermagram (Hong Kong) Company Limited’s business (including its/their direct marketing activities);

c. medical professionals, clinics, hospitals, insurers and/or loss adjustors;

d. any person, government or law enforcement authority or administrative organisation; any person under a duty of confidentiality to any member of Dermagram (Hong Kong) Company Limited (including accountants, legal advisers or other advisers);

e. any actual or proposed assignee or purchaser of all or any part of the business and/or asset of Dermagram (Hong Kong) Company Limited; and/or charitable or non-profit marking organisations.

The Personal Data you provide to us may also be sourced from or transferred to other jurisdictions outside Hong Kong for the purposes mentioned above.

F. Direct Marketing
If we intend to use your Personal Data (including your name and contact details) collected from you for direct marketing purposes (e.g. to send you marketing communications about news, offers or promotions in relation to the Services or Activities of Dermagram (Hong Kong) Company Limited), we will first obtain your consent (or an indication of no objection) before doing so.If we intend to use your Personal Data (including your name and contact details) collected from you for direct marketing purposes (e.g. to send you marketing communications about news, offers or promotions in relation to the Services or Activities of Dermagram (Hong Kong) Company Limited), we will first obtain your consent (or an indication of no objection) before doing so.If we intend to use your Personal Data (including your name and contact details) collected from you for direct marketing purposes (e.g. to send you marketing communications about news, offers or promotions in relation to the Services or Activities of Dermagram (Hong Kong) Company Limited), we will first obtain your consent (or an indication of no objection) before doing so.

If we intend to provide your Personal Data (including your name and contact details) collected from you to third parties for their use in direct marketing, we will first obtain your consent (or an indication of no objection) before doing so.

You may opt-out from receiving marketing communications from us at any time, free of charge by:

a. following the opt-out instructions contained in the communications, or

b. write to us at the address listed in "L. How to Access or Correct Your Personal Data or Contact Us".

G. Our Commitment to Children's Privacy

Protecting the privacy of children is our primary concern. Hence, we will not knowingly collect or maintain Personal Data in our database from persons who are under 16 years of age without prior consent from a parent or guardian.

H. Use of Cookies and Log Files

If you visit any of our websites, we may use cookie files to store and track information about you and your preferences. A cookie is a small text file that our website transfers to your computer's or device’s hard disk. We use cookies to better serve you and/or maintain your information across multiple pages within or across one or more sessions. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in future. However, if you disable cookies or refuse to accept a request to place a cookie, certain functionalities on our websites may not be available.

Cookies contain information about you and your preferences. Only the information that you provide, or the choices you make while visiting a website, can be stored in a cookie. For example, the site cannot determine your email name unless you choose to type it. Allowing a website to create a cookie does not give that or any other site access to the rest of your computer, and only the site that created the cookie can read it.

We may also collect information regarding your IP address, browser type, domain name and access time. This information is used for our own research purposes. As it is not linked to any personal information, it is separate from your Personal Data. In rare instances, IP addresses may be used to assist in deterring and/or preventing abusive or criminal activity on the website.

If you use the WiFi available at our properties, we may collect your location data (if you have consented to this on your device). We may use your location data to keep track of your activity patterns and preferences in order to improve the level of service you receive. Your location data may be combined with other information we receive from third parties to provide you with better service and, where you have consented to receive direct marketing, we may provide you with targeted advertisements, content, features, deals and offers in relation to the classes of marketing subject as set out in the relevant personal information collection statement when your Personal Data is being collected.

If you interact with us on social media platforms (for example if you "Like" our Facebook Page or post on our timeline), we can interact with you and send you messages via these platforms. We will interact with you in accordance with the social media platform's rules but we are not responsible for how the platform operators collect and handle your Personal Data. We are not responsible for what third parties post on our social media accounts.

I. Data Retention

Subject to any legal, statutory, regulatory or accounting requirements, the Personal Data you provide to us will be kept by us in the appropriate form only for as long as is necessary to fulfil the purposes mentioned above after which it will be destroyed.

J. Data Security

In order to ensure the correct use and to maintain the accuracy of the Personal Data collected from you, as well as preventing unauthorised or accidental access, processing, erasure or other use of the Personal Data, we have implemented various internal policies (including physical, electronic and management measures) to safeguard and secure the Personal Data we collect.

For example, where we collect Personal Data online, we use an industry standard for encryption over the Internet known as Secure Socket Layer (SSL) protocol, to protect the Personal Data.

Our websites have firewalls in place, which should protect the Personal Data collected from you against unauthorised or accidental access. However, complete confidentiality and security is not yet possible over the internet, and privacy cannot be assured in your communications to us. You are encouraged to protect against unauthorised access to your password. Make sure you sign out from your account when finished particularly when using a shared computer.

K. Other Websites

In order to anticipate your needs, our websites may contain links to third party sites that are operated under different privacy practices.

All such websites are independent from our websites. We have no control over the contents of such other websites or their privacy policies or compliance with the law. You should therefore be fully aware the provision of such links does not constitute an endorsement, approval, or any form of association by or with Dermagram (Hong Kong) Company Limited. We have no control over Personal Data that is submitted to these other websites. You should remain alert when you leave our websites, and read the privacy statements of other websites.

L. How to Access or Correct Your Personal Data or Contact Us

You are entitled to access or correct any Personal Data relating to you held by us. If you wish to obtain a copy of any of your Personal Data or if you believe that the Personal Data relating to you which we collect and maintain is inaccurate, please write to us at the address below.

A request for access to Personal Data, correction of Personal Data, or for information regarding policies and practices and kinds of Personal Data held by Dermagram (Hong Kong) Company Limited may be sent to us at the following address:

Marketing Department Room 2613-15, 26/F., Paul Y Centre 51 Hung To Road Kwun Tong Hong Kong

In accordance with the Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong), we have the right to charge a reasonable fee for the processing of any data access request.

M. Note

This Policy may be amended form time to time. You may access and obtain a copy of this Policy, as amended from time to time, at www.dermagramswiss.com.hk so that you are always informed of the way we collect and use Personal Data.

This Policy is written in the English language and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this Policy, the English version shall prevail.

Last update as of 5th Jul. 2018