PRIVACY NOTICE
OUR COMMITMENT
This privacy policy is intended to provide any natural person (hereinafter " you " or "the User ") visiting and/or using the services offered on the websites universkin.com (the " Site "), published by the company UNIVERSKIN, a simplified joint-stock company, located at 400 Avenue Roumanille - 06410 BIOT - France, registered with the Trade and Companies Register of Antibes under number 492 961 347, or any subsidiary of UNIVERSKIN operating in the country of residence of the User (hereinafter " UNIVERSKIN "), with all useful information on the processing of personal data carried out by UNIVERSKIN and its partners.
Your personal data is very important and any information collected will be treated responsibly. UNIVERSKIN is committed to strictly complying with its obligations under all applicable laws and regulations, including, but not limited to, the General Data Protection Regulation (EU) No. 2016/679 of 27 April 2016 ("GDPR"), the United States Health Insurance Portability and Accountability Act of 1996, as amended ("HIPAA"), the Canadian Personal Information Protection and Electronic Documents Act of 13 April 2000, as amended ("PIPEDA") and any other applicable national law in the territory where the patient resides (hereinafter collectively the " Applicable Personal Data Protection Regulations ").
UNIVERSKIN may process your personal data when you browse the Site for the purpose of
- obtain an automated analysis of your skin quality using the artificial intelligence tool developed by UNIVERSKIN (the “ Tool ”),
- ordering custom-made products adapted to your skin (the " Product ") or any other cosmetic product offered for sale by UNIVERSKIN,
- and more generally, to obtain all useful information on UNIVERSKIN's activities and the products it offers.
1. UNIVERSKIN QUALITY
When carrying out the processing of personal data identified below, UNIVERSKIN determines the purposes and means of the processing and acts, within the meaning of the Regulations applicable to the protection of personal data, as the Controller of the processing.
UNIVERSKIN undertakes to comply at all times with the requirements of the Regulations applicable to the protection of personal data and to process personal data only under the conditions provided for below.
2. MAPPING OF USER PERSONAL DATA PROCESSING
2.1. Processes performed during the use of the Tool:
|
Purpose |
Legal basis |
Categories of data processed |
|
To establish a dermatological analysis of the User's skin |
Consent |
|
|
Annotating and labeling data using Universkin's AI system |
Consent |
Qualifying Data |
|
Universkin AI System Training |
Consent |
Qualifying Data |
|
Drafting an indicative dermatological analysis using Universkin's AI system, supplemented by an external AI system |
Consent |
|
|
Unless the User objects, the purpose is scientific research. |
Scientific research |
|
|
Opening and managing the User's online account |
Implementation of the Site's general terms and conditions of use |
|
2.2. Processing carried out via the use of other Site functionalities:
|
To ensure the order taking, purchase and delivery of products ordered on the Site |
Implementation of the Site's general terms and conditions of sale |
|
|
Provide after-sales service |
Implementation of the Site's general terms and conditions of sale |
|
|
Complaints management |
Legitimate interest |
|
|
Sending the UNIVERSKIN newsletter (news and service offers) |
Consent |
|
|
Communicate with the User in response to any request for information via the contact form available on the Site, and/or any other means of communication (telephone, email) |
Consent |
|
|
Operational management of the Site and the Tool (ensuring its proper functioning and maintenance) |
Legitimate interest |
|
|
Prevention and detection of fraud, malware, and security incident management |
Legitimate interest |
|
|
Monitoring and analyzing traffic on the Site in order to improve its functionality and user experience |
Legitimate interest |
|
|
Statistics |
Legitimate interest |
|
3. SHELF LIFE
The personal data processed on the Site for the purposes of creating the Account, using the Tool and/or the Questionnaire, as well as the formulation of the Product and its order, are kept by UNIVERKSIN for the duration of the User's use of the Site, until the closure of their Account in accordance with the terms and conditions of use of the Site.
As an exception, the Qualifying Data used to train the Universkin AI model cannot be technically deleted.
The personal data collected on the Site via the contact form is kept for a period of three (3) years.
UNIVERSKIN retains the email address of the User who has registered for the newsletter until they unsubscribe (via the unsubscribe link included in the newsletters).
Beyond the aforementioned periods, the User's personal data may be archived for the legally required period to comply with UNIVERKSIN's legal obligations, particularly in the area of scientific research, as well as for evidentiary purposes for the observation, exercise or defense of its rights before a court.
4. RECIPIENTS OF PERSONAL DATA
To carry out the detailed processing, UNIVERSKIN transfers Patient Data to the following recipients:
- UNIVERSKIN employees for the purpose of annotating and labeling data;
- The UNIVERSKIN technical teams responsible for ensuring the operational management of the Site who have been authorized to process the data and who have received appropriate operating instructions, it being understood that any employee who accesses the Identification Data cannot access the Qualifying Data of the User;
- To UNIVERSKIN's partners in the conduct of scientific research when this data is used for scientific research purposes, in accordance with applicable data protection regulations and, in particular, with data processing requirements in the context of conducting such research;
- If UNIVERSKIN is involved in a merger, acquisition, asset sale, or insolvency proceedings, it may sell or share all or part of its assets, including the Site and the Personal Data processed therein. In this case, Users would be informed before their Personal Data is transferred to a third party.
- The categories of subcontractors detailed in Article 5 below;
- Third-party cookie publishers, under the conditions set out in Article 8 below
5. SUBCONTRACTORS
In the context of the aforementioned processing, UNIVERSKIN may use various subcontractors, acting solely on its instructions and subject to strict obligations of confidentiality, security, and compliance. The categories of subcontractors are as follows:
- An AI systems provider assisting the Tool in writing the analyses;
- A photo editor to optimize the processing of Qualifying Data by the Tool;
- An online sales platform publisher enabling the marketing of products on the Site;
- The Site's hosting providers, as mentioned in point 6 below, for the purpose of providing technical hosting and database management services;
- Payment service providers, for the purpose of settling orders for Products and/or any other product offered for sale by UNIVERSKIN on the Site, under security conditions in accordance with applicable banking regulations;
6. SECURITY MEASURES IMPLEMENTED
When UNIVERSKIN collects the User's Qualifying Data using the Tool, an automated pseudonymization process based on exhaustion followed by secure hashing with a private key of the data allows the User's Identification Data to be replaced by a code.
UNIVERSKIN strives to implement and maintain appropriate security and confidentiality measures to ensure adequate protection of the personal data processed, tailored to the risks posed by its processing to the rights and freedoms of the data subjects. These measures aim in particular to (i) protect personal data against destruction, loss, alteration, or disclosure to unauthorized third parties, and (ii) ensure the restoration of the availability of and access to personal data within appropriate timeframes in the event of a physical or technical incident. UNIVERSKIN also undertakes to implement a procedure for regularly testing, analyzing, and evaluating the effectiveness of its technical and organizational measures to ensure the security of data processing.
The Site is hosted in France by OVH (RCS Roubaix 424 761 419). The API present on the Site, which enables the optimal functioning of the Tool, hosts the Qualifying Data processed on the Site and the results of the analysis with Google Cloud France (RCS Paris 881721583).
The Qualifying Data is hosted in France by AWS, a certified Health Data Hosting provider. (RCS Nanterre 487482143).
In accordance with the applicable regulations on the protection of personal data, these hosting providers act as subcontractors of UNIVERSKIN. The hosting provider is not authorized to use the Personal Data it hosts, except for the purpose of providing technical hosting and database management services and only under the contractual conditions signed between the hosting provider and UNIVERSKIN, in compliance with the applicable regulations on the protection of personal data and, with regard to the hosting of health data, the HDS certification required by the Public Health Code.
7. USER RIGHTS REGARDING THEIR PERSONAL DATA
You have the right to request, at any time, the exercise of the following rights:
• RIGHT OF ACCESS: you have the right to request UNIVERSKIN to provide you with confirmation of the processing of your personal data as well as certain information on the processing carried out by UNIVERSKIN on your data, it being understood that this information is in any case provided in this personal data protection policy;
• RIGHT OF RECTIFICATION: you have the right to ask UNIVERSKIN to rectify, in particular by completing or correcting, all or part of the information held about you;
• RIGHT TO LIMIT PROCESSING: you can ask UNIVERSKIN that some of your data not be processed, in particular when you contest the accuracy of the data, when the data retention period has expired but you still need it to retain this personal data for the establishment, exercise or defense of a legal claim, or if you have objected to the processing;
• RIGHT TO ERASURE (“right to be forgotten”): to obtain the erasure of one’s personal data when it is no longer necessary for the purposes for which it was collected or when the User objects to the processing of personal data;
• RIGHT TO DATA PORTABILITY: you can obtain the communication of the personal data you have provided to UNIVERSKIN in a readable format, or request UNIVERSKIN to transmit the personal data you have provided to another data controller;
• RIGHT TO OBJECT: to object at any time, for reasons relating to his or her personal situation, to the processing of his or her Personal Data, in particular in the event that this objection relates to commercial prospecting, including profiling;
• WITHDRAWAL OF CONSENT: withdraw your consent to the future processing of your personal data by UNIVERSKIN, where the processing is based on consent;
• RIGHT TO LODGE A COMPLAINT: For Users residing in the territory of the European Union, if the User considers that the processing carried out by UNIVERSKIN constitutes a violation of his personal data, the right to lodge a complaint with the competent data protection authority of the Member State in which the User resides, or with the lead supervisory authority, the Commission Nationale de l'Informatique et des Libertés, online via the form provided for this purpose and available at https://www.cnil.fr/fr/plaintes or by mail to the following address: CNIL - 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07.
To exercise their rights, Users are invited to contact UNIVERSKIN's Data Protection Officer, Eric ELABD, at +33 (4) 93.00.11.96 or by sending an email to dpo@universkin.com. Users will be asked to provide proof of identity. This proof of identity will be stored in accordance with the terms of this agreement.
8. HYPERLINKS
The Site may contain hyperlinks to third-party websites. UNIVERSKIN has no control over the content of third-party websites referenced by hyperlinks. These websites are published by third-party companies independent of UNIVERSKIN. UNIVERSKIN therefore cannot assume any responsibility for the content, advertisements, services, or any other information or data available on or from these websites. Consequently, the User acknowledges being solely responsible for accessing and using these websites. UNIVERSKIN shall not be liable for any actual or alleged damages or losses arising from or related to the use of or reliance on the content, goods, or services available on these websites.
Users are not authorized to create hyperlinks to the Site. Creating links to the Site is only possible with the prior and express consent of UNIVERSKIN.
9. COOKIE AND SOCIAL NETWORK MANAGEMENT
UNIVERSKIN uses cookies to ensure the proper functioning of the Site and to track and analyze traffic on it. A "cookie" is a small data file sent to the User's browser by a web server and stored on their computer's hard drive. There is no risk of damaging the computer.
The information collected through cookies is solely and strictly intended for UNIVERSKIN, in accordance with applicable data protection regulations. Third-party cookies (Google, Facebook, etc.) allow these publishers to access the information collected through their cookies.
UNIVERSKIN uses the following cookies:
Performance cookies
These cookies allow the Site to provide features and personalize the user experience, based on previous visits and selections.
Cookie name
Storage period
Live Chat (Live Chat Inc.)
3 years
Sentinel
3 years
Statistics cookie
These cookies allow us to differentiate between visitors and to compile statistics on Site usage by Users, such as the frequency, duration and recurrence of visits.
Cookie name
Storage period
gid (Google Analytics)
A day
g (Google Analytics)
14 months
gat (Google Analytics)
A day
The User is free to consent to the use of all or some of the cookies (other than those strictly necessary for the operation of the Site) used by UNIVERSKIN on the Site. The User is also free to withdraw their consent to the use of cookies at any time by clicking on the following link: info@universkin.com .
The user can also configure their browser to accept or disable cookies. Instructions regarding cookies for the most commonly used browsers are available at the following links:
— Windows Internet Explorer®:
https://support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies
— Mozilla Firefox®: https://support.mozilla.org/fr/kb/auteur-bloquer-cookies-preferences-sites
—Google Chrome®: https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DiOS&hl=fr
— Apple Safari® (iPhone; iPad): https://support.apple.com/fr-fr/HT201265
— Apple Safari® (Mac): https://support.apple.com/fr-fr/guide/safari/sfri11471/mac
— Disabling Google Analytics: https://tools.google.com/dlpage/gaoptout
The Site uses the following social media plugins:
— Facebook® and Instagram®, operated by Facebook Inc., whose headquarters are located at 1601 S. California Ave, Palo Alto, CA 94304, USA;
— Linkedin ®, operated by Microsoft Inc., whose headquarters are located at 599 N Mathilda Avenue, Sunnyvale, USA;
— YouTube® , operated by Google Inc., headquartered in Mountain View , California, United States;
— Pinterest®, operated by Pinterest Inc., headquartered in Palo Alto, California, USA.
When the User interacts using these plugins, their browser establishes a direct connection with the servers of the corresponding social network. The plugin content is immediately transmitted from the User's browser to the social network and stored on its servers. By integrating this plugin, the social network is informed that the User has visited the Site. It can then associate the User's browsing activity on the Site with their user account on that social network, if applicable. If the User does not want the social network to collect data about them through the Site and link it to their user account on the social network, the User must log out of the corresponding social network before logging into the Site. If the User is not a member of the social network, it is still possible for the network to collect and store their IP address.
In any event, UNIVERSKIN has no control over the exact content of the data collected. The use of the plugins is operated exclusively by the social networks and governed by their terms of service, available at the following addresses:
— For Facebook: https://fr-fr.facebook.com/policies/
— For YouTube : https://support.google.com/youtube/answer/9315727?hl=fr
— For Pinterest: https://policy.pinterest.com/fr/privacy-policy
— For LinkedIn : https://www.linkedin.com/help/linkedin/answer/1828/suprimer-le-cache-et-les-cookies?lang=fr
— For Instagram: https://help.instagram.com/1896641480634370
Facebook® and Instagram® are registered trademarks and are owned exclusively by Facebook Inc.
Pinterest® is a registered trademark and is owned exclusively by Pinterest Inc.
LinkedIn® is a registered trademark and is owned exclusively by Microsoft Inc.
Youtube ® is a registered trademark and is owned exclusively by Google Inc.
10. CHANGES TO THE PRIVACY POLICY
This Privacy Policy may be modified, supplemented, or updated at any time by UNIVERSKIN, particularly to reflect any legal, regulatory, jurisprudential, and/or technical developments, with the aim of ensuring the best possible protection of the User's personal data at all times. UNIVERSKIN will inform Users of any updates to the Privacy Policy by email at least fifteen (15) days before the effective date of the modification. If the User does not agree with the terms of the new version of this policy, they are free to request the closure of their Account and the deletion of their Personal Data by writing to the following address: info@universkin.com .