SkinStation (hereinafter referred to as “we”, “us”, or “our”) is committed to “giving the best value in skin and body solutions” through our treatment procedures, from slimming to anti-aging, whitening and firming, to our highly popular diode laser hair removal treatment, state of the art equipment, our exclusive professional skin care product line, and the latest and safest ingredients at clinical strength that is definitely at par with the world’s best skin care products. All of these with affordable prices and with guaranteed results.
Notwithstanding, SkinStation is also committed to protecting customer’s personal data from which we ensure all personal data under our custody is process fairly and lawfully from collection to disposal.
In compliance with Republic Act No. 10173, also known as the “Data Privacy Act 2012” (“DPA”) in brevity and its “Implementing Rules and Regulations” (“IRR”) in brevity, issued by the National Privacy Commission, we shall adhere to the following principles in the processing of our customers’ personal data.
In compliance thereto, we have adopted the principles contained in the DPA, its IRR and any other issuances of the National Privacy Commission. TheAct governs the manner of our collection adhering to privacy principles of transparency, proportionality, and legitimate purpose.
- We will inform you the purpose of our data collection.
- We will inform you of your rights as “Data Subject”
- We will process your personal data based on our declared purpose stated below and to the consent form that you signed in.
We will only collect personal data that is relevant to our project from which you will benefit.
This Privacy Notice outlines SkinStation’s ongoing obligation to you in respect of how we manage your personal data.
WHAT DO WE CONSIDER PERSONAL DATA
Personal Data – it refers to any type of personal information.
We consider three (3) types of personal data.
Personal Information – as defined in RA 10173, it is any information whether recorded in a material form or not from which the identity of individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual. Here are some of the Personal Information that we collect:
- Copy of Valid ID
- Full Name
- Delivery Address
- Email Address
- Contact No.
- Location Data
Sensitive Personal Information – refers to personal information peculiar to a person. Here are some of the Sensitive Personal Information that we collect:
- Payment information including to make purchases (e.g. Credit Card No., expiration date)
- Medical History and Treatment Record/s
- We also collect your Usage Data and may include information such as your computer’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
- When you access Service with a device, Usage Data may include information such as the type of device you use, your device unique ID, the IP address of your device, your device operating system, the type of Internet browser you use, unique device identifiers and other diagnostic data.
Privilege Information – refers to any and all forms of data which under the Rules of Court and other pertinent laws constitute privileged communication.
- All communications between doctor and patient/customer
HOW DO WE COLLECT PERSONAL DATA
Personal Data will be collected when you:
- Avail our products and services by filling up registration forms at our branches.
- Used our website https://skinstation.ph/ for “Contact Us”, and “Chat Now” service and our website has link to go directly to our webstore.
- Used our webstore https://webstore.skinstation.ph/#/ for “Online Registration”, “Online Purchase” and “Online Booking” and our webstore has link to return to our website.
- Connect to our social media accounts; Facebook and Instagram.
- Email us at firstname.lastname@example.org
- Access our mobile apps in both IOS and Android Versions.
WHAT IS OUR PURPOSE OF COLLECTING PERSONAL DATA
We are collecting your Personal Data for the following reasons:
- For Collecting Photo (Webstore and Branches) – providing is not required but encouraged, to quickly verify and to quickly address all transactions with us.
- For Collecting Copy of ID – providing is required if and only if the purpose is to pick-up your purchase from our branches and to verify your account online and you have an access to edit or correct your name freely using your webstore account.
- For Collecting Full Name – providing is required for correct profiling of your account and quick verification upon recovery and other transactions, and you have an access to edit and update your Full Name freely using your webstore account.
- For Collecting Delivery Addresses – providing is required if and only if you purchased online and chose delivery option, and you have an access to update or remove your address freely using your webstore account.
- For Collecting Contact Information – providing phone numbers and email addresses is required, to keep you notified on your every transaction with us and your upcoming appointment schedule to our branches, and you have an access to edit and update your contact information freely using your webstore account.
- For Collecting your Birthday Details – providing is required if and only if you signed up as our elite member, to verify your birthday by our authorized employees and notify you on the promos you can avail as elite member during your birthday, and you have an access to edit and correct your birthday freely using your webstore account.
- For Collecting your Usage Data – We use the data collected to provide better applications and services and improve your customer experience.
- For Collecting your Location Data – We use the data collected to improve your booking experience and we will allow you to choose whether you want to always be tracked or only when you are visiting our service or application.
- For our records – to process your needs with our organization.
- For account maintenance – to administer any consumer loyalty or rewards programs that are associated with your account.
- For Marketing Communications – to provide you updates on our Promos and Events (including information about SkinStation, its products and services, competitions and promotions through SMS.
- For Security Purposes – to protect our clients from account theft, and all records (medical and treatment record, purchase history) are viewable only by our authorized employees and our client. To protect our employees from the clients on our blacklist due to inappropriate treatment to the staffs.
- In case of Medical History and Treatment Record – to be able to provide you with quality service and have knowledge of the particular treatment provided to you.
OUR AUTHORIZATION TO COLLECT PERSONAL DATA
Before we collect your Personal Data, we will explain to you the purpose of collecting your personal data and how we plan to use it. By voluntarily subscribing in to all of our channels you are giving us consent and authority to process your personal data which only for the duration of the declared purpose.
DATA DISCLOSURE AND SHARING
We ensure that your personal data is strictly confidential and will not be shared to anyone outside SkinStation’s working group. Access thereto is restricted to SkinStation’s authorized employees, consultants and contractors only. They will be provided with a limited access to allow them in carrying out their responsibility with regard to the conduct of our business. We make sure that our employees sign a Non-Disclosure Agreement prior to their deployment and we require our contractors to sign an Outsourcing Agreement in order to secure and keep your personal data confidential.
Your medical history and treatment record are strictly for our Doctor’s record only. All communications are considered privileged by law and a Memorandum of Agreement is also in place requiring our Doctors to protect and secure your health information.
Your personal data may be disclosed to government entities pursuant to and in compliance with applicable laws and regulations, subpoena or court order.
PERSONAL DATA SECURITY
We want to ensure that your personal data to us is secured. In order to do that, SkinStation will undertake and implement reasonable security measures from the time of collection, storage, use, access, transfer, and disposal of your personal data.
Your personal data will be kept in a manner that is free from any accidental or unlawful processing. SkinStation will only retain your personal information for as long as it is necessary for the stated purpose, taking into account also our need to answer queries or resolve problems, provide improved and new services, and comply with legal requirements under applicable laws.By the time your personal data is no longer necessary, it will be anonymized and will be removed in our filing system to prevent unauthorized access, disclosure, and further use.
ACCESS, OBJECTION AND CORRECTION
We are expecting all personal data you provided us is accurate.
You have afforded rights in relation to the personal information you have consented to share or disclose with SkinStation, including the right to access, correction, and objection to the processing, including the right to lodge a complaint with the National Privacy Commission.
If you want to view your personal data or if you find it erroneous, incomplete or outdated, kindly inform us anytime by clicking on the chat widget located at the bottom right side of your screen. Our Customer Service team is available from 10:00AM – 6:00PM (Monday – Sunday), daily or visit any SkinStation branch near you.
If you want your personal data to be retrieved, unsubscribed or be removed in our processing system, kindly contact us through the information below and we may request for identification from you before we release or unsubscribe you in our processing system.
Designation – DPO
Contact No. – 02 (8405-5780)
Email – email@example.com
Address – Unit 404 Executive Building 369 Gil Puyat Ave., cor. Makati Ave.
BREACH AND SECURITY INCIDENTS
While SkinStation commits to prevent unauthorized processing of your personal data, a Data Breach Response Team (DBR Team) was created to contain any breach in case of its occurrence. The DBR team will be responsible for timely action in the event of a breach which includes the assessment of the breach and Identifying its severity.
There will be periodic reviews in our processing system to make sure that your personal data is well protected.
PRIVACY NOTICE COMPLAINTS AND INQUIRIES
If you have any queries regarding our Privacy Notice, please contact us through this email firstname.lastname@example.org
Our Privacy Notice may be updated from time to time if there are changes in the processing of your personal information and to comply with the government and regulatory requirements.
By using SkinStation’s website or by giving us your personal information, you accept the practices described in this Privacy Notice. If you do not agree to this Privacy Notice, do not give us your personal information.