PRIVACY POLICY

INSTYTUTUM AG is a company registered in Switzerland with the main office at Gubelstrasse 12, 6300 Zug, Switzerland, company registration number: CHE-440.903.330 (hereinafter — we, our, us) that operates this Website (hereinafter — Website).

The protection of your personal data is very important to us. We are committed to protecting the privacy of individuals who visit the Website and who make use of its on-line facilities. In this Privacy Policy, we would like to inform you of all the details of the collection, processing, and use of personal data.

Kindly note, you accept this Privacy Policy by accessing, browsing or using in another way of the Website, despite any additional consents you will be asked to give us during your use of the Website. It is completely on your responsibility to read this Privacy Policy.

1. Information we collect

1.1. While using our Website, you may decide to provide us with certain information about you by completing online forms, registering on our Website, making orders, contacting us, etc. The types of personal information you may provide to us include, but not limited to: name, contact information (address, e-mail address, telephone number, fax number), billing information (such as your payment card number, expiration date, delivery address, and billing address), username and, personal preferences, interests in and use of various products and services, content of communication with us, and photos in case of use of the Personalized Care Program. You do not have to provide listed above and below personal data to access the Website but certain functionality will not otherwise be available to you.

1.2. Once you visit our Website we may automatically collect some information that cannot be readily used to identify you, e.g. the domain name and IP address of your computer, type of browser you are using, operating system and platform, technical information, geographical location information about your visit to our Website (length of visit, products you viewed, page response time, navigation paths, as well as information about the timing, frequency, and pattern of your service use, etc.). We may use this information, individually or in the aggregate, for technical administration of our Website, analytic tracking system, research, and development. The legal basis for this processing is our legitimate interests, for monitoring and improving our Website and services.

2. Processing of personal information

We protect your data by limiting access to your data only to persons that need access to conduct or facilitate any transaction between you and us, or persons that otherwise need to complete activities outlined in this section.

2.1. We may process your information included in your personal profile on our Website. The profile data may include your name, address, telephone number, email address, profile pictures, gender, date of birth, relationship status, interests and hobbies, educational details and employment details. We do not knowingly collect information about people under 18 years old. The profile data may be processed for the purposes of enabling and monitoring your use of our Website and services, creating and managing your personal profile, operating our Website, providing our services, ensuring the security of our Website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is our legitimate interests for the proper administration of our Website and business.

2.2. We may process information that you post for publication on our Website or through our services. The publication data may be processed for the purposes of enabling such publication and administering our Website and services. The legal basis is our legitimate interests for the proper administration of our Website and business.

2.3. We may process information contained in any inquiry you submit to us regarding goods and/or services. The inquiry data may be processed for the purposes of offering, marketing and selling relevant goods and/or services to you. The legal basis is our legitimate interests for the proper administration of our Website and business.

2.4. We may process information relating to our customer relationships, including customer contact information. The customer relationship data may include your name, your employer, your job title or role, your contact details, and information contained in communications between us and you. The customer relationship data may be processed for the purposes of managing our relationships with customers, communicating with customers, keeping records of those communications, assisting with product selection and making recommendations to you, and promoting our products and services to customers. The legal basis for this processing is the proper management of our customer relationships.

2.5. We may process information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our Website. The transaction data may include your contact details, your card details, and the transaction details. The transaction data may be processed for the purpose of accepting of your orders and fulfillment of agreements between you and us, processing your payment, supplying the purchased goods and services and keeping proper records of those transactions. The legal basis is our legitimate interests for the proper administration of our Website and business.

2.6. We may process information that you provide for subscribing you to our email and/or sms notifications and/or newsletters, as well as for other types of communications regarding our products, services and promotional materials. Under this Privacy policy the Customer confirms our legitimacy right to make internet and telephone mailing aimed at the proper administration of our Website and business and promotion of our products and services. To opt-out of receiving the Newsletter and/or other e-mail communications from us, you can follow the instructions at the end of the applicable e-mail message, contact us via mail at the address listed in Section 12 “Contact Us,” or call us at 41415112050.

2.7. In addition to the specific purposes for which we may process your personal data set out in this section, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

3. Use of The Personalized Care Program

3.1. Applying for use of the Personalized Care Program (the “Service”) you accept this Privacy Policy in part that you agree that the data specified in the registration form on the Service page, including by taking a photo of yourself (selfie)or uploading a photo of your face, skin, may be processed to enable this Service for the purpose of informing you about the assessment of the cosmetic preferences for your skin and provision of recommendations about skin enhancement tools, methods, technologies. Please note, that our Service does not provide medical advice, diagnosis, or treatment. Recommendations are cosmetic in nature and should not be considered a substitute for professional medical advice. By giving your consent, you acknowledge that the provision of your photo, description of your skin, selfie, or other visual image is not data concerning health. We retain relevant data only for the purpose of the ongoing monitoring of the results of the use of our products. For the use of the Service you must confirm that you are at least 18 years of old.

4. Providing your personal data to others

We do not rent lists, sell or otherwise disclose personal information we collect, except as described hereunder. We may share your personal to complete the activities outlined in this section.

4.1. We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company, and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.

4.2. We may disclose your personal data to our service providers who perform services on our behalf based on our instructions, insurers and professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice and provision of services.

We may share your personal data with our service providers who are involved in our business processes.

Examples of personal data usage by our service providers:

  • We pass your delivery address and telephone number to our warehouse to complete, fulfill, manage and communicate with you about your orders;
  • We pass your delivery address and telephone number to our shipping service providers in case they need to contact you directly if there is a problem with your delivery. Our shipping service providers are FedEx, DHL, UPS, USPS. Privacy Policies of our service providers are available at their Websites accordingly;
  • We pass certain personal information to payment management companies to enable them to verify your credit or debit card details (as stated in paragraph 4.3.);
  • We pass your personal information to service providers that assist us with our marketing and data analytics efforts to inform you and make recommendations about our products and INSTYTUTUM Offerings, including sales, special offers, and new Website features and to send you other promotional communication. Our marketing and data providers are Google and Mailchimp. Privacy Policies of our service providers are available at their Websites accordingly.

We do not authorize these service providers, insurers and professional advisers to use or disclose personal information except as necessary to perform services on our behalf or comply with legal requirements.

4.3. Financial transactions relating to our Website and services are handled by our payment services providers Six Payment Services, PayPal and American Express. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers' privacy policies and practices at:

Additional information is available upon request. Please contact us via mail at the address listed in Section 14 “Contact Us,” or call us at 41415112050

4.4. In addition to the specific disclosures of personal data set out in this section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

5. Service Providers

We may employ third party companies and individuals to facilitate our Service ("Service Providers"), provide the Service on our behalf, perform Service-related services or assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

5.1 Analytics
We may use third-party Service Providers to monitor and analyze the use of our Service.

5.1.1 Google Analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.
For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en

5.2 Behavioral Remarketing
INSTYTUTUM AG uses remarketing services to advertise on third party websites to you after you visited our Service. We and our third-party vendors use cookies to inform, optimise and serve ads based on your past visits to our Service.

5.2.1 Google Ads (AdWords)
Google Ads (AdWords) remarketing service is provided by Google Inc.
You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads
Google also recommends installing the Google Analytics Opt-out Browser Add-on - https://tools.google.com/dlpage/gaoptout - for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.
For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en

5.2.2 Facebook
Facebook remarketing service is provided by Facebook Inc.
You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950
To opt-out from Facebook's interest-based ads, follow these instructions from Facebook: https://www.facebook.com/help/568137493302217
Facebook adheres to the Self-Regulatory Principles for Online Behavioural Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/, or opt-out using your mobile device settings.
For more information on the privacy practices of Facebook, please visit Facebook's Data Policy: https://www.facebook.com/privacy/explanation

5.2.3 AdRoll
AdRoll remarketing service is provided by Semantic Sugar, Inc.
You can opt-out of AdRoll remarketing by visiting this AdRoll Advertising Preferences web page: https://app.adroll.com/optout
For more information on the privacy practices of AdRoll, please visit the AdRoll Privacy Policy web page: http://www.adroll.com/about/privacy

6. International transfers of your personal data

In this Section, we provide information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).

6.1. We share your personal data with third parties outside the European Economic Area (EEA) in order to perform third party services on our behalf that comply with legal requirements. Transfers to each of these countries will be protected by appropriate safeguards namely the use of standard data protection clauses, adopted or approved by the European Commission.

6.2. The hosting facilities for our Website are situated in the USA, Chicago, Singlehop datacenter services. Transfers to hosting facilities are protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission.

6.3. If you are visiting this Website from a country other than the country in which our server is located, your communications with us may result in the transfer of information across international boundaries. By visiting this Site and/or otherwise communicating electronically with us, you consent to such transfers. Even if your jurisdiction does not have the same privacy laws as the jurisdiction where our server is located, we will treat your information as subject to the protections described in this Privacy Policy.

7. Retaining and deleting personal data

This Section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.

7.1. We may keep your personal information only for so long as is necessary or where we have a legitimate interest to continue doing so. Where We no longer requires information to be in a format where you can be identified personally, e.g. where we keep information for analytical and research purposes or transaction information, we will remove any personal details about you.

7.2. Your personal data will be retained for a minimum period of 2 years following the acceptance of Privacy Policy, and for a maximum period of 3 business days following the notice of unsubscription or request for data removal.

7.3. Notwithstanding the other provisions of this Section 7, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another person.

8. Amendments

8.1. We may update this policy from time to time by publishing a new version on our Website.

8.2. We may change or modify this Privacy Policy at any time in our sole discretion. Such change(s) will be effective immediately upon posting of the change or modification on this Site. We may also elect to notify you of data privacy changes by additional means, such as sending you an email. Your continued use of our Website constitutes your acceptance of the terms of the Privacy Policy as updated or changed by us from time to time.

8.3. We may change or modify this Privacy Policy at any time in our sole discretion. Such change(s) will be effective immediately upon posting of the change or modification on this Site. We may also elect to notify you of data privacy changes by additional means, such as sending you an email. Your continued use of our Website constitutes your acceptance of the terms of the Privacy Policy as updated or changed by us from time to time.

9. Your rights and responsibilities

In this Section, we have summarized the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

9.1. You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data.

You can access your personal data by entering your personal account/cabinet when you are logged in on our Website (https://instytutum.com/account/).

9.2. You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

9.3. In some circumstances, you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; For compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.

9.4. In some circumstances, you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

9.5. To help us protect your privacy, be sure: not to share your user ID or password with anyone else; to log off the Website when you are finished; to provide us true, accurate and complete information; not to use our Website if you are younger than 18 years old; not to provide us information about anyone else unless you have their permission to do so.

9.6. Should you wish to know more about what information we hold about you including making changes to, or requesting the deletion of, information that we hold about you, you are also entitled by law to make a Data Subject Request. You can make such a request by emailing us at [email protected] Please note that we may need to exclude certain information as part of your request, e.g. in order to protect the privacy of other individuals or if we are permitted to exclude the information for legal or other reasons.

9.7. Please be advised that deleting your personal information will limit our ability to contact you in connection with the INSTYTUTUM offerings, which may limit your ability to utilize the INSTYTUTUM offerings.

9.8. California Privacy Rights. California law permits residents of California to request notice of how their information is shared with third parties for direct marketing purposes or to opt-out of such sharing. If you are a California resident and would like a copy of this notice or to opt-out, please send us a request to [email protected].

10. Cookies

10.1. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

10.2. Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

11. Cookies that we use

11.1. We use cookies for the following purposes: authentication - we use cookies to identify you when you visit our Website and as you navigate our Website; status - we use cookies to help us to determine if you are logged into our Website; personalization - we use cookies to store information about your preferences and to personalize the Website for you; security - we use cookies as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our Website and services generally; advertising - we use cookies to help us to display advertisements that will be relevant to you; analysis - we use cookies to help us to analyze the use and performance of our Website and services; cookie consent - we use cookies to store your preferences in relation to the use of cookies more generally.

12. Cookies used by our service providers

12.1. Our service providers use cookies and those cookies may be stored on your computer when you visit our Website.

12.2. We use Google Analytics to analyze the use of our Website. Google Analytics gathers information about Website use by means of cookies. The information gathered relating to our Website is used to create reports about the use of our Website. Google's privacy policy is available at https://www.google.com/policies/privacy.

12.3. Analytics cookies allow us to understand more about how many visitors we have to the Website, how many times they visit our Website and how many times a user viewed specific webpages within our site. Although analytics cookies allow us to gather specific information about the pages that you visit and whether you have visited our Website multiple times, we cannot use them to find out details such as your name or address.

13. Managing Cookies

13.1. If you do not want to accept cookies from our Website, you can change your browser settings so that cookies are not accepted. If you choose to do this, please be aware Website may no longer function as intended.

13.2. All popular browsers (e.g. Chrome, Internet Explorer, Firefox, Opera and Safari) allow you to amend your cookie settings so that cookies are no longer enabled across all Websites that you visit. You can find information explaining how to disable cookies for the main browsers in the ‘Where to find information about controlling cookies’ section at the Information Commissions Website https://ico.org.uk/your-data-matters/online/cookies/.

14. How to contact us

For questions regarding the processing of your personal data please contact:

INSTYTUTUM AG, Gubelstrasse 12, 6300 Zug, Switzerland,

Tel.: +41 41 511 20 50, e-mail: [email protected]

We always welcome and greatly appreciate your feedback, any comments or suggestions, which may contribute to a better quality of our work.
 
Thank you for choosing INSTYTUTUM

Effective date: of May 24, 2018

GET A 10% DISCOUNT & FREE SHIPPING
BY SUBSCRIBING TO OUR NEWSLETTER
Email
In our skintellectual community:
  • exlclusive offers;
  • tips from our Experts;
  • early announcement of new products.
I have read ang agree to the Privacy Policy.
Thank you for joining
our skintellectual community!
Check your e-mail (“Promotions” and “Spam” folders) to confirm your subscription, and you’ll receive your discount immediately!
Get 10% off
Get a 10% discount and free shipping
by subscribing to our newsletter!
Exclusive deals & beauty tips
Email