Privacy Policy
Last updated: January 2024
Opt-out options: DO NOT USE MY DATA >>
I. INTRODUCTION. REGIONAL PATTERNS (CALIFORNIA)
AIBY Inc. (“we,” “us” or “our”) takes your privacy seriously. This Privacy policy (“Privacy policy”) explains our data protection policy and describes the types of information we may process when you access, use and/or interact with us via the website available at https://onskin.ai/ (hereinafter, the “Website”).
Note that the present Privacy policy is applicable only with respect to data that may be collected, stored, processed when you access and/or use the Website. This Privacy policy does not apply to data that is collected, stored, processed when you access and/or use onSkin mobile App introduced on the Website (hereinafter, “onSkin App”). Therefore, if you want to learn more about data processing practices applicable to onSkin App introduced on the Website, please visit the corresponding onSkin App Privacy Policy.
The Website is developed for general information and promotional purposes. It contains detailed description of functionalities and reviews of the onSkin App, information about the onSkin App team.
When we refer to personal data (or personal information) we mean any information of any kind relating to a natural person who can be identified, directly or indirectly, in particular by reference to such data. It is a natural person who can be identified directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social status.
The scope of data we process may vary depending on the types of actions and operations you perform using the Website (see Section II for more details). Nevertheless, the provisions of this Privacy policy are applicable to any persons who visit or use the Website (collectively, “users”).
For the purposes of the GDPR, we are the data controller, unless otherwise stated.
PLEASE READ CAREFULLY THE FOLLOWING PRIVACY POLICY, FOR INFORMATION REGARDING THE WAYS YOUR PERSONAL INFORMATION MAY BE PROCESSED. WHEN YOU USE THE WEBSITE YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREED TO BE BOUND BY THIS PRIVACY POLICY.
IF YOU ARE A CALIFORNIA RESIDENT PLEASE READ THE FOLLOWING IMPORTANT NOTICE
Under the California Consumer Privacy Act of 2018 (CCPA) California residents shall have the right to request:
- the categories of personal information that is processed;
- the categories of sources from which personal information is obtained;
- the purpose for processing of user personal data;
- the categories of third parties with whom we may share your personal information;
- the specific pieces of personal information that we might have obtained about a particular user provided that the data given in the request is reliable enough and allows us to identify the user.
Please use the navigation links through this Privacy policy:
PERSONAL INFORMATION
All about the categories of information, its sources and purposes of processing >>
Please mind that according to CCPA personal information does not include de-identified or aggregated consumer information.
SHARING
How your information can be shared >>
Please note that all third parties that are engaged in processing user data are service providers that use such information on the basis of agreement and pursuant to business purpose.
OPT-OUT OPTIONS
If you don’t want us to collect and/or process your information any more please contact us at [email protected]. Note that if you decide to opt out of data collection and processing this can affect some Website functions and you may not be able to use all features of the Website to the fullest extent possible.
REQUESTS
To submit a verifiable consumer request for access, portability or deletion of personal data please contact us at [email protected]. Please include in the text of your request the wording “Your rights to maintain confidentiality in the state of California”.
When submitting a verifiable request, you should be ready to:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include: name, address, city, state, zip code and email address. We may use this information to surface a series of security questions to you to verify your identity. If you are making a request through an authorized agent acting on your behalf, such authorized agent must provide written authorization confirming or a power of attorney, signed by you.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We will not be able to respond to your request or provide you with personal information if we cannot: (i) verify your identity or authority to make the request; or (ii) confirm that the personal information relates to you. We may ask you for additional information or documents to verify your identity. We may also carry out checks, including with third party identity verification services, to verify your identity before taking any action with your personal information. This is regarded as a safeguard measure to prevent disclosure of your personal information under a fake or scum request.
We ensure that personal information provided in a verifiable consumer request will be used only to verify the requestor’s identity or authority to make the request and not for any other purpose. We will keep it for the adequate term reasonably needed for the purpose described above and delete after the purpose is fulfilled.
We try to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. Please note that we are only required to respond to two requests per customer each year.
EQUAL RIGHTS
Nothing in the way we deal with your request shall be interpreted as discrimination, which means that we will not set up different pricing or products, or different level or quality of services for you, if you choose to exercise your rights. However, in some circumstances, we may not be able to provide services if you choose to delete your personal information from our records.
SALE OF DATA
We do not sell any of your personal data to third parties.
II. INFORMATION WE PROCESS
There are several categories of information that may be processed when you access, use and/or interact with the Website.
Information that you voluntarily provide to us
We may collect, store and process information about your email address when you subscribe to our newsletters on the Website. We use such information to send you news related to onSkin App and the Website.
Also, we may collect, store and process some information when you use the form available within the “Contact us” section on the Website (hereinafter, “Contact us” form). In particular, if you decide to make a request via the “Contact us” form, the following categories of information are voluntarily provided by you: your name, email address, the text of your message and/or any files that you optionally choose to attach to your request. We use the information submitted by you solely for the purpose of considering and responding to your requests (if necessary).
To collect, store and process the information that you voluntarily provide us, we use the services of Advanced Hosters B.V.
Information that is processed automatically
When you access, use and/or interact with the Website, some information about your device and your user behavior may be processed automatically. This information is generally non-personal, i.e. it does not, on its own, permit direct association with any specific individual, and we may access it only in aggregated form. We process this information on the ground of our legitimate interest for improving the Website and giving our users the best experience.
We may use third-party automatic data processing technologies to analyze certain information sent by your device via the Website (analytics or advertising tools). Some of them may launch automated processing of your personal data, including profiling, which means any form of automated processing of personal data used to evaluate certain personal aspects relating to you, in particular to analyze or predict aspects concerning your personal preferences, interests, behavior, location or movements (see the list of data described below). Processing information through automatic data processing technologies starts automatically when you first time access the Website.
- Device Details. When you use a device (computer, laptop / tablet / phone) to access the Website, some details about your device are reported, including “device identifiers”. Device identifiers are small data files or similar data structures stored on or associated with your device, which uniquely identify your device (but not your personality). Device identifier enables generalized reporting or personalized content and ads by the third parties.
What data may be processed:- Information about the device itself: type of your device, type of operating system and its version, model and manufacturer, screen size, screen density, orientation, audio volume and battery, battery life, loading time, latency, framerate, device memory usage.
- Information about the Internet connection: mobile carrier, network provider, network type, IP address, timestamp and duration of sessions, speed, browser and version, browser language.
- Location-related information: IP address, the country code/ region/ state/ city associated with your SIM card or your device, language setting, time zone.
- Device identifiers: advertising identifiers, Identity For Advertisers for iOS devices.
- Cookies and similar technologies. When you access, use and/or interact with the Website, cookies and similar technologies may be used (pixels, web beacons, scripts). A cookie is a text file containing small amounts of information which is downloaded to your device when you access the Website. The text file is then sent back to the server each time you use the Website. This enables us to operate the Website more effectively. For example, we will know how many users access specific areas, content or features within the Website and which links they clicked on. We use this aggregated information to understand and optimize how the Website is used, improve our marketing efforts, and provide content and features that are of interest to you. Third party analytics tools use cookies or similar technologies for the purpose of analyzing the Website traffic.
- Log file information. Log file information is automatically reported each time you make a request to access the Website. When you use the Website, analytics tools automatically record certain log file information, including time and date when you start and stop using the Website, and how you interact with the Website.
Information provided automatically to analytics or advertising tools does not generally come to our control, therefore, we cannot be responsible for processing such information. Please mind that some services are engaged in personal data profiling and may obtain information related to your personality and/or your device by using technologies that do not belong to our scope of responsibility.
Email newsletters
If you subscribe to newsletters we may use the information about your email address to send you such newsletters regarding special subscription offers, new features and functionalities and other news related to onSkin App and/or the Website on the grounds of our legitimate interests. Sending you newsletters will allow you to stay up to date and receive the latest news about onSkin App and the Website, including about the best price offers. You may unsubscribe, opt-out of receiving newsletters to your email address at any time by using the resignation link provided in each email you receive from us. Your unsubscribe request shall be honored within a reasonable period of time.
III. THE PURPOSES OF PROCESSING YOUR DATA
Our mission is to constantly improve the Website and provide you with better user experiences. As part of this mission, we use your information for the following purposes:
(a) To make our service available and ensure the efficient operation of the Website. We use information that you voluntarily provide to us and information that is processed automatically to provide you with all requested services and to ensure the efficient operation of the Website according to its intended purpose.
(b) To improve, test and monitor the effectiveness of the Website. We use the information that is processed automatically to better understand user behavior and trends, detect potential outages and technical issues, to operate, protect, improve, and optimize the Website.
(c) To communicate with you. We may use information that you voluntarily provide to us via our support channels and contact forms for the purposes of processing and responding (if necessary) to your requests, receiving your feedback, comments or suggestions, also to send you marketing notifications about the operation of the Website, onSkin App or on other matters.
(d) To prevent fraud and spam, to enforce the law. We really want the Website to be free of spam and fraudulent content so that you feel safe and free. We may use your information to prevent, detect, and investigate fraud, security breaches, potentially prohibited or illegal activities, protect our trademarks, enforce our [Terms of Use] and applicable law.
If any new purpose for processing your data arises, we will let you know when we start to process information for that other purpose by introducing the corresponding changes to this Privacy policy.
If any new purpose for processing your data arises, we will let you know when we start to process information for that other purpose by introducing the corresponding changes to this Privacy policy.
IV. SHARING OF YOUR INFORMATION
We will not rent or sell your personal data to third parties, but we may share your information obtained via tools like cookies, log files, and device identifiers with third-party organizations that provide automatic data processing technologies for the Website. We do not control or influence these third parties’ tracking technologies or how they may be used.
Please note that while we partner solely with third parties that gave us assurance of application of necessary technical and organizational measures to protect your data, we cannot guarantee the absolute security of any information transmitted from the Website directly to such third parties. We are not responsible for any accidental loss or unauthorized access to your data through a fault of third parties.
We may engage the following third-party service providers in order to provide us with necessary infrastructure for delivery and improvement of the Website:
Entity name | Services performed | Entity location | Link to Privacy Policy |
---|---|---|---|
Advanced Hosters B.V. | Cloud service provider | Netherlands | https://advancedhosting.com/en/documents/privacyPolicy |
Google Analytics (Google LLC) | Analytics service provider (Tool for Website traffic analysis) | U.S.A. | Google Privacy Policy: https://policies.google.com/privacy?hl=en How Google uses information from sites or apps that use its services: https://policies.google.com/technologies/partner-sites?hl=en https://support.google.com/analytics/answer/6004245 (see section ‘Information for visitors of sites and apps Using Google Analytics’) |
Mindbox USA LLC | Email marketing tool | U.S.A. | https://mindbox.cloud/documents/privacy-policy/ |
As it is indicated above we use Google Analytics service that tracks and reports the Website traffic. Google Analytics service uses different types of cookies to analyze user activity on the Website. If you want to learn more about the types of cookies and other data collected and processed by Google Analytics service provider (Google LLC) please visit https://support.google.com/analytics/answer/6004245 and https://policies.google.com/technologies/cookies. Note that we are not responsible for any usage of your data by the abovementioned third-party service provider (Google LLC) in violation of our instructions.
If you don’t want Google Analytics to use cookies you can block data collection following the instructions provided in Section IX of the present Privacy policy.
The Website may contain links to third party sites/services. You also may visit the Website following a link from a third party site. We are not responsible for the privacy practices of these third-party sites or services linked, including for the information or content contained within them (unless we are the providers of those sites and/or services).
We may disclose your personal information if it is needed for objective reasons, due to the public interest or in other unforeseen circumstances:
- as required by law;
- when we believe, in good faith, that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
- when we believe, in good faith, that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
V. INTERNATIONAL DATA TRANSFERS
We work in the cross-border area and provide the Website to users around the world.
We and third-party organizations that provide automatic data processing technologies for the Website or our third-party partners may transfer the automatically processed information across borders and from your country or jurisdiction to other countries or jurisdictions around the world.
If you are located in the European Union or other regions with laws governing data processing that may differ from U.S. law, please note that we may transfer information, including personal information, to a country and jurisdiction that may not have the same data protection laws as in your home jurisdiction. We try to make sure that the recipient of any personal data provides a proper protection of the personal data received, in accordance with the current legislation on the protection of such information.
By using the Website, you agree that we may transfer your personal data to any third country, a territory or one or more specified sectors within that third country, or to the international organization where data protection and confidentiality regulations may not provide the same level of protection of personal data as your country does.
VI. HOW DO WE STORE YOUR DATA
For the purposes of data storage, we recourse to the services of the hosting organizations. We take your privacy seriously and, therefore, encrypt your personal data – if possible – before sending it to the hosting organizations for the purposes of its storage. Please note that we cooperate only with those hosting organizations that have passed our security and reliability check.
In particular, we recourse to the services of Advanced Hosters B.V. that have adopted technical and organizational measures to protect your personal data against unauthorized/unlawful processing and accidental loss, destruction or other damage.
VII. HOW LONG WE USE YOUR PERSONAL DATA
We generally retain your personal information for as long as is necessary for performing the functional service of the Website and to comply with our legal obligations. If you no longer want us to use your information that we physically access and store, you can request that we erase your personal information and/or close your account.
However, some data may still be stored for a certain time period (but no longer than the storage purpose requires) if information is necessary to comply with legal obligation (taxation, accounting, audit) or in order to maintain safety and data backup settings, prevent fraud or other malicious acts.
VIII. EXERCISING YOUR RIGHTS
Applicable data protection laws give you certain rights regarding your personal information. You have the following rights in relation to your personal information that was collected:
- Data Access and Portability. You can request copies of your personal information.
- Change or Correct Data. Where you cannot update data by yourself, you have the right to ask to correct, change, update or rectify your data.
- Data Retention and Deletion. Specific retention times can vary based on context of the processing performed. You have the right to ask to delete all or some of the personal data that is held about you.
- Restriction of Processing. Under certain circumstances, you may have the right to limit the ways in which your personal information is used.
- Exercising the right to know about data sharing. You have the right to know whether your data is shared with third parties. Detailed information on this issue is contained in section IV of the present Privacy policy, however, if you have further questions in this regard, you can contact us at any time.
To exercise any of the rights described above, you can contact us at [email protected]. Please bear in mind that we ensure the above mentioned rights only with respect to the information that we physically access and store. We also would like to draw your attention to the fact that in order to process your request we first have to identify you as a user of the Website or onSkin App.
You also have the right to lodge a complaint with your local data protection or a supervisory authority if you reasonably believe that your rights under applicable data protection laws have been breached. Please note that when you exercise your right to lodge a complaint with your local data protection or a supervisory authority, you may be required to provide additional information and support your complaint with sufficient objective evidence. By lodging a complaint you agree to provide sufficient explanation as to what you believe impaired your rights. Additionally, in some cases prior to lodging a complaint to your local data protection or a supervisory authority, you may be required to send your initial claim directly to us and ask for clarifications if necessary.
When your information is processed automatically you may object to such processing in some circumstances. Where your information is processed for direct marketing purposes, you may ask to cease processing your data for these direct marketing purposes. In order to exercise this right please contact the third party service providers listed in the Section IV of this Privacy policy to learn how you can object to processing your data. Most of them have clear instructions on their privacy pages, functional API or other options.
If you are located in the European Union, you may address our representative when you have questions on privacy issues: Konrad Gutowski, [email protected].
IX. HOW TO OPT OUT
You may prevent and/or manage the collection and processing of some information related to your use of the Website following the instructions provided below. Note that it is applicable only with respect to the Information that is processed automatically.
Google Analytics. If you want to opt-out of being tracked by Google Analytics you can install and enable Google Analytics Opt-out Browser Add-on. Additionally, you can manage cookies and/or delete cookies already set by Google Analytics through your browser settings. Further information on Google Analytics’ data practices and relevant instructions can be found at https://support.google.com/analytics/answer/6004245 (see section ‘Information for Visitors of Sites and Apps Using Google Analytics’).
Bear in mind that if you choose to disable all cookies, this can affect the Website functions, some of the features that make the Website more efficient may not function.
X. SECURITY
The security of your personal information is highly important to us. We follow generally accepted industry standards to protect the personal information provided to us, both during transmission and once we receive it.
We take reasonable and appropriate measures to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the personal information.
We implement appropriate technical and organizational measures, which are designed to implement data-protection principles, such as data minimization, in an effective manner and to integrate the necessary safeguards into the processing.
Unfortunately, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We do our best to protect your personal data, nevertheless, we cannot guarantee its absolute security. In the event that your personal information is compromised as a breach of security, we will promptly notify you in compliance with applicable law.
If you have any questions about the security of the Website, you can contact us with the corresponding message via our support channels or contact forms.
XI. CHILDREN’S PRIVACY
The Website is not intended for children under the age of eighteen (18). Therefore, we do not knowingly collect or solicit any personal information from children under eighteen (18). If you have not reached the age of majority or legal age in your jurisdiction (i.e. if you are between the ages of thirteen (13) and seventeen (17), your use of the Website is possible only with the relevant consent and under the supervision of the holder of parental responsibility for you. No one under the age of thirteen (13) may provide any personal information to the Website. If we learn that we have collected personal information from a child under the age of eighteen (18) without verification of the holder of parental responsibility for a child, we will erase that information as quickly as possible. If you believe that we might have any information from or about a child under eighteen (18) and data processing is carried out without the relevant consent of the holder of parental responsibility for a child, please contact us.
XII. CHANGES TO THE PRIVACY POLICY
In case we change our Privacy policy, we will post the changes on this page. Please check the Website regularly for any changes.
XIII. HOW TO CONTACT US
If you have any questions about this Privacy policy, please feel free to contact us at [email protected].
Copyright © 2023-2024 AIBY Inc.