Data Privacy valid from 7th of February 2022

This data privacy statement describes how we, MDO Cosmetic Dermatology GmbH (“Service Provider”/ “Data Controller”, "we" or "us"), process the personal data of users ("user", "users", "you" or "your") of our website www.mdo-skin.com (“Website” / “Webshop”).

 If you are resident in the European Union, the references in this data protection statement to the General Data Protection Regulation (GDPR) apply. If you are resident in Switzerland, the references to the Federal Act on Data Protection (FADP) apply. If you are a resident onshore in the United Arab Emirates, the reference to the the UAE Personal Data Protection Law (PDPL) apply. 

 

Residents of the State of California, see our California Consumer Privacy Act Disclosures here.

Name and contact details of the Service Provider/Controller

MDO Cosmetic Dermatology GmbH
Giesshübelstrasse 62d
8045 Zurich, Switzerland

Tel.: 0041 44  585 75 65
Email address: admin@mdo-skin.com

 

Name and contact details of our representative within the EU

MDO Cosmetic Dermatology GmbH
Prannerstraße 11 
80333 Munich, Germany

Tel.: 0041 44  585 75 65
Email address: admin@mdo-skin.com

 

Contact details of our data protection officer

Please contact our data protection officer if you have any questions concerning how your personal data are processed: 

DataCo GmbH
Dachauer Str. 65
80335 Munich, Germany 
Email address: kontakt@dataguard.de

 

Overview of the processing of personal data

When you visit our Website, we process the following personal data: data that your browser automatically sends to our server when you visit our Website; your first name, surname, your email address, delivery and billing address, payment details and information about your order if you order something from our Webshop; data that you provide when you place an order through MDO Subscribe & Save; data that you send as part of a customer service enquiry; data that you provide when you register for our newsletter or take part in a competition; data that you provide when you sign up to be part of the MDO Skinclub Affiliate & Referral Program; data that you provide when you sign up to be a part of the MDO Skinclub Rewards Loyalty Program; data that you send when you use our Live-Avatar or Skin Analyser and information that we collect using cookies or analysis technologies. 

Full details on all types of personal data processed, the purpose of processing in each case and the legal grounds for the processing in question will be provided in the sections of the data privacy statement envisaged for this (see “Comprehensive information on the processing of personal data”) or promptly provided via explanatory texts that are displayed before the data is collected. Where legitimate interests are given as the legal grounds, we would, upon request, be delighted to provide you with more detailed information on the balancing of interest test. 

Personal data may be provided voluntarily by users or collected automatically when this Website is used. Unless indicated otherwise, the provision of all data requested by this Website is obligatory. 

Should the user refuse to provide required data, this may mean we are unable to provide the user with this Website’s services. In cases where this Website expressly describes the provision of personal data as voluntary, the user is permitted to opt not to provide the data, without this having any impact on the availability or functionality of the service. 

Users who are unclear as to which personal data is obligatory may consult the Service Provider. 

RECIPIENTS; LEGAL GROUNDS AND PLACE OF DATA PROCESSING; STORAGE TERM

 

CATEGORIES OF RECIPIENTS

In addition to the Controller, other people may, where necessary, have access to the user’s personal data. For example, we send your personal data to suppliers in order to be able to send you orders you have placed in our Webshop. We are also able to share your personal data with government authorities, courts, external consultants and similar third parties to the extent this is legally required or permitted.

Furthermore, processors used by us, such as our hosting provider our customer services contractors, digital strategy specialists, marketing, payment and Webshop services providers or service providers for our MDO Skinclub Affiliate & Referral Program, Subscribe & Save Program, Live Avatar and Skin Analyzer are given access to the user’s personal data.

The processors are contractually obliged to put in place appropriate technical and organizational measures to protect and secure personal data and to process the personal data only within the scope of our instructions.

 The user may at any time request an up-to-date list of those parties involved from the Services Provider. 

OVERVIEW OF THE LEGAL GROUNDS FOR PROCESSING

Subject to any more stringent rules to the contrary that apply in your country of residence, the Service Provider is only permitted to process users’ personal data if one of the following legal grounds exists:

  • the user has given their consent for one or more specific purposes;
  • the data processing is necessary for the performance of a contract with the user and/or for pre-contractual steps taken at the user’s request; 
  • the processing is required for the performance of a legal obligation to which the Service Provider is subject; 
  • the processing is necessary to protect the vital interests of the user or another natural person;
  • the processing is necessary for the performance of a task which is in the public interest or occurs in the exercise of official authority conferred on the Service Provider; or
  • the processing is necessary for the purposes of the legitimate interests pursued by the Service Provider or a third party, except where these are overridden by the interests or fundamental rights and freedoms of the user which require the protection of personal data.
    • The legitimate interests include: provision of an operational website, provision of subscription service, responding to customer service requests and legal enforcement.

In addition, the Service Provider relies on the following legal basis for the collection of any special categories of data:

  • explicit consent to the processing for one or more specified purposes (Art. 9 (2) lit. a GDPR).

More detailed information on the legal grounds relevant in each case is available under “Comprehensive information on the processing of personal data”. In case of ambiguity, the Service Provider will be happy to provide information about the specific legal grounds on which the processing is based, particularly on whether the sharing of personal data is a statutory or contractual obligation or a precondition for conclusion of a contract.

 

LOCATION/TRANSFER OF DATA TO THIRD COUNTRIES

The user's personal date are processed at the Service Provider's establishment and wherever the entities involved in the data processing are located. Therefore we transfer your personal data worldwide. Hence, some recipients of your personal data are located outside of your country of residence. 

For example, for residents of the European Union, some recipients of your personal data are based outside the European Union (EU), the European Economic Area (EEA) and Switzerland. In each of these cases the data privacy laws applicable in the country of import may offer a different level of protection from the laws of your country and for which no adequacy decision exists from the competent data protection regulator in your country. 

Where personal data are sent to countries that, from the point of view of the competent regulator, do not have an appropriate level of data protection, the transfer occurs on the basis of appropriate safeguards such as your explicit consent or the conclusion of standard contractual clauses, for example those adopted by the European Commission, with the recipients, where this is necessary in the particular case.

In case you want to have further information on specific transfers or regarding special countries your request information regarding these data transfers and the relevant safeguards by contacting us via admin@mdo-skin.com.

 

STORAGE TERM

Personal data are processed and stored for as long as the purpose for which they were collected requires.

Hence it follows that:

  • personal data collected for the purposes of contract performance for a contract entered into by the Service Provider and user will be stored until contract completion.
     
  • personal data collected for legitimate interests pursued by the Service Provider are stored for as long as it is necessary to fulfil that purpose. 

Furthermore, the Service Provider is permitted to store personal data for a longer period if the user has consented to such processing, provided such consent has not been withdrawn. Furthermore, the Service Provider may be obliged to retain the personal data for a longer period if this is necessary for the fulfilment of a statutory obligation or on the instructions of an authority. For example, personal data received in contracts, communications and business correspondence may be subject to statutory retention obligations which may require their retention for up to ten years or any alternative period dictated by the applicable law.

 The personal data will be erased upon expiry of the retention period. 

 Purposes of the processing

Personal data about the user are processed to enable the Service Provider to perform the services offered on this Website. In the following sections of this document users can find further detailed information on such processing purposes, on the personal data used for the particular purpose and on the legal grounds for processing in a particular case.

 COMPREHENSIVE INFORMATION ON THE PROCESSING OF PERSONAL DATA

 Personal data are processed for the following purposes on the basis of the following legal grounds:

 

VISITS TO OUR WEBSITE

If you visit our Website, your browser automatically sends our server the following user data: the IP addresses or domain names of the computers of users of this Website, the URI addresses (Uniform Resource Identifiers), the time of the request, the method used to send the request to the server, the size of the response file received, the numeric code indicating the status of the server response (successful results, error etc.), the country of origin, the functions of the user’s browser and operating system, the different dates and times for each request (e.g. how much time was spent on each page of the Website) and information about the pathway followed within an application, particularly the order in which pages were visited, along with other information on the device’s operating system and/or the user’s IT environment.

The processing of this data is technically required in order to enable you to access and browse our Website. The legal grounds for the associated processing of your personal data are our legitimate interests in the provision of an operational Website under Article 6 (1) lit. f GDPR resp. Article 13 FADP. 

 

ORDERS IN OUR WEBSHOP

When you place an order in our Webshop, we process the data you provide as part of the order process; i.e., your name, your delivery and billing address, your payment information and information about your order so as to process the order and perform the contract entered into with you. These data are provided voluntarily but orders in our Webshop cannot be fulfilled unless this information is provided. These are considered contractual purposes under Article 6 (1) lit. b GDPR resp. Article 13 FADP and constitute the legal grounds for the associated processing of your personal data. 

As part of the order process, you also have the option of voluntarily indicating your age; if you do so, we process this information for market analysis purposes. Our legitimate interest, under Article 6 (1) lit. f GDPR resp. Article 13 FADP, in being able to analyse the market relevant to us constitutes the legal grounds for such processing.

MDO SUBSCRIBE & SAVE

When you want to place an order through MDO Subscribe & Save, you will need to provide your name, your email address, your delivery and billing address, your payment information and information about your delivery schedule. Furthermore you can provide further contact information like your phone number. These data are provided voluntarily but orders through Subscribe & Save can only be fulfilled, you can only change and manage your subscription via the customer portal and we can only notify you about upcoming changes, card declines, and other common scenarios if this information is provided. These are considered contractual purposes under Article 6 (1) lit. b GDPR resp. Article 13 FADP and constitute the legal grounds for the associated processing of your personal data.

When you proceed to checkout and create orders, information about your computer and network traffic is processed for security purposes and to provide you with the subscription service. The legal grounds for the associated processing of your personal data are legitimate interests providing the subscription service under Article 6 (1) lit. f GDPR resp. Article 13 FADP.

You will also have the possibility to provide us with other personal information. The legal ground for the associated processing of your personal data is your consent under Article 6 (1) lit. a GDPR resp. Article 13 FADP. 

The above mentioned information may be anonymized, de-identified, and aggregated in order to create and distribute case studies industry reports and to conduct research and development efforts in connection with the improvement of the subscription services. The legal grounds for the associated processing of your personal data are legitimate interests in improving the subscription service under Article 6 (1) lit. f GDPR resp. Article 13 FADP.

CONTACTING OUR CUSTOMER SERVICE

You have the option of contacting our customer service via the email address or telephone number provided on our Website should you have questions regarding our products or about an order made in our Webshop. In such case, we process your name, contact details and the information provided in the context of your request in order to respond to your request. The data is provided voluntarily but without processing your data we are unable to respond to your request. The legal grounds for the associated processing of your personal data are, depending on the nature of the request, contractual purposes under Article 6 (1) lit. b GDPR resp. Article 13 FADP or a legitimate interest in your request being responded to, under Article 6 (1) lit. f GDPR resp. Article 13 FADP. 

NEWSLETTER

You can register on our Website to receive our newsletter and will need to provide your email address for this. Registration is voluntary; if you register for the newsletter, we process your email address in order to send out the newsletter. The legal ground for the associated processing of your personal data is your consent under Article 6 (1) lit. a GDPR resp. Article 13 FADP.

COMPETITION ENTRY AND CONSENT TO USE FOR PROMOTIONAL PURPOSES

If you register on our Website to participate in a competition, you need to provide your email address for this. Competition entry is voluntary. If you register, we process your data so as to be able to identify and notify you, should you win. The legal ground for the associated processing of your personal data is a contractual purpose under Article 6 (1) lit. b GDPR resp. Article 13 FADP.

In addition, you have the option of consenting to the processing by us of the personal data you have shared with us as part of entering a competition, for promotional purposes. Consent to use for promotional purposes is voluntary; where you consent, we will process your name and your email address for such promotional purposes. The legal ground for the processing of your personal data for this purpose is your consent under Article 6 (1) lit. a GDPR resp. Article 13 FADP. 

MDO SKINCLUB AFFILIATE & REFERRAL PROGRAM

When you sign up to be part of the MDO Skinclub Affiliate & Referral Program ("Affiliate & Referral Program"), you need to provide your legal full name, your email address and and any other information requested, such as information about your Stripe Account. Furthermore, by creating your account, you confirm that you are already over 18 years of age. The personal information that is collected in connection with the Affiliate & Referral Program includes your participation in the Affiliate & Referral Program as well. These data are provided voluntarily, however, a referral fee can only be earned if this information is provided. This is considered a contractual purpose under Article 6 (1) lit. b GDPR resp. Article 13 FADP and constitute the legal grounds for the associated processing of your personal data. 

Referrals are tracked through blockchain technology and all transactions that occur and are eligible for a referral fee are therefore stored in the chain. Information relating to such transactions, thus, the personal data contained therein cannot be removed or deleted from the chain as this is permanently recorded on the blockchain. The legal ground for the associated processing of your personal data is your consent under Article 6 (1) lit. a GDPR resp. Article 13 FADP.

You have the option to contact MDO Customer Service if you have concerns that a purchase or other activity was not properly applied to your account. In such case, we process your name, your email address associated with the Affiliate & Referral Program, the date of the Affiliate & Referral Program activity and the issue(s) you encountered. The legal grounds for the associated processing of your personal data are, depending on the nature of the request, contractual purposes under Article 6 (1) lit. b GDPR resp. Article 13 FADP or a legitimate interest in your request being responded to, under Article 6 (1) lit. f GDPR resp. Article 13 FADP.  

MDO SKINCLUB REWARDS LOYALTY PROGRAM

When you sign up to be part of the MDO Skinclub Rewards Loyalty Program ("Loyalty Program"), you need to provide your email address. Furthermore, you confirm that you are already over 18 years of age by creating your account. These data are provided voluntarily, but no benefits, rewards and/ or points can be granted without this information. This is considered a contractual purpose under Article 6 (1) lit. b GDPR resp. Article 13 FADP and constitute the legal grounds for the associated processing of your personal data.

You also have the option of voluntarily providing your name, your birth date and your mobile phone number. The legal ground for the associated processing of your personal data is your consent under Article 6 (1) lit. a GDPR resp. Article 13 FADP.

If you want to earn points and reach the Loyalty Program loyalty tiers, we need to process data about your eligible purchases and other Loyalty Program actions. This is considered a contractual purpose under Article 6 (1) lit. b GDPR resp. Article 13 FADP and constitute the legal grounds for the associated processing of your personal data.

You have the option to contact MDO Customer Service if you have concerns that a purchase or other activity was not properly applied to your account. In such case, we process your name, your email address associated with the Loyalty Program, the date of the Loyalty Program activity and the issue(s) you encountered. The legal grounds for the associated processing of your personal data are, depending on the nature of the request, contractual purposes under Article 6 (1) lit. b GDPR resp. Article 13 FADP or a legitimate interest in your request being responded to, under Article 6 (1) lit. f GDPR resp. Article 13 FADP .

LIVE AVATAR 

You have the option to directly interact with us via the Live Avatar. In such case you can provide us with your name, your age, information about your main skin concerns and email address. If you like, we will then add you to our mailing list and send you personalized recommendations and tips for your skincare. The legal ground for the processing of your personal data for this purpose is your explicit consent under Article 9 (2) lit. a GDPR resp. Article 13 FADP.

Furthermore, you have the option to upload a selfie, you can provide us with information about your skin type, your gender, the humidity of the location you spend most of your time and the number of skincare products you use. If you like, you can directly create an account with us during your live avatar session. The legal ground for the associated processing of your personal data is your explicit consent under Article 9 (2) lit. a GDPR resp. Article 13 FADP.

SKIN ANALYZER

You have the option to upload a selfie and let us know about your skin type in order to receive product recommendations based on your skin type. The legal ground for the associated processing of your personal data is your explicit consent under Article 9 (2) lit. a GDPR resp. Article 13 FADP.

LEGAL ENFORCEMENT

In addition, we are able to process your personal data, where relevant, also for purposes of legal enforcement. The legal grounds for any such processing of your personal data are our legitimate interests in enforcement under Article 6 (1) lit. f GDPR resp. Article 13 FADP.

USE OF COOKIES AND ANALYSIS TECHNOLOGIES

In order to analyse the use of our Website, to improve our products and services, to integrate social media plugins and to display advertising on topics that are of interest to you, we use cookies and other analysis technologies that can be linked to processing of personal data. You can find detailed information on this in our Cookie policy.

LINKED SITES

Our Website may contain links to other websites, including social media sites, which may have privacy policies that differ from our own. We are not responsible for the collection, use or disclosure of information collected through third-party websites and expressly disclaim any liability related to such collection, use or disclosure.  We are not responsible for any information or content contained on such sites.  Links to other websites are provided solely as a convenience. Your browsing, use and interaction on any other websites, including websites which have a link to this Website, are subject to that website’s own rules and policies.  Please review the data privacy statement posted on any website that you may access through, or which links to this Website.

 AUTOMATED DECISION-MAKING

We do not engage in automated decision-making in the context of its processing activities on the website. 

USERS’ RIGHTS

Users may exercise certain rights in relation to the data processed by the Service Provider.

The rights may be limited/restricted under applicable local data protection law.

 Users are entitled to do the following:

  • Withdraw consent at any time. Where users have previously consented to the processing of personal data, they may withdraw their own consent at any time with future effect. The withdrawal of consent does not affect the legality of the processing which has been done on the basis of the consent up until its withdrawal.
     
  • Obtain access to their data. Depending on the law applicable to the situation users are entitled at any time to find out whether personal data relating to them are being processed by the Service Provider and, in such case, to receive information about specific aspects of the processing and to receive a copy of the data. This right is not unrestricted, however, as the rights of others and other applicable laws may restrict the right to receive information. 
     
  • Rectification. Users are entitled to request the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, users are entitled to request that incomplete personal data is completed, also by means of a supplementary statement.
     
  • Request restriction of processing of their data. Users are entitled, under certain circumstances, to request that the Service Provider restrict the processing of their personal data. In such case, the Service Provider marks the data and processes them only for specific purposes.
     
  • Request the erasure of personal data. Users are entitled, under certain circumstances, to request that the Service Provider erase their personal data. 
     
  • Receive their data and transfer the data to a different controller. Depending on the law applicable to the situation, users have the right to receive the personal data they have given us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance. This provision applies where the processing is carried out by automated means and the processing is based on the user’s consent pursuant to Article 6 (1) lit. a GDPR or on a contract with the user pursuant to Article 6 (1) lit. b GDPR.
     
  • Lodge complaints. Depending on the law applicable to the situation, users have the right to lodge a complaint to a supervisory authority.

 

Right to object

Under certain circumstances, users are entitled to object at any time to the processing of personal data relating to them on legitimate grounds relating to their particular situation and the Service Provider may be required not to continue to process their personal data.

Where personal data are processed for the purposes of direct marketing, users also have the right to object at any time to the processing of personal data relating to them for the purpose of such direct marketing. This also applies to profiling to the extent that it is related to such direct marketing.

 

HOW RIGHTS MAY BE EXERCISED

All queries relating to the exercise of user rights may be directed to the Service Provider using the contact details indicated in this document. Requests may be made free of charge and shall be processed by the Service Provider as soon as possible, normally within a month at the latest.

 

AMENDMENTS; DEFINITIONS OF TERMS

 AMENDMENTS TO THIS DATA PRIVACY STATEMENT

The Service Provider reserves the right to amend this data privacy statement at any time by informing its users on the Website and/or, where technically and legally possible, by notifying the users via one of the contact details shared with the Service Provider. Furthermore, users are advised to view this page on a regular basis and when doing so to check the date of the last amendment indicated at the bottom of the page.

Where amendments affect data use based on the user’s consent, the Service Provider will obtain fresh consent where required.

 

DEFINITIONS OF TERMS

“Personal data” (or “Data”)

Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Special categories of data” (or “sensitive data”)

Any information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.

User

The person using the Website who, unless specified otherwise, corresponds to the data subject. 

Data subject

The natural person to whom the personal data relate.

Processor (or data processor)

Natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Controller (or Service Provider)

Natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Last Modified and Effective Date: [January 2022]

 

California Consumer Privacy Act Disclosures

Last Modified and Effective Date: January 2022

This notice and policy supplements information contained in privacy disclosures from MDO Cosmetic Dermatology GmbH and its corporate business affiliates (“MDO”) and applies solely to residents of the State of California (“consumers” or “you”). Any terms defined in the California Consumer Privacy Act of 2018, as amended from time to time (“CCPA”) have the same meaning when used in this notice and policy. This notice and policy does not reflect our collection, use, or disclosure of California residents’ personal information, or data subject rights, where an exception under the CCPA applies. You can download a pdf version of the notice and policy [here].

  1. 1. RIGHT TO KNOW ABOUT PERSONAL INFORMATION COLLECTED AND DISCLOSED, AND TO REQUEST DELETION OF PERSONAL INFORMATION

You have the right to request that we disclose what personal information we collect, use, or disclose about you specifically (“right to know”) and to request the deletion of personal information. To submit a request to exercise the right to know, please submit an email request to admin@mdo-skin.com or call our toll-free number at 011 800 58 57 56 55 (Only possible from a landline). To submit a request to delete personal information, please submit an email request to admin@mdo-skin.com.

  1. MDO may ask that you provide certain information to verify your identity. The information that we ask you to provide to verify your identity will depend on your prior interactions with us and the sensitivity of the personal information at issue. MDO will respond to your request in accordance with the CCPA. If we deny your request, we will explain why.

When a business sells your personal information, you have a right to opt out of such sale. MDO does not sell, and in the preceding 12 months did not sell, California residents’ personal information. MDO does not have actual knowledge that it sells the personal information of minors under 16 years of age.

PERSONAL INFORMATION HANDLING PRACTICES

We have set out below categories of personal information we collect about California residents and have collected in the preceding 12 months. For each category of personal information we have collected, we have included the reference to the enumerated category or categories of personal information in the CCPA that most closely describe such personal information.

Corresponding reference to category of personal information under CCPA definition of personal information

Category of personal information

Identifiers.

Name, physical characteristics (based on pictures provided for product recommendation), telephone number, e-mail address, shipping address, billing address, IP address, purchase history, credit card or PayPal information, Stripe (payment platform) account information, information provided in customer portal, complaints/issues about the Loyalty Program and the relevant activity date, transactions relevant to the processing of referral fee, skin complaints 

Personal information categories listed in the California Customer Records Act (Cal. Civ. Code § 1798.80(e)).

Name, date of birth, age, gender, physical characteristics (based on pictures provided for product recommendation), telephone number, e-mail address, shipping address, delivery schedule information, billing address, IP address, computer and network traffic information, purchase history, credit card or PayPal information, Stripe (payment platform) account information, information provided in customer portal, complaints/issues about the Loyalty Program and the relevant activity date, participation in the Referral and Affiliate Program, transactions relevant to the processing of referral fee, skin type, skin complaints, number of skincare products used, humidity of the customer’s usual place of residence 

Characteristics of protected classifications under California or federal law.

Gender, age, skin medical conditions  

Commercial information.

Purchase history, skin type, skin complaints, number of skincare products used, complaints/issues about the Loyalty Program 

Biometric Information.

Facial recognition data, skin complaints 

Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web website, application, or advertisement.

Purchase history, payment history, IP address, URI (Uniform Resource Identifier) address, domain name, computer and network traffic information, browser type, operating system, time of visit, duration of visit, size of the response files received and the corresponding status of the responses, date and time stamps of actions

Geolocation data.

IP location

Audio, electronic, visual, thermal, olfactory, or similar information.

N/A

Professional or Employment related information.

N/A

Education information.

N/A

Inferences drawn from any of the information. 

Predictions of characteristics, behavior, attitudes, interests, and preferences

 

MDO collects such information from the following categories of sources: 

  • Directly from you. For example, when you contact or request information from us including via the MDO websites or when you create a MDO account.
  • Third Parties, including Service Providers. For example, service providers that MDO uses and other third parties that MDO chooses to collaborate or work with.
  • Using cookies and automatic collection methods. MDO and its service providers may collect information from the computer, tablet, phone, or other device that you install our mobile application on, that you use to access our websites, or that you use to open an email or click on an advertisement from MDO. MDO does not respond to “do not track signals”. 

MDO collects, uses, retains, and discloses your personal information for the purposes described below: 

    • Provide you with our services, such as to: use the websites and process your payments; process, maintain and service your account(s); enable service providers to perform the services offered on our websites; provide personalized product recommendation; send out marketing or promotional materials; 
    • Engage in research and development efforts to improve our services;
    • Register an account, manage user relationship, and communicate with you;
    • Measure user engagement with the websites, and detect viewing history;
    • Handle and record consumer rights requests, including opt-ins and opt-outs;
    • Handle activities and complaints in connection with our functionalities (e.g. Loyalty Program, Affiliate and Referral Program)
    • Monitor, protect and improve MDO security assets and resources, including devices, systems, customer data, infrastructure, and MDO network; and

 

  • Comply with laws, regulatory requirements and to respond to lawful requests, court orders and legal processes.
  •  

    SHARING OF PERSONAL INFORMATION

    In the preceding 12 months, MDO disclosed the above categories of personal information to the following categories of third parties for a business purpose, in some cases as directed by you:

    • MDO Affiliates. For example, MDO affiliates may share business processes and common data systems.
    • Third parties and service providers that provide products or services to us. For example, companies that help us support our websites, or that provide services to you. MDO may use third parties or service providers to help with auditing interactions and transactions with you, addressing security, fixing errors, helping us with advertising or marketing, maintaining accounts and providing customer service, helping with our internal research, and verifying service quality or safety.

    RIGHT TO NON-DISCRIMINATION FOR THE EXERCISE OF CCPA RIGHTS

    You may not be discriminated against because you exercise any of your rights under the CCPA in violation of California Civil Code § 1798.125. 

    AUTHORIZED AGENT

    You can designate an authorized agent to make a request under the CCPA on your behalf if:

    • The authorized agent is a natural person or a business entity registered with the Secretary of State of California and the agent provides proof that you gave the agent signed permission to submit the request; and
    • You directly confirm with MDO that you provided the authorized agent with permission to submit the request.

    If you use an authorized agent to submit a request to exercise your right to know or your right to request deletion, please provide any information MDO requests to verify your identity. The information that MDO asks you to provide to verify your identity will depend on your prior interactions with us and the sensitivity of the personal information at issue.

    If you provide an authorized agent with power of attorney pursuant to Probate Code sections 4121 to 4130, it may not be necessary to perform these steps and we will respond to any request from such authorized agent in accordance with the CCPA.

    NOTICE OF FINANCIAL INCENTIVE

    Some of our programs may amount to a financial incentive under the CCPA and its implementing regulations and MDO provides information below about such programs. Additional details about and terms of our programs are available before you sign up.

    Summary of Financial Incentive. MDO sometimes offers incentives for participating in our various programs such as product samples, points, or other benefits or rewards to those who opt in to our loyalty program or a monetary incentive to those who opt in to our affiliate and referral program. You receive such benefits or rewards under the loyalty program because we hope that you will want to buy our products. Under the affiliate and referral program, you receive a monetary incentive tied to the purchase price of products purchased by those buying from MDO through a referral link that you make available to them. The affiliate and referral program includes storing your personal information in a block chain, which is immutable by design.

    Material terms of Loyalty Program. You provide us your email address and we provide you with product samples, points, or other benefits or rewards based on eligible purchases you make when signed into your account through our websites. You also have the option of providing your name, your birth date and your mobile phone number. Once you reach a certain loyalty tier and/or earn a certain number of points, you may be eligible for certain benefits and rewards applicable to that tier and/or number of points, which benefits may change from time to time and may be offered on a limited basis. Benefits, rewards, or points can only be redeemed through our websites. By enrolling in the loyalty program, you will be subscribed to receive MDO marketing emails and program related emails. We value the opportunity to sell to you.

    Material terms Affiliate and Referral Program. You create an affiliate account and provide your name, email address and other information requested to complete the sign up process and separately contract for a third party account to which accrued referral fees will be paid. MDO uses blockchain technology for tracking referrals and therefore store all transactions that occur and are eligible for a referral fee in the chain. If you sign up for the affiliate and referral program, your personal information will be stored in this blockchain, which is immutable by design. We provide you with a monetary incentive tied to the purchase price of products purchased by those buying from MDO through a referral link that you make available to them. We value the opportunity to sell to your referrals. 

    How to opt in. You can opt in by signing up for a program such as our loyalty program or affiliate and referral program on our websites where the applicable agreement or sign up flow links to this notice.

    Right to Withdraw. You can opt out of our programs tied to a financial incentive at any time by emailing care@mdo-skin.com.

    Value of Financial Incentive. We may offer an incentive for the opportunity to sell to you or those you refer to us. The incentive may be rewards or points that can be used when you buy products from us directly through our websites, a monetary incentive, or another benefit. Details of the incentive will vary depending on market conditions at the time the incentive is offered. Retail prices for our products vary.

    CONTACT FOR MORE INFORMATION

    If you have any questions or comments about this notice and policy, the ways in which we collect and use your personal information, your choices and rights regarding such use, please do not hesitate to contact us at:

    MDO Cosmetic Dermatology GmbH
    Giesshübelstrasse 62d
    8045 Zurich, Switzerland

    Tel.: 0041 44  585 75 65
    Email address: admin@mdo-skin.com