Privacy Policy

 Derma Lazer informs users of the website about its policy regarding the processing and protection of the personal data of users and customers.  

 And guarantees at all times full and complete compliance with the obligations laid down by the regulations on data protection and information society services: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (RGPD), the regulations Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD) and Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSIce). 

 DATA CONTROLLER 

Company owner of this website: Derma Lazer. 

Address: CAddress: Sedejeva ulica 6, 5000 Nova Gorica,Slovenia

E-mail:  info@dermalazer.com

PURPOSES OF DATA PROCESSING  

The data provided by the User are used for the following purposes: 

Purpose of processing  Legal basis for processing 
Manage queries or any type of request made through the contact forms made available on the website. Legitimate interest of the Company to respond to requests for information through the website. Consent given expressly at the time of data collection through the web forms. 
Sending newsletters, commercial communications and promotions. Consent given expressly at the time of data collection through the web forms. 
Manage incidents and maintenance of the website. Legitimate interest of the Company. 

DATA RETENTION PERIOD 

Purpose of processing  Conservation period 
Manage queries or any type of request made through the contact forms made available on the website. We will process your data for as long as it is necessary to deal with your request. 
Sending newsletters, commercial communications and promotions. We will process your data until you unsubscribe. 
Manage incidents and maintenance of the website. We will process your data for the time necessary to comply with the applicable statutory limitation periods. 

RECIPIENTS OF THE DATA 

In order to fulfil the purposes indicated in this Privacy Policy, it is necessary for us to give access to your personal data to third parties who support us in the services we offer you (Processors). 

Processors for the performance of a contract or provision of a service to the Controller, thereby following their instructions at all times and ensuring the same levels of security.  

USERS’ RIGHTS 

The user has the right to: 

  • Request access to your personal data being processed and receive such information in writing by the means requested. 
  • Request the rectification of inaccurate personal data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purpose for which it was collected. 
  • Request the restriction of the processing of your data. 
  • object to the processing of your personal data where appropriate, in which case your data will no longer be processed except for legitimate reasons. 
  • The right to portability of your personal data where the processing is based on consent and is carried out by automated means. the data will be provided in a structured, commonly used and machine-readable form. 
  • Right to withdraw consent. 
  • Right to complain to the data protection agency. 

The User may exercise the aforementioned rights by writing to the postal or e-mail address of the Data Controller, proving their identity with a scanned copy of their ID card or equivalent document, and specifying the right they wish to exercise. 

ORIGIN OF THE DATA 

The personal data will be provided by the interested party on a completely voluntary basis.  Failure to provide certain data or questions that may be asked in the registration processes or in the various electronic forms presented to the User may result in the impossibility of accessing certain services for the provision of which it is essential to have personal data, in which case the Responsible Party will inform of the obligatory and/or necessary nature of providing personal data for the operation of the service. 

The Data Controller assures you of the confidentiality of your personal data and guarantees the security of the same, adopting the necessary measures to avoid its alteration, loss, unauthorised processing or access. 

INFORMATION PROVIDED BY THE USER 

Children under the age of 18 may not disclose their personal data without the prior consent of their parent and/or legal guardian. 

Users, by entering their data in the contact forms or submitted in download forms, expressly and freely and unequivocally accept that their data are necessary for the Responsible Party to deal with their request, with the inclusion of data in the remaining fields being voluntary.  

The User guarantees that the personal data provided are truthful and is responsible for communicating any changes to them. 

All data requested through the website are necessary for the provision of an optimal service to the User. In the event that all the data is not provided, there is no guarantee that the information and services provided by the Data Controller will be completely tailored to your needs. 

SECURITY MEASURES  

That in accordance with the provisions of the regulations in force on the protection of personal data, the Controller is complying with all the provisions of the RGPD and LOPDGDD regulations for the processing of personal data under its responsibility, which are processed lawfully, fairly and transparently in relation to the data subject and are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. 

The Controller guarantees that it has implemented appropriate technical and organisational policies to apply the security measures established by the RGPD and the LOPDGDD in order to protect the rights and freedoms of Users and has provided them with the appropriate information so that they can exercise them. 

SECURITY BREACHES  

The Controller will report any security breach affecting the database used by this website, or affecting any of our third party services, to any and all persons, data of which they may have been affected, and authorities, within 72 hours of detection of the breach. 

APPLICABLE LAW AND JURISDICTION 

It reserves the right to bring any civil or criminal action it deems necessary for improper use of the Website and its Contents. 

The relationship between the User and the Controller shall be governed by the regulations in force and applicable in Spanish territory. Should any dispute arise in relation to the interpretation and/or application, the parties will submit their conflicts to the ordinary jurisdiction, submitting themselves to the judges and courts that correspond according to law.