Privacy Policy

Your privacy is important for us. It is the policy of DCPharm SLU (CIF B65340986) to respect your privacy and comply with all applicable laws and regulations with respect to any personal information we may collect about you, including through our website.

Personal information is any information about you that can be used to identify you. This includes information about you as an individual (such as name, address and date of birth), your devices, payment details and even information about how you use a website or online service.

If our site contains links to third-party sites and services, please note that these sites and services have their own privacy policies. After following a link to any third-party content, you should read their posted privacy policy to learn how they collect and use personal information. This Privacy Policy does not apply to any of your activities after you leave our site.

This policy is effective as of February 21, 2024.

Last update: February 21, 2024.

Information we collect

The information we collect falls into two categories: voluntarily provided information and automatically collected information.

Voluntarily provided information refers to any information that you knowingly and actively provide to us when using or participating in any of our services and promotions.

Automatically collected information refers to any information automatically sent by your devices when you access our products and services.

Registration data

When you visit our website, our servers may automatically record standard data provided by your web browser. This may include your device's Internet Protocol (IP) address, your browser type and version, the pages you visit, the date and time of your visit, the time you spend on each page, and other details about your visit.

Additionally, if you encounter certain errors while using the site, we may automatically collect data about the error and the circumstances surrounding it. This data may include technical details about your device, what you were trying to do when the error occurred, and other technical information related to the problem. You may or may not receive notice of such errors, including when they occur, whether they occurred, or what the nature of the error is.

Please note that while this information may not be identifiable by itself, it may be combined with other data to personally identify individual persons.

Device data

When you visit our website or interact with our services, we may automatically collect data about your device, such as:

  • Type of device
  • OS
  • Unique device identifiers
  • Device settings
  • Geolocation data

The data we collect may depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.

Personal information

We may request personal information — for example, when you subscribe to our newsletter or when you contact us — which may include one or more of the following:

  • Name
  • Email
  • Mobile phone number
  • Home/correspondence address

Legitimate reasons to process your personal information

We only collect and use your personal information when we have a legitimate reason to do so. In that case, we only collect personal information that is reasonably necessary to provide you with our services.

Collection and use of information

We may collect personal information provided by you when you do any of the following on our website:

  • Register for an account
  • Buy any product and/or service
  • Buy a subscription
  • Subscribe to receive updates from us via email or social media
  • Use a mobile device or web browser to access our content
  • Contact us by email, social networks or through similar technologies
  • When you mention us on social networks

We may collect, retain, use and disclose information for the following purposes, and personal information will not be further processed in any way that is incompatible with these purposes:

  • Provide you with the core features and services of our platform
  • Allow you to tailor or personalize your experience on our website
  • Process any transactional or ongoing payments
  • Deliver products and/or services
  • Get in touch and communicate with you
  • Advertising and marketing, including to send you promotional information about our products and services and information about third parties which we think may interest you
  • Allow you to access and use our website, associated applications and associated social media platforms
  • Administrative and internal record-keeping purposes
  • Comply with our legal obligations and resolve any disputes we may have
  • Security and fraud prevention, and to ensure that our sites and apps are secure and used in accordance with our terms of use

We may combine voluntarily provided and automatically collected personal information with general information or research data we receive from other reliable sources. For example, if you provide us with your location, we may combine it with general currency and language information to provide you with an improved experience on our site and service.

Security of your personal information

When we collect and process personal information, and while we retain this information, we will protect it using commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use or modification.

Although we will do our best to protect the personal information you provide to us, please be advised that no method of electronic transmission or storage is 100% secure and no one can guarantee the absolute security of any data.

You are responsible for selecting the password and its general security level, which will determine the security of your own information within the limits of our services. For example, you will need to ensure that passwords associated with access to your personal information and accounts are secure and confidential.

How long we keep your personal information

We retain your personal information only for as long as it is necessary. This period of time may depend on what we are using your information for, in accordance with this Privacy Policy. For example, if you have provided us with personal information as part of creating an account with us, we may retain this information for as long as your account exists on our system. If your personal information is no longer necessary for this purpose, we will delete it or anonymize it by removing all details that identify you.

However, we may retain your personal information if we need it to comply with a legal, accounting or reporting obligation, or for public interest archiving, scientific or historical research or statistical purposes.

Children's privacy

None of our products and services are directed directly to children under 13 years of age, and we do not knowingly collect personal information about children under 13 years of age.

Disclosure of personal information to third parties

We may disclose personal information to:

  • a parent company, subsidiary or affiliate of our company
  • third party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, hosting and server providers, advertising networks, analytics, error loggers, debt collectors, suppliers maintenance or troubleshooting, advertising service providers, professional advisors and payment system operators
  • our employees, contractors and/or related entities
  • our existing or potential agents or business partners
  • credit reporting agencies, courts and regulatory authorities, in the event you do not pay for goods or services we have provided to you
  • courts, regulatory authorities and law enforcement officials, as required by law, in connection with any actual or potential legal proceedings, or to establish, exercise or defend our legal rights
  • third parties, including agents or subcontractors who assist us in providing you with information, products, services or direct marketing
  • third parties to collect and process data
  • an entity that purchases, or to which we transfer all or substantially all of our assets and business

Some of the third parties we currently use include:

  • Google Analytics
  • Google AdSense
  • Bing Ads
  • PayPal
  • Stripe
  • Google Payments
  • Apple Pay

International transfers of personal information

The personal information we collect is stored and/or processed in Canada, China, Ireland, Spain, and the United Kingdom, or where we, our partners, affiliates and third-party providers maintain facilities.

The countries to which we store, process or transfer your personal information may not have the same data protection laws as the country in which you initially provided the information. If we transfer your personal information to third parties in other countries: (i) we will make those transfers in accordance with the requirements of applicable law; and (ii) we will protect transferred personal information in accordance with this privacy policy.

Your rights and control of your personal information

Your choice: By providing us with personal information, you understand that we will collect, retain, use and disclose your personal information in accordance with this privacy policy. You are not required to provide us with personal information, however, your failure to do so may affect your use of our website or the products and/or services offered on or through it.

Third party information: If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about another person, you represent and warrant that you have that person's consent to provide the personal information to us.

Marketing permission: If you have previously agreed to us using your personal information for direct marketing purposes, you can change your mind at any time by contacting us using the details below.

Access: You may request details of the personal information we hold about you.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details provided in this privacy policy. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.

Nondiscrimination: We will not discriminate against you for exercising any of your rights over your personal information. Unless your personal information is necessary to provide you with a particular service or offering (for example, processing and fulfilling orders), we will not deny you goods or services and/or charge you different prices or rates for goods or services, including grant you discounts or other benefits, impose penalties on you, or provide you with a different level or quality of goods or services.

Downloading personal information: We provide a means for you to download personal information that you have shared through our site. Please contact us for more information.

Data breach notification: We will comply with the laws applicable to us with respect to any data breach.

Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will investigate your complaint and respond to you in writing, setting out the outcome of our investigation and the steps we will take to address your complaint. You also have the right to contact a regulatory body or data protection authority regarding your complaint.

Cancel subscription: To unsubscribe from our email database or unsubscribe from communications (including marketing communications), please contact us using the details provided in this privacy policy, or use the unsubscribe facilities provided in the communication. We may need to request specific information from you to help us confirm your identity.

Use of cookies

We use "cookies" to collect information about you and your activity on our site. A cookie is a small piece of data that our website stores on your computer and accesses each time you visit, so we can understand how you use our site. This helps us offer you content based on the preferences you have specified.

Please see our Cookie Policy for more information.

Business transfers

If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we will include data, including your personal information, among the assets transferred to the party that acquires us. You agree that such transfers may occur, and that any party that acquires us may, to the extent permitted by applicable law, continue to use your personal information in accordance with this policy, which must be used as a basis for exercising any proprietary rights. or use we have of said information.

Limits of our policy

Our website may have links to external sites that are not operated by us. Please note that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.

Changes to this Policy

At our discretion, we may change our Privacy Policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this Privacy Policy, we will post the changes here, at the same link through which you accessed this Privacy Policy.

If the changes are significant, or if required by applicable law, we will contact you (based on your selected preferences for our communications) and all our registered users with the new details and links to the updated policy or modified.

If required by law, we will obtain your permission or give you the opportunity to opt-in or opt-out, as applicable, of any new use of your personal information.

Additional disclosures for compliance with the General Data Protection Regulation (GDPR) (EU)

Data Controller / Data Processor

The GDPR distinguishes between organizations that process personal information for their own purposes (known as “data controllers”) and organizations that process personal information on behalf of other organizations (known as “data processors”). Us, DCPharm SLU , located at the address indicated in our Contact section, we are a Data Controller with respect to the personal information that you provide to us.

Legal bases for processing your personal information

We will only collect and use your personal information where we have a legitimate right to do so. In which case, we will collect and use your personal information lawfully, fairly and transparently. If we need your consent to process your personal information and you are under 16 years of age, we will seek the consent of your parent or legal guardian to process your personal information for that specific purpose.

Our legal bases depend on the services you use and how you use them. This means that we only collect and use your information for the following reasons:

Consent given by you

When you give us your consent to collect and use your personal information for a specific purpose. You can withdraw your consent at any time using the functions we offer; however, this will not affect any use of your information that has already been made. You may provide a postal address in order to receive orders. Although you can change or delete this address at any time, this will not affect orders that have already been shipped. If you have any further questions about how to withdraw your consent, please do not hesitate to contact us using the details indicated in the Contact section of this Privacy Policy.

Execution of a contract or transaction

When you have entered into a contract or transaction with us, or to take preparatory steps before we enter into a contract or transaction with you. For example, if you purchase a product, service, or subscription from us, we may need to use your personal and payment information to process and deliver your order.

Our legitimate interests

When we believe it is necessary for our legitimate interests, for example, for us to provide, operate, improve and communicate our services. We consider our legitimate interests to include research and development, understanding our audience, marketing and promotion of our services, measures taken to operate our services efficiently, marketing analysis and measures taken to protect our rights. and legal interests.

Law enforcement

In some cases, we may be legally required to use or retain your personal information. Such cases may include (but are not limited to) court orders, criminal investigations, government requests and regulatory obligations. If you have any questions about how we retain personal information to comply with the law, please do not hesitate to contact us using the details set out in the Contact section of this Privacy Policy.

International transfers outside the European Economic Area (EEA)

We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA is protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission or the use of binding corporate rules or other legally accepted means.

Your rights and control of your personal information

Restrict: You have the right to request that we restrict the processing of your personal information if (i) you are concerned about the accuracy of your personal information; (ii) you believe that your personal information has been unlawfully processed; (iii) you need us to retain the personal information solely for the purposes of legal action; or (iv) we are in the process of considering your objection regarding processing on the basis of legitimate interests.

Object to processing: You have the right to object to processing of your personal information that is based on our legitimate interests or the public interest. If this is done, we must provide compelling legitimate grounds for the processing that override your interests, rights and freedoms, in order to continue processing your personal information.

Data portability: You may have the right to request a copy of the personal information we hold about you. Wherever possible, we will provide this information in CSV or other easily machine-readable format. You may also have the right to request that we transfer this personal information to a third party.

Elimination: You may have the right to request that we delete the personal information we hold about you at any time, and we will take reasonable steps to delete your personal information from our current records. If you ask us to delete your personal information, we will inform you how the deletion affects your use of our website or products and services. There may be exceptions to this right for specific legal reasons which, if applicable, we will explain to you in response to your request. If you terminate or delete your account, we will delete your personal information within 14 days of deleting your account. Please note that search engines and similar third parties may still retain copies of your personal information that has been made public at least once, such as certain profile information and public comments, even after you have removed the information from our services or deactivated your account.

Additional disclosures for compliance with the United Kingdom (UK) General Data Protection Regulation (GDPR)

Data Controller / Data Processor

The GDPR distinguishes between organizations that process personal information for their own purposes (known as 'data controllers') and organizations that process personal information on behalf of other organizations (known as 'data processors'). For the purposes covered by this Privacy Policy, we are a Data Controller with respect to the personal information you provide to us and we comply with our data controller obligations under the GDPR.

Content provided by third parties

We may indirectly collect personal information about you from third parties who have your permission to share it. For example, if you purchase a product or service from a company that works with us and you give us permission to use your data to complete the transaction.

We may also collect publicly available information about you, such as from social media and messaging platforms you may use. The availability of this information will depend on both the privacy policies and the privacy settings you have on these platforms.

Additional Disclosure for Collection and Use of Personal Information

In addition to the aforementioned purposes that justify the collection and use of personal information, we may also carry out marketing and market research activities, including how visitors use our site, opportunities to improve the website and user experience.

Personal information that is no longer necessary for our purposes

If your personal information is no longer necessary for our stated purposes or if you tell us under your Data Subject Rights, we will delete it or anonymize it by removing all details that identify you ('Anonymisation'). However, if necessary, we may retain your personal information to comply with a legal, accounting or reporting obligation or for public interest archiving, scientific or historical purposes, or for statistical research purposes.

Legal bases for processing your personal information

Data protection and privacy laws allow us to collect and use your personal data on a limited number of legal bases. In such case, we will collect and use your personal information in a lawful, fair and transparent manner. We never directly market to anyone under 18 years of age.

Our legal bases depend on the services you use and how you use them. This is a non-exhaustive list of the legal bases we use:

Consent on your part

When you give us your consent to collect and use your personal information for a specific purpose. You can withdraw your consent at any time using the options we provide; however, this will not affect any use of your information that has already been made. When you contact us, we assume your consent based on your positive contact action, therefore you consent to your name and email address being used so that we can respond to your inquiry.

If you agree to receive marketing communications from us, we will do so solely based on your indication of consent or until you tell us otherwise, which you can do at any time.

While you can request that we delete your contact details at any time, we cannot recover any emails we have already sent. If you have any further questions about how to withdraw your consent, please feel free to consult the details provided in the Contact Us section of this privacy policy.

Fulfillment of a contract or transaction

Where you have entered into a contract or transaction with us, or to take preparatory steps before entering into a contract or transaction with you. For example, if you contact us with a query, we may require personal information such as your name and contact details in order to respond.

Our legitimate interests

When we consider it necessary for our legitimate interests, such as providing, operating, improving and communicating our services. We consider our legitimate interests to include research and development, understanding our audience, marketing and promotion of our services, measures taken to operate our services efficiently, marketing analysis and measures taken to protect our rights. legal and interests.

Law enforcement

In some cases, we may have a legal obligation to use or retain your personal information. These cases may include (but are not limited to) court orders, criminal investigations, government requests and regulatory obligations. For example, we are required to retain financial records for a period of 7 years. If you have any other questions about how we hold personal information to comply with the law, please feel free to consult the details provided in the Contact Us section of this privacy policy.

International transfers of personal information

The personal information we collect is stored and/or processed in the United Kingdom by us. Following an adequacy decision by the European Commission, the UK has been granted a level of protection essentially equivalent to that guaranteed by the UK GDPR.

On some occasions, when we share your data with third parties, they may be located outside the UK or the European Economic Area ('EEA'). Those countries to which we transfer, store or process your personal information may not have the same data protection laws as the country in which you initially provided the information.

If we transfer your personal information to third parties in other countries:

  • We will make such transfers in accordance with the requirements of the UK GDPR (Article 45) and the Data Protection Act 2018;
  • We will adopt appropriate safeguards to protect transferred data, including in transit, such as standard contractual clauses ('SCCs') or binding corporate rules.

Your rights as a data subject

Right to limit processing: You have the right to request that we limit the processing of your personal information if (i) you are concerned about the accuracy of your personal information; (ii) you believe that your personal information has been unlawfully processed; (iii) you need us to hold the personal information solely for the purpose of asserting a legal claim; or (iv) we are considering your objection regarding processing based on legitimate interests.

Right to object: You have the right to object to processing of your personal information that is based on our legitimate interests or the public interest. If you do so, we must provide compelling legitimate grounds for the processing that override your interests, rights and freedoms, in order to continue processing your personal information.

Right to be informed: You have the right to be informed about how your information is collected, processed, shared and stored.

Right of access: You may request a copy of the personal information we hold about you at any time by submitting a Data Subject Access Request (DSAR). The legal deadline to comply with a DSAR request is 30 calendar days from receipt of your request.

Right of deletion: In certain circumstances, you can request that your personal data be deleted from records held by organizations. However, this is a qualified right; It is not absolute and can only be applied in certain circumstances.

When can the right of deletion be applied?

  • When the personal data is no longer necessary for the purpose for which it was originally collected or processed.
  • If consent was the legal basis for the processing of personal data and that consent has been withdrawn. DCPharm SLU relies on consent to process personal data in very few circumstances.
  • The Company relies on legitimate interests as the legal basis for the processing of personal data and an individual has exercised the right to object and it has been determined that the Company has no compelling legitimate grounds to reject that request.
  • Personal data is being processed for direct marketing purposes, for example an individual's name and email address, and the individual objects to such processing.
  • There is legislation that requires personal data to be destroyed.

Right to portability: Individuals have the right to obtain some of their personal data from an organization in a way that is accessible and machine-readable, for example as a CSV file. Associated with this, individuals also have the right to request an organization to transfer their personal data to another organization.

However, the right to portability:

  • only applies to personal data that an individual has provided directly to DCPharm SLU in electronic format; and
  • onward transfer will only be available where this is 'technically feasible'.

Right to rectification: If personal data is inaccurate, out of date or incomplete, individuals have the right to correct, update or complete that data. Collectively, this is known as the right to rectification. Rectification may involve filling in the gaps, i.e. completing incomplete personal data, although this will depend on the purposes of the processing. This may involve adding a supplementary statement to incomplete data to highlight any inaccuracies or related claims.

This right only applies to an individual's own personal data; A person cannot request rectification of another person's information.

Data breach notification: Upon discovery of a data breach, we will investigate the incident and report it to the UK data protection regulator and to you, if we consider it appropriate to do so.

Complaints: You have the right, at any time, to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). However, we would appreciate the opportunity to resolve your concerns before you approach the ICO, so please contact us in the first instance using the details provided below. Please provide us with as much information as possible about the alleged violation. We will investigate your complaint promptly and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to address your complaint.

Inquiries, reports and escalation

To consult the privacy policy of DCPharm SLU or report violations of user privacy, you can contact our Data Protection Officer using the details in the Contact Us section of this privacy policy.

If we are unable to resolve your concern satisfactorily, you can also contact the Information Commissioner's Office (ICO), the UK's data protection body:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113 (local rate)
Website: www.ico.org.uk