1 Personal Information
1.2 Derma UK (we, us, our) is a registered data controller under the terms of the Data Protection Act 2018. Details of our notification to the data protection regulator may be found in the Information Commissioner’s Office Public Register of Data Controllers at ico.org.uk.
Our registered office address is at Toffee Factory, Ouseburn, Newcastle, Newcastle upon Tyne NE1 2DF
1.3 Our Acting Data Protection Officer is: Declan Mulholland, Brand Manager
2 General Information
(a) visit our websites at:
(ii) Request product samples and product information or apply for a vacancy
(iii) Place an order with us
3 What information do we collect?
3.1 When you use the Website and / or request product information and or samples or place an order we may ask you to provide certain information such as, your name and contact details (including your address, email address, and contact telephone number).
4 What do we use your information for?
4.1 You have the right to be told the lawful basis and purposes for the processing of your personal data. We are relying on your explicit consent to the processing of your personal data. This means that if you exercise your right to withdraw your consent (please see paragraph 8 below) we will no longer be able to process your data.
4.2 We may use your information for the following purposes:
(a) to: process any information provided by you to us and to store your personal data (as defined by GDPR) in our databases; for the purpose of supplying you information about our products and service, to enable us to process your order, or to inform you about a product recall.
(b) for our own market intelligence gathering purposes, to enable us to understand the dermatology market and prepare demographic, analytical, statistical or market information (which may include aggregating your data with, and benchmarking it against, data received from other individuals, and to improve our services (all on the basis that your personal data will be completely anonymised and you will not be capable of being identified from such information if we share it externally).
(c) for such purposes as are reasonably necessary to comply with any legal obligations to which we are subject in the performance of our Services.
4.3 We shall periodically check that the personal data we store for you is accurate. If you would like to update the personal data we hold about you, please contact us with your request using the contact details at paragraph 12.
5 Who do we share your information with?
5.1 As part of using our Services, you consent to us sharing your personal information with the following parties:
(a) our data hosting/support service providers who process and store data on our behalf;
(b) our professional advisors and consultants;
(c) third party data providers for the purposes of validating the information provided by you and to check that the data we hold about you is accurate, consistent and up to date
(d) our trusted third-party emailing service provider whom we use to upload and send email communications to you.
(e) only relevant information with third-party organisations to deliver the service you have asked for, for example, with payment processors for fraud prevention purposes, delivery details with our courier partners, e-mail services and communication providers to communicate updates to your order and to answer any queries you send to us or to gather further information to allow our team to safely process your order.
We share the minimum amount of information for the relevant purpose.
5.2 We may also share your personal information with third parties:
(a) in the event that our business, or substantially all of its assets are acquired by a third party (in which case personal information about customers will be one of the transferred assets);
(b) if we are under a duty to disclose or share your personal data to comply with any legal obligation, or to enforce or apply any contract with you or to protect our rights, property, or safety of our employees, customers, or others
(c) to handle notifications of adverse events in accordance with legal requirements, which may be contained in communications received from you via the Website. Data on adverse events may be transferred in an anonymised format to the European Medicines Agency and to the competent health authorities, as required by the applicable laws. It may also be transferred to our consultants who are authorised to process this data on our behalf and as well as to other legitimate recipients.
(d) if such disclosure is necessary in connection with any law including any investigation or complaint regarding your use of our Website and our secure database.
6 Transfers of personal data outside of the United Kingdom and the EEA
(a) If you are located within the United Kingdom and the European Economic Area (EEA), then we will not transfer your personal data outside of the United Kingdom and the EEA; or
(b) outside of the United Kingdom and the EEA, then we may transfer your personal data outside of the United Kingdom and the EEA solely for the purposes of corresponding with you in relation to our requested Services, including product information.
6.2 We shall ensure that any such transfers outside of the United Kingdom and the EEA are lawful and with an adequate level of protection and that your personal information is kept secure in accordance with the DPA 1998 (up to and including 24 May 2018) and the GDPR (from and including 25 May 2018).
7 How long do we store your personal data for?
7.1 We only store your personal information for as long as necessary for the purposes listed in paragraph 4.
8 What are your rights?
8.2 Access to your personal data: You may request access to a copy of your personal data by contacting us using the contact details in paragraph 12.
8.3 Right to withdraw: You may withdraw your consent to us processing your personal data at any time. Please contact us using the details located at paragraph 12 if you would like to withdraw your consent and we will delete your data in line with your right to erasure at paragraph 8.5 below. Please note that in the event that you wish to exercise your rights under this paragraph 8.3, we may be unable to process your application for samples any further or continue to provide our Services to you, i.e. product information and details of any product recall.
8.4 Rectification: You may ask us to rectify inaccurate information held about you. If you would like to update the data we hold about you, please contact us using the details in paragraph 12
8.5 Erasure: You may ask us to delete your personal data. If you would like us to delete the personal data we hold about you, please contact us using the contact details in paragraph 12 and specify why you would like us to delete your personal data. Please note that in the event that you wish to exercise your rights under this paragraph 8.5, we may be unable to process a sample request any further or continue to provide our information services to you.
8.6 Portability: You may ask us to provide you with the personal information that we hold about you in a structured, commonly used, machine readable form, or ask for us to send such personal data to another data controller by contacting us using the contact details in paragraph 12.
8.8 Make a complaint: You may make a complaint about our data processing activities to a supervisory authority, for the UK this is the Information Commissioner’s Office, at
9 Cookies Policy
9.1 Certain parts of the Website use “Cookies” to keep track of your visit and to help you navigate between sections.
9.2 What are Cookies? A Cookie is a small data file that certain websites store on your computer’s hard-drive when you visit such websites. Cookies can contain information such as your user ID and the pages you have visited.
9.4 How do I reject or accept Cookies? You may refuse to accept Cookies by activating the setting on your browser which allows you to refuse the setting of Cookies. If, however, you select this setting you may be unable to access our sample request pages on our Website as the information you provide will be lost as you navigate between pages on the Website.
9.5 See http://ico.org.uk/for-the-public/online/cookies/ for more information about Cookies and how to disable them in your browser.
10 Security and Data Storage
10.1 We will treat all your information in strict confidence and we will endeavour to take all reasonable steps to keep your personal data secure once it has been transferred to our systems. We adopt and ensure any third-party suppliers providing services on our behalf adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal information, and data stored on the Website and associated databases.
10.2 Please note that the internet is not a secure medium and we cannot guarantee the security of any data you disclose online. You accept the inherent security risks of providing information and dealing online over the internet and will not hold us liable for any breaches of your data protection rights attributable to the transmission of your personal data over the internet.
(a) our privacy team at [email protected] (or such other email address as may be displayed on the “Contact Us” section of our Website from time to time); or
(b) our acting Data Protection Officer by post at Derma UK Ltd Toffee Factory, Ouseburn, Newcastle upon Tyne, Tyne & Wear, NE1 2DF.