Dermpiece Logo

PRIVACY POLICY

 

Last Updated: 01/02/2024

1. Who we are
Locanza Limited as the provider of the website www.dermpiece.com (hereinafter referred to as the “Website”, “Dermpiece”, “we”, “us”, “our”) respect your privacy and we are committed to protecting the personal data we process about you. Dermpiece is an online marketplace which enables:
Category 1: “Vendors” to share and monetize their content;
Category 2: “Consumers” to subscribe, view, and buy the content of Vendors, and
Category 3: “Visitors” of the Website who does not create an account on the Website and cannot upload or buy any content;

2. About this Policy
Subject to our Terms of Service at https://dermpiece.com/terms (hereinafter referred to as “Terms of Service”), we do not process personal data of the Category 3 Consumers (i.e., the visitors of the Website who have not created an account). Instead, in such instances, we use cookies for the purposes identified in our Cookie Policy, which is available at https://dermpiece.com/cookie (hereinafter referred to as the “Cookie Policy”). For more information, including on how to manage your preferences on, and disable, cookies, please refer to our Cookie Policy.

For the individuals who fall within the remaining two categories of users listed in Category 1 and Category 2, personal data is processed in line with this Privacy Policy (hereinafter referred to as the “Privacy Policy”).

This Privacy Policy for Categories 1 and 2 above describes how we collect, use, process, and disclose your information, including personal information, in conjunction with your access to and use of the Website. We process personal data only in accordance with this Privacy Policy and the relevant legislation, in particular GDPR. By accessing the Website, you acknowledge that you have read this Privacy Policy and understand that your personal data may be processed, including as explained below any data that may reflect or concern your sex life, sexual preferences, and sexual orientation. You also acknowledge that without your consent with personal data processing, we may be unable to comply with our contractual obligations, may be unable to offer you the entire range of products and services available on the Website, and may prevent you from creating an account on this Website.

This Privacy Policy explains our practices with respect to the personal data we process about our Vendors and Consumers. Some parts of the Policy are specifically aimed at Vendors, and some parts are specifically aimed at Consumers. It also applies to how we process the personal data of individuals that feature in content uploaded by a Vendor, and where we process personal data about you in the context of our business relationships.

We process your personal data when you use our website located at www.dermpiece.com (“Website”) and for the provision of the services that we offer from time to time via our Website. We also process your personal data when you interact with us through our social media pages on third-party websites, or otherwise. We refer to these activities collectively as the “Services” in this Policy.
We are a “data controller” of the personal data that we process in connection with the Services. This means that we decide the reasons why we process personal data about you and how we do so.

Please review this Policy to understand how we process your personal data in connection with the Services. By using our Services, you acknowledge that you have read and understand the information in this Policy.
If you have any questions about this Policy or our processing of your personal data, please see Section 17 (assistance and contact information) for information about how to contact us.

3. What is personal data?
“Personal data” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular person or household.
In addition, we may collect data that is not capable of identifying you or is otherwise not associated or linked with you, such as deidentified, aggregated or anonymised information. This type of data is not personal data and our use of such data is not subject to this Policy.

4. Informing us of changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes at any point during your relationship with us. Updates or corrections can be made through your account settings on our Website.

5. Applicability of this Policy (18+)
This Policy is provided in addition to, but does not form part of, our Terms of Service (which includes our Acceptable Use Policy) that govern your use of our Website and the Services.
Our Services are strictly intended for individuals 18 years of age or older. Anyone under 18 years of age is not permitted to use the Services. By using the Services, you represent that you are 18 years of age or older.

6. Third-party links
Our Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share personal data about you.
We are not responsible for, and this Policy does not apply to, the content, security or privacy practices of those other websites, plug-ins or applications. We encourage you to view the privacy and cookie policies / notices of those third parties to find out how your personal data may be used.

7. If you do not wish to provide personal data
We need to collect certain personal data from you in order to provide you with access to the Services or specific features and functionalities of the Services in accordance with our contract with you (i.e. our Terms of Service). We are also required to process certain personal data in accordance with applicable laws. Please note that if you do not wish to provide personal data where requested, we may not be able to provide you with access to the Services or specific features and functionalities of the Services.

8. Updates to this Policy
We may update this Policy from time to time, and any updates will be effective upon our posting of the revised Policy on our Website. We will use reasonable efforts to notify you in the event that material updates are made to this Policy, such as sending you a feed notification or a chat message via your account on our Website.

9. Categories of personal data
We process, or our third-party providers process on our behalf, different kinds of personal data about Vendors and Consumers, which we have grouped together as follows:

Category of personal data

Description

Consumer Data

Vendors
·        full name*
·        alias, if applicable
·        residential address
·        country of residence*
·        email address
·        telephone number
·        third-party social media handle / personal website address (used to further verify your age and identity and to help us better understand the content which you are likely to share on our Website)
·        email address
·        telephone number

Third-Party Onboarding Data

The following types of personal data are collected directly by our third-party providers during onboarding:

Vendors
·        a copy of the government identity document that you provide to our third-party providers
·        a short .gif, taken from a “selfie” that you provide to our third-party providers
·        the results of the third-party age and identity verification process (pass / fail and reason for failing)
·        metadata associated with the third-party age and identity verification process (e.g. start and finish time)

Consumers
·        for locations where we conduct third-party age and identity verification of Consumers, a copy of the government identity document that you provide to our third-party providers
·        for locations where we carry out third-party age estimation, or third-party age and identity verification of Consumers, a short .gif, taken from a “selfie” that you provide to our third-party providers
·        the results of the third-party age estimation process or third-party age and identity verification process (pass / fail and reason for failing)
·        metadata associated with the third-party age estimation process or third-party age and identity verification process (e.g. Consumer start and finish time)

Account Data

Vendors
·        profile name
·        password
·        avatars and headers of your Vendor account
·        your subscriptions, subscribers and referrals
·        inquiries that you have made to your Vendor account
·        inquiries replies or comments made from your Vendor account
·        customer support queries that you submit to us

Consumers
·        profile name
·        password
·        avatars and headers of your Consumer account
·        chat messages between you and other vendors
·        customer support queries that you submit to us

Financial Data

Vendors
·        payment card details*
·        billing address
·        funds added to your wallet
·        bank account information

Consumers
·        payment card details*
·        billing address
·        funds added to your wallet

* Please note: Any payments made to view the content of Vendors are processed by our third-party payment providers. We do not receive your full payment card number, payment card expiration date, or the security code. Instead, the payment provider provides us with a “token” that represents your account, your payment card’s expiration date, payment card type and the first six and last four digits of your payment card number.

Transaction Data

Vendors
·        earnings
·        pay-out requests
·        payments made to your Vendor account
·        payments made from your Vendor account to other Vendors
·        any failed payments

Consumers
·        payments made from your Consumer account to Vendors
·        any failed payments

Technical Data

Vendors and Consumers
Internet or other electronic network activity information, including:
·        internet protocol (IP) address (and associated location data)
·        Internet Service Provider (ISP)
·        device and type
·        name and version of browser

Usage Data

Vendors and Consumers
We use cookies where necessary (to allow you to browse the Services and access certain pages of the Website) and, with your consent we will use cookies:
·        for performance on the Website (e.g. to analyse how Consumers interact with the Website to improve the Services and, where you are a Vendor, so that we can recognise that you have referred another Vendor through your unique referral code)
·        for Website functionality (e.g. saving your logged-in status)

More information on our use of cookies, including how to delete or block cookies, can be found in our Cookie Notice. In some cases, data collected from cookies will be in a deidentified, aggregated or anonymised format.
We currently do not use any cross-site tracking technologies and we do not sell personal data collected about you, or share personal data collected about you for cross-context behavioural advertising.

10. Obtaining your personal data
We collect your personal data from the following categories of sources:

  • Directly from you: When you provide it to us directly to open an account and use the Services, when you update your personal data in your account, or by corresponding with us (e.g. User Data, Account Data).
  • Automatically or indirectly from you: For example, through and as a result of your use of the Services (e.g. Transaction Data, Technical Data, Usage Data).
  • From our service providers: For example, where permitted by applicable law, we receive Third-Party Onboarding Data and certain Technical Data from our third-party age and identity verification providers.

11. Sharing your personal data
We share personal data with the following categories of third parties:

  • Our third-party service providers: Such as our IT, payment processing, customer support, content and text moderation, and age and identity verification / age estimation service providers. The lawful basis we rely on for sharing personal data with these recipients is that it is necessary for our legitimate interests (namely the receipt of services to support business functionality).
  • Our professional advisers: Such as our legal advisors, bankers, auditors, accountants, consultants, and insurers. Our professional advisors will process personal data as necessary to provide their services to us. The lawful basis we rely on for sharing personal data with these recipients is that it is necessary for our legitimate interests (namely the receipt of professional services).
  • Corporate: Relevant third parties in the event of a possible sale, merger, acquisition, business reorganisation or group restructuring exercise. The lawful basis we rely on for sharing personal data with these recipients is that it is necessary for our and the relevant third parties’ legitimate interests (namely assessing and putting into effect potential transactions).
  • Our group companies: For the centralised coordination and management of our business, in accordance with the purposes set out at Section 9 (categories of personal data). These recipients will process personal data in the same way as set out in this Policy. The lawful basis we rely on for sharing personal data with these recipients is that it is necessary for our legitimate interests (namely coordinating the global operations of our business).
  • Relevant authorities, regulators and organisations:  These recipients will use your personal data in the performance of their regulatory, law enforcement or otherwise charitable or not-for-profit role. The lawful basis we rely on for sharing personal data with these recipients is that the processing is either necessary to comply with a legal obligation to which we are subject, or necessary for our, or a third-party’s, legitimate interests, or where it is in the interests of the wider public to do so (namely reporting illegal content to, and assisting with requests from, such authorities, regulators and organisations, to protect the safety of our users and third parties).

12. International data transfers
We share your personal data within our group companies and to our third parties, as set out at Section 11 (sharing your personal data).
We make those transfers: (i) to countries that have been deemed to provide an adequate level of protection for personal data; (ii) using appropriate safeguards; or (iii) where otherwise authorised by applicable law.

13. Your rights regarding personal data
You have certain rights regarding the collection and processing of personal data. You may exercise these rights by contacting us using the contact details set out at Section 17 (assistance and contact information).

Under certain circumstances and subject to certain exemptions, you have the right to:

  • Withdraw your consent to the processing of your personal data: Please note that withdrawing your consent will not affect the lawfulness of any processing carried out before you withdraw your consent.
  • Request to know or access to your personal data: You may receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you: You may correct any incomplete or inaccurate personal data we hold about you.
  • Request deletion / erasure of your personal data: You may ask us to delete or remove personal data where there is no legitimate reason for us continuing to process it. You also may ask us to delete or remove your personal data where you have exercised your right to object to processing (see below). Please note that we may not always be able to comply with your request of deletion / erasure for specific legal reasons.
  • Request the restriction of processing of your personal data: You may ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of some sections of your personal data to another party.

You also have the right to object to processing of your personal data where we are relying on a legitimate interest for the processing and there is something about your particular situation which makes you want to object to processing on this ground.

We do not process personal data that is subject to solely automated decision-making, where that decision-making is likely to have a legal or similarly significant effect on you.

You also have the right:

  • To lodge a complaint with a data protection regulator. You may wish to contact your local country or state-specific data protection regulator.
  • Depending on your location, to not receive retaliatory or discriminatory treatment in connection with a request to exercise the above rights, or appeal a decision we have made in connection with your privacy rights request. All appeal requests should be submitted by contacting us using the contact details set out at Section 19 (assistance and contact information).

14. Exercising your rights

If you would like to exercise your rights set out at Section 15 (your rights regarding personal data), you may do so by contacting us using the contact details set out at Section 17 (assistance and contact information).

If you submit the request yourself, please ensure that your request contains sufficient information to allow us to confirm your identity and properly understand, evaluate, and respond to it.

In order to verify your identity, we may at times need to request additional personal data from you, taking into consideration our relationship with you and the sensitivity of your request. In certain circumstances, we may decline a privacy rights request, particularly where we are unable to verify your identity.

If your request is made by a third-party authorised by you, we will also require proof that the third-party has permission to submit the request on your behalf (such as a signed document evidencing that the third-party has authority to make the request).

15. Choices and control over your personal data

Modifying and deleting your personal data: If you have an account with us, you may update your account settings on our Website. Please note that changes to your settings may require some time to take effect.

Access to device information: You may control the Services’ access to your Technical Data through your “Settings” app on your device. For instance, you can withdraw permission for the Services to access your network devices and geolocation.

Email notification opt-out: We currently do not send emails for direct marketing purposes. However, we do send email notifications which are related to your account (e.g. for Vendors, where you have a new order, you have received a new inquiry). You may opt-out of receiving certain types of email communications from us by changing your notification preferences on our Website. You may also email us using the contact details set out at Section 17 (assistance and contact information). Please include “E-mail notification opt-out” in the email’s subject line and include your name and your account email address in the body of the email.

Please note that you cannot opt-out of certain automated email notifications that are necessary to provide the Services or are otherwise required in accordance with applicable law (e.g. account verification, transactional communications, changes / updates to features of the service, technical and security notices).

16. Retention of personal data

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes for which it was collected, as set out in this Policy. Subject to the below, we retain personal data for a period of 6 months after the deletion or deactivation of your account on the Website.

Please note that:

  • We will delete your personal data sooner where a shorter retention period is required by applicable law.
  • We will retain your personal data for a longer period to the extent we deem necessary to carry out the processing activities set out in this Policy, for example:
    • where it is necessary to comply with laws and regulatory obligations that are applicable to us (e.g. adhering to record keeping / maintenance requirements in certain locations and financial / tax reporting requirements, which in some cases is up to 7 years, and if we receive a valid legal request, such as a preservation order or search warrant, related to your account);
    • for the purposes of identifying and reporting illegal activity, protecting the safety of our Users and third parties, or otherwise protecting the rights and property of our Users, us, and other third parties (e.g. where you have, or we have reason to believe that you have, violated our Terms of Service, and in circumstances where Users are banned from further access to the Website);
    • for purposes of legal proceedings (e.g. to defend ourselves in litigation about a claim related to you); and
    • for the purposes of responding to requests from third parties in relation to your account, such as requests received from, or investigations by, law enforcement authorities, relevant governmental authorities (e.g. tax authorities and regulatory authorities) and non-governmental organisations.

The personal data that we retain and the length of time for which it is retained will be determined on a case-by-case basis, depending on the particular circumstances.

17. Assistance and contact information

If you have questions about this Policy, or how we process your personal data, please email us at legal@dermpiece.com.

Address:
Locanza Limited.
Zimpeto, Mecufi Street 249
Maputo, Mozambique

Shopping Cart