Our Corporate Privacy
The Company shall endeavor to ensure all collection and/or storage and/or transmission and/or usage of personal data by the Company shall be done in an appropriate manner for purposes of managing customer relations in accordance with the Personal Data Protection Act of Singapore (“the Act”) and to enable you to receive future offers. Where an individual legitimately requests access to and/or correction of personal data relating to the individual, held by the Company, then the Company shall provide and/or correct that data in an appropriate time and manner.
Statement of Practices
Types of Personal Data Collected: For the purpose of carrying on the Company’s business, including registration and administration of the Company’s related products and services (including relevant online services), you may be requested to provide personal data (“Personal Data”) such as, but not limited to, the following, without which it may not be possible to satisfy your request:
- Your name;
- Correspondence address, and/or billing address;
- Payment details, including credit card and banking information;
- Contact details, including contact name and telephone number or email address
- Account login information. Any information that is required to give you access to your specific account profile. Examples include your login ID/email address, screen name, password in unrecoverable form, and/or security question and answer.
- Demographic information & interests. Any information that describes your demographic or behavioural characteristics. Examples include your date of birth, age or age range, gender, geographic location (e.g. postcode/zip code), favourite products, hobbies and interests, and household or lifestyle information.
- Information from computer/mobile device. Any information about the computer system or other technological device that you use to access one of Our Websites or apps, such as the Internet protocol (IP) address used to connect your computer or device to the Internet, operating system type, and web browser type and version. If you access a Galderma website or app via a mobile device such as a smartphone, the collected information will also include, where permitted, your phone’s unique device ID, advertising ID, geo-location, and other similar mobile device data.
- Websites/communication usage information. As you navigate through and interact with Our Websites or newsletters, We use automatic data collection technologies to collect certain information about your actions. This includes information such as which links you click on, which pages or content you view and for how long, and other similar information and statistics about your interactions, such as content response times, download errors and length of visits to certain pages. This information is captured using automated technologies such as cookies and web beacons, and is also collected through the use of third party tracking for analytics and advertising purposes. You have the right to object to the use of such technologies.
- Market research & consumer feedback. Any information that you voluntarily share with Us about your experience of using Our products and services.
- Consumer-generated content. Any content that you create and then share with Us on third party social networks or by uploading it to one of Our Websites or apps, including the use of third party social network apps such as Facebook. Examples include photos, videos, personal stories, or other similar media or content. Where permitted, We collect and publish consumer-generated content in connection with a variety of activities, including contests and other promotions, website community features, consumer engagement, and third party social networking.
- Third party social network information. Any information that you share publicly on a third party social network or information that is part of your profile on a third party social network (such as Facebook) and that you allow the third party social network to share with Us. Examples include your basic account information (e.g. name, email address, gender, birthday, current city, profile picture, user ID, list of friends, etc.) and any other additional information or activities that you permit the third party social network to share. We receive your third party social network profile information (or parts of it) every time you download or interact with a Galderma web application on a third party social network such as Facebook, every time you use a social networking feature that is integrated within a Galderma site (such as Facebook Connect) or every time you interact with Us through a third party social network. To learn more about how your information from a third party social network is obtained by Galderma, or to opt-out of sharing such social network information, please visit the website of the relevant third party social network.
- Payment and Financial information. Any information that We need in order to fulfil an order, or that you use to make a purchase, such as your debit or credit card details (cardholder name, card number, expiration date, etc.) or other forms of payment (if such are made available). In any case, We or Our payment processing provider(s) handle payment and financial information in a manner compliant with applicable laws, regulations and security standards such as the Payment Card Industry Data Security Standard (PCI DSS).
- Sensitive Personal Data. We do not seek to collect or otherwise process sensitive Personal Data in the ordinary course of Our business. Where it becomes necessary to process your sensitive Personal Data for any reason, We rely on your prior express consent for any processing which is voluntary (e.g. for marketing purposes). If We process your sensitive Personal Data for other purposes, We rely on the following legal bases: (i) investigations or proceedings; and (ii) compliance with applicable law (including but not limited to the Act and to comply with Our diversity reporting).
The Company may employ other companies and/or individuals to assist Us in providing Our services, or to provide certain services such as analysing customer lists, providing marketing assistance or consulting services. These third parties may have access to information needed to perform their functions but cannot use that information for other purposes. Some of the Company’s Websites may place a “cookie” on your machine; for example to provide personalised services and/or maintain your identity across multiple pages within or across one or more sessions. This information may include, but is not limited to, relevant login and authentication details as well as information relating to your activities and preferences across Our Websites.
Sources of Personal Data
Galderma websites. Consumer-directed websites operated by or for Galderma, including sites that We operate under Our own domains/URLs and mini-sites that We run on third party social networks such as Facebook (“Websites”).
Galderma mobile sites/apps. Consumer-directed mobile sites or applications operated by or for Galderma, such as smartphone apps.
E-mail, text and other electronic messages. Interactions with electronic communications between you and Galderma.
Galderma CES. Communications with Our Consumer Engagement Services team (“CES”).
Offline registration forms. Printed or digital registration and similar forms that We collect via, for example, postal mail, in-store demos, contests and other promotions, or events.
Advertising interactions. Interactions with Our advertisements (e.g., if you interact with on one of Our ads on a third party website, We may receive information about that interaction).
Data We create. In the course of Our interactions with you, We may create Personal Data about you (e.g. records of your purchases from Our websites).
Data from other sources. Third party social networks (e.g. such as Facebook, Google), market research (if feedback not provided on an anonymous basis), third party data aggregators, Galderma promotional partners, public sources and data received when We acquire other companies.
Personal Data of Children
We do not knowingly solicit or collect Personal Data from children below the age of 13. If We discover that We have unintentionally collected Personal Data from a child below 13, We will remove that child’s Personal Data from Our records promptly. However, Galderma may collect Personal Data about children below the age of 13 years of age from the parent or guardian directly, and with that person’s explicit consent.
Uses of Your Personal Data
Consumer service. We use your Personal Data for consumer service purposes, including responding to your enquiries. This typically requires the use of certain personal contact information and information regarding the reason for your inquiry (e.g. order status, technical issue, product question/complaint, general question, etc.).
Contests, marketing and other promotions. With your consent (where required), We use your Personal Data to provide you with information about goods or services (e.g. marketing communications or campaigns or promotions). This can be done via means such as email, ads, SMS, phone calls and postal mailings to the extent permitted by applicable laws. Some of Our campaigns and promotions are run on third party websites and/or social networks. This use of your Personal Data is voluntary, which means that you can oppose (or withdraw your consent) to the processing of your Personal Data for this purposes.
Third party social networks: We use your Personal Data when you interact with third party social networking features, such as “Like” functions, to serve you with advertisements and engage with you on third party social networks. You can learn more about how these features work, the profile data that We obtain about you, and find out how to opt out by reviewing the privacy notices of the relevant third party social networks.
Personalisation (offline and online). With your consent (where required), We use your Personal Data (i) to analyse your preferences and habits, (ii) to anticipate your needs based on Our analysis of your profile, (iii) to improve and personalise your experience on Our Websites and apps; (iv) to ensure that content from Our Websites/apps is optimised for you and for your computer or device; (v) to provide you with targeted advertising and content, and (vi) to allow you to participate in interactive features, when you choose to do so. For example, We remember your login ID/email address or screen name so that you can quickly login the next time you visit Our site or so that you can easily retrieve the items you previously placed in your shopping cart. Based on this type of information, and with your consent (where required), We also show you specific Galderma content or promotions that are tailored to your interests. The use of your Personal Data is voluntary, which means that you can oppose the processing of your Personal Data for this purpose.
Order fulfilment. We use your Personal Data to process and ship your orders, inform you about the status of your orders, correct addresses and conduct identity verification and other fraud detection activities. This involves the use of certain Personal Data and payment information.
Other general purposes (e.g. internal or market research, analytic, security). In accordance with applicable laws, We use your Personal Data for other general business purposes, such as maintaining your account, conducting internal or market research and measuring the effectiveness of advertising campaigns. We reserve the right, if you have Galderma accounts, to reconcile those accounts into one single account. We also use your Personal Data for management and operation of Our communications, IT and security systems.
Legal reasons or merger/acquisition. In the event that Galderma or its assets are acquired by, or merged with, another company (including through bankruptcy or insolvency), We will share your Personal Data with any of Our legal successors. We will also disclose your Personal Data to third parties (i) when required by applicable law; (ii) in response to legal proceedings; (iii) in response to a request from a competent law enforcement agency; or (iv) in accordance to the provisions of the Act.
Accuracy of Personal Data
Where necessary and possible, We will validate data provided using generally accepted practices and guidelines. This includes the use of check sum verification on some numeric fields such as account numbers or credit card numbers. In some instances, We are able to validate the data provided against pre-existing data held by the Company. In some cases, the Company is required to see original documentation before We may use the Personal Data such as with personal identifiers and/or proof of address.
Storage and Retention of Personal Data
The Company will endeavor to take all reasonable steps to keep secure any personal information recorded, and to keep this information accurate and up to date in accordance with the requirements of the Act. The information is stored on secure servers if in digital format, or in locked areas if in hardcopy format: these repositories are protected in controlled facilities to prevent unauthorised access. In some cases, these facilities may be overseas. Authorised Company employees and data processors are obliged to respect the confidentiality of any personal information held by Company, and will process your data on a need to know basis. However, security of communications over the Internet cannot be guaranteed, and therefore absolute assurance that information will be secure at all times cannot be given. The Company will not be held responsible for events arising from unauthorized access to personal information. It is important that you also play a role in keeping your Personal Data safe and secure. When signing up for an online account, please be sure to choose an account password that would be difficult for others to guess and never reveal your password to anyone else. You are responsible for keeping this password confidential and for any use of your account. If you use a shared or public computer, never choose to have your login ID/email address or password remembered and make sure to log out of your account every time you leave the computer. You should also make use of any privacy settings or controls We provide you in Our Website/app.
Galderma will retain copies of your Personal Data in a form that allows for identification only for as long as:
- (i) We maintain an ongoing relationship with you (e.g. where you are included in Our mailing list and have not unsubscribed);
- (ii) Your Personal Data is necessary in connection with the purposes set out in this Privacy Notice and We have a valid legal basis,
- The duration of: (i) any applicable limitation period (i.e. any period during which a person could bring a legal claim against Us), and (ii) an additional 2 months following the end of the applicable limitation period (so We are able to identify any Personal Data of a person who may bring a claim at the end of the applicable period),
- In addition, if any relevant legal claims are brought, We may continue to process your Personal Data for such additional time necessary in connection with that claim.
During the periods noted in paragraphs b(i) and b(ii) above, We will restrict Our processing of your Personal Data to storage or, and maintaining the security of, those data, except to the extent the data need to be reviewed in connection with any claim, or any obligation under applicable law.
Once the periods in paragraphs (a), (b) and (c) above, each to the extent applicable, have concluded, We will either (i) permanently delete or destroy the relevant Personal Data or (ii) anonymise the relevant Personal Data.
Disclosure of Personal Data
All Personal Data held by the Company will be kept confidential but the Company may, where such disclosure is necessary to satisfy the purpose, or a directly related purpose, for which the data was collected provide such information to the following parties:
- Any subsidiaries, holding companies, associated companies, or affiliates of, or companies controlled by, or under common control with the Company. Service providers, and their selected staff, are only allowed to access and use your Personal Data on Our behalf for the specific tasks that they have been requested to carry out, based on Our instructions, and are required to keep your Personal Data confidential and secure. Where required by applicable law, you can obtain a list of the providers processing your Personal Data;
- Any person or company who is acting for or on behalf of the Company, or jointly with the Company, in respect of the purpose or a directly related purpose for which the data was provided. We will disclose your Personal Data to third parties for legal reasons or in the context of an acquisition or a merger;
- Any other person or company who is under a duty of confidentiality to the Company and has undertaken to keep such information confidential, provided such person or company has a legitimate right to such information. Except in situations where you have given your consent, We do not license or sell your Personal Data to third party companies for their own marketing purposes. Their identity will be disclosed at the time your consent is sought; and
- Any financial institutions, charge or credit card issuing companies, credit information or reference bureaux, or collection agencies necessary to establish and support the payment of any services being requested. To the extent permitted by applicable law, credit reporting agencies and debt collectors are external companies that We use to help Us to verify your creditworthiness (in particular for orders with invoice) or to collect outstanding invoices.
Personal Data may also be disclosed to any person or persons that have a right under Singaporean law to gain access to such information provided they are able to prove their authority to access such information. For example, if the Company were served with a court order demanding certain customer information then the Company would disclose the information to the duly appointed officer of the court or such other persons as the court orders.
Transfer of Personal Data Outside of Singapore
At times it may be necessary and/or prudent for the Company to transfer certain Personal Data to places outside of Singapore in order to carry out the purposes, or directly related purposes, for which the Personal Data were collected. Where such a transfer is performed, it will be done so in accordance with Company policy, and local legislation such as the Personal Data Protection Act 2012. We may also transfer your Personal Data to countries outside of Singapore. In this regard, We (i) have put in place contractual clauses to protect your Personal Data (and you have a right to ask Us for a copy of these clauses (by contacting Us as set out below) and/or (ii) will rely on your consent (where permitted by law).
Security of Personal Data
Physical records containing Personal Data are securely stored in locked areas and/or containers when not in use. Computer data are stored on computer systems and storage media to which access is controlled and/or are located within restricted areas.
Access and Correction of Personal Data
Individuals have the right to:
- Check whether the Company holds any Personal Data relating to them and, if so, obtain copies of such data;
- Require the Company to correct any Personal Data relating to them which is inaccurate for the purpose for which it is being used;
- Where provided by law, you can (i) request deletion, the portability, correction or revision of your Personal Data; (ii) limit the use and disclosure of your Personal Data; and (iii) revoke consent to any of Our data processing activities;
- Object, on grounds relating to your particular situation, to the use of your Relevant Personal Data by Us, or on Our behalf;
- Object to the processing of your relevant Personal Data by Us, or on Our behalf, for direct marketing purposes.
These rights can be exercised by contacting Us or writing to Us at firstname.lastname@example.org, attaching a copy of your ID or equivalent details (where requested by Us and permitted by law). If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected. Please note that any identification information provided to Us will only be processed in accordance with, and to the extent permitted by applicable laws.
Please note that, in certain circumstances, We will not be able to delete your Personal Data without also deleting your user account. We may be required to retain some of your Personal Data after you have requested deletion, to satisfy Our legal or contractual obligations. We may also be permitted by applicable laws to retain some of your Personal Data to satisfy Our business needs.
Our Websites have a dedicated feature through which you can review and edit the Personal Data that you have provided. Please note that We require Our registered consumers to verify their identity (e.g. login ID/email address, password) before they can access or make changes to their account information. This helps prevent unauthorised access to your account.
We hope that We can satisfy queries you may have about the way We process your Personal Data. However, if you have unresolved concerns you also have the right to complain to competent data protection authorities.
Control on Your Personal Data
Cookies/Similar Technologies. You manage your consent via (i) Our consent management solution or (ii) your browser so as to refuse all or some cookies/similar technologies, or to alert you when they are being used.
Advertising, marketing and promotions. You can consent for your Personal Data to be used by Galderma to promote its products or services through tick-box(es) located on the registration forms or by answering the question(s) presented by Our CES representatives. If you decide that you no longer wish to receive such communications, you can subsequently unsubscribe from receiving marketing-related communications at any time, by following the instructions provided in each such communication. To unsubscribe from marketing communications sent by any medium, including third party social networks, you can opt-out at any time by unsubscribing through links available in Our communications, logging into the Websites/apps or third party social networks and adjusting your user preferences in your account profile by unchecking the relevant boxes or by contacting email@example.com. Please note that, even if you opt-out from receiving marketing communications, you will still receive administrative communications from Us, such as order or other transaction confirmations, notifications about your account activities (e.g. account confirmations, password changes, etc.), and other important non marketing related announcements.
Personalization (offline and online):
Where required by law, if you wish to have your Personal Data used by Galderma to provide you with a personalized experience/targeted advertising & content, you can indicate so through the relevant tick-box(es) located on the registration form or by answering the question(s) presented by Our CES representatives. If you decide that you no longer wish to benefit from this personalization, you can opt-out at any time by logging into the Websites/apps and adjusting your user preferences in your account profile by unchecking the relevant boxes or by contacting firstname.lastname@example.org.
The Company will honor an individual’s request not to use his or her Personal Data for the purposes of direct marketing. Any such request should clearly state details of the Personal Data in respect of which the request is being made.
Links to Other Web Sites
Company may provide links to web sites outside of Our site. These linked sites are not under the control of Company, and Company is not responsible for the conduct of companies linked to the Cetaphil web site, nor for the performance or otherwise of any content and/or software contained in such external websites.
Company reserves the right to alter any of the clauses contained herein in compliance with local legislation, to meet its global policy requirements, and for any other purpose deemed necessary by the Company. All inquiries on data protection should be directed to email@example.com