Cookies & privacy
The Website is owned by HelloSkin ApS, Højbro Plads 10, Matrikel 1, 1200 Copenhagen K, CVR no. 39359197 ("Nøie"), and operated by HelloSkin ApS (hereinafter "Nøie", "we", "us", "our" ).
What are cookies and what types of cookies do we use?
Cookies are small information units that the Services may place in your browser or your computer, smartphone or other electronic memory device. Cookies contain information that the Services use, for example, to make communication between you and your web browser more efficient. Cookies are common technology on the Internet and are also used in our Services. ""Session cookies"" are temporary sources of information that are deleted when you leave the Services. Session cookies are typically used to improve navigation and collect statistics. The services use session cookies. ""Persistent cookies"" are more permanent types of information stored and remain on your electronic device until deleted by you. Persistent cookies erase after a certain period, but are renewed every time you visit the Services. This type of cookie stores information on your computer / phone for a variety of purposes; e.g. to automatically log in. Nøie and our partners use the following cookies (i.e. third-party cookies) that we have no control over:
- Google Analytics
- Google Adwords
How do you avoid and delete cookies?
You can change your cookie preferences for the Services in your web browser setting; and here you can choose which cookies to accept, block or delete. Your browser's help feature tells you how to do this.
To delete cookies already on your device, if you are using a PC or newer browser, press CTRL + SHIFT + DELETE simultaneously. If keyboard shortcuts do not work in your browser, visit the support page for that browser.
The following are links to the most common browser support pages where you can find information on how to reject and delete cookies on your device:
- Delete cookies in Internet Explorer
- Delete cookies in Mozilla Firefox
- Delete cookies in Google Chrome
- Delete cookies in Safari
Please note that if you do not accept cookies, you may not be able to access all parts or features of the Services.
Our privacy and security organisation
We have a Data Protection Officer (DPO) to oversee our data privacy and data protection measures and lead our compliance program to ensure that it is up to date and compliant.
If you have questions about the data processing activities that we carry out on your behalf, you are more than welcome to contact our DPO at firstname.lastname@example.org.
Our security team
We have a highly skilled security team who govern our data protection and information security, and who are responsible for securing our product and services. When appropriate, we also engage external resources and experts.
Our DPO leads the security team.
Personal information that we gather
We can collect and process the following personal information about you:
- Profile information, including first, middle, and last name, email address, and password. Information about questions, suggestions, and comments that you send us via the website when you are logged in.
- Information about product preferences if you purchase or review them via the website.
- Your phone number and address if you have shared this with us.
- Cookie information (if these have been accepted) through your visit and use of the website, including your IP address, browser type, operating system, platform, geographical location, browsing time on specific pages and page views, information of whether you visit other websites that we operate or other services that we supply.
- Health information, if you fill out our surveys in connection with a potential purchase or engage in communication which includes your health.
Use of personal information
We use your personal information for the following purposes:
- To create and update your profile and administrate your use of the website. This makes us among other things able to answer your inquiries and register your preferences in connection with earlier purchases or reviews of products as well as giving you the option to share product reviews with others on the website or other websites managed by Nøie.
- To improve our products and services, including our algorithm and our Bayesian statistical model.
- To register and identify you when visiting the website in order to improve our service.
- To register, complete, and document purchases through the website, as well as deliver the purchased products.
- To perform obligations as a result of the commitments there may have been made between you and us.
- To adjust our content and advertising our social media administered by Nøie or one of our partners within social media advertisement.
- To send you marketing communication (if you have requested this). See also”Direct Marketing” below.
- To create statistics and to get an overview over which behaviour the visitors on the website normally have, including to better be able to adjust and target the website and email marketing to the recipient. Note: The purpose of product reviews are to share these with others, and they may be published on the website and other platforms. We recommend that you in our product review do not publish information that may identify you.
As mentioned above, we may use your personal information to notify you of any new products or services and special offers, which we deem that you might be interested in. However, you will only receive these messages if you have requested such when creating an order, when you register, or at any time after. You can at any point unsubscribe to these messages by contacting our support at email@example.com.
Protection and sharing of personally identifiable information
Nøie can make your personal information available for:
- Those third parties which provide technical support as data processors in connection with the maintenance of the website (fx SHOPIFY Inc., which provides hosting services), supports in connection with sending communication to you, and shipping companies that deliver purchased products to you.
- Any governmental, administrativ, judicial, or regulatory authority in collaboration in cases, investigations, and investigations performed by such authority, or to comply with regulatory requirements.
- Above mentioned recipients may be located in countries and states outside the European Economic Area (“EEA”), including the United States, which may not have laws that comply with EEA data protection laws. Nøie have concluded appropriate contractual agreements for these recipients located outside the EEA.
Below is a list of sub-processors we work with:
|Zendesk||Customer support services|
|Klaviyo||Email marketing services|
|Amazon Web Services||Hosting provider|
|Google Cloud||Email and file storage services|
|Google Analytics||Website analytics|
|Tableau||Business intelligence and analytics|
|Webshipper||Freight service platform|
|Legal Monster||Consent Management|
Account creation and profile
In order to provide our services we ask you to create an account. Since our concept relies on getting feedback on the creams from our users, each user has a profile that is used to identify them and their journey with their skin. This setup also allows us to better and more easily decouple your skin data with your personal information in our technical backend.
User skin profile
Our services and products rely on users to fill out a skin profile; a series of questions about themselves, their skin and well-being. We feed these answers to our Bayesian statistical model in our backend, which then recommends an ingredient combination in a cream that statistically performs best on their skin. It knows this from learning other users’ feedback. The more feedback the model receives, the better it can become at recommending a good ingredient combination.
The personal data is registered with Nøie and stored for five years (after inactivity), after which the information is deleted.
Processing your payment (PCI Compliance)
If you choose a direct payment gateway to complete your purchase, ClearHaus stores your credit card data. It is encrypted via the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data will only be stored for as long as necessary to complete your purchase transaction. Then your purchase transaction information is deleted.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its providers.
To prevent unauthorised access, maintain data accuracy and ensure correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to secure the information we collect online. In addition, we have entered into data processing agreements with all third-party suppliers to ensure that they meet our high standards, including in connection with security.
If you provide us with your credit card information, the information is encrypted using Secure Socket Layer (SSL) technology and stored with AES-256 encryption. Although no transmission method over the Internet or electronic storage is 100% secure, we comply with all PCI-DSS requirements and implement additional generally accepted industry standards.
Your rights and responsibilities
You may request us or a third party instructed by us to:
- Obtain insight into your personal data, as well as information on the purpose of the processing, the categories of recipients of the information, and any available information about the source of such data.
- Correct, delete, or block any personal information that we or any third-party instructed by us has about you if it proves inaccurate or misleading.
- You may revoke this consent at any time with respect to our use of your personal information. If you have requested to receive information from us, e.g. newsletters, etc. and do not want to receive further information, you can easily choose not to receive further information from us by sending an email to firstname.lastname@example.org or unsubscribe from the link contained in the newsletter.
- If the personal information that we or a third-party have about you is changing, please notify the change as soon as possible so that we can update our information.
Questions and contact information
The data controller for this website is Nøie.
If you want to exercise any of your data protection rights, register a complaint, or just want more information, please contact us at email@example.com, via the contact form on our website or via letter to Nøie, Højbro Plads 10, 1200 Copenhagen, Denmark.
Customised skincare that works. Really.
It's time for a new approach to problematic skin: one that's smart, helpful, and above all - honest.