Privacy Policy

dr.dream Dermatological Skin Care.

We take data protection and information security very seriously. The effective management of all personal data, including security and confidentiality, is the heart of our business and naturally underpins our practices and processes.

This privacy notice informs you about the type, scope and purpose of the processing of personal data we collect, use and process as a part of our website and its functions and content as well as our external online presences, such as our Social Media Profiles (the “Services”).

This notice applies to you, the User of our Services and us the provider of the Services and governs the processing of your personal data in context of our Services and business.

This Policy last updated on 5 March 2021.

Name and contact details of the responsible person:

dr.dream
290 Orchard Road, #17-11,
The Paragon, Singapore 238859
E-mail: hello@drdreamskin.com

As the Controller of your Personal Data, dr.dream proceeds with all data processing procedures (e.g. collection, processing and transmission) in accordance with Singapore`s Data Protection Law and the European Regulation (EU) 2016/679 (GDPR).

The Supervisory Authority

The Personal Data Protection Commission (PDPC) in Singapore is the for us relevant authority in matters of data protection. You have the right to make a complaint at any time to the PDPC (www.pdpc.gov.sg). We would, however, appreciate the chance to deal with your concerns before you approach the PDPC so please contact us in the first instance. 

Accuracy

It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.

What is personal data?

Personal data refers to any information relating to an identified or identifiable natural person (“Personal Data”).

Processing of special categories of data

No special categories data is processed.

Automated decision-making and profiling

We do not use automation for decision-making and profiling.

Children Data

Our website is not intended for children and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us and we take the necessary steps to remove that information from our server.

 

Collection, use and storage of personal data

When you use the online offer, dr.dream collects different data from you, partly also so-called personal data. This is information that relates to an identified or identifiable natural person (hereinafter “data subject”).

Visiting dr.dream website in general

When visiting the dr.dream website, you transmit data to our web server (due to technical necessity) via your internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server: Date and time of the request, Name of the requested file, Page from which the file was requested, Access status (file transferred, file not found, etc.), Web browser and operating system used, complete IP address of the requesting computer, amount of data transferred

For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short period of time. It is not possible for us to draw conclusions about individual persons on the basis of this data.

Further personal information is only collected if you provide it voluntarily, for example in the context of an enquiry or registration. Depending on the area concerned, dr.dream uses the personal data provided by you to answer your enquiries, to process your order and for the purpose of technical administration of the websites. In detail, the use in the respective areas follows as follows:

Online Shop

When you place an order in our online shop, we store the following information in order to fulfil the contract concluded between you and dr.dream or to carry out pre-contractual measures.

Order without setting up a customer account

When placing an order in the online shop, all data necessary for execution and processing are requested by means of mandatory fields: Your full name, your e-mail address, your address (billing address and, if applicable, different delivery address). Your data will only be used to process your order.

Customer account / registration

It is also possible for you to register for your purchase at dr.dream. For this purpose, you can choose a password together with your e-mail address, both of which will enable you to log in more easily without having to enter your data again when you make a purchase at a later date. dr.dream stores the data you enter to set up a customer account through which your orders are recorded, executed and processed. dr.dream will hold your data for further orders as long as you maintain your registration. You have the right to access, correct or delete your registration data at any time.

Retention of order data

If you submit data to dr.dream for an order, your data will be stored for as long as necessary for the processing of the purchase and mandatory according to the legal retention periods.

Contacting Us

If you contact dr.dream via a our recruitment page, the data you provide will be stored so that your message can be forwarded to the correct contact person. Your data provided via the form will not be used for any other purposes, in particular not for advertising.

Disclosure and deletion of personal data

Visiting dr.dream website
The data stored during the mere visit of the dr.dream website will not be passed on to third parties.

Online shop
Passing on of data

Your personal data will only be passed on to third parties within the scope of the online shop if it is necessary for the purpose of processing the contract, for example for accounting purposes or for the collection of the payment or to ship your order.

Market Research

All your data collected on the dr.dream website for the purpose of market research will be used exclusively for dr.dream internal purposes and will not be passed on to third parties. They will be deleted when their knowledge is no longer necessary for market research.

Transfer to authorities and other public bodies

Your data will only be disclosed to third parties outside the dr.dream if the responsible public authority or governmental institution orders the disclosure in an individual case, in which case dr.dream is obliged to do so.

General technical organisational measures

dr.dream has taken a variety of security measures to protect personal information to an appropriate extent and adequately. All information held by dr.dream is protected by physical, technical and procedural measures that limit access to the information to specifically authorised persons in accordance with this Privacy Policy.

Secure data transmission

The transmission of your personal information during an order transaction in the online shop is encrypted using industry standard Secure Socket Layer (“SSL”) technology, (SSL encryption version 3).

Credit card information

 

Any credit card information you provide will not be stored by dr.dream, but will be encrypted and collected directly from the payment service provider (PayPal) via hypertext transfer protocol secure (“https”). 

Passwords

You should never disclose your password for accessing our customer portal to any third party and you should change it regularly. If you want to leave your customer account in the online shop, you should press the logout and close your browser to prevent anyone from gaining unauthorised access to it.

 

Newsletter

We send newsletters, e-mails and other electronic notifications with promotional information via Mailchimp and only with the consent of the recipients or a legal permission. Apart from that, our newsletters contain information about our products, offers, promotions and dr.dream.

 

Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other email addresses. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address.

 

Online presence in social media

We maintain online presences within social media on the basis of our legitimate interests, we maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.

 

Unless otherwise stated in our data protection declaration, we process the data of users if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.

 

Social Media Widgets

We display sharing buttons (Facebook and LinkedIn) so you can use social networking to share items from our site. It also includes the recommend buttons and other interactive programs that run on our site that collect your IP address, which page you are visiting on our site, and sets a cookie to enable the widget to function properly. Your interactions with these Widgets are governed by the privacy policy of the company providing them.

Your Rights

As an individual whose personal data is processed as described in this Privacy Policy, you have a number of rights which are summarized below. Please note that exercising these rights is subject to certain requirements and conditions as set forth in applicable law.

 

Right of access – Subject to applicable law, you have the right to obtain confirmation from us as to whether or not personal data that concerns you is processed, and, if so, to request access to such personal data including, without limitation, the categories of personal data concerned, the purposes of the processing and the recipients or categories of recipients. However, we do have to take into account the rights and freedoms of others, so this is not an absolute right. If you request more than one copy of the personal data undergoing processing, we may charge a reasonable fee based on administrative costs.

 

Right to rectification – You have the right to request from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you also have the right to request that incomplete personal data be completed, including by means of providing a supplementary statement.

 

Right to erasure (‘right to be forgotten’)You have the right to request from us the erasure of personal data concerning you in certain circumstances as defined under applicable law. When your request falls within one of those circumstances, we will erase your personal data without undue delay. If, for technical and organisational reasons, we were not able to erase your personal data, we will ensure that it is fully and irreversibly anonymised so that we will not longer be holding such personal data about you.

 

Right to restriction of processing – In certain circumstances as defined under applicable law, you have the right to request the restriction of processing of your personal data. In such case, your personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.

 

Right to data portability – In certain circumstances as defined under applicable law, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit that data to another controller or to have such personal data transmitted directly from us to another controller, where technically feasible.

 

Right to object – In certain circumstances as defined under applicable law, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.  This notably applies in case of processing of your personal data based on our legitimate interests or for statistical purposes.

 

Right to object to direct marketingWhere your personal data are processed for direct marketing purposes, you have the right to object at any time to processing for such direct marketing (including profiling related to such direct marketing).

 

Right not to be subject to a decision based solely on automated processing – Subject to certain restrictions, you have the right not to be subject to a decision based solely on automated processed, including profiling, which produces legal effects on you similarly significantly affects you.

 

Right to withdraw consentIf you have declared your consent for any personal data processing activities as described in this Privacy Policy, you can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to withdrawal of the consent.

If you wish to access such personal data or exercise any of the rights listed above, you should does so in writing, providing evidence of your identity to us via email or mail to the mentioned address.

 

We encourage you to get in touch if you have any concerns with how we collect or use your personal information. You do however also have the right to lodge a complaint directly with the PDPC, their contact details can be found on their website (www.pdpc.gov.sg).

 

Changes

We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.

Contact us

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e‑mail or by mail using the details provided.