Privacy Policy
Effective Date: [April 26, 2025]
Seoul Skin Lab FZCO (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and retain your personal data when you use our website, mobile apps, or other services (collectively, the “Services”).
1. Definitions & Scope
“Personal Data” means any information relating to an identified or identifiable natural person.
“Processing” means any operation performed on Personal Data (collection, storage, use, disclosure, deletion, etc.).
“Controller” is the entity that determines purposes and means of Processing (here, Seoul Skin Lab FZCO).
“Processor” means any third party Processing data on our behalf.
This Policy applies to all Personal Data collected through our website – seoulskinlab.com – and related platforms, and by email, phone, or in-person interactions.
2. Data Controller & Contact
Seoul Skin Lab FZCO
[Insert Full FZCO Address]
Email: [email protected]
Data Protection Officer: [Name, if appointed]
3. Legal Bases for Processing
We process your Personal Data only when we have a lawful basis:
• Performance of Contract: to fulfill your orders, process payments, and provide customer support.
• Consent: to send marketing communications, newsletters, or promotional offers. You may withdraw consent at any time.
• Legitimate Interests: to maintain website security, prevent fraud, improve our Services, and analyze user behavior.
• Legal Obligation: to comply with UAE tax, accounting, or other statutory requirements.
4. Personal Data We Collect
| Category | Examples | Legal Basis | Retention Period |
| Account & Order Data | Name, email, delivery address, phone, payment | Contractual necessity | 7 years (per UAE tax law) |
| Customer Support & Feedback | Inquiries, survey responses | Contractual necessity / Legitimate | 2 years |
| Technical & Analytics Data | IP address, device/browser info, cookies | Legitimate interest | 1 year |
| Marketing & Communications | Email preferences, consent records | Consent | Until withdrawn |
| Children’s Data | Data from persons under 16 | N/A (we do not knowingly collect) | N/A |
5. Cookies & Tracking
We use cookies and similar technologies.
• Strictly Necessary: required for website function.
• Preferences & Analytics: to remember settings and analyze usage.
• Advertising: to deliver relevant ads.
You will be prompted on first visit to accept or reject non-essential cookies. For details, see our Cookie Policy.
6. How We Use Your Data
• Order Fulfillment: process and deliver purchases.
• Customer Service: respond to inquiries and support requests.
• Marketing: with your consent, send promotions or newsletters.
• Site Improvement & Security: detect fraud, troubleshoot issues, and improve UX.
• Legal Compliance: maintain records and disclosures required by law.
7. Sharing & International Transfers
We may share your data with:
• Processors: logistics partners, payment gateways, IT providers.
• Authorities: when required by law (e.g., law enforcement, tax authorities).
If data is transferred outside the UAE, we ensure adequate safeguards, such as UAE PDPL-approved standard contractual clauses or equivalent measures.
All Processors sign Data Processing Agreements requiring them to implement appropriate security and confidentiality measures.
8. Data Subject Rights
You have the right to:
• Access: request a copy of your Personal Data.
• Rectification: correct inaccuracies.
• Erasure: delete data, subject to legal retention obligations.
• Restriction: limit Processing in certain circumstances.
• Portability: receive data in a structured, machine-readable format.
• Object: to processing based on legitimate interests or for direct marketing.
To exercise your rights, email [email protected] or complete the form at [link-to-rights-form]. We will respond within 30 days.
9. Data Retention
We retain Personal Data only as long as necessary:
• Transactional Records: 7 years.
• Support & Feedback: 2 years.
• Marketing Consents: until withdrawn.
• Analytics Data: up to 1 year.
After each period, data is securely deleted or anonymized.
10. Security & Breach Notification
We implement technical and organizational controls (encryption, access controls, regular audits) to protect data.
In the event of a data breach, we will:
1. Notify the UAE Data Office (or other authority) within 72 hours if required.
2. Inform affected individuals without undue delay if there is a high risk to their rights.
11. Children’s Privacy
Our Services are not intended for children under 16. We do not knowingly collect data from minors. If we learn we have collected data from a child, we will delete it immediately.
12. Automated Decision-Making & Profiling
We may use analytics tools that involve automated processing of data (e.g., to personalize product recommendations). You can object to profiling by contacting us at [email protected].
13. Changes to This Policy
We may update this Privacy Policy.
• Changes become effective upon posting.
• We will highlight significant changes via email or a notice on our website.
Please review this Policy regularly to stay informed.
If you have any questions or wish to exercise your data rights, please contact our DPO at [email protected].
