Effective February 23, 2021
WELCOME TO NATURAL ACNE CLINIC!
This Policy applies to the information collected on our website and online store located at naturalacneclinic.com, and any other website where this Policy is posted (collectively, the “Corporate Sites”), as well as our online, subscription based acne treatment portal ( “Clear Connection”). The Corporate Site and Clear Connection will be collectively referred to as the “Service”.
WHO WE ARE
Our Service is owned and operated by either Natural Skincare Clinic, LLC (collectively, “NAC,” “us,” “our,” or “we”), a Colorado limited liability company with an address of 4325 N Harlan St, Wheat Ridge, CO 80033. See below for instructions on how to contact us.
This Policy is incorporated into the Terms of Service governing your use of any of our Service. Any capitalized terms not defined in this Policy will have the definitions provided in our Terms of Service. Your use of our Service indicates your acknowledgement of this Policy.
This Policy also does not apply to information processed by other third parties, for example, when you visit a third-party website or interact with third-party services, unless and until we receive your information from those parties. Please review any third parties’ privacy policies before disclosing information to them.
COLLECTION AND USE OF PERSONAL DATA
Personal Data We Collect
We may collect and process information that relates to identified or identifiable individuals (“Personal Data”). Generally, we collect and process the following categories of Personal Data (note, specific Personal Data elements listed in each category are only examples and may change):
Personal Data about you and your identity, such as your name, ID number, photo/avatar, username, and other Personal Data you may provide on registration or purchase forms, or as part of an account profile (e.g. biographical information).
Personal Data we collect in connection with a transaction or purchase, such as the item you purchased, the price, the delivery location, zip code, and other similar information.
Payment Data: Personal Data relating to Payment accounts or services, e.g. a credit card or other Payment account number, and other relevant information you provide in connection with a Payment transaction.
Personal Data used to contact an individual, e.g. email address(es), physical address(es), phone number(s), or usernames/handles, as well as a name or other salutation.
Personal Data relating to your device, browser, or application e.g. IP addresses, MAC addresses, application ID/AdID/IDFA, identifiers from cookies, session navigation history and similar browsing metadata, and other data generated through applications and browsers, including cookies and similar technologies.
Personal Data relating to your personal preferences, such as demographics, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Personal Data relating to your health and wellness, including diet/digestion, lifestyle, known health conditions and certain medical history, allergies, and medications, and other information relating to your health or to specific health conditions, outcomes, or treatment.
Personal data we create that relates to the physical, physiological or behavioral characteristics of an individual, which allow for or confirm the unique identification of that individual, or include identifiable information relating to physical features of that individual, such as facial scans and information about visual characteristics or anomalies.
Information that a user provides, or that we collect from a user in a message, free text field, video/chat recording/log, or other unstructured or free-form format, including any Personal Data or Special Category Data to the extent contained or revealed therein.
Collection of Personal Data
Personal Data we process comes from various sources, including:
DATA WE COLLECT FROM YOU:
We collect Personal Data (such as Identity Data, User Content, or Contact Data) from you directly, for example, when you input information into an online form, or contact us directly.
DATA WE CREATE OR INFER:
We create and infer Personal Data (such as Preference Data, Health Data, or Biometric Data) based on our observations or analysis of other Personal Data we process, and we may correlate this data with other data we process about you.
DATA WE RECEIVE FROM OTHERS:
We receive Personal Data (such as Contact Data or Transaction Data) from third parties with whom we have a relationship in connection with the services they provide, for example, an online shop or payment processor that is operated by a third party on our behalf.
DATA COLLECTED AUTOMATICALLY:
We may collect certain Personal Data (such as Device/Network Data) automatically. For example, we automatically collect Device/Network Data using cookies and similar technologies when you browse our Site and when you open our marketing communications.
How we Process Personal Data
APPOINTMENTS AND PURCHASES
We process Identity Data, Transaction Data, Preferences Data, Payment Data and certain Contact Data when you book an appointment, or make a purchase on our Corporate Sites, or for products/services we provide. Note, appointment bookings and purchases may be processed by us, or by a third party on our behalf. We may obtain any Personal Data processed by a third party on our behalf.
We use the Transaction Data, Identity Data and Contact Data as necessary to complete and provide you with important information regarding your booking or transaction. Payment Data is used as necessary to process your transaction, or to store your Payment information for future purchases you may choose to make. Subject to Your Rights & Choices and consistent with our legitimate business interests, we may process Transaction Data, Identity Data, Preferences Data, and Contact Data in connection with Internal Processes, to create Aggregate Data, Marketing Communications and Behavioral Advertising.
You may be able to register and create an account on our Services, for example, if you create an account for purchases through one of our online stores, to create bookings for in-person services, or sign-up for Clear Connection. If you choose to register, we will process Identity Data, Preferences Data and certain Contact Data. We may also process certain Payment Data if you make a purchase or choose to store payment information for future purchases. If you participate in the Acne Trigger Finder or register for Clear Connection, we may also collect Health Data.
We use the Identity Data and Contact Data as necessary to create, maintain, and provide you with important information about your account. Payment Data provided at registration will be used only as necessary to process transactions or to store your information at your request. Subject to Your Rights & Choices and consistent with our legitimate business interests, we may also use Identity Data, Preference Data and Contact Data in connection with Internal Processes, to create Aggregate Data, Marketing Communications, and Behavioral Advertising. Additionally, if you complete the Acne Trigger Finder, we may process Health Data as necessary to deliver the products and services you request, and subject to any consent required by law, to create Preferences Data, to tailor your services and products to you, and in connection with Marketing Communications and Behavioral Advertising. Health Data collected in connection with Clear Connection will be used as described below.
CLEAR CONNECTION PLATFORM
Clear Connection allows us to assess, treat, and communicate with our patients regarding their treatment of acne and their other skin care needs. If you use Clear Connection, we will process Identity Data, Contact Data, Health Data, Biometric Data, and if you choose, any Personal Data in any User Content (for example, in your answers to questions, or messages to/chats with treatment counselors). Clear Connection involves the processing of Personal Data collected through the Clear Connection platform, as well as data from your account registration or surveys you complete.
Any information we collect through Clear Connection is primarily used as necessary to create users’ accounts and provide the treatment, counseling, or services requested by patients, for payment and billing, and in accordance with your consent, where required by applicable law. Subject to Your Rights & Choices and consistent with our legitimate business interests, we may also use Identity Data and Contact Data in connection with Internal Processes, Marketing Communications, and together with Health Data and Biometric Data, where permitted by law, to create Aggregate Data and for Diagnostic Improvement, or for Research and Public Health.
We may process Personal Data used for treatment, counseling, or other aspects of the Clear Connection service using automated processing. This processing helps us improve the accuracy and quality of diagnostics and treatment. As part of this service, we may create Biometric Data and Health Data based on data collected from the photos you provide. Note that all automated processing and the creation of Biometric Data and Health Data is subject to Your Rights & Choices.
We may process Identity Data, Device/Network Data and Contact Data in connection with email marketing communications if you register for an account or choose to enroll to receive marketing communications, or when you open or interact with our marketing communications.
We use Identity Data and Contact Data as necessary to provide marketing communications you request, and consistent with our legitimate business interests, we may send you certain marketing and promotional communications if you sign up for those communications or register for our Service. See Your Rights & Choices for information about how you can limit or opt out of this processing.
REVIEWS, COMMENTS & TESTIMONIALS
We may process Identity Data, Contact Data, and User Content when you post a comment or review on our Corporate Site, or when you agree to provide written or video testimonials.
We use this data as necessary to post the review on our Corporate Site or as you request when you provide this information. Please note, your Identity Data and User Content may be posted publicly on our Corporate Site, so please do not provide any personal data or other User Content that you do not wish to be made public. Subject to Your Rights & Choices and consistent with our legitimate business interests, we may also use this data in connection with Internal Processes, and the creation of Aggregate Data.
If you agree to participate in an audio/video testimonial, we may require you to agree to a written consent form which will control to the extent inconsistent with this Policy.
COOKIES AND SIMILAR TRACKING TECHNOLOGIES
We, and certain third parties, may process Identity Data, Contact Data, Preferences Data and Device/Network Data when you interact with cookies and similar technologies on our Service. We may receive this data from third parties to the extent allowed by the applicable partner. Please note that the privacy policies of third parties may apply to these technologies and information collected.
Subject to Your Rights & Choices, we use this information as follows:
- for “essential” or “functional” purposes, such as to enable various features of the Service such as remembering passwords, or staying logged in during your session;
- for “analytics” purposes, consistent with our legitimate interests in how the Service is used or performs, how users engage with and navigate through the Service, what sites users visit before visiting our Service, how often they visit our Service, and other similar information; and
- for “retargeting” or similar advertising purposes on our Service, so that you can see advertisements from us on other websites, and in connection with Behavioral Advertising. These technologies and the data they collect, may be used by advertisers to deliver ads that are more relevant to you based on content you have viewed, including content on our Service. These tracking technologies may also help prevent you from seeing the same advertisements too many times, and help us understand whether you have interacted with or viewed ads we’ve delivered to you. This collection and ad targeting may take place both on our Service, as well as on third-party websites that participate in the ad network (e.g. any advertisements delivered by that ad network on a third party website).
Some of these technologies can be used by us and/or our third-party partners to identify you across platforms, devices, sites, and services.
INFORMATION ABOUT SPECIFIC PROCESSING OPERATIONS
Subject to Your Rights & Choices, we may process any Identity Data, Contact Data, Transaction Data, Payment Data, Device/Network Data, and User Content in connection to analyze how users interact with our Services, in connection with market research, for product and Service improvements, and as necessary to monitor and maintain the integrity and security of our Service and the data we process.
We will collect and aggregate your personal data and information about your use of the Services in order to identify certain trends in how our Services are used, healthcare trends, treatment outcomes, etc. (“Aggregated Data”). We may pass Aggregated Data to the third parties referred to in the section below, such as partners, to give them a better understanding of our business and improve the marketability or performance of our Services. Aggregated Data will not contain information from which you may be personally identified.
Acne, and many other skin conditions, are sensitive to a wide range of environmental, personal, and other factors. In order to understand patterns in conditions and treatment outcomes, and to improve our diagnostics and treatment proposals, we aggregate and analyze information we collect from Clear Connection, and if you submit a response to any surveys through our platform. For example, we may process Health Data, Preferences Data, and Biometric Data to determine trends in causes of acne, various symptoms, remedies, and similar information. We may use this information in order to create, train, or refine algorithms and other tools we use in connection with Automated Processing. When we process Health Data and Biometric Data for this purpose, we do so subject to your consent where required by law, and at all times subject to Your Rights & Choices.
We may use software, machine learning, AI, and other automation tools integrated into Clear Connection as part of our diagnostic and treatment systems. For example, we may use tools that help us suggest treatment regimens based on records of common symptoms and treatment outcomes, or based on automated analysis of images based on the type of skin conditions and symptoms that appear in the photo. The automated analysis performed as part of Clear Connection requires the processing of Biometric Data, Preferences Data, and Health Data. This automated system is designed to identify and improve your treatment and diagnosis, and your suggested treatment or outcomes may be determined directly or indirectly by this automated system. When we process Health Data and Biometric Data using automated means, we do so subject to your consent where required by law, and at all times subject to Your Rights & Choices.
We, and certain third parties operating on or through our Corporate Site, may engage in online behavioral advertising. This form of advertising includes various parties and service providers, including third party data controllers, engaged in the processing of personal data in connection with advertising. This form of advertising uses Device/Network Data, Preferences Data, and at times, Contact Data to deliver more relevant advertising to you. The parties that control the processing of Personal Data for behavioral advertising purposes may build a profile of you containing this information, and may be able to identify you across sites, devices, and over time. These services may also track whether you view, interact with, or how often you have seen an ad, or whether you complete a purchase for a good or services you were shown in an advertisement. In some cases, these parties may also develop and assess aspects of a profile about you to determine whether you are a type of person to which a company wants to advertise and determine whether and how ads you see are effective, and these third parties may augment your profile with information derived from these observations. See Your Rights & Choices for information about how you can limit or opt out of this processing.
Research and Public Health
We may also process and disclose your Personal Data for uses related to medical research, public health, product recalls and other medical product liability/safety matters, and for other research and public health/safety grounds, to the extent and under the conditions allowed by applicable law.
If we process Personal Data in connection with our Service in a way not described in this Policy, this Policy will still apply generally (e.g. with respect to Your Rights & Choices) unless otherwise stated when you provide it.
Note that we may, without your consent, also process your Personal Data on certain public interest grounds. For example, we may process information as necessary to fulfil our legal obligations, to protect the vital interests of any individuals, or otherwise in the public interest. Please see the Data Sharing section for more information about how we disclose Personal Data in extraordinary circumstances.
Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which that information was provided. We generally transfer data to the following categories of recipients:
In connection with our general business operations, product/service improvements, to enable certain features, and in connection with our other lawful business interests, we may share your Personal Data with service providers or subprocessors who provide certain services or process data on our behalf. For example, we may use cloud-based hosting providers to host our Services or disclose information as part of our own internal operations, such as security operations, internal research, etc. When we disclose information for business purposes we may disclose Identity Data, Transaction Data, Payment Data, Contact Data, Device/Network Data, Preferences Data, Health Data, Biometrics Data, and User Content.
For purposes of the California Consumer Privacy Act (“CCPA”), we may engage in a “data sale” when we make available Personal Data in connection with Behavioral Advertising, or other arrangements where we provide information to third parties in connection with a “Data Sale” as defined by CCPA. When we engage in Behavioral Advertising, we typically make available Device/Network Data, Contact Data, and Preferences Data to the advertising partners and other service providers engaged in the provision of the behavioral advertising services. See Your Rights & Choices for more information on your right to opt-out of this processing.
In order to streamline certain business operations and develop products and services that better meet the interests and needs of our customers, and inform our customers about relevant products and services, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies.
In order to deliver certain advertisements, and develop better products and services, we may share with trusted third parties for marketing, advertising, or similar commercial purposes the Personal Data described in the Cookies and Similar Tracking Technologies section, and any information that we may use for Marketing Communications or Behavioral Advertising.
Any Personal Data may be processed in the event that we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.
In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime or for other law enforcement and national security reasons, to investigate violations of our Terms of Service, or when the disclosure in the vital interests of us or any person. Note, these disclosures may be made to governments that do not ensure the same degree of protection of your Personal Data as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties.
We may disclose any Personal Data in accordance with your consent, or on certain public interest grounds. For example, we may process information as necessary to fulfil our legal obligations, to protect the vital interests of any individuals, for public health and other matters in the public interest. In addition, we may disclose Personal Data to medical providers or healthcare organizations, either with your consent, or where allowed by applicable law.
YOUR RIGHTS & CHOICES
Applicable law may grant you certain rights in your Personal Data. The following are rights which you may have under the law. To the extent applicable law grants you these rights, you may exercise these rights by contacting us at the address in the contact us section below. Please note: we may require that you provide additional Personal Data to exercise these rights, e.g. information necessary to prove your identity.
You may receive a list of your Personal Data that we process to the extent required and permitted by law.
You may correct any Personal Data that we hold about you to the extent required and permitted by law. You may be able to make changes to much of the information you provided directly via the Service via your account settings menu.
To the extent required by applicable law, you may request that we delete your Personal Data from our systems.
To the extent required by applicable law, we will send you a copy of your Personal Data in a common portable format of our choice.
You have the right to contact or file a complaint with regulators or supervisory authorities about our processing of Personal Data. To do so, please contact your local data protection or consumer protection authority.
Residents of California (and others to the extent required by applicable law) may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year. You may also request that we provide you a copy of your Personal Data, direct us to stop selling or disclosing Personal Data for certain purposes (if we have done so), and receive information regarding: (1) the categories of Personal Data we have collected about you, or that we have sold, or disclosed for a commercial purpose; (2) the categories of sources from which your Personal Data was collected; (3) the business or commercial purpose for which we collected or sold your Personal Data; (4) the categories of third parties with whom we have disclosed your Personal Data, or sold, or disclosed it for a business purpose; and (5) the specific pieces of Personal Data we have collected about you.
It is possible for you to use portions of our Service without providing any Personal Data, but you may not be able to access certain features or view certain content. You have the following choices regarding the Personal Data we process:
If you consent to processing, you may withdraw your consent at any time, to the extent required by law.
You may have a legal right not to receive such messages in certain circumstances, in which case, you will only receive direct marketing communications if you consent. You have the choice to opt-out of or withdraw your consent to direct marketing communications you receive. You may exercise your choice via the links in our communications or by contacting us re: direct marketing.
Cookies & Similar Tech:
To the extent we process Health Data or Biometric Data by automated means, you may opt-out of, or revoke your consent, to this processing or elect to have an individual review any of the results of processing.
To the extent required by CCPA, you have the right to opt out of the sale of your Personal Data.
We follow and implement reasonable security measures to safeguard the Personal Data you provide us. However, we sometimes share Personal Data with third parties as noted above, and we do not have control over third parties’ security processes. Please note, we do not warrant perfect security and we do not provide any guarantee that your Personal Data or any other information you provide us will remain secure.
We retain information for so long as it, in our discretion, remains relevant to its purpose, and in any event, for so long as is required by law or as directed by our Clients. We will review retention periods periodically and may sometimes pseudonymize or anonymize data held for longer periods, if appropriate.
Our Service is neither directed at nor intended for use by minors under the age of majority in the relevant jurisdiction. Further, we do not knowingly collect Personal Data from such individuals. If we learn that we have inadvertently done so, we will promptly delete it. Do not access or use the Service if you are not of the age of majority in your jurisdiction unless you have the consent of your parent or guardian.
We operate in and use service providers located in the United States. If you are located outside the U.S., your Personal Data may be transferred to the U.S. The U.S. does not provide the same legal protections guaranteed to Personal Data in the European Union. Accordingly, your Personal Data may be transferred to the U.S. pursuant to the EU-U.S. Privacy Shield Framework, the Standard Contractual Clauses, or other adequacy mechanisms, or pursuant to exemptions provided under EU law. Contact us for more information regarding the mechanisms to ensure adequate protection of data subject to EU Law.
INFORMATION FOR EU USERS
Natural Skincare Clinic, LLC is the data controller for Personal Data collected through naturalacneclinic.com and all other portions of the Services.
Legal bases for processing
The legal bases of our processing of your personal data is described in the table below. If you have questions about the legal basis of how we process your personal data, contact us at email@example.com.
|Processing purpose||Legal Basis|
Processing is necessary to perform the contract governing our provision of the Services or to take steps that you request prior to signing up for the Services. This may include processing that is in connection with operations that are necessary to provide the Services themselves.
The following processing activities constitute our legitimate interests. We balance any potential impact on you when we process your personal data for our legitimate interests. You may object to this processing as permitted by law. For example, our legitimate interests include:
Determining the effectiveness of marketing campaigns
To create, provide, support, maintain, and improve our products and Service, or to improve the efficiency of our Services, and operate our business
To secure our platform and network, investigate suspicious activity or violations of our terms or policies; and to protect the safety of Personal Data, including to prevent exploitation or other harms to which users may be particularly vulnerable.
Processing is necessary to comply with our legal obligations, for example, tax laws, fraud reporting, etc.
Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime by contacting us at firstname.lastname@example.org
All Personal Data
Note, we may process and disclose personal data where it is in the vital interests of a data subject, to comply with a legal obligation to which we are subject, in the public interest, for public health purposes and medical or scientific research, or other appropriate legal ground which may apply under applicable law.
Rights of EU Users
Right to Object:
Where we process Personal Data on the basis of our legitimate interests, you can object to that processing to extent allowed by law. Note that we must only limit processing where our interests in processing do not override an individual’s interests, rights, and freedoms, or the processing is not for the establishment exercise, or defense of a legal claim.
Right to Restrict:
You may have the right to restrict processing of your Personal Data where the accuracy of the Personal Data is contested, the processing is unlawful but you object to deleting the Personal Data, or we no longer require the Personal Data, but it is still required for the establishment, exercise, or defense of a legal claim, or while we assess an objection to processing.
CANCELLATION & RESCHEDULING POLICY
We understand that plans can change, and we strive to accommodate our clients’ scheduling needs to the best of our abilities. To ensure a smooth and efficient experience for both our clients and our team, we have established the following cancellation and rescheduling policy:
- CANCELLATION & RESCHEDULING TIMEFRAME:
Clients are welcome to cancel or reschedule their appointments at any time, provided it is done at least 48 hours in advance of their scheduled appointment time.
- CANCELLATION FEE:
Any cancellation or rescheduling request made less than 48 hours before the appointment time will be subject to a cancellation fee of up to $55. This fee is necessary to compensate for the time and resources allocated for your appointment, which could have been made available to other clients.
- HOW TO CANCEL OR RESCHEDULE:
To cancel or reschedule your appointment, please contact us as soon as possible. You can reach us via phone or email, or use the rescheduling link in your OnceHub appointment confirmation email.
CHANGES TO THIS POLICY
We may change this Policy from time to time. Changes will be posted on this page with the effective date. Please visit this page regularly so that you are aware of our latest updates. Your use of the Service following notice of any changes indicates acceptance of any changes.
Feel free to contact us with questions or concerns using the appropriate address below.
Data rights requests:
Natural Acne Clinic
4325 Harlan St
Wheat Ridge, CO 80033