This site has limited support for your browser. We recommend switching to Edge, Chrome, Safari, or Firefox.

FREE SHIPPING IN 24/48H FOR ORDERS +35€

FREE SHIPPING IN 24/48H FOR ORDERS +35€

FREE SHIPPING IN 24/48H FOR ORDERS +35€

FREE SHIPPING IN 24/48H FOR ORDERS +35€

FREE SHIPPING IN 24/48H FOR ORDERS +35€

Cart 0

Congratulations! Your order qualifies for free shipping Only 35,00€ left for free shipping!
No more products available for purchase

Products
Add order notes
Estimate shipping
Subtotal Free

Do you have any questions? Consult our FAQ's. Shipping, taxes, and discount codes are calculated at checkout

Your Cart is Empty

Face
Body
Hair
Solar
Mom and baby
Man
Oral hygiene
Nutrition and Supplements
Health and wellness
Sexuality

Privacy policy

This Privacy Policy was developed to support 232 Concept Lda, a company with tax identification number 503843253, with headquarters in Loteamento Flor da Rosa, Lote 2, Cave 3200-085 Lousã – hereinafter My Skin Concept, owner of the website www.myskinconcept. com, in adapting its activity to the General Data Protection Regulation, approved by Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (“GDPR”). The company 232 Concept Ltda belongs to the group that owns Farmácia Serrano - Mario de Freitas Comercio Farmaceutico, a company holding tax identification number 500969876.

This policy is complemented by others on security, which are relevant to the company's business, jointly describing My Skin Concept's approach to information security and privacy.
This policy applies to all My Skin Concept Professionals and Partners and, when identified, to third parties who access the company's assets.
The terms 'Privacy', 'Data Privacy' and 'Data Protection' can be used in the same sense as they are associated with a complex set of legal requirements that apply to Personal Data, which goes beyond the security of data and confidentiality. For example, it includes requirements on transparency of data use and data retention.
Compliance with this policy is mandatory and, therefore, all Professionals and Partners have an individual responsibility to ensure their compliance with it and, if necessary, must request clarification from the leaders of their respective teams.
It is My Skin Concept's responsibility to define the appropriate mechanisms to achieve compliance with this policy, being responsible for the operational implementation of the teams, with the support of the Privacy Officer.
Compliance with this policy may be monitored through inspections, audits and/or requests for written confirmations of compliance, with all areas responsible for regularly assessing their compliance with it within their area of ​​responsibility.
Accordingly, any employee who has violated this policy is subject to disciplinary action.
This policy is based on the principles set out in the GDPR. However, there are national differences in the applicability of My Skin Concept's data protection and privacy, when processing personal data outside the EU, when receiving personal data from outside the EU or when processing personal data of non-EU citizens. .
If you have any questions, please contact My Skin Concept using the contact details provided.

 

Data Protection Principles
As part of our business, we process Personal Data: whether we receive personal data in the course of our business opportunities, our customer engagements, marketing activities or a range of other related and support activities. Data may be received directly from a Data Subject (e.g. in person, via post, email, telephone or other sources), namely from our customers, partners, subcontractors, joint controllers, support service providers and agencies credit reference.
All professionals and partners must only request personal data from a Data Subject that is relevant and necessary to fulfill a certain business purpose and task.
My Skin Concept is committed to complying with the personal data protection principles defined by the GDPR, namely:
• Lawfulness, loyalty and transparency: means that we must have a legitimate reason for processing Personal Data, for example, consent of the Data Subject, compliance with a legal obligation to which we are subject. It also means that we must clearly inform the Data Subject about the processing;
• Limitation of Purposes: we must only request Personal Data for specified, explicit and legitimate purposes and not process it beyond the purpose for which it was requested;
• Data minimization: Personal Data subject to processing must be adequate, relevant and limited to what is necessary;
• Accuracy: we have an obligation to ensure that Personal Data is accurate and update it whenever necessary;
• Retention limitation: we must not retain Personal Data for a longer period than is necessary for the purposes for which it is processed, although we may retain some for historical and statistical purposes;
• Integrity and Confidentiality: we must have adequate security controls in place to protect data against unauthorized and illegal processing, loss, destruction or damage, including technical and organizational measures, such as defined processes, training and awareness;
• Lawful transfer outside the European Economic Area: we only transfer Personal Data outside the EEA provided that there are appropriate safeguards, such as a contractual basis;
• Data Subject Rights: Data Subjects have a number of rights that we must respect (for example, the right to access a copy of the data we have archived and the right to withdraw consent given for direct marketing purposes).




Lawfulness and loyalty in treatment
Whenever Personal Data is collected, it is necessary to have a legal basis for the inherent processing. Under the GDPR, we must identify at least one of the following reasons for processing Personal Data:
• Consent: The Data Subject has given consent for them to be processed for one or more specific purposes;
• Contractual: Processing is necessary for the execution of a contract to which the Data Subject is party or for pre-contractual measures;
• Legal: Processing is necessary to comply with a legal obligation, to which the Controller is subject;
• Vital interests: Processing is necessary to protect the vital interests of the Data Subject;
• Public interest: Processing is necessary for the performance of a task carried out in the public interest;
• Legitimate interests: Processing is necessary for the legitimate interests of the Controller, except when the interests or fundamental rights and freedoms of the Data Subject prevail.

 

When we act as a Controller, we must ensure that we have a legitimate basis for collecting and processing Personal Data.
In some situations, we may act as a Processor on behalf of our client, in which case it is their responsibility to ensure that they have a correct reason for processing Personal Data, which they must share with us. However, we must take steps to ensure that our contract is clear about our responsibilities in this regard and that if we collect Personal Data directly from Data Subjects on behalf of the customer, we have the basis to do so legitimately.
When a Special Category of Data is handled there is an additional set of conditions that must be met. Please contact My Skin Concept for further guidance.
GDPR requires Data Subjects to be provided with information about processing to ensure fair and transparent processing. Whenever we collect Personal Data we must ensure that we appropriately explain why we need the information and how we will treat it. When information is gathered through our website this information is given through a ‘Privacy Notice’.
Any other information to be provided when collecting personal data must also be provided on the internet. Please see our Privacy Policy and Cookies Policy for more information.

Processing for specific purposes only
Whenever we collect and process Personal Data, we must ensure that we only use it for the specific purposes that were communicated to the respective holder.
My Skin Concept shall never process Personal Data for additional purposes that have not been communicated to the Data Subject. Only then will we be clear about the purpose of the processing and we must understand the purposes for which our customers may have collected Personal Data or contact the Privacy Officer.

Adequate, pertinent and limited treatment
When we collect and process Personal Data we must follow the principle of data minimization. This means that we must collect only the minimum Personal Data necessary to carry out a specific task.
Additionally, we must ensure that we have an adequate amount of personal data to adequately carry out a specific task. For example, collecting data necessary only to identify a person.
This also applies to any sharing and other processing activities. It is important to minimize the data held and processed; we must ensure that if we share data internally or externally or if we use it in activities such as testing, we must only use/share the minimum amount in each case.

Accuracy of personal data
We have an obligation to ensure that Personal Data is kept accurate and up to date. We must ensure that adequate processes are in place to maintain accurate data where necessary (for example, from current and potential professionals or clients held by the relevant areas).
When acting as Controller in relation to a client we will not be obliged to implement mechanisms to keep this data up to date; This will be the responsibility of the Controller, i.e. our client.

Conservation of Personal Data
Personal Data should not be retained for longer than necessary. This means that we must define and enforce maximum retention periods for the Personal Data we process and implement processes to delete it when it expires. Therefore, the following retention periods may apply:
(i) for as long as necessary for the relevant activity or services;
(ii) any retention period required by law;
(iii) the end of the period in which disputes or investigations may arise in relation to the Services; or
(iv) for the minimum period provided for in the contract.

 

Rights of Data Subjects
The GDPR requires us to inform people about the Personal Data we collect, the purposes and means for which it is processed. Such information is given in the form of a ‘Privacy Notice’.
a) Right of Access
• The Data Subject has the right to request to see the Personal Data we have about them, the purpose of the processing and the categories of data in question.
• We must notify the Owner of the recipients with whom we are going to share their data, especially if the recipient is in another country or belongs to an international organization.
• Wherever possible, we will set the data retention period to meet business objectives.
• We must communicate to the Data Subject the existence of the right to object to processing and their right to rectification and erasure.
• We must communicate to the Data Subject the existence of their right to complain to a Control Authority.
• When data is collected from someone other than the Data Holder, we must inform the Data Holder of the source of this data.
• We must ensure that we have processes in place to identify and respond to Data Subject access concerns, without undue delay, and within a maximum period of one month.
b) Right to rectification
• Data Subjects have the right to rectify inaccurate data, and My Skin Concept must make every effort to do so immediately.
c) Right to erasure
• The Data Subject has the right to obtain from the Controller the erasure of their data ('right to be forgotten'). It is My Skin Concept's responsibility to do its best to immediately delete the data kept, except when there is a legal requirement to keep it. If you receive a request from a Data Subject please contact the Privacy Officer first before deleting any data.
d) Children's rights
• All individuals, including children, are protected by the GDPR. For children under 13 years of age, we must not process their Personal Data based on their consent, unless authorized by the respective holders of parental responsibilities.
e) Marketing
• We may sometimes send our customers and partners marketing material to inform them of services, upcoming events or other activities of interest to them, in which case we must indicate their right to withdraw consent at any time if they wish not to be contacted again in these terms.
• We must also ensure that we have processes in place to ensure that all participation preferences are recorded and respected.

Security of Retained Data
My Skin Concept will maintain data security by protecting the Confidentiality, Integrity and Availability of Personal Data, given that:
• Confidentiality means that only authorized people can access the data;
• Integrity means that Personal Data must be accurate and appropriate for the purposes inherent in processing;
• Availability means that authorized users must be able to access the data if they need it for authorized purposes.



Data Disclosure
All professionals and partners must avoid any inappropriate disclosure of Personal Data and comply with our general duties regarding Confidentiality.
It's allowed:
a) Disclose Personal Data to third parties only upon instruction or when we have a legitimate basis for doing so, and there are no restrictions in place.
b) Disclose Personal Data to third parties if we sell or buy any business or assets, or when we are a joint Controller, as part of a joint venture.
c) Share Personal Data with a third party who is processing data on our behalf, which may include transferring data to a third country.
Generally, Personal Data may be disclosed:
a) To Professionals or agents so that they can perform their functions as such.
b) In cases where non-disclosure may prejudice the prevention or detection of crimes, the prosecution of offenders, or the assessment or collection of any tax or fee. My Skin Concept must have adequate reasons for disclosing data under this category in order to avoid criminal prosecution. All disclosures must be justified and documented.
For legal purposes, data may be disclosed if:
a) Required by law, statute or court order.
b) For the purpose of obtaining legal advice;
c) Within the scope or for the purposes of legal proceedings or when necessary to defend legal rights.
d) To safeguard national security.

 

International Transfer of Personal Data
My Skin Concept may transfer any Personal Data to a third country or international organization. The Personal Data we hold may also be processed by employees operating in a third country or for one of our suppliers.
We must ensure that at least one of the following conditions applies:
a) The country to which Personal Data is transferred guarantees an adequate level of protection for the rights and freedoms of Data Subjects, as decided by the EU Commission.
b) Appropriate safeguards are provided (e.g. standard data protection clauses).
c) The Data Subject has given explicit consent to the transfer after being informed of the possible risks.
d) The transfer is necessary for one of the reasons set out in the GDPR, including the performance of a contract between My Skin Concept and the Data Subject, or protection of the Data Subject's vital interests.
e) The transfer is legally required for important reasons of public interest or for the filing of legal actions or defense thereof.

Log information, cookies and web beacons
The My Skin Concept website uses cookies to distinguish its users. My Skin Concept collects standard Internet log information, including the user's IP address, browser type and language, access times, and referring website addresses.
To ensure that our website is well managed and to facilitate navigation, My Skin Concept or its service providers may also use cookies (small text files stored in the user's browser) or web beacons (electronic images that allow our website to count visitors who access a website and certain cookies) to collect aggregated data.

Professional Information
Collection and Conservation
• My Skin Concept, as an employer, collects, processes and maintains personal data of workers, contractors, consultants and candidates. The Human Resources Department and other departments that process Personal Data of professionals must verify and document the legal basis inherent to the processing they carry out. Professionals' Personal Data should only be processed when there is a valid and legitimate purpose for doing so.
• The collection of personal data related to our employees occurs through various channels and formats, such as: registration forms; electronic web forms, (e.g. during the recruitment process); data records; CCTV images; Team photographs, including identification cards; data from other sources (e.g. previous employers); credit checks and security checks; etc.
• The creation and storage of personal data related to our professionals occurs through various channels and formats, such as: payment receipts; evaluation records; Employment contracts; emails; illness records; etc.
Training and Awareness
• We are committed to providing adequate training on personal data protection to all professionals. If necessary, we will provide personalized training and awareness for people taking into account their roles.
Process design and change
• For all proposed new systems and business procedures involving Personal Data, consideration should be given to whether an impact assessment on privacy and information security is necessary to identify risks and controls.

 

COOKIE POLICY
This website uses cookies to provide better use for its visitors, as well as to ensure that it is fully operational. This Cookies Policy is part of our Privacy Policy, which you should consult for more information about us and how we protect user information. In order for us to provide a personalized and efficient service to our users, it is necessary to memorize and store information about how this Website should be used. To do this, we use reduced text files called cookies that contain reduced amounts of information downloaded to our users' computer or other devices via a server. Your internet browser subsequently sends, on each subsequent visit, these cookies back to the Website, allowing us to recognize and remember the identity of our visitors, specifically our users' usage preferences. You can find more detailed information about cookies and how they work here (aboutcookies.org). Browsing this Website allows the collection of information through the use of cookies and other technologies. By using this website you accept the use of cookies as described in this Cookie Notice.

What types of cookies are used and why?
Some of the cookies we use are necessary to allow you to browse this website as well as take advantage of its features, such as accessing secure areas and content that is exclusive to registered users. Our website also uses functional cookies to record information about our users' choices and allow us to adapt our website to their needs; for example, remembering the source language or region or that a user has already completed filling out a survey. The recorded information is anonymous and is intended only for the purpose indicated above. We may use, directly or indirectly, web analytics services to evaluate the effectiveness of our content and the preferences of our users, which allows us to contribute to optimizing the functioning of this website. Additionally, we use web beacons or tracking pixels to count the number of visitors and performance cookies to monitor how individual users access our website and how regularly. This information is used only for statistical purposes without identifying any particular user. However, for registered users who are connected to the website, we may use this information in combination with data collected via web analytics services and cookies to analyze how visitors use this website in more detail. This site does not utilize the use of targeting cookies to promote targeted advertising to our visitors. Whenever you would like detailed information about the cookies used on our website, we welcome you to contact us via email.

 

How to control cookies?
Website users accept the introduction of cookies on their computers or devices under the terms indicated above without compromising the available control and management. We inform users that removing or blocking cookies may affect your user experience and may limit access to some areas of the website.

Browser controls
The vast majority of browsers allow our users to view hosted cookies and delete them individually or alternatively block cookies on a particular website or all in general. Please remember that set preferences, including self-exclusion, are lost whenever cookies are deleted. For further clarification, please consult the websites or cookiecentral.com.

Analysis cookie management
Our users may choose to exclude their anonymity in their browsing activity within the websites monitored by analytics cookies. We use the following service providers where you can obtain more information about their privacy policies and how to delete their cookies by clicking on the following links:
• Shopify: www.shopify.com/legal/privacy
• Google Analytics: google.com/analytics/learn/privacy.html
• Facebook Pixel: facebook.com/business/help/742478679120153

Location management of shared objects or flash cookies
A local shared object or flash cookie is similar to other browser cookies, differing in that they can store more types of information. These cookies cannot be controlled through the mechanisms identified above. Some areas of our website use this type of cookies to store user preferences for media player functionality and without them the content of some videos may not be viewed properly. These cookies can be controlled manually by visiting the Adobe website.

 

Social buttons
We resort to the use of social buttons to allow our users to share or favorite pages. These buttons relate to social networks which may obtain information about the activities of our visitors on the Internet, including our website. An understanding of how information is used and how it may be excluded from collection should be obtained by reviewing the respective Terms of Use and Privacy Policies of these websites.

Communications via email
To assess the relevance of our communications, we may use monitoring technologies to determine whether our visitors have read, clicked on links or forwarded certain email communications sent by us. In case of disagreement with this method of proceeding, our users must unsubscribe as it is not possible to send these emails without these active monitoring mechanisms. Registered subscribers can update their communication preferences at any time by contacting us via email, or they can unsubscribe by following the instructions in the communication email sent by us to their email address.
This Cookie Policy may be revised at any time at our discretion. When such changes are made, the revision date at the top of the page will change. The amended Cookie Policy will be effective from the date of revision. We recommend users of our website to review the Cookie Policies periodically, in order to stay informed about our cookie management.


Updated June 14, 2024

Save -10% on your first purchase!

Subscribe to our newsletter and receive -10% discount on your first order, plus all the offers, news and tips