Privacy Policy

This is the privacy notice of dpderm.com. In this document, “we,” “us,” or “our” refers to Dp Derm.

This notice explains our policy about all information that we record about you. It covers both information that could identify you and information that could not. We are extremely committed to protecting your privacy and confidentiality. We understand that all users of our website want to know that their data will not be used for any purpose unintended by them and will not accidentally fall into the hands of a third party. Our policy is both specific and strict and is designed to comply with U.S. law and, where applicable, California law (CCPA/CPRA).

If there are one or more points below with which you are not happy, your recourse is to leave our website immediately.

Except as set out below, we do not share, sell, or disclose to a third party any personally identifiable information collected at this site.

 


 

What personal data do we collect?

We collect the following information from you, either through our website or because you provide it in some other way, and we explain why it is necessary to collect it:

  • Basic identification and contact information: name, email address, telephone number, billing and shipping address.

  • Billing and transaction information: purchases made through our website (order details, payment method, shipping details). We do not store full credit/debit card numbers; payments are processed securely by Shopify Payments or other PCI-compliant processors.

  • Communications: emails, phone calls, support tickets, chat sessions, surveys, product reviews, forum/blog comments, and social media interactions with our official accounts.

  • Marketing and communication preferences: your opt-in/opt-out choices and interests to customize our outreach.

  • Technical and usage data: IP address, device/browser type, pages viewed, time on page, referrers, approximate geolocation derived from IP, cookies and similar technologies (via Shopify, Google Analytics, and comparable tools).

  • Professional/B2B data: if you engage as a clinic, provider, distributor, or business partner, we may collect business contact details, license/credential information, and related records.

  • Sensitive Personal Information (SPI): limited to account log-ins, password/password hints, and payment tokens as necessary to provide services. We do not store full payment card data.

 


 

Why is it necessary to collect it?

We use your information to:

  • Provide products/services you request and fulfill orders.

  • Verify identity, prevent fraud, and maintain site security.

  • Provide customer service and respond to inquiries.

  • Personalize content, remember your preferences, and improve our site.

  • Conduct analytics and measure performance.

  • Market our services and products (with appropriate consent where required).

  • Comply with legal, tax, and regulatory obligations.

Information that does not identify any individual may be used in aggregate by us or by third parties to provide class information (for example, demographics or usage of a particular page or service) to help us improve.

 


 

Marketplace information

When we obtain information from you to enable you to buy a service or product offered on our website by another party, we assume that in giving us your information you are also giving us permission to pass it to the relevant party to complete your request.

Your domain name and email address may be recognized by our servers, and the pages that you visit are recorded. We shall not divulge your email address to any person who is not an employee or contractor of ours and who does not need to know it to perform services.

We use this information to:

  • Correspond with you or deal with you as you expect.

  • Improve our site and services through quality control and analytics (in aggregate, non-identifiable form).

  • Send you news about services to which you have signed up or as otherwise permitted by law.

 


 

Information you post on our website

Information you send to us by posting to a forum, blog, or public review is stored on our servers. We don’t specifically use that information except to allow it to be read; however, as stated in our Terms, we reserve the right to use publicly posted content in accordance with those terms.

 


 

Website usage information

We may use software embedded in our website (such as JavaScript) and cookies to collect information about which pages you view and how you reach them, what you do when you visit a page, the length of time you remain on the page, and how we perform in providing content to you.

 


 

Financial information relating only to your credit cards

We do not store full credit or debit card numbers on our systems. Payments are processed through Shopify Payments or other PCI-DSS compliant processors.

We use Secure Sockets Layer (SSL) certificates (256-bit) to encrypt data you give us when you buy. You can confirm SSL is active by looking for a closed padlock or similar trust mark in your browser.

 


 

Credit reference

To assist in combating fraud, we may share information with payment providers, fraud-prevention services, and credit reference agencies in limited cases (for example, chargebacks initiated without first contacting us to resolve an issue).

 


 

Business and personal information

This includes information given in the course of our business relationship (for example, as a provider or wholesale partner). We undertake to preserve the confidentiality of this information and the terms of our relationship and expect you to reciprocate. We keep business records for at least seven (7) years for tax and legal reasons.

 


 

Third-party advertising

Third parties may advertise on our website. Those parties may use technologies (cookies, pixels, JavaScript) that collect your IP address and browsing behavior to personalize and measure ads. We do not control these technologies or the data those parties obtain. This privacy notice does not cover the information practices of those third parties; please review their privacy policies.

 


 

Cookies

Cookies are small text files placed on your device via your browser. They help websites function, remember preferences, improve efficiency, and provide analytics.

You can disable cookies in your browser settings. Most features of our site will still work, but certain functions (like cart persistence) may not. Examples of how we use cookies:

  • To remember whether you accepted cookies and manage consent.

  • To operate our content management system and shopping cart.

  • To secure forms (anti-spam/anti-abuse).

  • To collect anonymized analytics (visit counts, referrers, pages viewed) to improve user experience and sales.

  • To remember webcast/video interactions and user IDs (anonymous) for up to 30 days.

  • To store your profile details so you don’t have to re-enter them (up to 30 days).

  • To enable embedded video (e.g., YouTube’s privacy-enhanced mode).

 


 

Calling our helpline

When you call us, we may collect Calling Line Identification (CLI) information to help improve efficiency and support.

 


 

Sending a message to our support system

When you send a message, we collect the data you provide so we can confirm your entitlement to receive information and so we can respond. We record requests and our replies to improve service. (We tie messages to customer accounts only where necessary to support you.)

 


 

Complaints

When we receive a complaint, we record the information you provide and use it to resolve your complaint. If necessary, we may share information from your complaint with another party involved, but only as needed. We may compile anonymized statistics from complaints to assess service levels.

 


 

The content you provide to us

If you provide information with a view to it being read, copied, downloaded, or used by other people (e.g., public reviews or social posts), we accept no responsibility for what third parties may do with it.

 


 

Marketing information

With your permission (or where otherwise permitted by law), we may send marketing communications. You may opt out at any time using the unsubscribe link in emails or by contacting us. If you consent, we may share your email and name with selected associates to provide services or products you may find useful.

 


 

Use of site by children

Our site is intended for individuals 16 years and older. If you are under 16, do not provide personal information on this site. If you are 16–17, you may use our site only with consent from a parent or guardian where required by law.

 


 

Transfer of Data (International Transfers)

We use Shopify to power our online store. Your data may be transferred to and processed in countries other than the U.S. (including Canada and other regions where Shopify or our service providers operate). Where we transfer data internationally, we rely on appropriate safeguards (such as Standard Contractual Clauses). More information about Shopify’s privacy practices is available in Shopify’s privacy documentation.

 


 

Data Retention (CPRA-aligned)

We retain personal information only as long as reasonably necessary for the purposes described:

  • Orders, invoices, and tax records: 7 years (legal/accounting).

  • Customer service records (tickets, call notes): 3 years from last interaction.

  • Marketing preferences & email engagement: until you opt out or 24 months of inactivity, whichever is sooner.

  • Website analytics & logs (cookies, IP, device): 24 months.

  • Account credentials (hashes, password hints): while the account is active; deleted or irreversibly anonymized within 30–90 days of account closure (backup latency may apply).

  • B2B/provider onboarding documents: 7 years after relationship ends (or longer if required by law).
    Where specific timeframes are not listed, we apply criteria such as legal requirements, dispute/litigation time limits, and business needs.

 


 

Notice at Collection (California)

At or before the point of collection (e.g., checkout, account creation, newsletter sign-up), we provide a concise notice that describes:

  • The categories of personal information to be collected;

  • The purposes for which the categories will be used;

  • Whether the information is sold or shared;

  • Retention periods or criteria; and

  • How to exercise your California privacy rights.
    Links to “Do Not Sell or Share My Personal Information” and “Limit the Use of My Sensitive Personal Information” (if applicable) are available from the footer and relevant collection points.

 


 

California Privacy Supplement (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act as amended by the CPRA grants you specific rights.

Categories of Personal Information Collected in the Past 12 Months

  • Identifiers: name, alias, postal address, unique personal identifier, online identifier, IP address, email address, phone number.

  • Customer Records: account name, billing address, shipping address, partial payment information, order history.

  • Commercial Information: products or services purchased, obtained, or considered.

  • Internet/Electronic Activity: browsing history, search history, interactions with our website/app/ads.

  • Geolocation Data: approximate location derived from IP.

  • Professional/Employment-Related Information: for providers/partners who submit such information.

  • Inferences: profiles reflecting preferences or interests.

  • Sensitive Personal Information (SPI): account log-in, password, and limited payment tokens. We do not store full card numbers.

Disclosures for Business Purposes

In the past 12 months, we disclosed the categories above to service providers and contractors (including Shopify, payment processors, shipping/logistics, customer service, IT/security, analytics, fraud prevention, and marketing providers), professional advisors, and government authorities as required by law.

Sales and Sharing of Personal Information

We do not sell personal information for money. We may share identifiers and internet/electronic activity with advertising and analytics partners to deliver interest-based advertising and measure performance.

  • We do not sell or share Sensitive Personal Information.

  • We do not sell or share data of individuals under 16. If we ever wished to do so, we would obtain opt-in consent (13–15 may opt in themselves; under 13 requires parental opt-in).

Your California Rights

  • Right to Know/Access the categories and specific pieces of personal information we collected about you.

  • Right to Delete personal information (subject to legal exceptions).

  • Right to Correct inaccurate personal information.

  • Right to Opt-Out of the sale or sharing of personal information.

  • Right to Limit the use and disclosure of SPI to those uses necessary to provide requested services or as otherwise permitted by CPRA.

  • Right to Non-Discrimination for exercising your rights.

How to Exercise Your Rights 

To protect your privacy, we will verify your identity (e.g., by matching information you provide with information we maintain). If you use an authorized agent, we may require proof of authorization and may still require you to verify your identity directly.

 

 


 

Security

We implement administrative, technical, and physical safeguards designed to protect personal information against accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure, or use. Despite these measures, no system is perfectly secure.

 


 

Disclosure to Government Authorities

We may disclose information to legal authorities if required by law or pursuant to valid legal process (e.g., subpoena, warrant, or court order).

 


 

Your ability to review or update your information

At any time, you may review or update personally identifiable information that we hold about you by contacting us at the details below. To better safeguard your information, we will take reasonable steps to verify your identity before granting access or making corrections.

 


 

Sales of your personal information

Except as specified above (regarding interest-based advertising “sharing”), we do not rent, sell, or otherwise disclose your personal information outside our business.

 


 

Compliance with the law

This confidentiality policy is intended to comply with the laws of every jurisdiction in which we aim to do business. If you believe it fails to satisfy the law of your country or state, please contact us.

 


 

Removal of your information

If you wish us to remove personally identifiable information from our website or systems, contact us at the details below. We will verify your identity and respond consistent with applicable law.

 


 

Changes to this Privacy Policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. We will post the updated policy and update the “Effective” date below.

 


 

Contact Us

Email: info@dpderm.com