Retail customers can shop anytime β€’ Pros log in for wholesale pricing β€’ Free U.S. shipping: retail orders $40+ / pro orders $200+

Menu
0

Retail customers can shop anytime β€’ Pros log in for wholesale pricing β€’ Free U.S. shipping: retail orders $40+ / pro orders $200+

0

Your Cart is Empty

Privacy policy

Privacy Policy

DermaFirm USA, Inc. ("DermaFirm USA," "we," "us," "our") operates this store and website (dermafirmusa.com), including all related information, content, features, tools, products, and services (collectively, the "Services"), to provide our customers, licensed professionals, MedSpa partners, and wholesale accounts with a curated shopping and professional purchasing experience. DermaFirm USA is powered by Shopify, which enables us to provide the Services.
This Privacy Policy describes how we collect, use, store, share, and protect your personal information when you visit, use, or make a purchase or other transaction through the Services or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.
Please read this Privacy Policy carefully. By accessing or using any of the Services, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your information as described herein.

1. Personal Information We Collect or Process

When we use the term "personal information," we refer to information that identifies or can reasonably be linked to you or another person. Personal information does not include information that is collected anonymously or that has been de-identified so that it cannot identify or be reasonably linked to you.

Depending on how you interact with the Services, where you live, and as permitted or required by applicable law, we may collect or process the following categories of personal information, including inferences drawn from this information:

Contact Details

  • Full name
  • Billing address and shipping address
  • Phone number
  • Email address
  • Business name and address (for professional/wholesale accounts)

Financial Information

  • Credit card, debit card, and financial account numbers
  • Payment card information and billing details
  • Transaction history, form of payment, payment confirmation
  • Bank account information (for wholesale ACH or wire payments, where applicable)

Note: Full payment card numbers are processed by Shopify Payments and PCI-compliant third-party processors. DermaFirm USA does not directly store full credit card numbers on its servers.

Account Information

  • Username and password (encrypted)
  • Security questions and recovery information
  • Account preferences, settings, and saved addresses
  • Wishlist and saved items

Professional & Wholesale Account Information

For licensed professionals, estheticians, MedSpas, clinics, and wholesale accounts:

  • Professional license number and issuing authority
  • Business license and tax ID / EIN
  • Resale certificate
  • Practice type and credentials
  • Type of practitioner (RN, NP, MD, esthetician, etc.)

Transaction Information

  • Items viewed, added to cart, wishlisted, purchased, returned, exchanged, or cancelled
  • Past order history and order frequency
  • Subscription details and recurring purchase activity
  • Loyalty or rewards program activity

Communications with Us

  • Customer support inquiries (email, contact form submissions)
  • Clinical education inquiries
  • Survey responses and feedback
  • Product reviews and ratings
  • Social media direct messages, comments, and tags

Device & Technical Information

  • IP address, browser type, operating system, device type
  • Unique device identifiers and mobile advertising identifiers
  • Referring URLs and exit pages
  • Geolocation data (approximate, based on IP)

Usage Information

  • Interaction with the Services (clicks, page views, time on site)
  • Navigation patterns and browsing behavior
  • Search queries entered on our website
  • Email open and click-through activity

Marketing & Preference Information

  • Communication preferences (email, SMS, postal opt-ins)
  • Product interests and skincare concerns (if voluntarily shared)
  • Skin type, treatment history, or professional interests (only if voluntarily provided through forms, quizzes, or applications)

Sensitive Information We Do Not Knowingly Collect

DermaFirm USA does not knowingly collect the following without explicit consent:

  • Government-issued identification numbers (other than tax ID for wholesale)
  • Health, medical, or biometric data
  • Racial or ethnic origin, religious beliefs, or political opinions
  • Precise geolocation data

If you voluntarily share sensitive information (such as a skin condition mentioned in a customer support inquiry), it will be handled with the same care as all other personal information and used only to respond to your inquiry.

2. Personal Information Sources

We may collect personal information from the following sources:

  • Directly from you β€” when you create an account, complete a professional account application, place an order, communicate with us, sign up for our newsletter, or otherwise provide your personal information.
  • Automatically through the Services β€” when you visit our website or use our products through cookies, pixels, web beacons, and similar technologies (see Section 8).
  • From our service providers β€” including Shopify, payment processors, shipping carriers, email marketing platforms, analytics providers, and customer support tools.
  • From our partners or other third parties β€” including marketing partners, advertising networks, social media platforms, and identity verification services (for professional account validation).
  • From publicly available sources β€” such as business directories, licensing boards (to verify professional credentials), and publicly available social media profiles for press or partnership inquiries.

3. How We Use Your Personal Information

Depending on how you interact with us, we may use personal information for the following purposes:

Provide, Tailor, and Improve the Services

  • Perform our contract with you
  • Process payments and fulfill orders
  • Remember preferences and items of interest
  • Send order, shipping, and account notifications
  • Process returns, exchanges, refunds, and cancellations
  • Create, maintain, and manage your account
  • Arrange shipping and delivery logistics
  • Enable product reviews and ratings
  • Recommend products based on purchase history and browsing behavior
  • Personalize your shopping experience

Professional Account Verification

  • Verify professional licenses, business credentials, and resale certificates
  • Confirm eligibility for professional pricing, restricted products, and clinical education programs
  • Maintain B2B relationships and provide wholesale account services

Marketing and Advertising

  • Send promotional emails, SMS messages (with consent), and postal mail
  • Display online advertisements on our website and other websites
  • Retarget customers based on browsing or cart activity
  • Promote new product launches, sales, and professional training events
  • Conduct market research and customer surveys
  • Personalize advertising based on your interests and behavior

Security and Fraud Prevention

  • Authenticate your account and verify your identity
  • Detect, investigate, and prevent fraudulent or unauthorized transactions
  • Monitor for suspicious or illegal activity
  • Protect public safety and secure our Services
  • Maintain backup and disaster recovery systems

Communicating with You

  • Provide customer support and respond to inquiries
  • Send service-related notifications (order updates, policy changes, security alerts)
  • Maintain ongoing business relationships with professional and wholesale accounts
  • Send clinical education materials, training invitations, and product updates

Analytics and Business Intelligence

  • Analyze trends, usage patterns, and customer behavior
  • Measure the effectiveness of marketing campaigns
  • Improve product offerings, website functionality, and user experience
  • Conduct internal reporting and business planning

Legal and Compliance Reasons

  • Comply with applicable laws, regulations, and legal processes
  • Respond to subpoenas, warrants, and government requests
  • Investigate or participate in civil discovery and litigation
  • Enforce our Terms of Service and other policies
  • Protect our rights, property, and the safety of our users
  • Comply with FDA, FTC, customs, and import regulations applicable to imported cosmetic products

4. How We Disclose Personal Information

In certain circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:

Service Providers

With Shopify, vendors, and other third parties who perform services on our behalf:

  • IT management and cloud hosting
  • Payment processing (Shopify Payments, PayPal, Stripe, etc.)
  • Data analytics and business intelligence
  • Customer support platforms
  • Email marketing and SMS marketing platforms (e.g., Klaviyo, Mailchimp, Attentive)
  • Shipping and fulfillment partners (UPS, FedEx, USPS, DHL)
  • Identity and credential verification services (for professional accounts)
  • Cloud storage and backup services
  • Fraud prevention and security services

Business and Marketing Partners

To provide marketing services and personalized advertising:

  • Advertising networks (e.g., Google Ads, Meta/Facebook Ads, TikTok Ads)
  • Affiliate marketing partners
  • Social media platforms for targeted advertising
  • Shopify's enhanced features that incorporate data from your interactions with our store and other merchants

Our business and marketing partners use your information in accordance with their own privacy notices. Depending on where you reside, you may have the right to direct us not to share information about you for targeted advertising purposes.

At Your Direction or With Your Consent

  • Shipping carriers (to deliver your orders)
  • Social media platforms (when you use social login or share content)
  • Third-party integrations you connect to your account

Affiliates and Corporate Group

With our affiliates, parent company, subsidiaries, or partner entities within our corporate group.

Business Transactions

In connection with a merger, acquisition, sale of assets, reorganization, bankruptcy, or similar business transaction. In such cases, we will require the recipient to protect your personal information consistent with this Privacy Policy.

Legal Compliance and Protection

  • To comply with legal obligations (subpoenas, search warrants, court orders)
  • To respond to lawful requests from law enforcement or government agencies
  • To enforce our Terms of Service or other agreements
  • To protect or defend the Services, our rights, our users, or others
  • To investigate or prevent illegal activity, fraud, or threats to safety

Korean Brand Partner & Manufacturer

As an authorized U.S. distributor of Dermafirm Korea products, we may share aggregated, anonymized data with our Korean brand partner for product development, quality assurance, and market analytics purposes. We do not share individually identifying customer information with our Korean partner without your explicit consent.

We Do Not Sell Personal Information for Money

DermaFirm USA does not sell your personal information in exchange for monetary compensation. However, certain disclosures for advertising and analytics purposes may be considered a "sale" or "share" under applicable privacy laws (such as the CCPA). You may opt out of such disclosures using the methods outlined in Section 10.

5. Relationship with Shopify

The Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve the Services for you.

Information you submit to the Services will be transmitted to and shared with Shopify as well as third parties that may be located in countries other than where you reside, in order to provide and improve the Services for you.

To help protect, grow, and improve our business, we use certain Shopify enhanced features that incorporate data and information obtained from your interactions with our store, along with other merchants and with Shopify. To provide these enhanced features, Shopify may use personal information collected about your interactions with our store, along with other merchants and with Shopify. In these circumstances, Shopify is responsible for the processing of your personal information, including for responding to your requests to exercise your rights over such use.

To learn more about how Shopify uses your personal information and any rights you may have:

6. Third-Party Websites and Links

The Services may provide links to websites or other online platforms operated by third parties (such as social media platforms, payment processors, scientific publications, or brand partner sites). If you follow links to sites not affiliated with or controlled by us, you should review their privacy and security policies and other terms and conditions.

We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on them. Information you provide on public or semi-public venues, including third-party social networking platforms, may also be viewable by other users without limitation as to its use by us or by third parties.

Our inclusion of such links does not imply endorsement of the content on those platforms or of their owners or operators, except as expressly disclosed on the Services.

7. Children's Data

The Services are not intended to be used by children, and we do not knowingly collect any personal information about children under the age of majority in your jurisdiction. Our products are formulated for adult skincare and professional cosmeceutical use.

If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details below to request that it be deleted.

As of the Effective Date of this Privacy Policy, we do not have actual knowledge that we "share" or "sell" (as those terms are defined in applicable law) personal information of individuals under 16 years of age.

8. Cookies, Tracking Technologies & Analytics

We use cookies, web beacons, pixels, tags, and similar tracking technologies to collect information about your interactions with the Services.

Types of Cookies We Use

  • Strictly Necessary Cookies β€” required for the Services to function (e.g., shopping cart, account login, security)
  • Performance & Analytics Cookies β€” help us understand how visitors use our Services (e.g., Google Analytics, Shopify Analytics)
  • Functional Cookies β€” remember your preferences and settings
  • Targeting & Advertising Cookies β€” track your browsing to deliver relevant advertisements (e.g., Meta Pixel, Google Ads)

Third-Party Analytics & Advertising Tools We May Use

  • Google Analytics
  • Meta (Facebook) Pixel
  • TikTok Pixel
  • Klaviyo or other email marketing pixels
  • Shopify's analytics and customer segmentation tools

Your Cookie Choices

Do Not Track Signals

Our Services do not currently respond to "Do Not Track" browser signals due to the lack of an industry-standard implementation. However, we honor opt-out preferences submitted through Global Privacy Control (GPC) where required by applicable law.

9. Security and Retention of Your Information

Security Measures

We implement reasonable administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These include:

  • SSL/TLS encryption for data transmission
  • Encrypted password storage
  • PCI-compliant payment processing through Shopify
  • Restricted internal access to personal information on a need-to-know basis
  • Regular security reviews and updates

Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee "perfect security." Any information you send to us may not be secure while in transit. We recommend that you do not use unsecure channels (e.g., unsecured email, public Wi-Fi) to communicate sensitive or confidential information to us.

Data Retention

How long we retain your personal information depends on several factors, including:

  • Whether we need the information to maintain your account or provide Services
  • Whether we have ongoing legal, regulatory, or tax obligations
  • Whether retention is necessary to resolve disputes or enforce contracts and policies
  • Applicable statute of limitations periods

In general:

  • Active customer accounts: Retained while the account remains active and for a reasonable period thereafter
  • Order and transaction records: Typically retained for 7 years to comply with tax, accounting, and audit requirements
  • Marketing communications: Retained until you unsubscribe or request deletion
  • Professional account verification documents: Retained for the duration of the account plus 3 years
  • Support communications: Typically retained for 3 years

After applicable retention periods, personal information is either securely deleted or anonymized.

10. Your Rights and Choices

Depending on where you live, you may have some or all of the rights listed below regarding your personal information. These rights are not absolute, may apply only in certain circumstances, and in certain cases we may decline your request as permitted by law.

Universal Rights

  • Right to Access / Know β€” Request access to the personal information we hold about you.
  • Right to Delete β€” Request deletion of personal information we maintain about you.
  • Right to Correct β€” Request correction of inaccurate personal information.
  • Right of Portability β€” Receive a copy of your personal information in a portable format and, where applicable, request transfer to a third party.
  • Right to Opt Out of Sale or Sharing β€” Opt out of the "sale" or "share" of your personal information or of processing for "targeted advertising."
  • Manage Communication Preferences β€” Opt out of promotional emails using the unsubscribe link, or opt out of SMS marketing by replying STOP. Service-related communications (order confirmations, security alerts) will continue.

Additional Rights for EU/UK Residents (GDPR)

  • Right to Object β€” Object to certain processing of your personal information.
  • Right to Restrict Processing β€” Ask us to limit how we use your personal information.
  • Right to Withdraw Consent β€” Where we rely on consent, you may withdraw it at any time (this does not affect prior processing).
  • Right to Lodge a Complaint β€” File a complaint with your local data protection authority.

Additional Rights for California Residents (CCPA/CPRA)

  • Right to Limit Use of Sensitive Personal Information
  • Right to Non-Discrimination for exercising your rights
  • Right to Designate an Authorized Agent to make requests on your behalf

How to Exercise Your Rights

  • Email: jessica@dermafirmusa.com with the subject line "Privacy Request – [Type of Request]"
  • Mail: DermaFirm USA, Inc., 9 Bartlet Street, Unit 259, Andover, MA 01810, USA

We will respond to verified requests within the timeframes required by applicable law (typically 30–45 days). We may need to verify your identity before processing your request. If you use an authorized agent, we may require proof of authorization.

Shopify-Processed Data

To exercise rights related to data processed by Shopify, visit https://privacy.shopify.com/en.

11. Complaints

If you have complaints about how we process your personal information, please contact us using the contact details below. Depending on where you live, you may have the right to:

  • Appeal our decision by contacting us
  • Lodge a complaint with your local data protection authority

For the EEA, you can find a list of supervisory authorities at: https://edpb.europa.eu/about-edpb/board/members_en

12. International Transfers

Please note that we may transfer, store, and process your personal information outside the country where you live, including in the United States, South Korea (for limited brand partner communications), and other countries where our service providers operate.

If we transfer your personal information out of the European Economic Area or the United Kingdom, we will rely on recognized transfer mechanisms, including:

  • The European Commission's Standard Contractual Clauses (SCCs)
  • The UK's International Data Transfer Agreement (IDTA) or equivalent
  • Adequacy decisions for countries determined to provide adequate protection

By using the Services, you acknowledge and consent to the transfer of your information to the United States and other jurisdictions, which may have data protection laws different from those of your home country.

13. Your California Privacy Rights (Shine the Light)

California Civil Code Section 1798.83 permits California residents who have an established business relationship with us to request information about our disclosure of personal information to third parties for direct marketing purposes. To make such a request, contact us using the details below.

14. Notice to Nevada Residents

Nevada residents have the right to opt out of the sale of certain "covered information" collected by operators of websites and online services. We do not currently sell covered information as defined under Nevada law, but you may submit an opt-out request to jessica@dermafirmusa.com.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will:

  • Post the revised Privacy Policy on this website
  • Update the "Last Updated" date at the top
  • Provide additional notice (such as email notification or a banner on our website) for material changes, as required by applicable law

Your continued use of the Services following any update constitutes acceptance of the revised Privacy Policy. We encourage you to review this Privacy Policy periodically.

16. Contact Information

For questions about our privacy practices, this Privacy Policy, or to exercise any of the rights available to you:

DermaFirm USA, Inc. πŸ“§ Email: jessica@dermafirmusa.com πŸ“ Mailing Address: 9 Bartlet Street, Unit 259, Andover, MA 01810, USA 🌐 Website: dermafirmusa.com

πŸ“‹ Subject Line for Privacy Requests: "Privacy Request – [Type of Request]"

For the purpose of applicable data protection laws, DermaFirm USA, Inc. is the data controller of your personal information.

Β©DermaFirm USA, Inc. All rights reserved. Bridging advanced Korean aesthetic science with the U.S. professional skincare market.