Privacy Policy

Your Privacy, Our Priority

At Supplyderma, we are committed to protecting your personal data and respecting your privacy. This policy outlines how we collect, use, and safeguard your information when you use our website or place an order with us.

Supplyderma is operated by Altius IKE/ Supplyderma, registered at Semelis 5, 11528, Athens, Greece and with VAT number 801870042. We are an online platform dedicated to providing premium medical aesthetic products to licensed healthcare professionals and authorized clinics worldwide.

 1. What Personal Data We Collect

When you browse our site or place an order, we may collect the following types of data:

Information You Provide to Us:

• Full name and company name 

• Professional credentials and license information (for account verification)

• Contact details (email address, phone number, shipping address, billing address)

• Payment and billing information (securely processed via third-party payment gateways)

• Order history and preferences

• Communication records (emails)

Information Automatically Collected:

• IP address

• Browser type and version

• Device information

• Pages visited and time spent on site

• Referring website

• Cookies and similar tracking technologies 

2. Legal Basis for Processing Your Data

We process your personal data under the following legal bases as defined by GDPR:

Contract Performance (Art. 6(1)(b) GDPR):

• Processing and fulfilling your orders
• Providing customer support
• Managing your account

Legitimate Interest (Art. 6(1)(f) GDPR):

• Preventing fraud and ensuring platform security
• Analyzing website usage to improve functionality
• Internal record keeping and business administration

Legal Obligation (Art. 6(1)(c) GDPR):

• Complying with tax, accounting, and legal requirements
• Maintaining transaction records as required by law

Consent (Art. 6(1)(a) GDPR):

• Sending marketing communications (you can withdraw consent at any time)
• Using non-essential cookies for analytics and marketing

3. How We Use Your Information

We use your information solely to:

• Process and deliver your orders – fulfillment, shipping notifications, invoicing
• Verify professional credentials – ensuring products are sold only to licensed professionals
• Communicate with you – order updates, shipping notifications, customer support responses
• Provide customer support – responding to inquiries and resolving issues
• Improve our services – analyzing website performance and user experience
• Prevent fraud and ensure security – protecting our platform and users
• Comply with legal obligations – tax reporting, regulatory compliance
• Send marketing communications – only with your explicit consent (you can opt-out anytime)

We do not sell or share your personal data with third parties for their marketing purposes.

4. Who We Share Your Data With

We share your data only with trusted third-party service providers who help us operate our business:

Payment Processing:

• Piraeus Bank and Euronet Merchant Services Greece (epay) – for secure payment processing
• They process your payment information according to PCI-DSS standards

Shipping & Delivery:

• DHL and other international carriers – to deliver your orders
• We share only the necessary delivery information (name, address, contact number)

Email Communications:

• Mailchimp – for sending order confirmations and notifications

Analytics:

• Google Analytics – to understand website usage (anonymized where possible)

Website management:

• WordPress
• Woocommerce

All third-party processors are carefully selected, contractually bound to protect your data, and process data only according to our instructions. Some of our service providers (such as Mailchimp and Google Analytics) may process data outside the European Economic Area (EEA). We ensure adequate protection through: Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions where applicable and additional technical and organizational security measures as required by GDPR. Your data is protected to the same standard regardless of where it is processed.

5. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right to Access (Art. 15 GDPR): Request a copy of all personal data we hold about you.
• Right to Rectification (Art. 16 GDPR): Correct any inaccurate or incomplete personal data.
• Right to Erasure / “Right to be Forgotten” (Art. 17 GDPR) :Request deletion of your personal data (subject to legal retention obligations).
• Right to Restrict Processing (Art. 18 GDPR): Request that we limit how we use your data in certain circumstances.
• Right to Data Portability (Art. 20 GDPR) Receive your data in a structured, machine-readable format to transfer to another provider.
• Right to Object (Art. 21 GDPR): Object to processing based on legitimate interest or for direct marketing purposes.
• Right to Withdraw Consent (Art. 7(3) GDPR): Withdraw your consent for marketing communications or cookies at any time.
• Right to Lodge a Complaint (Art. 77 GDPR): File a complaint with your national data protection authority if you believe your rights have been violated.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

For further information, you can contact your local supervisory authority:

• Greece: Hellenic Data Protection Authority (www.dpa.gr)
• EU-wide list: https://edpb.europa.eu/about-edpb/board/members_en

6. Cookies & Tracking

Please review our Cookie Policy. 

7. Security

We take data protection seriously and implement industry-standard security measures:

• SSL/TLS Encryption – All data transmitted is encrypted (HTTPS)
• Secure Payment Processing – PCI-DSS compliant payment gateways
• Access Controls – Limited employee access to personal data on a need-to-know basis
• Regular Security Updates – Software and systems are regularly updated
• Secure Backups – Encrypted backups stored securely
• Monitoring – Continuous monitoring for suspicious activity

While we implement robust security measures, no online transmission is 100% secure. We cannot guarantee absolute security but commit to notifying you of any data breach as required by law.

8. Marketing Communications

With your explicit consent, upon subscribing to our newsletter, we may send you:

• Product updates and new arrivals
• Special offers and promotions
• Educational content related to medical aesthetics

You can opt-out at any time by:

• Clicking “Unsubscribe” in any marketing email
• Contacting us at [email protected]
• Adjusting your account preferences

Even if you opt-out of marketing, we’ll still send essential transactional emails (order confirmations, shipping updates, etc.).

9.Data Retention

We retain your personal data only for as long as necessary:

– Account & Order Data: 10 years (tax and accounting obligations)
– Payment Records: As required by banking regulations
– Marketing Consent: Until you withdraw consent or 3 years of inactivity
– Analytics Data: 26 months (Google Analytics standard)
– Communication Records: 5 years

After these periods, data is securely deleted or anonymized.

10. Policy Updates

This policy may be updated occasionally to reflect changes in regulations or business operations. The latest version will always be available on our website.

Have questions about your privacy?

For privacy-related questions or to exercise your rights:

Email: [email protected]

Address: Semelis 5, 115 28, Athens, Greece

Whats-App: +30 6937371117

Business Hours:10.00 – 18.00 (GMT+3)

We aim to respond to all inquiries within 30 days as required by GDPR.

By placing an order with SupplyDerma, you acknowledge that you have read, understood, and agree to this Privacy Policy.

Last Updated: October 2025