Effective Date: April 6, 2026
1. Data Controller Information
Data Controller: Dermasupplies LLC
Address: Unit 1502, 507 Teheran-ro, Gangnam-gu, Seoul, 06168, Republic of Korea
Email: info@dermasupplies.world
2. Data We Collect
We primarily collect data from Business-to-Business (B2B) professional clients. The types of personal data we collect include:
-
Identity Data: Name, surname, professional title, company name.
-
Contact Data: Email address, phone number, billing address, shipping address.
-
Professional Qualification Data: Professional license numbers, medical credentials, and certifications to verify eligibility to purchase regulated products (Dermal Fillers, Botox) under the Medical Service Act and Pharmaceutical Affairs Act.
-
Financial Data: Payment transaction details (processed securely by third-party providers; we do not store full payment card details).
-
Transaction Data: Details about products purchased, order history, and payment status.
-
Technical Data: IP address, browser type, device type, and operating system.
3. Legal Basis and Purpose of Processing
We process your data in accordance with the Korean Personal Information Protection Act (PIPA) and international standards (such as GDPR):
| Purpose of Processing | Legal Basis |
| Contract Execution (Processing orders, shipping, invoicing) | Necessary for the performance of a contract |
| Regulatory Compliance (Verifying licenses for BOTOX/Fillers, tax obligations) | Necessary for compliance with legal obligations |
| Marketing (Sending promotional emails) | Explicit consent of the data subject |
| Legitimate Interest (Preventing fraud, website security) | Necessary for the purposes of legitimate interests |
4. Specific Provisions for Regulated Products
As a distributor of highly regulated medical products (BOTOX and Dermal Fillers) operating from the Republic of Korea:
-
B2B Mandate: Sales are strictly limited to licensed healthcare professionals (HCPs) or authorized medical entities.
-
Mandatory Verification: By purchasing, you consent to the collection and verification of professional licenses. This is a mandatory requirement under Korean law to ensure the safety of the medical supply chain.
5. International Data Transfers
Dermasupplies LLC is now headquartered in South Korea.
-
Data Storage: Your personal data is primarily stored on secure servers located in the Republic of Korea.
-
Cross-Border Transfers: If you are ordering from outside Korea (e.g., EU, USA), your data may be transferred internationally to facilitate shipping and payment. We use Standard Contractual Clauses (SCCs) and ensure compliance with PIPA’s requirements for overseas transfers to maintain a level of protection equivalent to international standards.
6. Your Rights
Under the PIPA (Korea) and GDPR (Europe), you have the following rights:
-
Right to Access: Obtain confirmation and access to your processed data.
-
Right to Rectification: Request correction of inaccurate or incomplete data.
-
Right to Erasure: Request the deletion of your data (“Right to be Forgotten”), subject to legal retention requirements.
-
Right to Suspension of Processing: Request that we stop processing your data in certain circumstances.
-
Right to Object: Object to processing based on legitimate interest or direct marketing.
-
Right to Withdraw Consent: Revoke consent at any time for marketing activities.
To exercise these rights, please contact us at info@dermasupplies.world.
7. Data Retention and Destruction
-
Retention: We retain personal data only for as long as necessary to fulfill the purposes outlined (e.g., 5 years for transaction records under Korean tax and commercial law).
-
Destruction: Once the retention period expires or the data is no longer necessary, we securely delete or anonymize the information to prevent recovery.