MILAN Skin Clinic | Privacy Policy
This Privacy Policy was updated on 13/06/2022
1. INTRODUCTION
MILAN Skin Clinic places great importance on the protection of user’s privacy and its obligations in accordance with the legal provisions in force.
This Privacy Policy allows you to better understand the principles of data protection applied by MILAN Skin Clinic. We invite you to read it before submitting your personal data.
MILAN Skin Clinic Ltd whose registered office is The Maltings, Fobney Street, Reading, Berkshire, RG1 6BY United Kingdom is data controller for the website www.milanskinclinic.com.
This Privacy Policy may be updated at any time by us. Any changes to this Privacy Policy will be posted on this page and, where appropriate, notified to you. We suggest that you refer back to it on a regular basis.
2. WHEN DO WE COLLECT YOUR INFORMATION?
We collect personal information from you when:
you visit our website;
you create an account on our website;
you make a purchase or a reservation on our website or in certain approved points of sale of our distribution network;
you subscribe to one of our newsletters;
you sign up for one of our loyalty programs;
you participate in special operations, in particular games, competitions, product tests, customers surveys or market researches;
you share content on social networks such as Instagram, Facebook, Pinterest or Twitter using the hashtag #MILAN Skin Clinic or other hashtags we offer;
you are visiting one of our Spa or some approved points of sale of our distribution network;
you contact us, in particular when you call or submit a request or a complaint to our Customer Service teams, when you rate or review our products and/or services or when you chat with other visitors in real time;
you have given your consent to third parties to send us personal information about you.
3. WHAT INFORMATION DO WE COLLECT ABOUT YOU?
We consider that all information that could identify you directly or indirectly are “personal information”. We may mainly collect the following personal information:
information about your identity, in particular your gender, last name, first names, address, telephone numbers, email address, username and password, date of birth or age;
information about your payment method, in particular your credit card number and the expiration date;
information about our commercial transactions, in particular transaction numbers, history of your purchases, your request or your communications with our Customer Service team, your preferences and interests or information about one of our loyalty program;
content information such as photos, videos, ratings, reviews, comments;
information about wellness or health (skin type, skin sensitivity, medical health, contraindications, etc.) subject to your prior and explicit consent, in particular for aesthetics or when asking for a prescribed skin product or a treatment in one of our MILAN Skin Clinic medical centres;
information about your social media accounts (username, caption information, location, etc.), uploads and posts when you share content or use the hashtag #MILANSkinClinic or other hashtags we offer;
recordings of telephone conversations to offer the best quality of service, in particular for the purpose of staff training and appraisal;
technical information, in particular your IP address or information about how your device navigates through our website;
other information you provide when you contact us or we have received from external providers.
4. WHY IS YOUR PERSONAL INFORMATION COLLECTED?
Personal information may be collected mainly for the following purposes:
Website administration and improvement of the quality of service. (Legitimate interests);
Processing of your orders (orders, deliveries, invoices, after sales service, etc.). (Performance of a contract);
Customer Relationship Management (CRM), in particular to help us get to know you better and to provide you with personalized offers about our products and services (in particular by email, by SMS, on social networks or any other medium and by displaying targeted ads on websites and on social networks), to manage your membership to our Loyalty program (Consent). For these purposes, we may perform segmentation operations based on your preferences, interests and purchases behaviour, analyse your browsing and requests on our website or perform any other actions to better qualify our database (Consent or Legitimate interests). For example, we may import certain encrypted data (email or phone number) on third-party platforms to check if you already had an interaction with our brands and/or are likely to be interested by our products and services and to provide you with personalized advertising on social networks using retargeting features. Creating an account allows us to personalize your customer experience but you can also place an order using the Guest Check Out option;
Carrying out analyses and business statistics to anticipate market changes (business intelligence, data visualization, etc.), measuring your satisfaction and R&D (Legitimate interests);
Measurement of the performance of affiliate campaigns (Consent);
Social interaction (Consent); When appropriate, prevention and fraud detection, crime and litigation management. The fraud detection solutions we use can be completely automated or involve human intervention. When we use automated fraud detection solutions, we engage in processing of your personal information for the purpose of identifying fraudulent activity or securing payment and making automated decisions in this respect. The logic of this automated decision-making relies on applying fraud analysis rules and models to our business processes to determine if an action is potentially fraudulent. This processing can produce legal effects that concern you or similarly significantly affect you, and specifically we may refuse to enter into a contract with you. We inform you that we may also use reCAPTCHA, a service provided by Google to protect our site from spam and abuse. For information on how Google uses the data collected through reCAPTCHA, you may review Google Privacy Policy and Terms of Service (Legitimate interests);
Processing your requests and complaints (Consent);
Managing undesirable effects related to the use of our products, carrying out studies concerning the safety of use of our products and exercise of your rights (keeping an opt-out list) (Legal obligation);
As otherwise permitted by law and/or notified to you from time to time.
5. DO WE DISCLOSE YOUR PERSONAL INFORMATION?
We never sell nor rent your personal information to other companies for marketing purposes.
We may also share with service providers chosen for their expertise and reliability and acting on our behalf and at our direction (order processing and fulfilment, secure payment, customer service management, maintenance and technical development operations, rate and reviews, analytics, spam prevention, management of digital campaigns and affiliation, etc.). We authorize these service providers to use your personal information only to the extent necessary to perform services on our behalf or to comply with legal requirements and we strive to ensure that your personal information is always protected.
These third parties may be located in or out of the European Economic Area (EEA), including in countries that do not provide the same level of data protection as in your country of residence. In such a case, we will ensure that:
we obtain your unambiguous consent to share your personal information with these third parties, we enter into appropriate data transfer agreements conforming to the Standard Model Clauses established by the European Commission, we comply with Binding Corporate Rules (BCR) approved by competent authorities.
Finally, we may also transmit your personal information to local authorities if required by law or as part of an investigation and in accordance with applicable regulations.
6. How will we protect the information about you?
MILAN Skin Clinic takes appropriate technical and organizational measures, in relation to the nature of data and risks, to preserve the security and confidentiality of your personal information and, in particular, to prevent them from being altered, disclosed or transmitted to any unauthorized parties.
This may include practices such as limited access by members of staff who, by virtue of their duties, are authorized to access data, contractual guarantees in case of third-party provider, privacy impact assessments, internal reviews of our practices and privacy policies and/or implementation of physical and/or systematic security measures (secure access, authentication process, backup, antivirus, firewall, pseudonymization, encryption, etc.).
7. WHAT IS OUR POLICY ON MINORS?
This website is not aimed at minors.
We do not knowingly collect nor process personal information from minors. Assuming we would have knowledge of the collection of personal information from minors without prior authorization from the holder of the parental responsibility, we will take appropriate measures to contact the person and/
8. WHAT IS OUR COOKIES (AND OTHER TRACKING TECHNOLOGIES) POLICY?
For more information on our Cookies Policy.
9. HOW IS THE CONTENTS YOU SHARE ON SOCIAL NETWORKS USING OUR HASHTAGS MANAGED?
You can choose to use our hashtags to tag your content on social networks such as Instagram, Facebook, Pinterest or Twitter.
By using these hashtags, you acknowledge and agree that your content may appear on our website and be used to refer to our products or services.
We remind you that the information you share on social networks can be consulted, used and saved by others around the world, in particular in countries without legislation guaranteeing an adequate level of protection of your personal information as defined in your country of residence.
We also draw your attention to the fact that when you submit content using one of our hashtags, your use of social networks is exclusively governed by the general conditions of these social networks. We invite you to read it and to refer to it regularly.
If you no longer want your content to appear on our site, please remove it from the social network or stop using hashtags.
10. FOR HOW LONG IS YOUR PERSONAL DATA KEPT?
We strive to keep your personal information only for the time necessary for the purposes set out in this privacy policy and in accordance with the provisions in force.
As a general rule:
Customer / prospect data will be kept for three years from the date of collection or after the last contact or the end of the commercial relationship, unless it is opposed or requested to be deleted by you. At the end of this three-year period, we may make contact with you again in order to find out whether or not you wish to continue to receive marketing approaches. If no clear positive answer is given by you, your data will be deleted or archived in accordance with the provisions in force.
Data relating to identity documents may be kept for one year in the event of exercise of your rights.
Data on credit cards will be deleted after the transaction or archived for evidence purposes in accordance with the provisions in force. Subject to your express consent, banking data may be kept until the expiration date of the credit card. We never store your visual cryptogram.
Data necessary for carrying out analyses and business statistics can be kept for up to five years.
Data to prove a right or a contract or kept under compliance with a legal obligation can be archived in accordance with the provisions in force.
11. WHAT ARE YOUR RIGHTS REGARDING YOUR PERSONAL INFORMATION AND HOW DO YOU CONTACT US?
If you give us your email address, phone number or mailing address, you may receive emails, calls or periodic messages from us about our products, services or upcoming events. You can unsubscribe at any time from our mailing lists by contacting us at the address below, by following the link “unsubscribe” contained in each of our emails or by replying “STOP” to one of our SMS. You can also change your preferences at any time in your account.
In accordance with the provisions in force, you have a right to access, rectification, erasure and data portability of your personal data as well as a right to object and restriction of processing. You can also withdraw your consent at any time. To exercise these rights, you must send us a request by justifying your identity:
E-mailing a request to info@milanskinclinic.com;
By writing to the following address: MILAN Skin Clinic, The Maltings, Fobney Street, Reading, Berkshire, RG1 6BY.
You will be informed of the actions to be taken as soon as possible and in any case no later than one month after your request. However, we reserve the right not to respond to unfounded or vexatious requests.
In accordance with the provisions in force, you can also file a complaint with the competent authority responsible for data protection or lodge an appeal if your data are misused. The
Information Commissioner’s Office (ICO)
Water Lane, Wycliffe House, Wilmslow – Cheshire SK9 5AF
Please contact our contact point for data protection in the UK should you have any questions or comments in connection with this Privacy Policy: The Data Controller, MILAN Skin Clinic, The Maltings, Fobney Street, Reading, Berkshire, RG1 6BY.
MILAN Skin Clinic | Policy regarding cookies and other trackers
This Privacy Policy was updated on 13/06/2022
MILAN Skin Clinic places great importance on the protection of user’s privacy and its obligations in accordance with the legal provisions in force.
When browsing our website, cookies and other trackers are likely to be stored and/or read on your device (computer, smartphone, tablet, etc.).
This page allows you to better understand how cookies work, what principles we apply, and how to manage your preferences. Please, also read our Privacy Policy.
1. What is a cookie or tracker?
Cookies or trackers designate all mechanisms aimed at storing information on your device, or accessing information already stored on your device. This may include HTTP cookies as well as other technologies such as local shared objects, local storage, device fingerprinting, identifiers generated by operating systems (IDFA, IDFV, Android ID, etc.), hardware IDs (MAC address, serial number, etc.), etc.
2. Why trackers are used on our website and what are the principles we apply?
Trackers requiring consent
We ask for your consent before storing and/or reading trackers on your device, and we notify you of the purpose of the trackers used as well as the identity of our partners so that you can make an informed decision in this regard.
PERFORMANCE & ANALYTICS: These trackers allow us to analyse your navigation and measure the audience of our site, to improve the quality of our services.
| Company | Name | Source | Lifespan | Description |
| Contentsqu are | _cs_c | 13 months | Contains the user consent state (not expressed, granted, withdrawn). | |
| Contentsqu are | _cs_cvars | While the session lasts | Includes the session’s Custom variables URL encoded | |
| Contentsqu are | _cs_id | 13 months | Contains the following data separated by dots: user ID, user creation timestamp, number of visits, last pageview timestamp, last visit timestamp, timestamp of the last time this visitor was drawn, cookie expiration date, cookie SameSite attribute, cookie Secure attribute value (0/1). | |
| Contentsqu are | _cs_s | 30 minutes | Contains the number of pages viewed in the current session and the recording type: “.1” (not recorded for Session Replay), “.3” (to include a visitor for Session |
| Replay recording service) or “.5” (to include a visitor for Session Replay recording service after a specific trigger). | ||||
| Adobe | uuid230 | It is set once until it disappears from client browser then a new value is regenerate d. | It contains a UUID (Universally Unique Identifier, ex: 22dd36b2- 6719-4a7d-b3c1- 0d3a51dad73d). It is set once until it disappears from client browser then a new value is regenerated. The aim of that identifier is to identify clients from the first contact. It may be deposited by a landing page (to associate unknown customer activities to a recipient) or simply by a regular delivery. | |
| Adobe | nlid | Session cookie | It contains both broadlogId and deliveryId that are set whenever the user clicks on a link in an email. The aim of that cookie is to know which delivery and client has generated traffic or actions on a website. Indeed by positioning trackers (calls to URLs of the tracking server) we are able to create logs because we know the 3 mandatory fields: recipientId (with the broadlogId), deliveryId and tagId (the URL we use) | |
| Commander s Act | TCAUDIENCE | 365 days | Used to store the user segment for user targeting. | |
| Commander s Act | WID (domain: .commander1.com) | Session | Used to identify when the browser is closed in order to split page views into multiple functional sessions. | |
| Commander s Act | _TCCookieSync | / | Used to store the date of the last cookie synchronisation with the partner (set in local storage by default, and cookie if local storage not available). | |
| Commander s Act | _TCCookieSync | 365 days | Used to store the date of the last cookie synchronisation with the partner (set in local storage by default, and cookie if local storage not available). | |
| Commander s Act | TCSESSION (domain: .commander1.com) | Session | Used to calculate MIX metrics based on the session. | |
| Commander s Act | TCREDIRECT | Session | Used to deduplicate clicks (if redirect, just store the page view and ignore the click). | |
| Commander s Act | TCREDIRECT (domain: .commander1.com) | Session | Used to deduplicate clicks (if redirect, just store the page view and ignore the click). | |
| Commander s Act | TCLANDINGURL (domain: .commander1.com) | Session | Used to store landing page URL for MIX raw data. | |
| Commander s Act | TCID (domain: .commander1.com) | 365 days | Visitor identifier used to compute deduplicated statistics per user (for campaign and on-site tracking, segmentation, …). TrustCommander uses this cookie to measure statistics for privacy banner performance after a visitor provided consent. Before users provided consent TrustCommander uses the TCPID cookie to measure anonymous statistics for privacy banner. |
| Commander s Act | CAID (domainfirstClient) | 365 days | The CAID is the user identifier for cookie 1st | |
| Commander s Act | tC_Sync | / | Technical cookie that is used to store the timestamp of the last cookie sync that was performed for this user agent. A cookie sync matches the visitor ID of Commanders Act solutions (TCID) with the visitor ID of other solutions. Cookie sync is optional and can be deactivated by Commanders Act users via the Commanders Act support. | |
| Commander s Act | tc_cj_v2 (domain: .commander1.com) | 365 days | Used for user customer journey storage for tag deduplication (channel and source storage). | |
| Commander s Act | tc_cj_v2_cmp (domain: .commander1.com) | 365 days | Used for user customer journey storage for tag deduplication (campaign storage). | |
| Commander s Act | tc_cj_v2_med (domain: .commander1.com) | 365 days | Used for user customer journey storage for tag deduplication (medium storage). | |
| Commander s Act | TCREDIRECT_DEDUP (domain: .commander1.com) | Session | Used when the deduplication is based on MIX tracking (so the MIX tracking is taken into account and not the landing page tracking) | |
| Commander s Act | tc_sample_{idsite}_{idrul e} | 365 days | Used for visitor and session sampling in the TagCommander rules. |
| Commander s Act | tc_cj_v2 | 365 days | Used for user customer journey storage for tag deduplication (channel and source storage). | |
| Commander s Act | TCPID | 6 months | Used to identify visitors exposed to the privacy banner (not encoded contrary to TCID, so visitors can be retrieved in the privacy raw data export). TrustCommander uses this cookie to measure statistics for privacy banner usage until visitors provide consent for the TCID cookie. With this 2-cookie system, TrustCommander is the only CMP that has been granted the right of exemption from consent for statistical measurement by the French CNIL. https://www.cnil.fr/fr/solut ions-pour-les-cookies-de- mesure-daudience | |
| Commander s Act | TC_OPTOUT (default) | 396 days | Used for user status storage (optin or optout) and Privacy banner display. | |
| Commander s Act | TC_OPTOUT_categories (default) | 396 days | Used to display the optin/optout categories in the Privacy Center if the user re-open it. | |
| Commander s Act | TC_PRIVACY (default) | 6 months | Used for user status storage (optin or optout) and Privacy banner display. | |
| Commander s Act | TC_PRIVACY_CENTER (default) | 6 months | Used to display the optin/optout categories in the Privacy Center if the user re-open it. |
| Commander s Act | TC_PRIVACY_IAB_VENDO RLIST | Unlimited | Used to cache the IAB TCF Global Vendor List to optimise the response time of the IAB TCF consent API. | |
| Commander s Act | TC_PRIVACY_TCF | Unlimited | Used to cache the IAB TCF Consent API Response to optimise the response time of the APII. | |
| Akamai | RT | 7 days | Doesn’t contain personal information but it contains various pieces of information about the visitor’s session, such as number of visited pages, session start time, last visited url and etc | |
| | _ga | 2 years | Used to distinguish users. | |
| | _gid | 24 hours | Used to distinguish users. | |
| | _gat | 1 minute | Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>. | |
| | AMP_TOKEN | 30 seconds to 1 year | Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service. | |
| | _ga | 2 years | Used to distinguish users. |
| | _gcl_au | 90 days | used to help advertisers determine how many times users who click on their ads end up taking an action on their site, such as making a purchase. Cookies used for measuring conversion rates aren’t used to personalize ads. | |
| | NID | 6 months | This cookie contains a unique ID used to remember your preferences and other information such as your preferred language, how many search results you prefer to have shown on a results page (for example, 10 or 20), and whether you want to have Google’s SafeSearch filter turned on. | |
| | SID | 2 years | Used for security purposes to store digitally signed and encrypted records of a user’s Google account ID and most recent sign-in time which allows Google to authenticate users, prevent fraudulent use of login credentials, and protect user data from unauthorised parties. This can also be used for targeting purposes to show relevant & personalised ad content | |
| | HSID | 2 years | Used for security purposes to store digitally signed and encrypted records of a user’s Google account ID and most recent sign-in time which allows Google to authenticate users, prevent fraudulent use of login credentials, and protect user data from unauthorised parties. This can also be used for targeting purposes to show |
| relevant & personalised ad content | ||||
| | SID | 2 years | Used for security purposes to store digitally signed and encrypted records of a user’s Google account ID and most recent sign-in time which allows Google to authenticate users, prevent fraudulent use of login credentials, and protect user data from unauthorised parties. This can also be used for targeting purposes to show relevant & personalised ad content | |
| | Secure-HSID | 2 years | Used for security purposes to store digitally signed and encrypted records of a user’s Google account ID and most recent sign-in time which allows Google to authenticate users, prevent fraudulent use of login credentials, and protect user data from unauthorised parties. This can also be used for targeting purposes to show relevant & personalised ad content |
TARGETED ADVERTISING: These trackers are used to make advertising more relevant to you and your interests. The personalization of advertising may include various technical operations such as:
Selecting advertising based on your profile; Fighting against click fraud;
Billing advertising services (affiliates campaigns, etc.);
- Measuring targets which are the most interested in advertising to better understand the audience.
| Company | Name | Source | Lifespan | Description |
| | fbp | 90 days | Used by Facebook to personalise content |
| (including ads), measure ads, produce analytics and provide a safer experience | ||||
| | fbc | 90 days | Used by Facebook to personalise content (including ads), measure ads, produce analytics and provide a safer experience | |
| | fr | 90 days | Used by Facebook to deliver, measure and improve the relevancy of ads, with a lifespan of 90 days | |
| | oo | 5 years | Used by Facebook to help you opt out of seeing ads from Facebook based on your activity on third-party websites | |
| | AA003 | 90 days | Used by Facebook to personalise content (including ads), measure ads, produce analytics and provide a safer experience | |
| | tr | Session | Used by Facebook to personalise content (including ads), measure ads, produce analytics and provide a safer experience | |
| | ATN | 2 years | Used by Facebook to personalise content (including ads), measure ads, produce analytics and provide a safer experience | |
| Microsoft Bing | _uetsid | Session | This is a cookie utilised by Microsoft Bing Ads to store a unique, non-personally identifiable ID representing a signed-in user. It allows us to engage with you if |
| you have previously visited our website. | ||||
| Microsoft Bing | _uetvid | 15 days | This is a cookie utilised by Microsoft Bing Ads to store a unique, non-personally identifiable ID representing a signed-in user. It allows us to engage with you if you have previously visited our website. | |
| Microsoft Bing | MUIDB | 2 years | Used by Microsoft advertising to anonymously identify user sessions to help us measure the effectiveness of our marketing campaigns. | |
| Microsoft Bing | MUID | 2 years | Used by Microsoft advertising to anonymously identify user sessions to help us measure the effectiveness of our marketing campaigns. | |
| Rakuten Advertising Attribution | stc[site id] | 1 year (topped up on each interaction) | Stores website user ID, traffic source IDs, page view and order count on client domain. | |
| Rakuten Advertising | rmStore or rmStore[MID] | 30 days | Holds configuration for conversion code and stores affiliate and search click IDs on client domain | |
| Rakuten Advertising | rmgconsent | 13 months | Rakuten Advertising global consent cookie on Rakuten Advertising domains | |
| Rakuten Advertising | rmlconsent_[domain] | 13 months | Domain specific local consent cookie on client domain |
| Rakuten Advertising | rmco | localStorage | Stores consent information on client domain | |
| Rakuten Advertising | rmco_cs | localStorage | Indicator whether consent was given on client domain | |
| Rakuten Advertising | rmco_jsv | localStorage | Purpose IDs consented on client domain | |
| Rakuten Advertising | rmuid | 1 year | Rakuten Advertising ID on Rakuten Advertising domains | |
| Rakuten Advertising Affiliate | lsn_statp | 1 year | Consumer ID | |
| Rakuten Advertising Affiliate | lsclick_midNNNNN (NNNNN is the MID for the advertiser that the click belongs to) | 730 days | Holds click date and publisher ID | |
| Wunderkind | BounceX – Smart Tag | No expiry | Wunderkind may leverage cookies to track user history across pages and sessions. Cookies allow us to maintain information about end-users, improve the user shopping experience, and make intelligent segmentation decisions when serving onsite, triggered email and SMS campaigns.
Wunderkind’s identity technology relies on pseudonymous observed browser, network, and device level signals. While our identity technology does leverage cookies where available, it is not reliant upon them. |
| Trade Desk | Trade Desk | 30 Days | Track website traffic, build retargeting audiences.
Placed once on the header or footer of the website, can track traffic across all pages. Can also be placed in Google Tag Manager |
– Personalised content: These trackers are used to personalise the editorial content of our site and the display of our products and services based on the browsing habits associated with your device.
| Company | Name | Source | Lifespan | Description |
| AB Tasty | ABTasty | 13 months | Test data | |
| AB Tasty | ABTastySession | 1 session | Session and referrer Identification | |
| AB Tasty | ABTastyData | browser limit | Stores visited pages, events, transactions and segments in local storage | |
| AB Tasty | ABTastyUA | session | Stores user agent in session storage | |
| AB Tasty | ABTastyGeoloc | session | Stores geolocation in session storage | |
| Movable Ink | _micpn | 4 days from the time of email/webpage click | Used to associate Client Campaigns with user clicks/page view events | |
| Movable Ink | _mibhv | Expires 13 months from the time of email/webpage click | Used to associate Client Company and Unique User Identifier with user clicks/page view events. |
| Insider | INSOPTOUT | 1 year | Stores opt-out status of current user | |
| Insider | customDataSet-* | 30 days | Custom segmentation storage | |
| Insider | ins-storage-version | 1 year | prevents or permits re- migrating localStorage values from worker to partner site | |
| Insider | first-permission- impression | 1 years | Stores the status between the user and opt-in permission screen. It helps us to show opt-in screen again for the users who didn’t see it. | |
| Insider | native-permission- impression | 1 year | Stores the status between the user and native opt-in permission screen. It helps us to show opt-in screen again for the users who didn’t see it. | |
| Insider | ins-gaSSId | 30 mins (Session) | Tracks Google Analytics users for 30 minute sessions. Similar like GA we set cookies with 30 minute expiration dates and every user gets a new id in every 30 minutes. | |
| Insider | ins-test-cookie | Session | Tests if cookies are enabled on the browser that user is currently using. | |
| Insider | insdrSubsId | 60 days. Can be changed on the panel. | Web Push Token of the user. |
| Insider | insdrSubsIdCreateDate | 60 days. Can be changed on the panel. | Creation date of Web Push Token. | |
| Insider | push-request-sent | 60 days. Can be changed on the panel. | Collects opt-in log according to its existence | |
| Insider | campaignId- countdownId-until | 1 hour | Stores countdown information of a single info campaign | |
| Insider | insdrPushCookieStatus | 1 day | Shows opt-in according to its existence | |
| Insider | isVAPID | 1 year | Confirms that token has been given by vapid key | |
| Insider | migratedSDK | 60 days. Can be changed on the panel. | Stores already registered sw sdk path | |
| Insider | insdrDH | 60 days. Can be changed on the panel. | N/A | |
| Insider | insdrAuth | 60 days. Can be changed on the panel. | N/A | |
| Insider | insdrPayloadComplete | 60 days. Can be changed on the panel. | Used for checking if user has token and sw migration required |
- Sharing on social networks: These trackers are used so that you can share content on social networks or third-party platforms (Facebook, Instagram, YouTube, etc.). This is particularly the case for the “Share” or “Like” buttons of social networks such as Facebook or Instagram. Please note that the social networks that provide these button applications may use the button to identify you even if you have not used this button during your visit our site. We have no control over the processes used by third parties to compile information about your visits to our site nor any related personal data they may have. We recommend that you to review the protection of privacy policies of these social networks in order to understand the purposes behind the collection of browsing data they can compile through such buttons, especially as regards advertising. The policies of social networks must allow you to exercise your personal choice through your account settings.
- Additional functionalities: These trackers are used to activate additional functionalities on our website (community chat, ratings & reviews, etc.).
| Company | Name | Source | Lifespan | Description |
| tokywoky | cfduid | 12 months | As long as the user does not delete their profile via the application or browser settings | |
| tokywoky | toky_state | 13 months | User visit duration on the profile settings interface (session duration) | |
| tokywoky | TokyUserID | 100 days | The toky user ID | |
| tokywoky | islogged | 13 months | Whether a user is connected on the widget. | |
| tokywoky | .ASPXAUTH | 13 months | Session cookie which stores the user authentication information. | |
| tokywoky | JSESSIONID | As long as the user session | New Relic cookie which stores a session ID so New Relic knows how many sessions we have on widget. The cookie value is generated with Jetty. | |
| Olapic | olapicU | 30 minutes | The purpose is specifically to track interactions with the content and the widgets. We store an anonymous and unique id to track the user for |
| interactions with our widgets | ||||
| Zendesk | zlcmid | 1 year | Store visitor’s machine-id for the Chat widget’s authentication
Chat Widget offers out-of-the-box cookie consent management, see here: Enabling cookie consent for the Chat widget & Web SDK
Alternatively, these Chat Cookies respect external cookie bot functionality as well. | |
| Vee24 | vee24.testCookie | Session Cookie | To test if the 1st party cookies are enabled in the browser | |
| Vee24 | vee24.nudges | Session Cookie | To manage nudges for a specific session | |
| Vee24 | vee24.userIsActive | Session Cookie | To test if the user is active (has moved the mouse in the last few seconds) | |
| Vee24 | v24u_<MILAN Skin Clinicuk> | 10 years | User Cookie: To identify users who return to a website | |
| Vee24 | v24s_<MILAN Skin Clinicuk> | Session Cookie | Session Cookie: Temporary ID when visiting a website. If user engages with an Operator, a new |
| session cookie is provided after the engagement ends | ||||
| Vee24 | v24e_<MILAN Skin Clinicuk> | Session Cookie | Engagement Cookie: Temporary ID when having an engagement to keep track of engagement specific activities | |
| Vee24 | v24TestCookie<MILAN Skin Clinicuk> | Session Cookie | Another test cookie to test if the cookies are enabled | |
| Vee24 | vee24.noThanks | Session Cookie | Stores whether the customer has rejected all subsequent nudges. | |
| Vee24 | vee24.engagedThisSession | Session Cookie | Stores whether the customer has already been engaged with an agent for this browser session. Used to determine whether the customer should continue to be nudged. | |
| Vee24 | vee24.currentNudge | Session Cookie | Stores whether the customer is currently being nudged, the SiteSection, and the timestamp of the nudge. | |
| Vee24 | vee24.seenMobileNavIntroModal | 10 years | Sets the flag to determine if the customer has already seen a small pop up to |
| give them instructions on how to use our product while in an engagement | ||||
| Bambuser | _bamls_cuid | 1 year | Unique identifier for the merchant. Used as a common denominator for all tracking performed by Bambuser to easily enable reporting and dashboards per merchant. | |
| Bambuser | _bamls_usid | 1 year | Unique identifier for a user. Used to attribute Bambuser statistics to a single site user. | |
| Bambuser | _bamls_seid | 30 min | Unique identifier for a session in which a Bambuser show was watched. Used in tracking to attribute statistics to a single session. | |
| Bambuser | _bamls_shid | 30 days | Unique identifier for a Bambuser show. Used to attribute statistics to a single show. This also – similar to source/medium in Google Analytics – enables attribution of purchases (that do not occur within the embedded stream) towards the show. |
| Bambuser | _bamls_lits | MILANSkinClinic.com | 30 days | The timestamp for the last known interaction in a Bambuser show. This is used in conjunction with _bamls_shid to measure at what point in time after a user viewed a show, the actual purchase was made. |
Trackers exempt from consent
We do not ask for your consent when storing and/or reading trackers used for the exclusive purpose of enabling or facilitating the use of our website, or which are strictly necessary for providing a service that you have expressly requested .
As an example, the trackers described below do not require any intervention from you:
- Trackers used to store your choice concerning the storage of trackers;
- Trackers used for authentication purposes, including those aimed at ensuring the security of the authentication mechanism;
- Trackers used to keep in memory the content of your shopping cart on our website, or to bill you for the products and/or services purchased;
- Trackers used to customize the interface (language, );
- Trackers used for load balancing;
- Web analytics trackers when strictly necessary for the day-to-day administrative operations and functioning of our website, such as measuring performance, detecting browsing problems, optimizing technical and/or ergonomic performance, estimating the required server power, or analysing the content viewed.
| Company | Name | Source | Storage period | Description |
| FACIL’iti | FACIL_ITI_LS | MILANSkinClinic.com | As long as the user does not delete their profile via the application or their browser settings | |
| FACIL’iti | FACIL_ITI_REFRESH | MILANSkinClinic.com | As long as the user does not delete their profile via the application or their browser settings |
| FACIL’iti | PHPSESSID | MILANSkinClinic.com | Session | Duration of the user’s visit to the configuration interface of his profile (session duration) |
| FACIL’iti | FACIL-ITI_CSS | MILANSkinClinic.com | Session | Duration of the user’s visit to the configuration interface of his profile (session duration) |
3 – How to choose your preferences for the trackers issued by our website
You can change your preferences at any time using the means described below.
Please remember that all the configurations you make will likely alter your Internet browsing experience and your ability to access certain services requiring the use of trackers.
We assume no responsibility for the consequences related to the degraded operation of our services resulting from us not being able to store or read the trackers necessary for the full functioning of our site and services.
Note that the deactivation of advertising cookies does not prevent the display of advertisements on your data terminal. It will only block the technologies that can adapt advertisements to your browsing data or your interests.
Choosing your preferences online
You can use our Privacy Center [Insert a link to Commanders Act pop-in] to give or withdraw your consent independently and specifically for each specific purpose.
Choosing your preferences via your browser
Each browser has a different way of managing cookies and cookie settings. This process is described in your browser’s help menu, which will help familiarize you on how to change your tracking preferences.
- Chrome™: Chrome Support
- Internet Explorer™: Internet Explorer Support
- Edge™: Edge Support
- Firefox™: Firefox Support
- Safari™: Safari Support
Choosing your preferences online using cross-industry platforms
The digital advertising professionals of the European Association EDAA (European Digital Advertising Alliance), managed in France by the Interactive Advertising Bureau France, offers a website at Youronlinechoices.
Here you will find a list of the companies that belong to this initiative and which offer you the opportunity to accept or reject the cookies used by these companies to customize their advertisements to your browsing data: www.youronlinechoices.com/uk/
This is a centralized European interface that is shared by hundreds of internet advertising professionals allowing you to express your acceptance or rejection of cookies, which may be used to customize the advertisements displayed on your data terminal to your browsing data. Note that this does not preclude the display of advertisements on the websites you visit. It will not block the technologies that can customize advertisements to your interests.
4 – How long your preferences are stored
By default, we store your preferences (acceptance and refusal) for a period of 6 months.
Please note that your preferences are stored using a cookie. If you disable all the cookies stored on your device (via your browser), we will no longer be able to store your preferences.
5– How to contact the data protection authority
For more information, you can visit the following data protection authority websites:
The Information Commissioner’s Office (ICO)
Water Lane, Wycliffe House
Wilmslow – Cheshire SK9 5AF
