Privacy Policy

Last updated: October 21, 2025

Karam MD Skin (“we,” “us,” or “our”) operates this store and website, including all related information, content, features, tools, products and services, in order to provide you, the customer, with a curated online shopping experience (the "Services"). Our store is powered by Shopify, which enables us to provide the Services to you.

Karam MD Skin, headquartered in 11943 El Camino Real, #100, San Diego, CA 92130, USA is the data controller of any Personal Data collected from you on this website or otherwise for the purpose of conducting or developing our business with you.  This Privacy Policy (the “Policy”) describes how we collect, use, disclose, and share your personal information when you visit, use, or make a purchase or other transaction using the Services or otherwise communicate with us.

This Policy, which is incorporated in full into our Terms of Service (“TOS”) by reference, together with the TOS govern your use of the Services.  If there is a conflict between our TOS and this Policy, this Policy controls with respect to the collection, processing, and disclosure of your personal information. Please read this Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, disclosure, and sharing of your information as described in this Policy.

Privacy and data protection laws around the world refer to personally identifiable information using different terms.  In this Policy, we will use the terms “personal information” and “personal data” interchangeably.

Personal Information We Collect or Process

When we use the term "Personal Information" or “Personal Data,” we are referring to information that identifies or can reasonably be linked to you or another living individual. Personal information does not include information that is collected anonymously or that has been de-identified so that it cannot identify or be reasonably linked to you.

We may collect or process the following categories of Personal Information, including inferences drawn from this personal information, depending on how you interact with the Services, where you live, and as permitted or required by applicable law:

  • Identifiers including your name, address, billing address, shipping address, phone number, and email address.
  • Account Information such as (1) financial information including payment card information such as credit card and debit card information, financial account information, transaction details, payment confirmation and other payment details, each without any corresponding access credential; and (2) your username, password, security questions to access your Karam MD Skin account, your preferences and settings.
  • Commercial Information such as transaction information including the items you view, put in your cart, add to your wishlist, or purchase, return, exchange or cancel and your past transactions.
  • Communications with us including the information you provide in communications with us, for example, when sending a customer support inquiry.
  • Device information including information about your device, browser, or network connection, your IP address, and other unique identifiers.
  • Internet or Other Similar Network Activity such as usage information including information regarding your interaction with the Services, including how and when you interact with or navigate the Services.
  • Inferences drawn from any of the information we collect to create a profile of your preferences, characteristics, behavior, and attitudes.

We do/do not collect your Sensitive Personal Information such as your social security number, unique government identification numbers, racial or ethnic origin, union membership, information related to a consumer’s citizenship or immigration status.

In the preceding twelve (12) months, we have collected the following categories of personal information:

Personal Information Sources

We may collect personal information from the following sources:

  • Directly from you including when you create an account, visit or use the Services, communicate with us, or otherwise provide us with your personal information;
  • Automatically through the Services including from your device when you use our products or services or visit our websites, and through the use of cookies and similar tracking technologies;
  • From our service providers including data analytics providers when we engage them to enable certain marketing and sales analytics technology for  and when they collect or process your personal information on our behalf;
  • From our partners or other third parties, including paid advertisers.

How We Use Your Personal Information and the Legal Basis for Processing

Depending on how you interact with us or which of the Services you use, we may use personal information for the following purposes:

  • Provide, Tailor, and Improve the Services. We use your personal information to provide you with the Services, including to perform our contract with you, to process your payments, to fulfill your orders, to remember your preferences and items you are interested in, to send notifications to you related to your account, to process purchases, returns, exchanges or other transactions, to create, maintain and otherwise manage your account, to arrange for shipping, to facilitate any returns and exchanges, to enable you to post reviews, and to create a customized shopping experience for you, such as recommending products related to your purchases. This may include using your personal information to better tailor and improve the Services. 

Legal Basis: Performance of a contract with you, consent

  • Marketing and Advertising. We use your personal information for marketing and promotional purposes, such as sending marketing, advertising and promotional communications by email, text message or postal mail, and showing you online advertisements for products or services on the Services or other websites, including based on items you previously purchased or added to your cart and other activity on the Services. 

Legal Basis: legitimate interests, consent

  • Security and Fraud Prevention. We use your personal information to authenticate your account, to provide a secure payment and shopping experience, detect, investigate or take action regarding possible fraudulent, illegal, unsafe, or malicious activity, protect public safety, and to secure our services. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password or other access details with anyone else.

Legal Basis: Performance of a contract with you, consent, legitimate interests

  • Communicating with You. We use your personal information to provide you with customer support, to be responsive to you, to provide effective services to you and to maintain our business relationship with you. 

Legal Basis: Performance of a contract with you, consent, legitimate interests

  • Legal Reasons. We use your personal information to comply with applicable law or respond to valid legal process, including requests from law enforcement or government agencies, to investigate or participate in civil discovery, potential or actual litigation, or other adversarial legal proceedings, and to enforce our rights or investigate potential violations of our terms or policies. 

Legal Basis: Legitimate interests

How We Disclose Personal Information

In certain circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Policy. Such circumstances may include:

  • With Shopify, vendors and other third parties who perform services on our behalf (e.g. IT management, payment processing, data analytics, customer support, cloud storage, fulfillment and shipping).
  • With business and marketing partners to provide marketing services and advertise to you. For example, we use Shopify to support personalized advertising with third-party services based on your online activity with different merchants and websites. Our business and marketing partners will use your information in accordance with their own privacy notices. Depending on where you reside, you may have a right to direct us not to share information about you to show you targeted advertisements and marketing based on your online activity with different merchants and websites. You can exercise your rights to opt-out of those uses here .
  • When you direct, request us or otherwise consent to our disclosure of certain information to third parties, such as to ship you products or through your use of social media widgets or login integrations.
  • With our affiliates or otherwise within our corporate group.
  • In connection with a business transaction such as a merger or bankruptcy, to comply with any applicable legal obligations (including to respond to subpoenas, search warrants and similar requests), to enforce any applicable terms of service or policies, and to protect or defend the Services, our rights, and the rights of our users or others.
  • With government entities, including judicial and regulatory authorities or law enforcement authorities, or other organizations pursuant to lawful requests.

In the preceding twelve (12) months, we have shared personal information we have collected with the following categories of entities: payment processing and shipping vendors, email service providers, advertising providers.


Relationship with Shopify

The Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve the Services for you. Information you submit to the Services will be transmitted to and shared with Shopify as well as third parties that may be located in countries other than where you reside, in order to provide and improve the Services for you. In addition, to help protect, grow, and improve our business, we use certain Shopify enhanced features that incorporate data and information obtained from your interactions with our Store, along with other merchants and with Shopify. To provide these enhanced features, Shopify may make use of personal information collected about your interactions with our store, along with other merchants, and with Shopify. In these circumstances, Shopify is responsible for the processing of your personal information, including for responding to your requests to exercise your rights over use of your personal information for these purposes. To learn more about how Shopify uses your personal information and any rights you may have, you can visit the Shopify Consumer Privacy Policy . Depending on where you live, you may exercise certain rights with respect to your personal information here Shopify Privacy Portal Link.

Third Party Websites and Links

The Services may provide links to websites or other online platforms operated by third parties. Such links are provided for your convenience only and does not indicate any endorsement by us of any such website, its contents, or the owners or operators of the site, except as disclosed on the Services.  If you follow the links, please understand that the sites are not affiliated or controlled by us, and you should review their privacy and security policies and other terms and conditions of use. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms, may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party.

When you purchase products from us, you may have an opportunity to sign up for a Shop account.  A Shop account is a Shopify product and is not controlled by us and not subject to our Privacy Policy or Terms of Use.  If you choose to sign up for a Shop account, be sure to review their Privacy Policy and Terms of Service.

Children's Data

The Services are not intended to be used by those under the age of 18.  We do not knowingly collect any personal information about children under the age of 18. As of the Effective Date of this Privacy Policy, we do not have any actual knowledge that we have collected the personal information of anyone under the age of 16. Similarly, we do not have actual knowledge that we "share" or "sell" (as those terms are defined in applicable law) personal information of individuals under 16 years of age.

If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted.

Security and Retention of Your Information

Karam MD Skin has implemented appropriate and reasonable technical and organizational security measures to protect your information that we have collected.  However, please be aware that no security measures are perfect or impenetrable, and we cannot guarantee "perfect security." In addition, the information you send to us may not be secure while in transit. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us.  Sharing your information, including your personal information, over the internet is at your own risk.

How long we retain your personal information depends on different factors, such as whether we need the information to maintain your account, to provide you with Services, comply with legal obligations, resolve disputes or enforce other applicable contracts and policies.

International Transfers

Karam MD Skin is based in the United States.  We may use third party service providers who may be located in other countries in the world who may have access to your Personal Data as they provide their services to us.  Please note that we may transfer, store and process your Personal Data outside the country you live in. These transfers are necessary to perform our agreement with you.

If you are a resident of the European Economic Area (“EEA”) or the United Kingdom (“UK”) and we transfer your personal information out to a third country, we will rely on recognized transfer mechanisms like the EU Standard Contractual Clauses, or any equivalent contracts issued by the relevant competent authority of the UK, as relevant, unless the data transfer is to a country that has been determined to provide an adequate level of protection.


Your Rights and Choices

Depending on where you live, you may have certain privacy rights under the applicable US state data privacy laws, the General Data Protection Regulation in the European Economic Area, or the Data Protection Act in the United Kingdom.  However, these rights may not be absolute, may apply only in certain circumstances and, in certain cases, we may decline your request as permitted by law.

We may send you promotional emails from time to time. Regardless of where you live, you always have the right to opt-out of marketing communications by following the instructions to unsubscribe in those communications.  If you opt out, we may still send you non-promotional emails, such as those about your account or orders that you have made.

Please note that if you visit our website with the Global Privacy Control opt-out preference signal enabled, we will automatically treat this as a request to opt-out for the device and browser that you use to visit the website. If we are able to associate the device sending the signal to a Shopify account, we will apply the opt out request to the account as well. To learn more about Global Privacy Control, you can visit https://globalprivacycontrol.org/.

If you are a California resident

The California Consumer Privacy Act (“CCPA”), as modified by the California Privacy Rights Act (“CPRA”), ensures that California consumers have the following rights with respect to the collection, use, sharing, sale, and other processing of their Personal Information:

  • Right to Know. You have a right to know what personal information we have collected and maintain about you, including the categories of Personal Information, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing persona information, the categories of third parties to whom we disclose Personal Information, and the specific pieces of Personal Information we have collected about you.
  • Right to Access. You may request access to the Personal Information that we have collected about you.
  • Right to Delete. You have a right to request that we delete personal information we maintain about you, subject to certain limitations and exceptions.
  • Right to Correct. You have a right to request that we correct inaccurate Personal Information we maintain about you.
  • Right of Portability. You have a right to receive a copy of the Personal Information we hold about you and to request that we transfer it to a third-party vendor in certain circumstances and with certain exceptions.
  • Right to Opt-out of Sale or Sharing for Targeted Advertising. You have a right to opt out of the "sale" of your Personal Information or the "sharing" of your Personal Information for purposes of cross-context behavioral advertising, also known as targeted advertising. You can exercise your rights to opt-out of those uses here. Conversely, if you wish to opt-in to the Sale or Sharing of your Personal Information after previously opting out, you may do so.
  • Right to request the limitation of the use and disclosure of your Sensitive Personal Information. If we collect your Sensitive Personal Information, you have the right to request us to only use and disclose your Sensitive Personal Information for the purpose for which it was collected to provide services to you.
  • Right not to be discriminated against.  We will not discriminate against you for exercising any of your California privacy rights. Unless permitted by applicable law, we will not (1) deny you goods or services, (2) charge you different prices for such goods and services, or (3) provide you with a different level or quality of goods or services solely because you took steps to exercise your privacy rights.


Other California Privacy Rights

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Websites that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email to [legal@atafreight.com] or contact us using the information provided in the “Contact Us” section.

California law requires us to state whether our Site responds to “Do Not Track” Signals.  Other than the Global Privacy Control, we do not recognize other "Do Not Track" signals that may be sent from your web browser or device.


If you are a Texas resident

The Texas Data Privacy and Security Act provides you with the following consumer rights:

  • Right to Access – you may ask us to confirm whether we are processing your personal information and to access the personal information;
  • Right to Correct – you may ask us to correct any inaccuracies in your personal information;
  • Right to Delete – you may ask us to delete personal information that was provided by you or that we obtained about you;
  • Right to Data Portability – you may request a copy of your personal data in a readily usable format; and
  • Right to Opt-Out of Sale, Targeted Advertising, or Profiling in furtherance of a decision – you may opt-out of the processing of your personal information for sale, targeted advertising or profiling in furtherance of a decision that produces a legal or similar significant effect concerning you.


If you are a resident of the UK or European Economic Area

Subject to exceptions and limitations provided by local law, the EU General Data Protection Regulation (“GDPR”) or the UK GDPR provides you with the following data subject rights:

  • Right to Access to your Personal Data. This allows you to receive a copy of the Personal Data we hold about you and to verify that we are lawfully processing it.
  • The Right to Rectification of your Personal Data. If we have incomplete or inaccurate Personal Data about you, you may ask us to amend or correct it.  Please note that we must verify the accuracy of the new data you provide to us.
  • Right to Object to the Processing of your Personal Data. If we are relying on our legitimate interest (or those of a third party) to process your Personal Data and you believe it has an impact on your fundamental rights and freedoms, you may object to our processing for that reason. You also have the right to object where we process your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information that override your rights and freedoms.
  • Right to Erasure of your Personal Data (commonly referred to as the “right to be forgotten”). You can ask us to erase or delete Personal Data when we have no valid reason to continue processing it. You also have the right to ask us to erase your Personal Data where you have successfully exercised your right to object to processing (above), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Please note, however, that we may not always be able to comply with your request for erasure for specific legal reasons.  If that is the case, we will notify you of those legal reasons at the time of your request. 
  • Right to Request the Restriction of the Processing of your Personal Data. You may ask us to suspend the processing of your Personal Data in the following scenarios:
    • If you want us to establish the accuracy of the data.
    • When our use of the data is unlawful but you do not want us to erase it.
    • When you need us to keep the data even if we no longer need it because you need it to establish, exercise or defend legal claims.
    • You have objected to our use of your data, but we need to check whether we have overriding legitimate grounds for using it.
  • Right to Request the Transfer of your Personal Data to you or a third party (commonly referred to as the right to data portability). We will provide you, or a third party you choose, with your Personal Data in a structured, commonly used and machine-readable format. Note that this right only applies to automated information that you initially consented to us using or where we used that information to perform a contract with you. 
  • Right to Object to Direct Marketing (including profiling). You may object to our use of your Personal Data (including profiling) for direct marketing purposes, such as when we use your Personal Data to invite you to our promotional events.
  • The Right to Withdraw your consent at any time where we rely on it to process your Personal Data. However, please note that withdrawing your consent will not affect the lawfulness of any processing that was carried out before you withdrew your consent. If you withdraw your consent, we may not be able to provide you with certain products or services. We will inform you if this is the case at the time you withdraw your consent.

Please note that some of these rights may be limited, such as where we have an overriding interest or legal obligation to continue to process the data.

How You May Exercise Your Rights

You may request to exercise your consumer rights twice a calendar year.  You may exercise your respective state privacy rights by either calling us at 1-833-605-3127 or submitting a request by email to customerservice@karammdskin.com. To learn more about how Shopify uses your personal information and any rights you may have, including rights related to data processed by Shopify, you can visit https://privacy.shopify.com/en.

You may exercise any of these rights by following the links available on the Services or by contacting us using the contact details provided below.

We may need to verify your identity to a reasonable degree of certainty before we can process your requests, as permitted or required under applicable law. Verification is necessary considering the sensitivity of the Personal Information and the risk of harm to you by unauthorized disclosure, deletion, or correction.  We may therefore ask you to provide Personal Information which you have previously provided to us that we can use to match against our records to verify your identity. We may not be able to respond to your request if you decline to provide the verifying details or if any of the details are incorrect.

In accordance with applicable laws, you may designate an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us.

We will respond to your request in a timely manner as required under applicable law.  For US residents, we will generally respond to your request within forty-five (45) days unless otherwise stated in the above sections describing your rights.  If necessary, we may extend the time to respond by a further forty-five (45) days.  If for any reason we decide to decline to respond to your request, we will notify you and provide our explanation and any appeal process that may be available to you.  We will provide this notice within the first forty-five (45) days after receiving your request.  For those residing in the EEA or the UK, we will generally respond to your request within thirty (30) days, and may extend the time to respond by a further thirty (30) days if necessary.

Complaints

If you have complaints about how we process your personal information, please contact us using the contact details provided below. Depending on where you live, you may have the right to appeal our decision by contacting us using the contact details set out below, or lodge your complaint with your local data protection authority. For the EEA, you can find a list of the responsible data protection supervisory authorities here.

Changes to This Privacy Policy

We may update this Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on this website, update the "Last updated" date and provide notice as required by applicable law.  We encourage you to check this page periodically.  Your continued use of our Store and this website following any posted updates to the Privacy Policy constitutes your acceptance of such changes. If you object to any of the changes to our Privacy Policy, you must stop using our Services.

Contact

Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please call us at [] or email us at customerservice@karammdskin.com.  You may also contact us at 11943 El Camino Real, #100, San Diego, CA 92130, USA.