PORT BARBARA 143 Revised RT MinPORT BARBARA 143 Revised RT Min

Privacy Policy

Model is an actual patient, individual results may vary.

1. INTRODUCTION


This Privacy Policy is issued on behalf of Sinclair Pharma Ltd. and its group companies ('Sinclair', 'us', 'we'). It’s intended for users of Sinclair products & services, customers, providers, website visitors and for anyone interested in contacting with Sinclair.

Sinclair is a global medical aesthetics company, founded in the UK in 1971. Acquired by Huadong Medicine Ltd in 2018, we deliver an extensive product range. We provide an in-house commercial infrastructure, including manufacturing, company-owned affiliates, and a network of distributors in all leading global markets.


We collect, use and are responsible for certain personal data about you. When we do so we are subject to different data protection laws depending on the location of our customers and the provision of our services. Nevertheless, we are committed to deliver the highest standards in privacy protection regardless of where in the World you interact with us.


Please note that we may update this policy from time to time. We encourage you to review it periodically. This version is effective since February the 14th 2023.


Feel free to address our DPO if you need to review past versions of this document.


Please find all operative Sinclair entities & branches and our Data Protection Officer contact details listed below. In addition, to further guarantee the correct exercise of your data protection rights from outside the UK, we have appointed an EU Representative for any GDPR inquiries/ requests you may wisht to forward.

2. WHAT PERSONAL INFORMATION WE MAY COLLECT ABOUT YOU


We collect & process information about you every time we interact. You may provide the information directly or it may be provided by technical third parties, like Google or
social media platforms. We may also gather information by using cookies. Please check our Cookies Policy.


Generally, you provide most of the personal information we collect directly. Either personally or by telephone, mail, web forms, contracts or by responding to our surveys. However, we may also collect personal information from:
• Third parties linked to us, such as:

  1. A company within our group (please view our group companies
    above).
  2. A relevant third-party that has previously obtained your express
    consent to do so, such as your doctor, your bank, or your employer.

• From our information systems to access our premises if there are any. Such as, for example, entry and reception registers, CCTV.

The personal data we may collect and use, include:

Basic and contact information: such as name, surname, username, or similar identifier. This category may include your billing and delivery address, email, and phone number.
• Special category data: only when strictly necessary we may process especially sensitive data related to your health, like possible side effects associated with one of our products or information you may provide to us during the course of our services from time to time.
Financial and economic data: this category includes payment, return, and reimbursement details as well as the commercial transactions you completed with us. This may include data to verify your identity for payment acceptance purposes to be able to perform commercial transactions with you.
Professional and employment data: your job title, the company you work for, and your relationship to a person.
Technical information: like browsing data, including IP address, version, and time zone usage, social media tracking pixels to allow platforms to interact with our website and provide feedback, URLs clicked on, unique device identifiers, operating system, activity data, such as your login details and whether you completed our registration form.
User account data: such as your profile name and password, history of subscriptions/purchases, the information you provide when you create an account on our websites, subscribe to our service, request marketing to be sent to you, enter a competition or promotion, or register for a webinar. We also gather all
your granted consent and your chosen communication preferences.
Image data: footage that we may capture through our security video surveillance systems in our shops or premises.

3. HOW WE USE YOUR PERSONAL DATA: PURPOSES & LAWFUL BASIS (please check the table in the PDF attached)

4. SHARING YOUR PERSONAL INFORMATION WITH OTHERS

To manage our relationship with you, we will share your information with the Sinclair teams within our group that need to access it to perform their job.

We may share your personal information with the following:

• Other members of the Sinclair group of companies.
• Trusted third parties, such as: our agents and suppliers; partners who provide us with technology services, such as data analytics, hosting, and technical support; our professional advisors; auditors and business partners; regulators, governments and other third parties in connection with the re-organising or merging of all or part of our business. If a change happens to our business, the new owners may use your personal data in the same way as set out in this Policy.
• With law enforcement bodies whenever mandatory.

We have binding privacy agreements in place with all our trusted third parties. All our data processors must certify that the data subject’s rights will be guaranteed according to applicable privacy laws.

Third-party websites
From time to time on our websites we may provide links to websites or mobile applications that are separate to and not controlled by us. This Policy does not apply to those websites. Should you choose to visit those third-party domains, please review the legal and privacy statements posted on each website or mobile application to understand their privacy practices.


5. INTERNATIONAL DATA TRANSFERS
International data transfers are submitted to special rules governed by the principles of data protection laws. Whenever we transfer your data internationally, we will do so based on appropriate adequacy decisions, implemented Standard Contractual Clauses (SCCs) or International Data Transfer Agreements (IDTA). We will make sure that your information remains safe.


We may transfer your data internationally, for example:
• To communicate with you or our suppliers when you are outside the EEA/ UK.
• When there is an international dimension in the products/services that we provide you.


6. HOW WE KEEP YOUR DATA SAFE
Sinclair takes the protection of your personal data very seriously. For this reason, we guarantee the implementation of appropriate security measures, controls, and technical & organizational measures to prevent your information from destruction, loss, change, communication, or any form of malicious access.


We limit access to your data to authorized entities & personnel. We make sure to properly train all our staff, and all those involved in the processing of your personal information are subject to the duty of confidentiality.

Where we contract with third-parties or suppliers, data protection audits and written data processing agreements are in place. Our partners will only process your personal data in accordance with our strict instructions and ensuring the correct exercise of data protection rights. Personal information will be kept confidential and appropriate security measures to safeguard your data are enforced.

Additionally, we have corporate protocols in place to immediately react to a data security breach incident or suspicion. If necessary, we will notify you of it as well as the relevant data control authority, in accordance with current regulations.

Please note that if you forward information to us, the transmission of data may not be entirely secure, and you will do so at your own risk.


7. PERSONAL INFORMATION RETENTION PERIOD

We will keep your personal data throughout the duration of our relationship unless you state otherwise.

Retention periods are based on the requirements of different data protection laws, regulations, limitation periods for legal action and the purpose for which the information is collected and used. We categorise information and specify the applicable retention period in accordance.

When personal information is destroyed, paper-based information will be disposed of via confidential waste bins and digital information will be permanently deleted.

We have specific data retention policies available upon request. Please contact our DPO to inquire further on our retention policies.

8. YOUR DATA PROTECTION RIGHTS

Under certain circumstances, you may request to exercise your Data Protection Rights. You can enforce these rights by contacting us by email to gdpr@sinclair.com or dpo@sinclair.com by sending a request in writing addressed to:

Sinclair Data Protection Officer
Eden House, Lakeside, Chester Business Park,
Chester
Cheshire, CH4 9QT
United Kingdom

Or, you may use our dedicated online form GDPR Request form.


When making a request to exercise your rights, please state your request clearly and the personal information you are concerned about. We may need to verify your identity by requesting a form of ID, or we may need clarification or further information before fulfilling your request. We will action your request in a prompt manner, within 30 days from the date of your request for requests under the GDPR and UK GDPR or 45 days for requests under the California Consumer Privacy Act.

Please note that these rights are not absolute, therefore, we may not be able to fulfil your request and may continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations. Data subjects based in the US additionally have the right not to receive discriminatory treatment by Sinclair for the exercise of the privacy rights conferred by CCPA and the right to opt-out of the sale of personal information, however Sinclair will never
exchange your personal data for money.

9. THE SUPERVISORY DATA PROTECTION AUTHORITY

If you wish to file a complaint about privacy issues with Sinclair, please address our appointed Data Protection Officer who will help you with the matter. But if you still wish to file a complaint, you have the right to address the relevant supervisory data protection Authority, such as the ICO in the UK or the AEPD in Spain, the CNIL in France, the BfDI in Germany, etc.


Please click here to find your relevant Data Protection Authority.


The Information Commissioner’s Office (ICO)

Water Lane, Wycliffe House
Wilmslow - Cheshire SK9 5AF, UK
Tel. +44 1625 545 745
Website: https://ico.org.uk


10. HOW YOU CAN CONTROL YOUR PERSONAL INFORMATION – OPTING OUT

If you currently receive marketing emails from us and no longer wish to do so you can unsubscribe within any such email. This opt-out will not apply to personal information provided to us as a result of a product/service purchase, warranty registration, product/service experience or where otherwise permitted by law. Please see section ‘Your data protection rights’ above for further information on enforcing your rights.

You can choose to decline all non-essential cookies via the cookie banner on our website. If you accept cookies but later wish to withdraw consent, you can do so via the cookie widget in the bottom right corner of the site. If you decline cookies, please note that some parts of our websites may not function properly. For more information about the cookies we use, please see our Cookies Policy.

11. HOW TO CONTACT US
If you have any questions, concerns, complaints or requests regarding this Policy, or if you would like to exercise any of the rights set out above, please let us know by contacting gdpr@sinclair.com or dpo@sinclair.com or by writing to the Sinclair contact address:

Sinclair Compliance Department
Eden House, Lakeside, Chester Business Park,
Chester
Cheshire, CH4 9QT
United Kingdom