1. Introduction.
Welcome to Sinclair’s privacy notice. This document details how we protect your personal data. Whether you interact with Sinclair online, in person, or through other channels, we describe our methods of collecting, using, storing, and sharing your personal data in compliance with applicable laws, regardless of your location.
This notice also explains your data protection rights, including the right to lodge a complaint with a supervisory authority such as the Information Commissioner’s Office (ICO) in the UK. We encourage careful review of this notice.
For any questions, concerns, or to exercise your rights, please contact our Data Protection Officer (DPO) at dpo@sinclair.com.
Data Controller
Sinclair Pharma Limited (Company No. 3816616) is the Data Controller for this website, acting as global technical administrator for all Sinclair group companies.
Registered office: 30-32 Whitfield Street, Whitfield Court, London W1T 2RQ, United Kingdom. Phone: +44 (0) 20 7467 6920.
In some countries, a local Sinclair entity may serve you as your primary Data Controller rather than Sinclair Pharma Limited. For a complete list of Sinclair companies, click here.[LB1]
Data Protection Officer
Our Data Protection Officer is Ms. Laura Backs Winter, based at Eden House, Lakeside, Chester Business Park, Chester CH4 9QT, United Kingdom, and can be contacted at dpo@sinclair.com.
Our GDPR Representative in the EEA is Auris Advocats. Office: Passeig de Gràcia, 47, Primer Pis, 08007, Barcelona, Spain. Contact: rep.eu@aurisadvocats.com or +34 937 426 040.
2. Personal Data We Collect.
We collect and process information about you whenever we have an interaction. This information may be provided directly by you or through third parties, such as Google or social media platforms. Additionally, data may be gathered using cookies. Please refer to our Cookies Policy[LB2] for more information.
You generally supply most personal information directly, whether in person, by phone, mail, web forms, contracts, or surveys. However, we may also receive your personal data from.
- Companies within our group. View our group companies here[LB3] . Relevant third parties with your consent, such as your doctor, bank, or employer.
- Our systems for accessing premises, including entry registers and CCTV.
- Referrers with your consent.
The personal data we may process includes:
- Basic and Contact Information: Name, address, email, phone number, etc
- Special Category Data: Sensitive health data, such as side effects from our products, collected strictly when necessary.
- Financial Data: Payment details, transaction history, and identity verification.
- Professional Data: Job title, employer, and professional relationships.
- Technical Information: Browsing data, IP address, social media interactions, device identifiers, and login activity.
- User Account Data: Profile name, password, purchase history, subscriptions, consents, and communication preferences.
- Image Data: Security footage, images you send or post on our social media, public event photos, and personal before and after treatment photos with your consent.
3. How We Use Your Personal Data: Purposes & Lawful Basis.
We may process your personal data for various purposes, each supported by a lawful basis to guarantee our operations run smoothly and that your rights are protected. Our key processing activities include:
· Providing Products and Services:
We process orders, manage payments, and deliver products or services. This is essential for performing our contract with you and is supported by our legitimate interests, such as debt recovery.
· Customer Onboarding and Account Management:
We register new customers, and we provide user accounts to the Sinclair College. We maintain accurate account records and update your information as needed. This processing is necessary for contract performance and our legitimate interest in keeping customer records current.
· Communication and Relationship Management:
We may need to send you notifications (like updates to terms and policies), respond to queries, and manage customer service interactions. Essential communications are based on contract performance and legal obligations, while marketing messages are sent based on your consent or our legitimate interests (with a 'one-click' option to opt-out).
· Product Improvement and Business Development:
We use data analytics to enhance our offerings, tailor recommendations, and analyze customer feedback. This processing is based on our legitimate interests in continuous improvement and business development.
· Operational and IT Support:
To administer and protect our business, we perform activities such as system maintenance, troubleshooting, fraud prevention, and compliance with legal and regulatory obligations. This processing is critical to our operational integrity and is driven by both legal obligations and legitimate interests.
· Participation in Surveys, Competitions, and Other Engagements:
We may process data to enable participation in surveys, prize draws, or competitions. This is based on your consent or our legitimate interests in engaging with our customers.
· Processing Special Category Data:
We only process special category data—such as health information—when it is strictly necessary and in line with Article 9 of the GDPR. If we rely on your consent, it must be explicit, and we implement robust technical and organizational measures to safeguard your data. Where another lawful basis applies (for example, vital interests or a legal obligation), we document it and uphold strict protections. In all cases, we handle sensitive information securely, lawfully, and transparently.
· Cookie Usage and Online Behavior Analysis:
We use cookies and similar technologies to enhance website functionality, analyze user behavior, and support marketing efforts. This processing is carried out based on your consent (for non-essential cookies) and our legitimate interests.
· AI-Assisted Tools and Automations:
We incorporate AI-based functionalities (for example, Microsoft 365 Copilot) to streamline internal processes and improve efficiency. This usage does not involve automated decision-making that produces legal or similarly significant effects on individuals. We rely on our legitimate interests in optimizing workflows and ensure robust security measures are in place to protect any personal data processed by these tools. If you have questions about our use of AI, please contact our Data Protection Officer.
· IoT-Enabled EBD Devices:
We integrate Internet of Things (IoT) technology into certain advanced Energy-Based Devices (EBD). This may involve collecting and processing device usage data for functionality, performance monitoring, or updates. We inform our device users and will rely on their explicit consent as legitimate basis for the processing.
4. Sharing Your Personal Data
To manage our relationship with you, we will share your information with the following:
- Other Sinclair group companies – View our group companies here[LB4] .
- Trusted third parties, including technology providers, agents, logistics suppliers, our referral partners who introduced you to us (“Referrers”), data-analytics/hosting vendors, legal advisors, auditors and business partners. We share only the details necessary (e.g. your name, clinic and order status) so the Referrer can confirm the introduction and invoice us for their commission.
- Regulators, government bodies or other parties if required for audits, compliance or in the event of a merger or reorganisation.
- Law enforcement authorities whenever mandatory.
Your data is shared only with third parties under binding agreements, ensuring secure processing and compliance with the privacy laws relevant to you. Sinclair does not sell your personal data with third parties for their own marketing purposes.
5. International Data Transfers
To provide you services, it may be necessary to transfer personal data across national borders. International data transfers are submitted to special rules governed by the principals of data protection laws. Whenever we transfer your data internationally, we will do so implementing appropriate safeguards, such as:
- Adequacy Decisions: Personal data is transferred to countries recognized by the European Commission for adequate data protection.
- Standard Contractual Clauses (SCCs): For transfers to countries without an adequacy decision, approved SCCs are used to provide legal safeguards.
- Inter-Group Data Transfer Agreements (IDTAs): Within the Sinclair group, IDTAs are implemented to ensure consistent data protection standards.
We may transfer your data internationally:
- To communicate with you or our suppliers outside the EEA/UK.
- When our products/services have an international aspect.
Our interactions with you on platforms such as Facebook, Instagram, X, or LinkedIn may involve data transfers to data centres outside of your home country. We use global software, cloud services, and IT resources, including AWS, Microsoft 365, and Azure, which may process data in worldwide data centres.
We incorporate Internet of Things (IoT) systems in our advanced EBD devices. This technology can involve the processing and transfer of data internationally. These transfers will only take place with the explicit consent of the affected individual.
We use Google Analytics and other cookies to understand how you use our website and to enhance your browsing experience. This involves sending data to Google's servers, which may be located in other countries.
We request your explicit consent for the use of cookies, allowing you to choose which types of cookies you consent to (e.g., necessary, statistical, marketing). Decline non-essential cookies via our website banner. To withdraw cookie consent later, use the widget located in the bottom right corner of our web pages. Note, declining cookies may affect website functionality.
For more details, see our Cookie Policy
6. How We Keep Your Data Safe
At Sinclair, we take the protection of your personal data very seriously. For this reason, we guarantee the implementation of appropriate security measures, controls, and technical & organizational procedures to prevent from destruction, loss, alteration, communication, or any form of malicious access.
We restrict access to your data to authorized entities and personnel only. All our staff undergo proper training and are subject to the duty of confidentiality.
Where we contract with third parties or suppliers, we conduct data protection audits place binding data processing agreements. Our partners will process your data strictly according to our instructions and ensure the protection of your data rights. Personal information will be kept confidential and appropriate security measures to safeguard your data are enforced.
Additionally, we have corporate protocols in place to immediately react to a data security breach incident or suspicion. If necessary, we will notify you of it as well as the relevant data control authority, in accordance with current regulations.
Please note that while we take significant steps to protect your data, transmitting information to us may not be entirely secure, and you do so at your own risk.
7. Data Retention Periods
We will keep your personal data throughout the duration of our relationship unless you state otherwise. After that, we will only retain the necessary data to meet any legal, regulatory or warranty obligations that still apply. When none of those reasons remain, we securely delete the data or render it anonymous.
- Enquiry data that does not lead to a purchase is stored for up to 24 months from your last interaction, then erased or anonymised.
- Sales, invoicing and warranty records are held for the periods required by tax, accounting and product-liability laws—usually six to ten years, depending on the country involved.
- Marketing “opt-out” details are retained only for as long as the opt-out remains in force, so we can respect your preference.
- System back-ups are overwritten on a rolling 12-month cycle.
We review these retention rules every year and update them if laws or business needs change.
You may request us to delete your personal data at any time. Please view your data protection rights in clause 8.
8. Your Data Protection Rights
You may request to exercise your Data Protection Rights. You can enforce these rights by contacting us via email at gdpr@sinclair.com or to our data protection officer at dpo@sinclair.com, or by sending a written request to:
Sinclair Data Protection Officer
Eden House, Lakeside, Chester Business Park,
Chester, Cheshire, CH4 9QT,
United Kingdom
Alternatively, you may use our dedicated online GDPR Request Form.
Or, if your encounter difficulties to contact us directly, you may also contact us via our data representative in the EU at rep.eu@aurisadvocats.com, and at the address:
Sinclair EU GDPR representative
Passeig de Gràcia, 47. Primer Pis - 08007, Barcelona (SPAIN)
When making a request to exercise your rights, please clearly state your request and specify the personal information you are concerned about. We will need to verify your identity to process your request.
We will handle your request without undue delay, typically within 30 days for GDPR and UK GDPR requests, or 45 days for requests under the California Consumer Privacy Act.
Your data protection rights under GDPR are:
• Right of Access: You can request information about your personal data being processed and obtain a copy of it.
• Right to Rectification: You can correct any errors or update incomplete data.
• Right to Erasure: You can request the deletion of data that is no longer necessary, was collected unlawfully, or if you withdraw your consent.
• Right to Restriction of Processing: You can request the limitation of how your personal data is processed in certain circumstances.
• Right to Data Portability: You can receive your personal data in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller.
• Right to Object: You can object to the processing of your personal data in certain circumstances, including for direct marketing purposes.
• Right Not to Be Subject to Automated Decision-Making, including profiling: You can object to decisions made solely on automated processing, including profiling, that significantly affect you.
• Right to be Informed: You have the right to be informed about the collection and use of your personal data.
• Right to Withdraw Consent: You can withdraw your consent for data processing at any time.
• Right to Lodge a Complaint: You can lodge a complaint with a supervisory authority if you believe your rights have been violated.
Data subjects based in the US have the right not to receive discriminatory treatment by Sinclair for the exercise of the privacy rights conferred by CCPA and the right to opt-out of the sale of personal information. Sinclair will never exchange your personal data for money.
Please note that these rights are not absolute. They are enforceable under certain circumstances. Therefore, we may not always be able to fulfil your request and may continue to process your personal information to the extent required or otherwise permitted by law, particularly in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.
9. Opting Out
If you currently receive marketing emails from us and no longer wish to do so, you can unsubscribe within any such email by clicking on the ‘Unsubscribe’ button embedded in all our emails. This opt-out will not apply to personal information provided to us as a result of a product/service purchase, warranty registration, product/service experience or where otherwise permitted by law.
Please see section 8 for further information on enforcing your rights.
You can choose to decline all non-essential cookies via the cookie banner on our website. If you accept cookies but later wish to withdraw consent, you can do so via the cookie widget in the bottom right corner of the site.
If you decline cookies, please note that some parts of our websites may not function properly. For more information about the cookies we use, please see our Cookies Policy.
10. Cookies and Other Technologies
Sinclair’s websites, online services and applications may use “cookies” and other technologies like web beacons. These technologies are used to better understand our users, improve security and help measure the effectiveness of our advertisements.
We request your explicit consent for the use of cookies, allowing you to choose which types of cookies you allow or decline (e.g., necessary, statistical, marketing). To withdraw cookie-consent later, use the widget located in the bottom right corner of our web pages. Note, declining cookies may affect website functionality.
For more details, see the Cookie Policy[LB5] .
11. The Supervisory Data Protection Authority
If you wish to file a complaint about privacy issues with Sinclair, please address our appointed Data Protection Officer who will help you with the matter. If you still want to still wish to file a complaint you have the right to address the relevant supervisory data protection Authority, such as the ICO in the UK or the AEPD in Spain, the CNIL in France, the BfDI in Germany, etc.
Click here to find your local Data Protection Authority or contact the DPO for assistance.
The Information Commissioner’s Office (ICO)
Water Lane, Wycliffe House
Wilmslow - Cheshire SK9 5AF, UK
Tel. +44 1625 545 745