PRIVACY STATEMENT

Effective Date and Last Updated: Nov 1, 2021

Croma Aesthetics Canada Ltd. and its affiliates (collectively, “Croma”, “we”, “our” or “us”) recognizes the importance of privacy. The purpose of this Privacy Statement is to inform you about the types of personal information (“Personal Information”) we collect, use and disclose. It explains the choices you have regarding such use and disclosure, and how you may access and correct that information.

WHAT THIS PRIVACY STATEMENT COVERS

This Privacy Statement covers the following topics:

Personal Information We Collect
How We Use Your Personal Information
How We Share Your Personal Information
Your Consent and Withdrawal of Consent to Collection, Use and Disclosure
Opting Out of Marketing Communications
Retention of Personal Information, International Transfer and Storage
Information Security
Accessing and Updating Your Personal Information
Third-Party Websites and Services
Children’s Information
Changes to this Privacy Statement
How to Contact Us

PERSONAL INFORMATION WE COLLECT

"Personal Information" means information about an identifiable individual as described under Canadian privacy laws.

Generally, the types of Personal Information we may collect include your contact information (e.g., your name, email address, and telephone number), order information and payment information (e.g., credit card information and address) and confirmation of HCP certification and of other professional certification or designations.

We may also collect, use and share aggregated and anonymized data, such as statistical or demographic data for any purpose. Aggregated and anonymized data is not considered Personal Information as it does not reveal your identity.

HOW WE USE YOUR INFORMATION

We generally use your Personal Information for the following purposes (the “Purposes”):

to provide you with products and services, including to enter into and complete transactions with you and to process your payments;
to respond to your inquiries, complaints, report of an adverse event, or requests;
to improve the effectiveness and efficiency of our operations, products, services and programs;
to manage our business and our arrangements with our customers – including to detect and prevent errors and fraud;
to confirm your professions credentials, certifications, or designation;
if you apply for employment with us, to process your application;
to investigate legal claims;
for such other Purposes as you may consent from time to time; and
as otherwise required or permitted by law.

HOW WE SHARE YOUR PERSONAL INFORMATION

We generally identify to whom, and for what Purposes, we disclose your Personal Information, at the time we collect such information from you and obtain your consent to such disclosure.

Additionally, we may use and disclose your information when we believe such use or disclosure is permitted, necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce the terms of the agreements for our products and services; (e) to protect our rights, operations or property; (f) to allow us to pursue available remedies or limit the damages that we may sustain. In addition, we may transfer your Personal Information and other information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, brands, affiliates, subsidiaries or other assets, or other business transaction.

We may transfer your Personal Information to service providers that are assisting us with the Purposes. We rely on third party service providers to perform a variety of services on our behalf, such as e-commerce providers, payment card processors, email and other communications providers, and data storage and processing service providers. We ensure that those service providers are subject to appropriate privacy standards and are required to comply with applicable privacy laws.

YOUR CONSENT AND WITHDRAWAL OF CONSENT TO COLLECTION,
USE AND DISCLOSURE

We generally obtain your consent prior to collecting, and in any case, prior to using or disclosing your Personal Information for any Purpose. You may provide your consent to us either orally, electronically or in writing. The form of consent that we seek, including whether it is express or implied, will largely depend on the sensitivity of the Personal Information and the reasonable expectations you might have in the circumstances.

If you provide Personal Information about another individual to us, it is your responsibility to obtain the consent of that individual to enable us to collect, use and disclose his or her information as described in this Privacy Statement.

Where feasible or required by applicable law, we will generally accommodate requests to withdraw consent – subject to legal or contractual restrictions. However, this may mean that you are no longer eligible for certain goods or services, or to participate in certain programs – or otherwise limit our ability to fully meet your needs.

If you wish to withdraw your consent to our collection, use or disclosure of your Personal Information, please contact us using the contact information in the “How to Contact Us” section below. In some cases, withdrawal of your consent may mean that we will no longer be able to provide certain products or services.

RETENTION OF PERSONAL INFORMATION, INTERNATIONAL
TRANSFER AND STORAGE

We will retain your Personal Information for as long as necessary to fulfill the Purposes for which that Personal Information was collected and as permitted or required by law.

In addition, and unless prohibited by law, we may send Personal Information outside of Canada for the Purposes, including for processing and storage by service providers. While your Personal Information is outside of Canada, it is subject to the laws of the country in which it is located -- which may have different data protection laws than Canada. Those laws may require disclosure of your Personal Information to authorities in that country.

INFORMATION SECURITY

We have implemented physical, organizational, contractual and technological security measures in an effort to protect your Personal Information from loss or theft, unauthorized access, use, or disclosure.

Like most companies, we cannot guarantee that our safeguards will always be effective. A breach of security safeguards can result in such risks as phishing and identity theft. In such cases, we act promptly to mitigate the risks and to inform you where there is a real risk of significant harm, or as otherwise required by law.

If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any information that you provided to us has been compromised), please contact us immediately using the contact information in the “How to Contact Us” section below.

ACCESSING AND UPDATING YOUR PERSONAL INFORMATION

We expect you, from time to time, to supply us with updates to your Personal Information, when required. We will not routinely update your Personal Information, unless such a process is necessary.

You may make a written request to review any Personal Information about you that we have collected, used or disclosed, and we will provide you with any such Personal Information to the extent required by applicable laws.

You may also challenge the accuracy or completeness of your Personal Information in our records. If you successfully demonstrate that your Personal Information in our records is inaccurate or incomplete, we will amend the Personal Information as required. Where appropriate, we will transmit the amended information to third parties having access to your Personal Information. If we are handling your Personal Information on behalf of a customer, we may refer your correction request to that customer.

We may require that you provide sufficient identification to fulfill your request to access or correct your Personal Information. Any such identifying information will be used only for this Purpose.

We will not charge any costs for you to access your Personal Information in our records without first providing you with an estimate of the approximate costs, if any.

You may have the right to make a complaint to the Privacy Commissioner of Canada or applicable provincial privacy commissioner if you object to how we have handled your request.

THIRD-PARTY WEBSITES AND SERVICES

We may provide links to third-party websites for your convenience and information. We may also make opportunities available to you to purchase, subscribe to, or use other products and online services from third parties with different privacy practices, and those other products and online services are governed by their respective privacy statements and policies. This Privacy Statement does not extend to any websites or products or services provided by third parties. We do not assume responsibility for the privacy practices of such third parties, and we encourage you to review all third-party privacy policies prior to using third-party websites, products or services.

CHANGES TO PRIVACY STATEMENT

From time to time, we may make changes to this Privacy Statement. When changes are made to this Privacy Statement, they will become immediately effective when published in a revised Privacy Statement posted on our website unless otherwise noted. We may also communicate the changes to this Privacy Statement through our services or by other means. The Privacy Statement was last revised as of the date that appears at the top of this page.

HOW TO CONTACT US

All comments, questions, concerns or complaints regarding your Personal Information or our privacy practices, or to make an access or correction request, should be forwarded to our Privacy Officer as follows:

Address: Attn: Privacy Officer
500 King St. W., Suite 300
Toronto, ON M5V 1L9

By e-mail: privacy@hugel-aesthetics.com