GC Aesthetics GDPR Privacy Statement
Effective Date: May 25, 2018
The new General Data Protection Regulation (GDPR) came into effect on May 25th 2018. It builds on existing EU data privacy rules, strengthening in many key areas and non-compliance potentially results in severe financial penalties.
GC Aesthetics is highly committed to maintaining high standards of information security, privacy and transparency, whether as a data controller or data processor.
We take our responsibilities in relation to the protection and security of our data and that of our employees, customers, vendors and partners incredibly seriously and the changes being introduced to ensure GDPR compliance are part of a continuous, ongoing process that has always been central to what we do.
Going forwards, GC Aesthetics will comply with applicable GDPR regulations when they take effect on 25th May 2018, while also working closely with our clients and vendors to meet contractual obligations for our products and services.
This Privacy Statement applies to your access to GCAs websites and digital services that link to or post this Privacy Statement. This Privacy Statement is intended to let you know what Personal Data GC Aesthetics, including our affiliated entities (Nagor and Eurosilicone – referred to collectively as “GC Aesthetics,” “we,” “our,” or “us”) may collect about you, how we collect your Personal Data, for what purposes we use your Personal Data, to whom we may disclose your Personal Data, and what rights you may have to limit our use of your Personal Data. In this Privacy Statement, we will collectively refer to the websites and digital services that may link to or post this Privacy Statement as “services.”
Through our services linking to this Privacy Statement, we will collect and process Personal Data that does not directly identify you by name (such as IP Address) or include your contact information, but which may be used to identify that a specific computer or device has accessed our services and which if combined with certain other information could be used to identify you. We receive this Personal Data through your interactions with us in connection with our products and servicess.
The Personal Data we process about you through our services s linking to this Privacy Statement may
include the following categories of Personal Data:
Where we collect directly identifiable Personal Data about you, the following privacy notices will provide you with additional information around what we may collect, how we will collect it, for what purposes we may collect it, to whom we may disclose it, and what rights you may have to limit our use of it.
Please view on the privacy notices that are applicable to your interactions with us:
GC Aesthetics – GDPR Patient Privacy Notice provides specific information to patients and users of our products and services.
GC Aesthetics – Health Care Professional Privacy Notice provides specific information to healthcare professionals who use our products and services.
Processing of your Personal Data includes where we may record, organize, structure, store, adapt or
alter, retrieve, consult, use, disclose by transmission, dissemination, or otherwise make available, align or combine, restrict, erase, or destroy your Personal Data. We may process your Personal Data for the following purposes:
Compliance and network security purposes;
Authorizing, granting, administering, monitoring, and terminating access to or use of GCA systems, facilities, records, property and infrastructure;
Tracking your interactions with us;
Auditing our programs and services for compliance purposes;
Where we have Legal obligations to process the personal data;
Statistical analysis, including analytics performed by our vendors;
Website administration; and/or
Marketing Activities, including Third Party Cookie Tracking and Creating an Interest based
Profile related to your interactions with us or others
For any additional purposes where we are required to notify you and get your consent, including those purposes required by local law, we will obtain your consent before we process your Personal Data for those purposes.
The applicable legal basis for which we process your Personal Data for the specific purposes listed above, include the following:
Based on your consent: In some cases, we may ask you for your consent to collect and process your Personal Data. If you choose to provide us with your consent, you may later withdraw your consent (or opt-out) by contacting us as described in the “how do you contact us” section below. Please note that if you withdraw your consent it will not affect any processing of your Personal Data that has already occurred. Where we process your Personal Data based on consent, we will provide more detailed information to you at the time when we obtain your consent
Compliance with applicable laws or performance of a contract: In specific circumstances, we may need to process your Personal Data to comply with a relevant law/regulation or to fulfil our obligations under a contract to which you are subject. Where we process your Personal Data to meet our legal obligations, you will likely not be permitted to object to this processing activity, but you will usually have the right to access or review this information unless it would impede our legal obligations. Where we are processing to fulfill our contract obligations under a contract where you are a party, you might not be able to object to this processing, or if you do choose to opt-out or object to our processing, it may impact our ability to perform a contractual obligation that you are owed.
Our legitimate interest: We may process your Personal Data based on our legitimate interests in communicating with you and managing our interactions with you regarding our products and services, scientific research, and education opportunities. In addition to the other rights you may have described below, you have the right to object to such processing of your Personal Data. You can register your objection by contacting us as described in the “how do you contact us” section below.
Our services may use a technology known as web beacons that allows the collection of web log information. A web beacon is a tiny graphic on a web page or in an e-mail message designed to track pages viewed or messages opened. Web log information is gathered when you visit our services by the computer that hosts our services (called a “webserver”).
On certain web pages or in emails we send to you, we may utilize a technology called a “web beacon” (also known as an “action tag” or “clear GIF technology”). We may use web beacons to help determine which email messages sent by us were opened and whether a message was acted upon. Web beacons also help analyse the effectiveness of services by measuring the number of visitors to a site or how many visitors clicked on key elements of a site.
There are different ways you can prevent tracking of your online activity. One of them is setting a preference in your browser that alerts websites you visit that you do not want them to collect certain information about you. This is referred to as a Do-Not-Track (“DNT”) signal. Please note that currently our websites and web-based resources do not respond to these signals from web browsers. At this time, there is no universally accepted standard for what a company should do when a DNT signal is detected.
Our websites may use Social Media Plugins to enable you to easily share information with others. When you visit our websites, the operator of the social media plugin that is on our website can place a cookie on your computer that lets that operator recognize individuals on their website who have previously visited our sites. If you have previously logged into the social media website while browsing on our website, social media plugins may allow that social media website to receive directly identifiable information about you that shows you have visited our website. The social media plugin may collect this information for visitors who have logged into social networks, whether or not they specifically interact with the plugin on our website. Social media plugins also allow the social media website to share information about your activities on our website with other users of their social media website. GC Aesthetics does not control any of the content from social media plugins. For more information about social plugins from social media websites you should refer to those sites’ privacy and data sharing statements.
This site is not intended for or designed for individuals under the age of 16. We do not knowingly collect Personal Data from any person under the age of 16.
We use industry-standard administrative, technical, and physical safeguards to protect your Personal Data against loss, theft, misuse, unauthorized access, modification, disclosure, and destruction. We restrict access to your Personal Data to only those employees and third parties acting on our behalf who have a legitimate business need for such access. We will only transfer your Personal Data to third parties acting on our behalf where we have received written assurances that your Personal Data will be protected in a manner consistent with this Privacy Notice and our privacy policies and procedures.
We will share or disclose your Personal Data with the following entities:
We may transmit your Personal Data to our other global affiliates. Additionally, these affiliates may further transmit your Personal Data to our other global affiliates. Some of our affiliates and their database locations may be in countries that do not ensure an adequate level of data protection similar to the laws in the country in which you reside. Regardless, all our affiliates are required to treat your Personal Data in accordance with this Privacy Notice and our privacy and data protection policies and procedures.
Your Personal Data will be maintained for the duration of your relationship with us. We will store and retain the Personal Data we collect about you in accordance with our Corporate Record Retention Policy, after which it will be archived or deleted. Please note that certain information could be retained for longer periods of time if we have continuing obligations to you or if required for compliance or legal reasons.
As a convenience to our visitors, our website may contain links to other sites owned and operated by third parties that we believe may offer useful information. The policies and procedures we describe here do not apply to those sites. We are not responsible for the collection or use of Personal Data by or on any third party sites. Therefore, we disclaim any liability for any third party’s use of Personal Data obtained through using the third party web site. We suggest contacting those sites directly for information on their privacy, security, data collection, and distribution policies.
You have the right to see and get a copy of your Personal Data, including an electronic copy, that we have as well as to ask us to make any corrections to inaccurate or incomplete Personal Data we have about you. You can also request that we erase your Personal Data when it is no longer needed for the purposes for which you provided it, restrict how we process your Personal Data to certain limited purposes where erasure is not possible, or object to our processing of your Personal Data. In certain circumstances you may be able to request that we send a copy of your Personal Data to a third party of your choosing.
To exercise any of these rights, please contact us as set forth in the “how do you contact us” section below. You also have the right to lodge a complaint with the supervisory authority (see details under “remedies” below) where you believe that your rights have been violated.
From time to time we may make changes to this Privacy Notice to reflect changes in our legal obligations or the ways in which we process your Personal Data. We will communicate to you any material edits to this Privacy Notice and it will become effective when it is communicated.
How do you contact us if you have any questions or concerns?
Please contact GC Aesthetics’s Data Protection team using the below information to:
GC Aesthetics’s GDPR Compliance team
Suite 601, Q House,
Sandyford, Dublin 18,
Email Address: [email protected]
For more information about your privacy and data protection rights, or if you are not able to resolve a problem directly with us and wish to make a complaint, please contact your country-specific data protection authority or GC Aesthetics’s lead data protection supervisory authority:
Irish Data Protection Commissioner
Canal House, Station Road, Portarlington, R32 AP23 Co. Laois
+353 57 8684800
+353 (0)761 104 800
Email Address: [email protected]