1. IMPORTANT INFORMATION AND WHO WE ARE.
This Website and our Services is not intended for persons under 18 and we do not knowingly collect data relating to minors under 18. Insofar as Personal Data may be collected based on your consent, you must be above the age of 18. If these age requirements are not met, you are required to avoid using the Website and/or Services.
2. WHAT IS PERSONAL DATA?
“Personal Data” means information that can directly or indirectly identify you. Personal Data may include:
- “Contact Details” such as your name, address, email address, and telephone number;
- “Payment Information” such as debit/credit card, Paypal Account and/or bank account;
- “Health Data” including but not limited to details of medical condition, vital signs measurements, information in medical consent forms, medical tests required for procedures, records of treatment, name of attending physician, name of HMO, health insurance details etc.
- other information such as an IP address; in certain US States, Personal Data may include your house-hold data and other items of information, such as inferences drawn from any Personal Data to create a profile about a consumer.
The term Personal Data shall also include and refer to similar terms in Applicable Data Protection Laws. “Sensitive Personal Data” means information of private nature, for example: your health and medical condition or your religious and political views; that requires additional safeguarding measures. This term shall include “Special Categories of Personal Data” (as defined in the GDPR), and any similar term in the Applicable Data Protection Laws).
3. THE CATEGORIES OF PERSONAL DATA WE COLLECT AND HOW DO WE COLLECT IT
- 3.1. General Overview
We use different methods to collect data from and about you, including through:
- a) Direct interactions: You may give us your Personal Data by speaking to us in person on-site at our premises or off-site; by filling in forms or by corresponding with us by post, phone, email or otherwise.
- b) Automated technologies or interactions: As you interact with our website, we may automatically collect data about your equipment, browsing actions and patterns. We collect this Personal Data by using technologies of third party providers.
- c) Third party service providers: We may receive Personal Data such as Contact Details and Payment Information about you from various third parties including from providers of technical, payment and delivery services.
- d) Where we need to collect Personal Data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
- e) When you provide us data, you are requested not to submit sensitive data or Health Data through the “contact us” form on our website.
- 3.2. For easy reference, we provide below information about the collection of Personal Data, according to the relationship we have with you.
- a) Business Representatives: if you are a member of the personnel of a business (a legal entity) which is one of our customers or service providers, and you wish to request a quote from us or to place an order with us, we may collect your Contact Details.
- b) Physicians: if you are a physician and you wish to request information and/or a quote or to place an order, we may collect your: Contact Details, license number, postal address, shipping and billing address, date of birth and Payment Information.
- c) Patients: if you are a Patient and you submit a complaint, or when you or your Physician inform us about an adverse effect or injury you have experienced from use of our Products or Services, we may need to collect your Contact Details and Health Data including the details of your use of our Products and Services. When we are legally required to report an adverse effect we may also be required to disclose to competent authorities your age, gender weight, race and ethnicity.
- d) Visitors: When visitors come to the premises of a Group company for meetings, inspections, project work, building and electrical work etc., we may collect some of their Contact Details and name of workplace.
- e) Participants to Trainings and Events:
Attendees. When you book or register for a training course or an event run or hosted by us, we may collect: your Contact Details, order history, professional registration and qualification and training history.
Models. When you volunteer to be a model on a training course or at an event, we may collect: your Contact Details, Health Data, age and date of birth. Where you have volunteered to be a model we may also take before/after treatment photos of you.
Trainers. When you run a training course, we may collect: your Contact Details, professional details and biography.
In all of the above cases, (subject to your consent if required), we may film you when we video record the course or event.
- 3.3. In all of the above relationships mentioned in Section 3.2: i) we may collect information on the handling of your request and/or the relationship with you and any other Personal Data you voluntarily provide to us; ii) You represent the Personal Data you provide is accurate, complete and up to date and that you are legally authorized to provide it.
4. HOW WE USE THE PERSONAL DATA AND WHAT ARE THE LEGAL BASES OF PROCESSING?
We collect and use your Personal Data for the following purposes and under the following legal bases:
- 4.1. In order to enter into and/or perform a contract with you, we may: provide you with the information that you request from us; maintain your order history and Contact Details in our customer relations database; book you onto a course or an event, ensure that you have the necessary qualifications and experience to join the course, take payment if required and keep a record of attendees so we can issue a certificate of completion.
- 4.2. To fulfill our legal and regulatory obligations, we may: take action to prevent, investigate and detect crime, fraud or anti-social behavior and prosecute offenders, (including working with law enforcement agencies or the regulators); take necessary action to ensure the health, safety and protection of you and our staff; for example we may question you, if you wish to participate as model in our events in order to ensure that you are a medically suitable candidate for the procedure or that you have not had a negative reaction to previous treatments, or had treatments too close together. We may have a legal obligation to maintain a record and/or report information including your Personal Data in the event of an adverse reaction to a product or an injury.
- 4.3. To exercise tasks under our legitimate interests such as to:
- a) enforce our terms and conditions, notably conditions of returns, refunds and payments;
- b) handling customer contacts, queries and complaints or disputes;
- c) to protect our operations or those of any of our Group companies;
- d) to know who is on-site for security purposes and to check timings and attendance in relation to project works to protect our rights, privacy, safety of property, and that of our group companies, you or others;
- i) to allow us to pursue available remedies or limit our damages;
- f) ensure the security and integrity of our services and ensuring our websites operate effectively;
- g) to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
- h) to improve our website to ensure that content is presented in the most effective manner for you and for your computer;
- i) where we assist you in obtaining your own finance for the purchase of our products and/or services we may pass your Personal Data to credit reference agencies and they may keep a record of any search that they do. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
- j) to improve our training courses.
- 4.4. Where you have provided your consent we may: deliver relevant on-line and/or off-line advertising to you; make suggestions and recommendations to you and other users of our website about goods or services that may interest you or them; if you are a leader of a course we may provide your professional information to delegates, and in our marketing materials. We may use event/course video recordings and/or before/after photos that may include information about you for education and marketing purposes on the product and how treatments are administered.
We may process your Personal Data as a volunteer model under consent. You are required to fill in a consent form for each and every procedure.
- 4.5. Vital Interests: We may also process your Personal Data in order to protect the vital interests, health and safety of attendees including models.
5. NON PERSONAL DATA WE COLLECT OR GENERATE
- 5.1. In addition to the categories of Personal Data described above, we will also process “Non-Personal Information”, (meaning information that does not personally and specifically identify a natural person, such as anonymized information) which may be collected through the App in the following ways:
- a) Information that your browser sends (“Log Data”). This Log Data may include, but is not limited to, non-identifying information regarding the User’s device, operating system, internet browser type, screen resolution, language and keyboard settings, internet service provider, referring/exit pages, date/time stamps, the web page you were visiting, information you search, etc.
- b) We may collect further Non Personal Information through use of automated devices and applications to evaluate usage of our Service and through cookies. We use these tools to help us improve our Website, performance and user experience. We may also engage third parties to track and analyze data or provide other services on our behalf. Such third parties may combine the Non-Personal Information that we provide about you with other information that they have collected from other sources. This Policy does not cover such third parties’ use of the data and such use is governed by such third parties’ privacy policies.
6. DATA RETENTION – FOR HOW LONG IS THE DATA STORED?
- 6.1. We retain Personal Data as long as we are required to keep the information by applicable laws, or in accordance with our contractual obligations or legitimate interests. The information may be located in the EU, the USA and/or other jurisdictions.
7. WHO MAY THE INFORMATION BE SHARED WITH?
We may share Personal Data that we receive from you including information used to order our products and/or services with the following third parties:
- 7.1. Companies who are members in our Group.
- 7.2. Our service providers – such as accountants, auditors, experts, lawyers, credit reference agencies, IT systems providers, manufacturers, support and hosting service providers; printing, advertising, marketing and market research and analysis service providers; document and records management providers; technical engineers; data storage and cloud providers and similar third-party vendors and outsourced service providers that assist us in carrying out business activities.
- 7.3. Government or other public authorities – including, but not limited to, government health organizations, law enforcement or other agencies to which we are required to disclose Personal Data by law, or by a warrant, subpoena or court order.
- 7.4. Other third parties – In the event that we sell or buy any business or assets, we may disclose your Personal Data to the prospective seller or buyer of such business or assets. If the Group or a company which is part of the Group or substantially all of its assets are acquired by a third party, Personal Data held by it about its customers will be one of the transferred assets.
- 8.1. If you opt-in (on-line or off-line) to receive on-line marketing and offers we will add your name and email address to our marketing database. In some jurisdictions, we may also send you on-line marketing messages if you have previously placed an order with us or where you have provided your information for the purpose of contact (for example a badge scan at a tradeshow or industry event). You can change your marketing preferences at any time and will always be offered the opportunity to unsubscribe.
- 8.2. We will still contact you regarding your account or orders even if you have opted out of receiving marketing from us.
- 9.1. We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
- 9.2. We have put in place procedures to deal with any suspected “Personal Data Breach” (as this and similar terms are defined in the Applicable Data Protection Laws) and will notify you and any applicable regulator of a Breach where we are legally required.
- 9.3. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
10. SOCIAL MEDIA PLATFORMS AND LINKS TO THIRD PARTY WEBSITES
- 10.1. When you use our company page on a social media platform, and/or when you use social sharing buttons on our Website, or click on any links contained in our Website to the websites of our partner networks, our social media pages, advertisers and affiliates; you do so at your own discretion and subject to the terms and conditions as well as the privacy policies of each social media platform respectively. Please note that we do not accept any responsibility or liability for these policies and that these social media platforms or websites may track your activity.
- 10.2. We may collect Personal Data from your public profile, including, name, photo and other information you make available to us when you like, post or otherwise interact with our social media pages such as Facebook, Twitter and Instagram.
11. YOUR RIGHTS
- 11.1. Different privacy rights may apply in various jurisdictions. In some jurisdictions, you may have a right to receive information about the processing of your Personal Data by us, the right to rectify your Personal Data and/or to request deletion of your Personal Data.
- 11.2. General conditions for complying with Personal Data inquiries: When you contact us about your Personal Data, we may need to ask you to provide us certain credentials to make sure that you are who you claim you are, to avoid disclosure to you of Personal Data related to others and to ask you questions to better understand the nature and scope of data that you request to access. We may redact from the data which we will make available to you, any Personal Data related to others. In addition, we may delete your Personal Data if required by Applicable Data Protection Laws.
- 11.3. At any time, you may contact us at: Marketing@inmodemd.com in order to inquire about your Personal Data rights. We will make good-faith efforts to assist you as we are required under the Applicable Data Protection Laws.
- 11.4. If you think that the processing of Personal Data by us violates the Applicable Data Protection Laws, you can lodge a complaint with the regulator at your jurisdiction. We may provide the details of the regulator upon request.
12. INFORMATION FOR EUROPEAN UNION RESIDENTS:
- 12.1. Data Location and International Data Transfers:
- a) Your Personal Data may be stored on our servers outside the EEA and may be processed by our Group companies and service providers outside the EEA. We transfer and process your Personal Data outside the EEA, and we do so in a manner commensurate with Applicable Data Protection Laws.
- 12.2. Your EU Privacy Rights
- a) If you are a European resident, in addition to the rights mentioned above, under the GDPR and subject to its conditions, you have the following additional rights:
- Erasure of Personal Data;
- Objection to the processing of Personal Data;
- Restriction of processing of Personal Data; and
- Portability of Personal Data – to receive the Personal Data you have provided to us in a structured, commonly used and machine-readable form and transmit it to another data controller.
- b) In some instances, our legal obligations may override your rights under data protection laws. We are also legally required to identify you before we process your request.
- c) Normally, you will not have to pay a fee to access your Personal Data (or to exercise any of your rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
- d) We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
- a) If you are a European resident, in addition to the rights mentioned above, under the GDPR and subject to its conditions, you have the following additional rights:
13. INFORMATION FOR CALIFORNIA RESIDENTS
- 13.1. Our Policy on “Do Not Track” Signals under the California Online Protection Act (CalOPPA). We do not support Do Not Track. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
- 13.2. California Civil Code permits customers of the Group who are California residents to request certain information regarding its disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email to Marketing@inmodemd.com. Please note that we are only required to respond to one request per customer each year.
- 13.3. If you are a California resident under the age of 18 and a registered user, California Business and Professions Code permits you to remove content or Personal Data you have publicly posted on our Website. If you wish to remove such content or Personal Data and you specify which content or Personal Data you wish to be removed, we will do so in accordance with applicable law. Please be aware that after removal you will not be able to restore removed content. In addition, such removal does not ensure complete or comprehensive removal of the content or Personal Data you have posted and that there may be circumstances in which the law does not require us to enable removal of content.
- 13.4. Under the California Consumer Privacy Act 2018 (you may have the following rights, subject to submission of a verifiable request made to us:
- a) The right to know whether your Personal Data is collected and processed by us;
- b) The right to know what specific categories of Personal Data we collect about you, the sources from which it was obtained and the business or commercial purposes for which it is collected or sold;
- c) The categories of third parties with whom we share Personal Data;
- d) If we sell information or disclose information for a business purpose, the categories of third parties to whom your Personal Data was sold or disclosed and which Personal Data was sold or disclosed;
- e) request us to rectify and/or delete your Personal Data; please note that such removal does not ensure complete or comprehensive removal of the content or Personal Data you have posted and that there may be circumstances in which the law does not require us to enable removal of content.
- f) Personal Data portability;
- g) The right to request us not to sell your Personal Data.
- 13.5. To exercise your rights, please send an email to Marketing@inmodemd.com.
15. CONTACT US
Address: InMode Aesthetic Solution
100 Leek Cres., Unit 15
Richmond Hill, ON Canada L4B 3E6
Phone number : 1.855.411.2639
California residents may contact us at this a toll free number 833.982.1958.
- 15.2. Note to EU residents: for the purpose of the GDPR, the data controller, may be one of the companies in the Group. If you have an inquiry and you are not sure which Group entity is the controller of your Personal Data, please contact us at the email mentioned above and we will try to connect you to the relevant controller.
Copyright of Inmode Group, 2019