Introduction

This Privacy Policy is issued on behalf of Sinclair Pharma Ltd. and its group companies ('Sinclair', 'us', 'we'). It’s intended for users of Sinclair products & services, customers, providers, website visitors and for anyone interested in contacting with Sinclair.

Sinclair is a global medical aesthetics company, founded in the UK in 1971. Acquired by Huadong Medicine Ltd in 2018, we deliver an extensive product range. We provide an in-house commercial infrastructure, including manufacturing, company-owned affiliates, and a network of distributors in all leading global markets.

We collect, use and are responsible for certain personal data about you. When we do so we are subject to different data protection laws depending on the location of our customers and the provision of our services. Nevertheless, we are committed to deliver the highest standards in privacy protection regardless of where in the World you interact with us.

Please note that we may update this policy from time to time. We encourage you to review it periodically. This version is effective since February the 14th 2023.

Feel free to address our DPO if you need to review past versions of this document.

Please find all operative Sinclair entities & branches and our Data Protection Officer contact details listed below. In addition, to further guarantee the correct exercise of your data protection rights from outside the UK, we have appointed an EU Representative for any GDPR inquiries/ requests you may wisht to forward.

What personal information we may collect about you

We collect & process information about you every time we interact. You may provide the information directly or it may be provided by technical third parties, like Google or social media platforms. We may also gather information by using cookies. Please check our Cookies Policy.

Generally, you provide most of the personal information we collect directly. Either personally or by telephone, mail, web forms, contracts or by responding to our surveys. However, we may also collect personal information from:

• Third parties linked to us, such as:
• A company within our group (please view our group companies above).
• A relevant third-party that has previously obtained your express consent to do so, such as your doctor, your bank, or your employer.
• From our information systems to access our premises if there are any. Such as, for example, entry and reception registers, CCTV.

The personal data we may collect and use, include:

• Basic and contact information: such as name, surname, username, or similar identifier. This category may include your billing and delivery address, email, and phone number.
• Special category data: only when strictly necessary we may process especially sensitive data related to your health, like possible side effects associated with one of our products or information you may provide to us during the course of our services from time to time.
• Financial and economic data: this category includes payment, return and reimbursement details as well as the commercial transactions you completed with us. This may include data to verify your identity for payment acceptance purposes to be able to perform commercial transactions with you.
• Professional and employment data: your job title, the company you work for and your relationship to a person.
• Technical information: like browsing data, including IP address, version and time zone usage, social media tracking pixels to allow platforms interact with our website and provide feedback, URLs clicked on, unique device identifiers, operating system, activity data, such as your login details and whether you completed our registration form.
• User account data: such as your profile name and password, history of subscriptions/purchases, information you provide when you create an account on our websites, subscribe to our service, request marketing to be sent to you, enter a competition or promotion, or register for a webinar. We also gather all your granted consents and your chosen communication preferences.
• Image data: footage that we may capture through our security video surveillance systems in our shops or premises.
  
  

If you fail to provide personal data:
Where we need to collect personal data by law, or under the terms of a contract that we have with you and you fail to provide that data when requested, we may not be able to perform the contract or services. For example, such information may be needed to provide you with requested goods or services. In such instances, we may find it necessary to cancel a contract with you. We will previously notify you if this is the case.

How we use your personal data. Purposes and lawful basis

Sharing your personal information with others

To manage our relationship with you, we will share your information with the Sinclair teams within our group that need to access it to perform their job.

We may share your personal information with the following:

• Other members of the Sinclair group of companies.
• Trusted third parties, such as: our agents and suppliers; partners who provide us with technology services, such as data analytics, hosting, and technical support; our professional advisors; auditors and business partners; regulators, governments and other third parties in connection with the re-organising or merging of all or part of our business. If a change happens to our business, the new owners may use your personal data in the same way as set out in this Policy.
• With law enforcement bodies whenever mandatory.

We have binding privacy agreements in place with all our trusted third parties. All our data processors must certify that data subject’s rights will be guaranteed according to applicable privacy laws.

Third-party websites
From time to time on our websites we may provide links to websites or mobile applications that are separate to and not controlled by us. This Policy does not apply to those websites. Should you choose to visit those third-party domains, please review the legal and privacy statements posted on each website or mobile application to understand their privacy practices.

International data transfers

International data transfers are submitted to special rules governed by the principles of data protection laws. Whenever we transfer your data internationally, we will do so based on appropriate adequacy decisions, implemented Standard Contractual Clauses (SCCs) or International Data Transfer Agreements (IDTA). We will make sure that your information remains safe.

We may transfer your data internationally, for example:

• To communicate with you or our suppliers when you are outside the EEA/ UK.
• When there is an international dimension in the products/services that we provide you.
  
  

How we keep your data safe

Sinclair takes the protection of your personal data very seriously. For this reason, we guarantee the implementation of appropriate security measures, controls, and technical & organizational measures to prevent your information from destruction, loss, change, communication, or any form of malicious access.

We limit the access to your data to authorized entities & personnel. We make sure to properly train all our staff, and all those involved in the processing of your personal information are subject to the duty of confidentiality.

Where we contract with third-parties or suppliers, data protection audits and written data processing agreements are in place. Our partners will only process your personal data in accordance with our strict instructions and ensuring the correct exercise of data protection rights. Personal information will be kept confidential and appropriate security measures to safeguard your data are enforced.

Additionally, we have corporate protocols in place to immediately react to a data security breach incident or suspicion. If necessary, we will notify you of it as well as the relevant data control authority, in accordance with current regulations.

Please note that if you forward information to us, the transmission of data may not be entirely secure, and you will do so at your own risk.

Personal information retention period

We will keep your personal data throughout the duration of our relationship unless you state otherwise.

Retention periods are based on the requirements of different data protection laws, regulations, limitation periods for legal action and the purpose for which the information is collected and used. We categorise information and specify the applicable retention period in accordance.

When personal information is destroyed, paper-based information will be disposed of via confidential waste bins and digital information will be permanently deleted.

We have specific data retention policies available upon request. Please contact our DPO to inquire further on our retention policies.

Your data protection rights

Under certain circumstances, you may request to exercise your Data Protection Rights. You can enforce these rights by contacting us by email to gdpr@sinclair.com or dpo@sinclair.com; by sending a request in writing addressed to:

Or, you may use our dedicated online form GDPR Request form.

When making a request to exercise your rights, please state your request clearly and the personal information you are concerned about. We may need to verify your identity by requesting a form of ID, or we may need clarification or further information before fulfilling your request. We will action your request in a prompt manner, within 30 days from the date of your request for requests under the GDPR and UK GDPR or 45 days for requests under the California Consumer Privacy Act.