MGA Beloit, S.C. (the “company”, “we” or “us”) is committed to protecting the confidentiality of data it receives. This policy sets forth the expectations of the company related to the receipt, handling, storage, use, transmission and destruction of data it receives from you during your use of the website at www.medicalgradeaesthetics.com, or submitted by you to us by email or other electronic communication medium. This policy applies to the company; its employees, agents and representatives; and vendors and others that receive, use, store or transmit information on the company’s behalf.
We are and may in the future be subject to various data protection laws, both foreign and domestic. Such laws have certain common principles and elements, which we respect and will uphold, including (1) transparency, (2) limiting the collection of data, (3) allowing data subjects to have a say in how their personal data is stored and used, (4) implementation of reasonable physical, technical and administrative safeguards to prevent unauthorized access or use of protected data, (5) ongoing risk assessment, and (6) vigilance in preventing and responding to data breaches.
“Personal Information” means information that relates to an identifiable natural person or that can be used, by itself or combined with other data, to identify that person. This includes both business and personal information, such as name, address, telephone number, email address, business contact information, business affiliation, title, etc. Personal Information also includes all Sensitive Personal Information (as defined below). Personal Information does not include information about an individual that cannot be used to identify that individual, such as aggregated and deidentified data.
“Sensitive Personal Information” means Personal Information that is especially sensitive and that should be treated with additional respect and protection, often because its improper use or transmission can lead to identity theft or other significant losses. Examples of Sensitive Personal Information include Social Security Number (SSN); National Insurance Number (NI); credit card number; bank account number(s); username(s) and/or password(s); health information, genetic and biometric information; Personal Information of children; and criminal history, as well as information regarded as highly private or sensitive under various laws, such as information regarding race, ethnicity, political opinions, religious or philosophical beliefs, trade union membership, sex life or sexual orientation. Questions regarding whether specific data or information constitutes Sensitive Personal Information should be directed to the Data Privacy Officer.
“Protected Information” means all Personal Information, or Sensitive Personal Information, and all other information that the Data Privacy Officer designates as subject to this policy.
“Data Protection Officer” means the individual authorized and obligated to enforce and interpret this policy and responsible for the overall protection and management of our data. The Data Privacy Officer is _____________________.
“Breach” means an unauthorized use or disclosure of Protected Information, including without limitation unauthorized access. While an unprotected transmission of Protected Information may result in a Breach, it is not, by itself, a Breach.
“Data Subject” means an individual to whom Personal Information or Sensitive Personal Information pertains.
DATA PROTECTION PRINCIPLES
The following principles govern our collection, use, retention, transfer, disclosure and destruction of Personal Information, and our reasons for collecting Personal Information:
- Purpose Limitation: Personal Information will be collected for specific and legitimate purposes. This means you will know why we are obtaining Personal Information when we obtain it and we will not use it for other purposes without your consent or other lawful basis to do so.
- Minimum Necessary: We do not collect Personal Information we do not need, and we will only retain Personal Information as long as we have a legitimate need for it. We only collect, maintain, use and transmit the minimum amount of Protected Information necessary to accomplish a given task, and we only allow the least amount of people the lowest amount of access necessary to accomplish a legitimate purpose.
- What We Collect: We collect primarily the information you supply us with as well as your IP address.
- Accuracy: Personal Information should be accurate and kept up to date. You can contact our Data Protection Officer to correct your Personal Information or you may update it through an online form, if available.
- Access Limitation: Personal Information will only be accessible to those with a legitimate need for the information to accomplish one of the purposes listed above or another purpose required by law. This includes both protection from external access and internal limitations on who within the company can access Personal Information.
- Integrity & Confidentiality: Personal Information will be received, maintained, used and/or transmitted in a matter that ensures appropriate security, including protection from unauthorized or unlawful access, as well as accidental loss, destruction or damage. Data Subjects will be afforded their rights as recognized under applicable laws (including GDPR where applicable).
Most Personal Information we receive is provided directly by the Data Subject, and in most cases the provision of such information is specifically so that we may can provide you with goods or services you have requested.
We collect primarily the information you supply us with (when you sign up for our mailing list, register to receive services, or place an order), and we collect your IP address automatically. We collect your email address as well as your name when you sign up for our mailing list, register for services, or order something from us to enable us to contact you and let you know about new products or other marketing updates, to respond to your concerns or inquiries, and to provide support for our products. We may also collect your address and credit card payment information when you order something from us for the purposes of shipping and payment processing. We also collect the information you submit to us for product or service reviews, or feedback on the website.
We use various technologies to collect and store Personal Information when you use our website, which includes using “cookies” or other similar technologies. We collect certain information automatically, such as your IP address, browser type, computer or device type (such as a mobile device), URL and ISP information, time and date of access, and location.
HOW WE USE PERSONAL INFORMATION
We collect Protected Information to perform the business relationship between us and customers, primarily to create customer accounts and facilitate selling and delivering goods to customers who purchase them. We also use Protected Information submitted by customers for marketing and promotional material distribution from us. We do not sell any Protected Information to third parties for any purpose.
RIGHTS OF DATA SUBJECTS
We respect the rights of individuals to control their Personal Information under various laws, and we will allow them to exercise those rights. Subject to requirements and restrictions from applicable law (including employment laws and record retention requirements) all Data Subjects have the right to:
- access and know what information about them we have.
- correct any Personal Information about them that we have.
- request that we delete their Personal Information.
- request that we limit the way we use or share their Personal Information.
- object to the use of their Personal Information for direct marketing.
All requests from a Data Subject related to these rights should be forwarded to the Data Protection Officer, who will respond accordingly. The Data Protection Officer will undertake reasonable efforts to authenticate the identity of the requesting individual before providing further information or undertaking further action to allow the individual to exercise one or more of the above rights. There may be situations where someone other than the Data Subject requests Personal Information of another, such as requests by police or court order. All such requests should be forwarded to the Data Protection Officer, who will respond accordingly.
Information of Minors: This website is not intended for children under 18 years of age. We do not knowingly collect any Personal Information, Sensitive Personal Information, or Protected Information from anyone under the age of 18. If you are under the age of 18, please do not provide any Personal Information or any other type of information to us.
DATA SECURITY AND RETENTION
The amount of time we store Personal Information depends on the purposes for which we use it as well as the type of Personal Information. We will store your Personal Information for as long as you continue to use our products or services, or as long as we have another business purpose to do so but never for longer than permitted by applicable law. The information collected may be stored and processed on third-party servers which may be located in the United States or around the globe. No information, especially electronically stored or transmitted information, is absolutely safe. However, we take the protection of Personal Information seriously. We will continue to actively assess risks and look for ways to better safeguard Protected Information.
We protect Protected Information through physical, technical and administrative safeguards, taking into account factors such as legal requirements; the sensitivity of the information; the need for and uses pertaining to it; practical factors related to access, use and cost; foreseeable risks, their likelihood and the potential harm were a breach to occur.
CALIFORNIA PRIVACY RIGHTS
California residents who provide personal information in obtaining products or services for personal, family or household use are entitled to request and obtain from us once a calendar year information about the customer information we shared, if any, with other businesses for their own direct marketing uses. To obtain this information, you can contact us with a “Request for California Privacy Information” on the subject line and in the body of your message and provide a telephone number where you can be reached. The Company will first call to verify the validity of the request and will then provide the requested information as promptly as possible. Under California’s Consumer Privacy Act (the CCPA), you have the right to have us delete information collected from you (subject to some exceptions) and the right to opt-out of the sale of your personal information gathered through the Site. Doing so will not impact your usage of the Site or discriminate against you in any other way.
We will not sell, rent, swap or authorize any third party to use your Personal Information without your permission. In the future we may sell, buy, merge or partner with another company or business. In such a transaction, we may include your Personal Information in the transferred assets.
WHO TO CONTACT
Questions and concerns regarding this policy, its application or interpretation, security and accessibility of our data and other related matters should be directed to the Data Protection Officer: