These are the privacy policies that apply to information we collect, through the domain(s) below as well as through personal interactions with company representatives. We refer to the website(s) accessible through the domain(s) and all related websites, such as our company website and customer portal, as “sites” and to each of them as a “site.”
When we refer to “we,” “us,” or “our,” we mean Candela Corporation or the specific division, subsidiary, or affiliate that operates a site, provides its content, or processes information received through it, each as appropriate and applicable.
When we refer to “you” or “your,” we mean the person accessing the site. If the person accessing the site does do so on behalf of, or for the purposes of, another person, including a business or other organization, “you” or “your” also means that other person, including a business organization.
Information Ownership, Collection and Use
We are the sole owner of the information collected through the sites. We will not sell, share, or rent this information to others in ways different from those disclosed in this policy. We may collect information from users at several different points on a site.
In order to obtain information about products and services, you must provide certain contact information, such as name, email address, phone, fax and contact request details. This information is used to contact you about the products/services on our site in which you have expressed interest. You may also provide demographic information such as medical designation, specialty, business name and address, and years in business. This type of information allows us to improve and personalize your experience to ensure we provide you with the best possible information.
We will keep hold of your data for no longer than necessary. The length of time we retain it will depend on any legal obligations we have (such as tax recording purposes), the nature of any contracts we have in place with you, the existence of your consent or our legitimate interests as a business.
Child Online Privacy Protection Act (COPPA) Compliance and Related Information
The Child Online Privacy and Protection Act (COPPA) regulates online collection of information from persons under the age of 13. It is our policy to refrain from knowingly collecting or maintaining personally identifiable information relating to any person under the age of 13. If you are under the age of 13, please do not supply any personally identifiable information through the site. If you are under the age of 13 and have already provided personally identifiable information through the site, please have your parent or guardian contact us immediately using the information below so that we can remove such information from our files.
Ordering, Event Registration, and Related Processes
When and if you order products or services using a site or register for an event, we request information from you using a form. When we already have information about you (such as through a previous order or registration, whether received through a site or obtained directly by a Candela representative), we may use such information to facilitate the order or registration process. When using an order form, you must provide contact information (such as name and shipping address) and financial information (such as credit card number and expiration date). This information is used for billing purposes and to fill your order. If we have trouble processing an order, we use this contact information to contact you.
A cookie is a piece of data stored on the computer that runs an Internet browser. It can contain information about you, your computer, your browser, your session, the websites you visit, and other information about you or others who use, or have used, the computer or browser you use to access the Internet. The cookies we use, if any, are not linked to any personally identifiable information while using a site unless you have given us permission to link personally identifiable information to one or more cookies. You give us that permission any time you register on a site, place an order through a site, or identify yourself or the computer you are using through a site.
If you set the browser you use to reject cookies, you can use the sites, but you may not be able to use the full functionality of one or more of the sites or it may take additional time to utilize such functionality.
We or our hosting provider may collect traffic information from visitors for statistical analysis and site improvement. When you accesses a site, we or our hosting provider may collect information about your visit in a log file on a server. Log file information may include, but is not limited to, internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks. We or our hosting provider use this information to analyse trends, administer sites, track users’ movements in the aggregate, and gather demographic information for aggregate use. IP addresses and other log file information are not linked to personally identifiable information. We do not try to track users or to identify users individually except as otherwise stated in this policy, but we or our hosting provider do review this information to understand overall trends and to determine what kinds of content are popular and useful to users.
(a) Aggregated information. We may share aggregated demographic information with our users, our affiliated organizations, and other organizations with which we do, or contemplate doing, business. Such information is aggregated and is not linked to any information that can identify individual users.
(b) Outsourcing providers. We may use outside shipping or other outsourcing providers to process and ship orders or perform other functions. We use commercially reasonable diligence to restrict the purposes for which these outsourcing providers may use your personally identifiable information. The requirements or requests that we impose on such outsourcing providers vary with the sensitivity of the information and can, but do not necessarily, include requirements that these outsourcing providers not retain, share, store, or use personally identifiable information for any secondary purposes, except for backup and recovery operations. Although we use good faith efforts to impose, and/or ensure compliance by our outsourcing providers, we cannot, and will not, be responsible to users for misuse of personally identifiable information by such outsourcing providers. This section is meant as a general description of our practices. It does not impose any duty upon us and it does not constitute a representation or warranty by us upon which you may rely.
(c) Specific services. We may have agreements with other parties such as hosting providers and CRM systems to provide specific services. When you use our services, we may share personally identifiable information with such parties. In such cases, we will ensure the sharing is restricted to the information necessary for the provision of such services.
(d) General use. We share personally identifiable information (whether in return for compensation or otherwise) with various vendors, suppliers, and marketing partners. While we use good faith efforts to verify that such vendors, suppliers, and advertisers promote products and services of interest to site users, we cannot, and do not, endorse such vendors, suppliers, advertisers, products or services unless we expressly state otherwise. We share only such information as you yourself provide to us through one of the partners listed above, (such as through a registration process) and do not share personally identifiable information derived indirectly through IP address tracing or similar means. If you wish us to refrain from providing your personally identifiable information in this manner, please see the opt-out information and contact information provided below.
Links and Information Gathered by Others
One or more sites may contain links to other websites. We do not operate those websites and we cannot control the information that the operators of such websites gather or what the operators of such websites do with the information. We are therefore not responsible for the activities of the operators of such websites.
If you wish to subscribe to a newsletter we offer or to a mailing list that we maintain, we will collect from you contact information necessary to send the newsletter or other information to you. This is usually limited to your e-mail address, but may include other information.
Surveys and Contests
From time to time, we may request information from you using surveys or contests. Participation in these surveys or contests is completely voluntary and you therefore have a choice as to whether to disclose this information. Information requested may include contact information (such as name and address) and demographic information (such as zip code and type of user). We will use such contact information to notify winners and award prizes, and to monitor or improve the use of one or more sites and provide aggregated information for our own uses or to our customers or other organizations, and we may also use it to notify you of news about us or our affiliates or promotions of our products or services or the products or services of people with whom we do business.
We offer a referral service that allows you to inform your friends and other acquaintances about content on the site or to forward information to them. If you elect to use such a referral service, we will collect the friend or acquaintance’s e-mail address and use it to send to the friend or acquaintance a one-time e-mail inviting the friend or acquaintance to visit one or more sites or providing the information you requested. We store this contact information for the sole purpose of sending the one-time e-mail. When you use such a service, you represent and warrant to us that you have an existing business or personal relationship with the friend or acquaintance sufficient to avoid liability under any law that applies to unsolicited e-mail. You will be the sender of any such e-mail and we will merely be a service provider facilitating your sending of the e-mail.
Where we collect non-public personal information from you, we or one or more of our service providers use industry-standard encryption and security standards to protect such information. You can tell whether encryption is being used by noting the “locked” or other status indicator on the browser you are using. If the browser you are using does not indicate that the session is secure (e.g. by displaying a lock, a key or another icon), you should assume that the connection is not secure and that third parties will receive the information shared by you and us during that part of the session.
We also use appropriate technical and organization measures to protect user information offline. All user information is maintained in our offices or at the facilities of our information technology provider(s). We cause access to servers and connections to be limited by key or other access. Only employees or agents who need the information to perform specific functions are granted access to personally identifiable information. We use reasonable efforts to assure that our employees and agents are informed of our security and privacy practices.
Supplementation of Information
We sometimes supplement the information we receive from you with other information we receive from third party sources, such as credit card issuers, clearinghouses or marketing aggregate companies.
We may send to you a welcoming e-mail that may also verify password and user name information. We occasionally send newsletters or information about products, services, and special deals to users like you. You may opt to not receive such informational communications by using the contact information below.
Site and Service Updates
We may also send to you updates and service announcements about one or more of the sites. You may not un-subscribe or opt not to receive such announcements because such announcements contain important information about the services offered through the relevant site(s).
Misappropriation of Personal Information
For the purposes of any applicable law regarding notification of persons whose personal information was, or is reasonably believed to have been, acquired by an unauthorized person, our information security policy provides that any required notification may, where permitted by law, be made by the use of e-mail, telephone, fax, mail. The specific means used is up to us and we will use our judgment based on the circumstances. Where any notice is to be sent to a specific address or number (such as e-mail address, physical address, telephone number, etc.), we will use the latest available address in our records. EXCEPT TO THE EXTENT PROHIBITED BY LAW, YOU AGREE TO THIS MEANS OF NOTIFICATION.
Correcting or Updating Personal Information
If your personal information changes, or if you no longer desire service, you may contact us using the contact information below and we will accommodate all reasonable requests for such changes.
Users who no longer wish to receive newsletters or promotional materials or have their information provided to third parties may opt to not receive such communications or have information shared by contacting us using the information below. We will comply with such requests as soon as is commercially practicable without undue delay. If you opt not to receive such communications or allow us to share your information and then give your personal information to us again using a site or under other circumstances that permit us to use your information, you will be given the opportunity to opt back in to receive communications, at which time if you give consent, we will then regard your original opt-out as rescinded.
In most cases, it is impractical for us to stop any other party to whom we have supplied your information from continuing to use the information and opting out will usually not stop others to whom we have provided your information from continuing to use it.
To change your preference with regard to the way your information is treated:
We will use commercially reasonable efforts to make any changes you request in a timely fashion. Many such changes are accomplished using batch processing (i.e. collecting a number of similar change requests and making all such changes at once), so the changes may not be immediately effective. If you require an immediate change to your personally identifiable information and are unable to make such a change using the communications you received from us, please contact us.
BY USING A SITE, YOU AGREE TO THIS CHANGE PROCEDURE.
530 Boston Post Road
Wayland, MA 01778 USA
If you (a) wish to begin or end receipt of newsletters or promotional information (b) wish to update your user information, or (c) wish to opt in or out of any other service offered through the site, please contact our technical personnel using the following information. Please be sure to include your name and your user name (if applicable), but do not include any information regarding your password(s), if any.
530 Boston Post Road
Wayland, MA 01778 USA
Toll-free in the U.S. 800-733-8550
GDPR prohibits the transfer of personal data to non-EU countries that do not meet a certain adequate standard for data protection. The GDPR standard is specified in a number of privacy principles as detailed below. We have listed the privacy principles below, along with the ways we comply with those principles.
“Personal data” and “personal information” and “your information” as used in this EU Policy means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
This EU Policy applies to all personal information about you that we collect, maintain, or disclose, regardless of the way in which we collect it (i.e. whether through a site or otherwise). We only collect personal data if you make sue of specific services and we therefore require your information or if you have voluntarily given us your express consent. Unless we are subject to other legal commitments, we only use your information for the purposes for which you have given your consent. Your information will only be shared by us with third parties if that is required in order to provide a service you have requested or if you have given your consent. If data has been released for use by our subsidiaries and if such permission involves data transfer to other countries, we will ensure that the data importer is placed under a suitable level of data protection commitment. We store data as required by legal obligation or for the period of time that is required to provide a service you have requested or as agreed in applicable consent.
If we state a specific purpose for gathering of information at the time we ask you to give the information to us, we will not use the information for any purpose other than the purposes stated or for purposes reasonably related to fulfilling that purpose. For example, if you give us your contact information in connection with the purchase of a product, we will use that information to communicate with you about the product (e.g. warranties, claims, features, maintenance, and use) and about issues reasonably related to the product (e.g. to tell you about user groups, events, and additional information that are available to you online, through print media, or in your physical area). We will not use the information for any purpose about which we have not notified you as of the date you provide the information to us and/or as of the date you give to us your further express or implied consent after receiving such notice.
You can contact us with any inquiries or complaints using the contact information above.
If you choose to revise or withdraw your consent at any time, you may contact us using the information above and, to the extent we do not have a right under GDPR to continue to obtain, maintain, and/or disclose such information, we will comply with your request.
Except as otherwise provided by GDPR, you may choose whether your personal information is to be used for a purpose that is incompatible with the purpose(s) for which it was originally collected or subsequently authorized by the individual. You may express your choices to us using the contact information above.
The personal information we use must be accurate, relevant and limited to the purposes for which it is to be used. We will not process personal information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you. We generally assume that information that you give to us is accurate. If information you give to us is inconsistent with other information you give to us or with information that is available in public records or from other sources we are permitted by law to use, we will use reasonable efforts to make sure that the information we process is accurate. If, using prudent business practices, we reasonably satisfy ourselves that we have identified the correct information, we will make the correction and notify you.
You may have access to personal information about you that we hold and you may correct, amend, delete or restrict the use of that information where it is inaccurate. To access your personal information, and to correct, amend, or delete that information where it is inaccurate, please contact us using the contact information above.
We provide access in the form of disclosure to the affected individual and, unless otherwise required by applicable law, do not permit access to our database.
If we refuse access to your personal information for any reason, we will tell you our reasons and will do so as specifically as we can.
If you are not satisfied with the resolution we offer, you have the right to lodge a complaint with the state where you live, work or where the infringement occurred. All arbitration will be conducted by the American Arbitration Association according to its applicable rules. The place of arbitration will be New Castle County Counties in the State of Delaware, USA. All disputes will be resolved by reference to the EU Privacy Principles and the arbitrator may, among other things, award damages where the applicable law or private sector initiatives so provide. We will follow up and permit the arbitrator to verify that the attestations and assertions we make about our privacy practices are true and that privacy practices have been implemented as presented.
The Personal Information Protection and Electronic Documents Act (“PIPEDA”) imposes requirements regarding the collection, use, and disclosure of personal information in relation to our commercial activities, as does private-sector privacy legislation in Quebec, Alberta and British Columbia.
This Canadian Policy applies to all personal information about you that we collect, hold, use and disclose, regardless of the way in which we collect it (i.e. whether through a site or otherwise).
Under Canadian privacy laws (and in this Canadian Policy), personal information is generally any information about an identifiable individual. It may include your name, age, mailing address, residential phone number, or e-mail address, personal history (including financial and credit information, donations, personal health information, billing history, personal family and relationship matters, and penal or criminal information), personal information related to corporate involvements, work experience (past and present), discipline, income and benefits, medical records, tax records, and security clearances. The term does not include your name, business title, business address, or business telephone number in your capacity as an employee of an organization or enterprise.
Collection of Personal Information
We collect personal information from correspondence, faxes, e-mails, telephone inquiries, web forms, and other means of communication. We collect such information when you order or agree to purchase or avail yourself of goods or services, as well as in the case of registrations (e.g. user groups, leagues, and other communities), to track warranty rights and obligations, to provide product information (whether with regard to recalls or otherwise), and other lawful purposes. We often collect personal information from you or from third parties and as agents on behalf of third parties, where we have obtained the requisite consent to do so or as otherwise permitted by law. Third parties include, as examples, organizations for whom we provide services to you or on your behalf, and organizations that perform outsourcing and other services for us (such as payment processors, order fulfilment organizations, shipping companies, warranty and other service organizations, and systems development and maintenance organizations).
How We Use Personal Information
As a general matter, we collect your personal information primarily to provide goods and/or services to and for you, for administrative or management requirements, and to enhance our relationship with customers. We identify additional purposes for which we use your personal information at the time we collect such information from you and obtain the requisite consent, unless otherwise permitted by law, prior to such other use. We may also use your personal information as otherwise permitted by law.
We do not sell client lists or other personal information.
We generally hold, collect, use, and disclose your personal information for the following purposes.
(a) With respect to customers and other past, present, or potential users of our goods or services, we collect, use, and disclose your personal information for the following purposes.
(i) Recording and using the information relevant to the provision of goods and/or services to you or on your behalf;
(ii) Recording and determining goods and/or services provided to you or on your behalf in your relationship with us;
(iii) Administration, billing, accounting and collection in relation to your business and relationship with us;
(iv) Protecting against fraud and error;
(v) Communicating with you generally or to ensure your satisfaction;
(vi) Communicating the information to a subcontractor (or other agents or intermediaries) in the course of a contract or mandate for the performance of any of the purposes listed above;
(vii) Fulfilling orders from you or on your behalf;
(viii) Fulfilling the terms of a warranty or other contractual obligation; and
(ix) Facilitating recalls if necessary.
(b) With respect to our divisions, subsidiaries, and affiliates, we keep a file and collect, use, and disclose the information in it for the following purposes.
(i) Provide products and/or services to you or on your behalf;
(ii) Establish, manage or terminate an employment relationship;
(iii) Administrative or management requirements related to our provision of products;
(iv) Service, build, and maintain our relationship and expertise;
(v) Communicate with you generally, ensure your satisfaction, inform you of the development of, or other information regarding, products and/or services; and
(vi) Communicate to subcontractors (or other agents or intermediaries) any of your personal information in the course of the performance of a contract or mandate for the execution of any of the purposes mentioned above.
See the paragraph below titled “Limitations” for more information about what we do not do with your personal information.
Sharing Your Personal Information
We identify to whom, and for what purposes, we disclose your personal information. For example, we may disclose your personal information:
(a) For the specific purposes declared (or not limited by) the section below titled “Limitations”);
(b) To any of our offices or facilities in connection with the provision of goods and/or services to or on behalf of our customers, to establish, manage or terminate an employment relationship, and for administrative or management requirements, including analysis of relevant products, services, and markets;
(c) To professional firms, government agencies, and any other organizations or enterprises, when required for services to and for customers, as well as for compliance and insurance obligations;
(d) To third-party service providers with whom we have a contractual agreement and who have comparable levels of privacy protection, for the processing related to goods and services provided to, or on behalf of, customers, to establish, manage, and terminate an employment relationship, and for administrative or management requirements (such as, in all cases, for photocopying, printing and faxing, shredding, storage and other document management, payroll, information technology, including software maintenance, consulting and staffing services, collections, warranty tracking, accounting, and legal compliance);
(e) To such persons for which you provide your consent; and
(f) As otherwise permitted by law.
When supplementary disclosure is required, we will identify (at the time we collect such information from you and obtain the requisite consent to such disclosure, unless otherwise permitted by law) the other persons, organizations, and/or enterprises and the other purposes to whom and for which disclosure may occur.
Except when otherwise permitted by law, we obtain the requisite consent prior to collecting and, in any case, prior to using or disclosing your personal information for any purpose. You may provide your consent to us orally, in writing, by electronic communication, or any other means reasonably capable of conveying your consent. We will obtain your express consent if we collect, use or disclose sensitive information. Your consent may also be intrinsic to the circumstances such as in the case where you have already provided personal information to us and you maintain your relationship with us or where you provide our representatives with your phone number so that we can contact you. Except when otherwise permitted by law, we will only use the information for the purpose for which it was given. From time to time, we may collect, utilize, or disclose your personal information based on your consent and as otherwise permitted by law.
When your consent is required, you can withdraw consent at any time (unless withdrawing the consent would frustrate the performance of legal obligations) upon providing to us a 30-day notice. However, the withdrawal of your consent may adversely affect our ability to provide products and services to you and to maintain our relationship.
In certain circumstances, as permitted or required by law, we may collect, use, or disclose personal information without your knowledge or consent. These circumstances include (where applicable) information about individuals that is publicly available, where collection or use is clearly in the interests of the individual and consent cannot be obtained in a timely way, to investigate a breach or a contravention of a law, to comply with a subpoena, warrant, court order, or as required or otherwise permitted by law.
We remain responsible for all personal information communicated to third parties for processing. As such, we ensure that third parties that are engaged to provide products or services on our behalf and are provided with personal information are required to observe the intent of this Canadian Policy by having comparable levels of security protection or, when required, by assuring us (through a confidentiality agreement) that they will not use or disclosure the personal information for any purpose other than the purpose for which the personal information was communicated.
We only collect the personal information necessary to fulfil the purposes identified to you prior to or at the time of collection, or any other reasonable and legitimate purposes or as required by law.
We do not use or disclose your personal information, except for the purposes for which it was collected, or new purposes to which you have consented, or as required or otherwise permitted by applicable law.
We do not, as a condition of supplying goods or services to you or on your behalf, or as an administrative or management requirement, require consent to the collection, use or disclosure of personal information beyond that reasonably required for such purposes, or to comply with its obligations under applicable law.
Retention of Personal Information
We may keep a record of your personal information, including correspondence or comments, in the applicable file specific to you. We will utilize, disclose, or retain your personal information for as long as necessary to fulfil the purposes for which it was collected and for legal or business requirements. We will establish minimum and maximum retention periods and procedures for maintaining and destroying your personal information. When personal information is retained to make a decision about you, we will retain such information for one year.
Access to Your Personal Information
Subject to the exceptions provided by the applicable law, we will make available to you any specific personal information about you that we have collected, utilized or disclosed, upon your written request. We will make such information available to you in a form that is generally understandable, including explaining any abbreviations or codes and using an alternative format, if required. Simply send your request for access to the Privacy Officer listed below. Please be as specific as possible in your request so that we can meet the applicable time lines.
We will use reasonable efforts to ensure that your personal information is kept as accurate, complete, and up-to-date as possible. We will not routinely update your personal information, unless such a process is necessary. In order to help us maintain and ensure that your personal information is accurate and up to date, you must inform us, without delay, of any change in the information you provided to us.
You can at any time, challenge the accuracy or completeness of the personal information we have about you, subject to the exceptions provided by applicable law. If you successfully demonstrate that the personal information we have on you is inaccurate or incomplete, we will amend the personal information as required. Where appropriate, we will transmit the amended information to third parties to whom we have communicated your personal information.
We will make every reasonable effort to respond to each of your written requests not later than 30 days after receipt of such requests. When applicable, we will advise you in writing if we cannot meet your requests within this time limit. When applicable, you have the right to make a complaint to the appropriate privacy commission with respect to this time limit.
We expect to provide access without charge as a general matter. However, we reserve the right to collect a reasonable charge when you request the transcription, reproduction, or transmission of such information. We will notify you, following your request for transcription, reproduction, or transmission, of the appropriate amount that will be charged. You will then have the opportunity to withdraw your request.
Identifying You in Connection with Requests
We may require that you provide to us sufficient information to identify yourself before we provide information about the existence, use, or disclosure of your personal information in our possession. Any such information shall be used only for this purpose.
We use security safeguards appropriate to the sensitivity of personal information to protect it from loss or theft, as well as unauthorized access, disclosure, copying, use or modification. These safeguards include physical measures, such as restricted access to offices and equipment, organizational measures, such as security clearances, and publishing this policy to appropriate personnel with instructions to act in accordance with its principles (for example, limiting access on a “need to know” basis), and technological measures, such as the use of passwords and/or encryption.
Please direct all complaints or other inquiries regarding personal information, the General Policy, the European Union Policy or the Canadian Policy to our Head of IT as follows.
530 Boston Post Road
Wayland, MA 01778 USA