Privacy Policy

These are the privacy policies that apply to information we collect, through the domain(s) below as well as through personal interactions with company representatives. We refer to the website(s) accessible through the domain(s) and all related websites, such as our company website and customer portal, as “sites” and to each of them as a “site.”

When we refer to “we,” “us,” or “our,” we mean Candela Corporation or the specific division, subsidiary, or affiliate that operates a site, provides its content, or processes information received through it, each as appropriate and applicable.

When we refer to “you” or “your,” we mean the person accessing the site. If the person accessing the site does do so on behalf of, or for the purposes of, another person, including a business or other organization, “you” or “your” also means that other person, including a business organization.

GENERAL PRIVACY POLICY

(This section sets forth the general privacy policy for the United States and other jurisdictions not otherwise specifically covered by the jurisdiction-specific policies below. Citizens of EU Member States and citizens of Canada should see the provisions below specific to them.)

This privacy policy discloses the privacy practices for the sites and our normal engagement with customers and prospects. If you have any questions about how we use information, you should inquire at or before the time you give such information to us.

Note that this policy contains several important exceptions, most notably the exception involving use of information to identify and/or pursue persons who are under criminal investigation or who damage, or may damage, our information or other resources. Please read the entire privacy policy to be sure that you understand these exceptions.

Information Ownership, Collection and Use

We are the sole owner of the information collected through the sites. We will not sell, share, or rent this information to others in ways different from those disclosed in this policy. We may collect information from users at several different points on a site.

This privacy policy addresses some types of information, means of collecting information, and uses of information that may not presently apply to one or more of the sites. We tell you about these types of information, means of collecting information, and uses of information anyway because we want to maintain flexibility in offering additional features without having to revisit our terms and conditions or privacy policy every time we revise a site or offer new functions. No description of any type of information, means of collecting information, or use of information will require us to collect any particular information, make any particular use of any information, or offer any particular functionality through any site.

In order to obtain information about products and services, you must provide certain contact information, such as name, email address, phone, fax and contact request details. This information is used to contact you about the products/services on our site in which you have expressed interest. You may also provide demographic information such as medical designation, specialty, business name and address, and years in business. This type of information allows us to improve and personalize your experience to ensure we provide you with the best possible information.

We will keep hold of your data for no longer than necessary. The length of time we retain it will depend on any legal obligations we have (such as tax recording purposes), the nature of any contracts we have in place with you, the existence of your consent or our legitimate interests as a business.

Child Online Privacy Protection Act (COPPA) Compliance and Related Information

The Child Online Privacy and Protection Act (COPPA) regulates online collection of information from persons under the age of 13. It is our policy to refrain from knowingly collecting or maintaining personally identifiable information relating to any person under the age of 13. If you are under the age of 13, please do not supply any personally identifiable information through the site. If you are under the age of 13 and have already provided personally identifiable information through the site, please have your parent or guardian contact us immediately using the information below so that we can remove such information from our files.

Ordering, Event Registration, and Related Processes

When and if you order products or services using a site or register for an event, we request information from you using a form. When we already have information about you (such as through a previous order or registration, whether received through a site or obtained directly by a Candela representative), we may use such information to facilitate the order or registration process. When using an order form, you must provide contact information (such as name and shipping address) and financial information (such as credit card number and expiration date). This information is used for billing purposes and to fill your order. If we have trouble processing an order, we use this contact information to contact you.

Cookies

A cookie is a piece of data stored on the computer that runs an Internet browser. It can contain information about you, your computer, your browser, your session, the websites you visit, and other information about you or others who use, or have used, the computer or browser you use to access the Internet. The cookies we use, if any, are not linked to any personally identifiable information while using a site unless you have given us permission to link personally identifiable information to one or more cookies. You give us that permission any time you register on a site, place an order through a site, or identify yourself or the computer you are using through a site.

Most or all browsers permit you to disable or reject cookies. You can do this by setting the preferences in the browser. Use the “help” feature of your browser to obtain more information about refusing cookies. As of the time we wrote this privacy policy, there was information about how to disable cookies at the following websites. We do not operate these websites and we make no representation or warranty about the information contained in the websites to which these links will take you.

https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
https://answers.microsoft.com/en-us/edge/forum/edge_other-edge_win10/enabling-cookies-for-microsoft-edge/7c583015-0cde-4ddc-a1ad-45cc9d24c9fc
https://support.google.com/chrome/answer/95647
https://support.mozilla.org/en-US/kb/disable-third-party-cookies

If you set the browser you use to reject cookies, you can use the sites, but you may not be able to use the full functionality of one or more of the sites or it may take additional time to utilize such functionality.

One or more of the organizations with which we do business, or to which we provide links from a site, may also use cookies. We have no control over such organizations’ uses of cookies and users should review the privacy policies of such organizations to determine the uses such organizations make of cookies.

Log Files

We or our hosting provider may collect traffic information from visitors for statistical analysis and site improvement. When you accesses a site, we or our hosting provider may collect information about your visit in a log file on a server. Log file information may include, but is not limited to, internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks. We or our hosting provider use this information to analyse trends, administer sites, track users’ movements in the aggregate, and gather demographic information for aggregate use. IP addresses and other log file information are not linked to personally identifiable information. We do not try to track users or to identify users individually except as otherwise stated in this policy, but we or our hosting provider do review this information to understand overall trends and to determine what kinds of content are popular and useful to users.

Sharing

(a) Aggregated information. We may share aggregated demographic information with our users, our affiliated organizations, and other organizations with which we do, or contemplate doing, business. Such information is aggregated and is not linked to any information that can identify individual users.

(b) Outsourcing providers. We may use outside shipping or other outsourcing providers to process and ship orders or perform other functions. We use commercially reasonable diligence to restrict the purposes for which these outsourcing providers may use your personally identifiable information. The requirements or requests that we impose on such outsourcing providers vary with the sensitivity of the information and can, but do not necessarily, include requirements that these outsourcing providers not retain, share, store, or use personally identifiable information for any secondary purposes, except for backup and recovery operations. Although we use good faith efforts to impose, and/or ensure compliance by our outsourcing providers, we cannot, and will not, be responsible to users for misuse of personally identifiable information by such outsourcing providers. This section is meant as a general description of our practices. It does not impose any duty upon us and it does not constitute a representation or warranty by us upon which you may rely.

(c) Specific services. We may have agreements with other parties such as hosting providers and CRM systems to provide specific services. When you use our services, we may share personally identifiable information with such parties. In such cases, we will ensure the sharing is restricted to the information necessary for the provision of such services.

(d) General use. We share personally identifiable information (whether in return for compensation or otherwise) with various vendors, suppliers, and marketing partners. While we use good faith efforts to verify that such vendors, suppliers, and advertisers promote products and services of interest to site users, we cannot, and do not, endorse such vendors, suppliers, advertisers, products or services unless we expressly state otherwise. We share only such information as you yourself provide to us through one of the partners listed above, (such as through a registration process) and do not share personally identifiable information derived indirectly through IP address tracing or similar means. If you wish us to refrain from providing your personally identifiable information in this manner, please see the opt-out information and contact information provided below.

Links and Information Gathered by Others

One or more sites may contain links to other websites. We do not operate those websites and we cannot control the information that the operators of such websites gather or what the operators of such websites do with the information. We are therefore not responsible for the activities of the operators of such websites.

Newsletter

If you wish to subscribe to a newsletter we offer or to a mailing list that we maintain, we will collect from you contact information necessary to send the newsletter or other information to you. This is usually limited to your e-mail address, but may include other information.

Surveys and Contests

From time to time, we may request information from you using surveys or contests. Participation in these surveys or contests is completely voluntary and you therefore have a choice as to whether to disclose this information. Information requested may include contact information (such as name and address) and demographic information (such as zip code and type of user). We will use such contact information to notify winners and award prizes, and to monitor or improve the use of one or more sites and provide aggregated information for our own uses or to our customers or other organizations, and we may also use it to notify you of news about us or our affiliates or promotions of our products or services or the products or services of people with whom we do business.

Tell-A-Friend

We offer a referral service that allows you to inform your friends and other acquaintances about content on the site or to forward information to them. If you elect to use such a referral service, we will collect the friend or acquaintance’s e-mail address and use it to send to the friend or acquaintance a one-time e-mail inviting the friend or acquaintance to visit one or more sites or providing the information you requested. We store this contact information for the sole purpose of sending the one-time e-mail. When you use such a service, you represent and warrant to us that you have an existing business or personal relationship with the friend or acquaintance sufficient to avoid liability under any law that applies to unsolicited e-mail. You will be the sender of any such e-mail and we will merely be a service provider facilitating your sending of the e-mail.

Security

Where we collect non-public personal information from you, we or one or more of our service providers use industry-standard encryption and security standards to protect such information. You can tell whether encryption is being used by noting the “locked” or other status indicator on the browser you are using. If the browser you are using does not indicate that the session is secure (e.g. by displaying a lock, a key or another icon), you should assume that the connection is not secure and that third parties will receive the information shared by you and us during that part of the session.

We also use appropriate technical and organization measures to protect user information offline. All user information is maintained in our offices or at the facilities of our information technology provider(s). We cause access to servers and connections to be limited by key or other access. Only employees or agents who need the information to perform specific functions are granted access to personally identifiable information. We use reasonable efforts to assure that our employees and agents are informed of our security and privacy practices.

Supplementation of Information

We sometimes supplement the information we receive from you with other information we receive from third party sources, such as credit card issuers, clearinghouses or marketing aggregate companies.

Special Offers

We may send to you a welcoming e-mail that may also verify password and user name information. We occasionally send newsletters or information about products, services, and special deals to users like you. You may opt to not receive such informational communications by using the contact information below.

Site and Service Updates

We may also send to you updates and service announcements about one or more of the sites. You may not un-subscribe or opt not to receive such announcements because such announcements contain important information about the services offered through the relevant site(s).

Misappropriation of Personal Information

For the purposes of any applicable law regarding notification of persons whose personal information was, or is reasonably believed to have been, acquired by an unauthorized person, our information security policy provides that any required notification may, where permitted by law, be made by the use of e-mail, telephone, fax, mail. The specific means used is up to us and we will use our judgment based on the circumstances. Where any notice is to be sent to a specific address or number (such as e-mail address, physical address, telephone number, etc.), we will use the latest available address in our records. EXCEPT TO THE EXTENT PROHIBITED BY LAW, YOU AGREE TO THIS MEANS OF NOTIFICATION.

Correcting or Updating Personal Information

If your personal information changes, or if you no longer desire service, you may contact us using the contact information below and we will accommodate all reasonable requests for such changes.

Choice/Opt-out

Users who no longer wish to receive newsletters or promotional materials or have their information provided to third parties may opt to not receive such communications or have information shared by contacting us using the information below. We will comply with such requests as soon as is commercially practicable without undue delay. If you opt not to receive such communications or allow us to share your information and then give your personal information to us again using a site or under other circumstances that permit us to use your information, you will be given the opportunity to opt back in to receive communications, at which time if you give consent, we will then regard your original opt-out as rescinded.

In most cases, it is impractical for us to stop any other party to whom we have supplied your information from continuing to use the information and opting out will usually not stop others to whom we have provided your information from continuing to use it.

To change your preference with regard to the way your information is treated:

Response Times

We will use commercially reasonable efforts to make any changes you request in a timely fashion. Many such changes are accomplished using batch processing (i.e. collecting a number of similar change requests and making all such changes at once), so the changes may not be immediately effective. If you require an immediate change to your personally identifiable information and are unable to make such a change using the communications you received from us, please contact us.

Changes to This Privacy Policy

If we decide to change this privacy policy, we will post the changes on one or more sites and/or other places we deem appropriate.

Except as stated below, we will use information in accordance with the privacy policy under which the information was collected.

If we decide to use information about you in a manner different from that stated in the privacy policy in effect at the time of collection, we will notify you by e-mail if, and to the extent that, you have provided your e-mail address. If you reply to such an e-mail and request that we not use your personally identifiable information in the proposed new manner, we will honor your request, but we reserve the right to suspend your access to all or part of the services offered through one or more sites if you do so.

BY USING A SITE, YOU AGREE TO THIS CHANGE PROCEDURE.

Exceptions

Notwithstanding anything else in this privacy policy to the contrary, we may collect personally identifiable information and use such information in ways other than those described above if we are required to do so by law or if we deem it advisable in the course of assisting law enforcement activities or protecting our site(s) or other property.

Contact Information

If you feel that we are not abiding by this privacy policy or if you have questions regarding the policy, you may contact our privacy liaison using the following information.

Candela Corporation
251 Locke Drive
Marlborough, MA 01752, USA
1-800-733-8550
info@candelamedical.com

If you (a) wish to begin or end receipt of newsletters or promotional information (b) wish to update your user information, or (c) wish to opt in or out of any other service offered through the site, please contact our technical personnel using the following information. Please be sure to include your name and your user name (if applicable), but do not include any information regarding your password(s), if any.

Candela Corporation
251 Locke Drive
Marlborough, MA 01752 USA
Toll-free in the U.S. 800-733-8550
info@candelamedical.com

 

EUROPEAN UNION PRIVACY POLICY

Both the General Privacy Policy and this European Union Privacy Policy (the “EU Policy”) apply to citizens of European Union Member States except that, for such persons (and only for such persons), where the provisions of the General Privacy Policy and the EU Policy cannot be construed consistently, the provisions of the EU Policy will govern. This section also applies to anyone who is subject to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), as amended, restated or replaced from time to time.

GDPR prohibits the transfer of personal data to non-EU countries that do not meet a certain adequate standard for data protection. The GDPR standard is specified in a number of privacy principles as detailed below. We have listed the privacy principles below, along with the ways we comply with those principles.

“Personal data” and “personal information” and “your information” as used in this EU Policy means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

This EU Policy applies to all personal information about you that we collect, maintain, or disclose, regardless of the way in which we collect it (i.e. whether through a site or otherwise).  We only collect personal data if you make sue of specific services and we therefore require your information or if you have voluntarily given us your express consent.  Unless we are subject to other legal commitments, we only use your information for the purposes for which you have given your consent.  Your information will only be shared by us with third parties if that is required in order to provide a service you have requested or if you have given your consent.  If data has been released for use by our subsidiaries and if such permission involves data transfer to other countries, we will ensure that the data importer is placed under a suitable level of data protection commitment.  We store data as required by legal obligation or for the period of time that is required to provide a service you have requested or as agreed in applicable consent.

Notice

If we state a specific purpose for gathering of information at the time we ask you to give the information to us, we will not use the information for any purpose other than the purposes stated or for purposes reasonably related to fulfilling that purpose. For example, if you give us your contact information in connection with the purchase of a product, we will use that information to communicate with you about the product (e.g. warranties, claims, features, maintenance, and use) and about issues reasonably related to the product (e.g. to tell you about user groups, events, and additional information that are available to you online, through print media, or in your physical area). We will not use the information for any purpose about which we have not notified you as of the date you provide the information to us and/or as of the date you give to us your further express or implied consent after receiving such notice.

You can contact us with any inquiries or complaints using the contact information above.

If you choose to revise or withdraw your consent at any time, you may contact us using the information above and, to the extent we do not have a right under GDPR to continue to obtain, maintain, and/or disclose such information, we will comply with your request.

Choice

Except as otherwise provided by GDPR, you may choose whether your personal information is to be used for a purpose that is incompatible with the purpose(s) for which it was originally collected or subsequently authorized by the individual. You may express your choices to us using the contact information above.

Security

We are required to take appropriate technical and organizational measures to protect your personal information from loss, misuse, unauthorized access, disclosure, alteration and destruction. We use the means described in the Security section of our General Privacy Policy above.

Data Integrity

The personal information we use must be accurate, relevant and limited to the purposes for which it is to be used. We will not process personal information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you. We generally assume that information that you give to us is accurate. If information you give to us is inconsistent with other information you give to us or with information that is available in public records or from other sources we are permitted by law to use, we will use reasonable efforts to make sure that the information we process is accurate. If, using prudent business practices, we reasonably satisfy ourselves that we have identified the correct information, we will make the correction and notify you.

Access

You may have access to personal information about you that we hold and you may correct, amend, delete or restrict the use of that information where it is inaccurate. To access your personal information, and to correct, amend, or delete that information where it is inaccurate, please contact us using the contact information above.

We provide access in the form of disclosure to the affected individual and, unless otherwise required by applicable law, do not permit access to our database.

If we refuse access to your personal information for any reason, we will tell you our reasons and will do so as specifically as we can.

Enforcement

If we fail to comply with this privacy policy or otherwise comply with GDPR, we encourage you to tell us about the failure to comply and to be as specific as possible so that we can resolve any dispute between us.

If you are not satisfied with the resolution we offer, you have the right to lodge a complaint with the state where you live, work or where the infringement occurred. All arbitration will be conducted by the American Arbitration Association according to its applicable rules. The place of arbitration will be New Castle County Counties in the State of Delaware, USA. All disputes will be resolved by reference to the EU Privacy Principles and the arbitrator may, among other things, award damages where the applicable law or private sector initiatives so provide. We will follow up and permit the arbitrator to verify that the attestations and assertions we make about our privacy practices are true and that privacy practices have been implemented as presented.

CANADIAN PRIVACY POLICY

Both the General Privacy Policy and this Canadian Privacy Policy (the “Canadian Policy”) applies to citizens of Canada except that, for such persons (and only for such persons), where the provisions of the General Privacy Policy and the Canadian Policy cannot be construed consistently, the Canadian Policy will govern.

The Personal Information Protection and Electronic Documents Act (“PIPEDA”) imposes requirements regarding the collection, use, and disclosure of personal information in relation to our commercial activities, as does private-sector privacy legislation in Quebec, Alberta and British Columbia.

This Canadian Policy applies to all personal information about you that we collect, hold, use and disclose, regardless of the way in which we collect it (i.e. whether through a site or otherwise).

Personal Information

Under Canadian privacy laws (and in this Canadian Policy), personal information is generally any information about an identifiable individual. It may include your name, age, mailing address, residential phone number, or e-mail address, personal history (including financial and credit information, donations, personal health information, billing history, personal family and relationship matters, and penal or criminal information), personal information related to corporate involvements, work experience (past and present), discipline, income and benefits, medical records, tax records, and security clearances. The term does not include your name, business title, business address, or business telephone number in your capacity as an employee of an organization or enterprise.

Collection of Personal Information

We collect personal information from correspondence, faxes, e-mails, telephone inquiries, web forms, and other means of communication. We collect such information when you order or agree to purchase or avail yourself of goods or services, as well as in the case of registrations (e.g. user groups, leagues, and other communities), to track warranty rights and obligations, to provide product information (whether with regard to recalls or otherwise), and other lawful purposes. We often collect personal information from you or from third parties and as agents on behalf of third parties, where we have obtained the requisite consent to do so or as otherwise permitted by law. Third parties include, as examples, organizations for whom we provide services to you or on your behalf, and organizations that perform outsourcing and other services for us (such as payment processors, order fulfilment organizations, shipping companies, warranty and other service organizations, and systems development and maintenance organizations).

How We Use Personal Information

As a general matter, we collect your personal information primarily to provide goods and/or services to and for you, for administrative or management requirements, and to enhance our relationship with customers. We identify additional purposes for which we use your personal information at the time we collect such information from you and obtain the requisite consent, unless otherwise permitted by law, prior to such other use. We may also use your personal information as otherwise permitted by law.

We do not sell client lists or other personal information.

>We generally hold, collect, use, and disclose your personal information for the following purposes.

(a) With respect to customers and other past, present, or potential users of our goods or services, we collect, use, and disclose your personal information for the following purposes.

(i) Recording and using the information relevant to the provision of goods and/or services to you or

(ii) Recording and determining goods and/or services provided to you or on your behalf in your relationship with us;

(iii) Administration, billing, accounting and collection in relation to your business and relationship with us;

(iv) Protecting against fraud and error;

(v) Communicating with you generally or to ensure your satisfaction;

(vi) Communicating the information to a subcontractor (or other agents or intermediaries) in the course of a contract or mandate for the performance of any of the purposes listed above;

(vii) Fulfilling orders from you or on your behalf;

(viii) Fulfilling the terms of a warranty or other contractual obligation; and

(ix) Facilitating recalls if necessary.

(b) With respect to our divisions, subsidiaries, and affiliates, we keep a file and collect, use, and disclose the information in it for the following purposes.

(i) Provide products and/or services to you or on your behalf;

(ii) Establish, manage or terminate an employment relationship;

(iii) Administrative or management requirements related to our provision of products;>

(iv) Service, build, and maintain our relationship and expertise;

(v) Communicate with you generally, ensure your satisfaction, inform you of the development of, or other information regarding, products and/or services; and

(vi) Communicate to subcontractors (or other agents or intermediaries) any of your personal information in the course of the performance of a contract or mandate for the execution of any of the purposes mentioned above.

See the paragraph below titled “Limitations” for more information about what we do not do with your personal information.

Sharing Your Personal Information

We identify to whom, and for what purposes, we disclose your personal information. For example, we may disclose your personal information:

(a) For the specific purposes declared (or not limited by) the section below titled “Limitations”);

(b) To any of our offices or facilities in connection with the provision of goods and/or services to or on behalf of our customers, to establish, manage or terminate an employment relationship, and for administrative or management requirements, including analysis of relevant products, services, and markets;

(c) To professional firms, government agencies, and any other organizations or enterprises, when required for services to and for customers, as well as for compliance and insurance obligations;

(d) To third-party service providers with whom we have a contractual agreement and who have comparable levels of privacy protection, for the processing related to goods and services provided to, or on behalf of, customers, to establish, manage, and terminate an employment relationship, and for administrative or management requirements (such as, in all cases, for photocopying, printing and faxing, shredding, storage and other document management, payroll, information technology, including software maintenance, consulting and staffing services, collections, warranty tracking, accounting, and legal compliance);

(e) To such persons for which you provide your consent; and

(f) As otherwise permitted by law.

When supplementary disclosure is required, we will identify (at the time we collect such information from you and obtain the requisite consent to such disclosure, unless otherwise permitted by law) the other persons, organizations, and/or enterprises and the other purposes to whom and for which disclosure may occur.

Obtaining Consent

Except when otherwise permitted by law, we obtain the requisite consent prior to collecting and, in any case, prior to using or disclosing your personal information for any purpose. You may provide your consent to us orally, in writing, by electronic communication, or any other means reasonably capable of conveying your consent. We will obtain your express consent if we collect, use or disclose sensitive information. Your consent may also be intrinsic to the circumstances such as in the case where you have already provided personal information to us and you maintain your relationship with us or where you provide our representatives with your phone number so that we can contact you. Except when otherwise permitted by law, we will only use the information for the purpose for which it was given. From time to time, we may collect, utilize, or disclose your personal information based on your consent and as otherwise permitted by law.

When your consent is required, you can withdraw consent at any time (unless withdrawing the consent would frustrate the performance of legal obligations) upon providing to us a 30-day notice. However, the withdrawal of your consent may adversely affect our ability to provide products and services to you and to maintain our relationship.

In certain circumstances, as permitted or required by law, we may collect, use, or disclose personal information without your knowledge or consent. These circumstances include (where applicable) information about individuals that is publicly available, where collection or use is clearly in the interests of the individual and consent cannot be obtained in a timely way, to investigate a breach or a contravention of a law, to comply with a subpoena, warrant, court order, or as required or otherwise permitted by law.

Third Parties

We remain responsible for all personal information communicated to third parties for processing. As such, we ensure that third parties that are engaged to provide products or services on our behalf and are provided with personal information are required to observe the intent of this Canadian Policy by having comparable levels of security protection or, when required, by assuring us (through a confidentiality agreement) that they will not use or disclosure the personal information for any purpose other than the purpose for which the personal information was communicated.

Limitations

>We only collect the personal information necessary to fulfil the purposes identified to you prior to or at the time of collection, or any other reasonable and legitimate purposes or as required by law.

We do not use or disclose your personal information, except for the purposes for which it was collected, or new purposes to which you have consented, or as required or otherwise permitted by applicable law.

We do not, as a condition of supplying goods or services to you or on your behalf, or as an administrative or management requirement, require consent to the collection, use or disclosure of personal information beyond that reasonably required for such purposes, or to comply with its obligations under applicable law.

Retention of Personal Information

We may keep a record of your personal information, including correspondence or comments, in the applicable file specific to you. We will utilize, disclose, or retain your personal information for as long as necessary to fulfil the purposes for which it was collected and for legal or business requirements. We will establish minimum and maximum retention periods and procedures for maintaining and destroying your personal information. When personal information is retained to make a decision about you, we will retain such information for one year.

Access to Your Personal Information

Subject to the exceptions provided by the applicable law, we will make available to you any specific personal information about you that we have collected, utilized or disclosed, upon your written request. We will make such information available to you in a form that is generally understandable, including explaining any abbreviations or codes and using an alternative format, if required. Simply send your request for access to the Privacy Officer listed below. Please be as specific as possible in your request so that we can meet the applicable time lines.

Accuracy

We will use reasonable efforts to ensure that your personal information is kept as accurate, complete, and up-to-date as possible. We will not routinely update your personal information, unless such a process is necessary. In order to help us maintain and ensure that your personal information is accurate and up to date, you must inform us, without delay, of any change in the information you provided to us.

You can at any time, challenge the accuracy or completeness of the personal information we have about you, subject to the exceptions provided by applicable law. If you successfully demonstrate that the personal information we have on you is inaccurate or incomplete, we will amend the personal information as required. Where appropriate, we will transmit the amended information to third parties to whom we have communicated your personal information.

Response Times

We will make every reasonable effort to respond to each of your written requests not later than 30 days after receipt of such requests. When applicable, we will advise you in writing if we cannot meet your requests within this time limit. When applicable, you have the right to make a complaint to the appropriate privacy commission with respect to this time limit.

Costs

We expect to provide access without charge as a general matter. However, we reserve the right to collect a reasonable charge when you request the transcription, reproduction, or transmission of such information. We will notify you, following your request for transcription, reproduction, or transmission, of the appropriate amount that will be charged. You will then have the opportunity to withdraw your request.

Identifying You in Connection with Requests

We may require that you provide to us sufficient information to identify yourself before we provide information about the existence, use, or disclosure of your personal information in our possession. Any such information shall be used only for this purpose.

Safeguards

We use security safeguards appropriate to the sensitivity of personal information to protect it from loss or theft, as well as unauthorized access, disclosure, copying, use or modification. These safeguards include physical measures, such as restricted access to offices and equipment, organizational measures, such as security clearances, and publishing this policy to appropriate personnel with instructions to act in accordance with its principles (for example, limiting access on a “need to know” basis), and technological measures, such as the use of passwords and/or encryption.

Contact

Personal information is generally located at our corporate or divisional offices. A list of corporations, divisions, subsidiaries and affiliates to which this Privacy Policy applies is available upon request.

Please direct all complaints or other inquiries regarding personal information, the General Policy, the European Union Policy or the Canadian Policy to our Head of IT as follows.

Candela Corporation
251 Locke Dr
Marlborough, MA 01752
info@candelamedical.com

California Consumer Privacy Act (“CCPA”) Rights

As of January 1, 2020 verified California residents will have the right to:

For purposes of the CCPA personal information means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.

In order to make a request for disclosure California residents may contact us by calling 800-733-8550 or accessing https://candelamedical.com/california-consumer-privacy-act-requests. We will ask you for information that allows us to reasonably verify your identity (that you are the person about whom we collected personal information) and will use that information only for that purpose. We may request that you submit a signed statement under penalty of perjury that you are the individual you claim to be.  We will acknowledge receipt of your request within 10 days and will endeavor to respond within forty-five days of receipt of your request, but if we require more time (up to an additional forty-five days) we will notify you of our need for additional time. For requests that we not sell your information we will comply with your request within 15 days. We cannot respond to your request or provide you with personal information if we cannot verify your identity and confirm that the personal information relates to you.

You may make a request for disclosure of our information collection practices, the information we collected about you, or our sharing practices up to twice within a 12-month period.  You may make a request that we not sell information or for deletion of your information at any time.

For requests for a copy of the personal information we have collected during the 12 months prior to your request we will endeavor to provide the information in a format that is readily useable, including by mailing you a paper copy or providing an electronic copy to your registered account, if you have registered an account with us.

For requests for deletion of your information please understand that California law permits us to retain certain information and not to delete it under certain circumstances.  By way of example, we are not required to comply with a request to delete information if the information is necessary for us to complete a transaction for you or otherwise perform a contract; to detect, protect against, or prosecute security incidents, fraud or illegal activity; to use the information only internally in ways reasonably aligned with your expectations as our customer (such as maintaining sales records), and to comply with legal obligations. If we receive such a request from you we will notify any service providers we have engaged to delete your information as well.

We will not discriminate against you as a result of your exercise of any of these rights.

Selling Information.  We do not sell your information for monetary consideration but we may transfer your information to a third party that provides us with services such as helping us with advertising, social media, data analysis and security, which may fall under the definition of for “other valuable consideration” which may be considered a ‘sale’ under the CCPA. During the past 12 months we disclosed Identifiers, Geolocation and Electronic Network Activity to third parties for a business purpose which falls within the definition of a ‘sale’.  If you are a California resident over the age of 16 and would like to instruct us not to sell your personal information, please visit our Do-Not-Sell web page here https://candelamedical.com/ccpa-do-not-sell. We do not sell personal information of individuals we actually know are less than 16 years of age. If you request that we not sell your information we will honor your request within 15 days, will notify those who received your information in the 90 days before your request to not further sell your information and will notify you wen this has been completed. Once we receive your Do-Not-Sell request we will wait at least 12 months before asking you to reauthorize personal information sales.

Using an Authorized Agent.  You may submit a request through someone holding a formal Power of Attorney.  Otherwise, you may submit a request using an authorized agent only if (1) you provide the authorized agent with written permission to make a request and (2) you verify your own identity directly with us.  We will require the agent to submit proof to us that they have been authorized to make requests on your behalf.

During the past 12 months, we have collected the following categories of information from the listed sources, used it for the listed business purposes and shared it with the listed categories of third parties.  The categories of information include information we collect from our website visitors, registered users, employees, vendors, suppliers and any other person that interacts with us either online or offline. Not all information is collected about all individuals.  For instance, we may collect different information from applicants for employment or from vendors or from customers.

Category of Information collected Source Business purposes* for use Categories of third parties receiving information
Identifiers (name, alias, postal address, email address, phone number, fax number, account name, Social Security number, driver's license number, passport number, unique personal identifier, IP address)

Individuals submitting information to us; 

information we automatically collect from site visitors; 

information we may receive from third-party marketing and data partners;

employment applications; and

employees.

Employee and vendor management and administration
auditing relating to transactions; 

security detection, protection and enforcement;

functionality debugging/error repair;

ad customization;

performing services for you;

internal research and development; and

quality control.

Service providers (such as customer relationship managers, payment processors, mail houses, marketing partners, employee benefits partners; company service providers to access certain company applications, and travel and accommodation providers);

affiliated companies; 

government regulators and law enforcement when legally required; and

strategically aligned businesses.

Sensitive Information (name with financial account, medical, health, and health insurance information, user name and password)

Individuals submitting information;

employment applications; and

employees.

Employee and vendor management and administration; 

security detection, protection and enforcement; and

performing services for you.

Service providers (such as customer relationship managers, payment processors, mail houses, marketing partners, shipping partners, employee benefits partners; company service providers to access certain company applications, and travel and accommodation providers);
affiliated companies; 

government regulators and law enforcement when legally required; and

strategically aligned businesses.

Protected classification information (race, gender, ethnicity, religion)

Individuals submitting information;

employment applications; and

employees.

Employee and vendor management and administration;

Compliance with applicable anti-discrimination laws; and

performing services for you;

Service providers (such as payroll providers, employee benefits partners, company service providers to access certain company applications, and travel and accommodation providers);

affiliated companies; and

government regulators and law enforcement when legally required

Commercial information (transaction history, products/services purchased, obtained or considered, product preference)

Individuals submitting information; 

information we automatically collect from site visitors; and

information we may receive from third-party marketing or data partners.

Auditing relating to transactions; 
security detection, protection and enforcement;

ad customization;

performing services to you;

internal research and development; and

quality control.

Service providers (such as customer relationship managers and marketing partners);
affiliated companies;

government regulators and law enforcement when legally required; and

strategically aligned businesses.

Electronic network activity (browsing or search history, website interactions, advertisement interactions)

Individuals submitting information; 

information we automatically collect from site visitors;

information we may receive from third-party marketing or data partners.

Ad customization;

performing services for you; and

internal research and development.

Service providers (such as customer relationship managers and marketing partners);
affiliated companies; 

government regulators and law enforcement when legally required; and

strategically aligned businesses.

Audio, video or similar information (security monitoring, speakers, consultants)

Individuals submitting information; and

information we collect for security purposes.

Employee and vendor management and administration

security detection, protection and enforcement; and

performing services or contractual obligations for you.

Service providers (such as customer relationship managers and marketing partners);
affiliated companies; 

government regulators and law enforcement when legally required; and

strategically aligned businesses.

Biometrics Not collected Not collected Not collected
Geolocation Information we automatically collect from site visitors.

Auditing relating to transactions; 

security detection, protection and enforcement;

ad customization; and

performing services for you.

Service providers (customer relationship managers and marketing partners);

affiliated companies; 

government regulators and law enforcement when legally required; and

strategically aligned businesses.

Professional, educational or employment related information

Information submitted by individuals;

information received from third parties in connection with vendor or employment status or applications;

information we observe in connection with vendor or employment oversight.

Employee and vendor management and administration
security detection, protection and enforcement; and

performing services for you.

Service providers (such as payroll providers, employee benefits partners, company service providers to access certain company applications, and travel and accommodation providers);

affiliated companies; and

government regulators and law enforcement when legally required

Inference from the above (preferences, characteristics, behavior, attitudes, abilities, etc.) Internal analytics

Employee and vendor management and administration
security detection, protection and enforcement;

ad customization;

performing services for you;

internal research and development; and

quality control.

Service providers (such as customer relationship managers and marketing partners);
affiliated companies; 

government regulators and law enforcement when legally required; and

strategically aligned businesses;

*More specifically, the business purposes include:

  1. Performing services for you:
  1. Advertising customization:
  1. Auditing relating to transactions, internal research and development:
  1. Security detection, protection and enforcement; functionality debugging, error repair:
  1. Quality control:

To Top