Policy Name: Cynosure Privacy Policy for Employees, Contractors, and Applicants
Policy Effective Date: 10/01/2021
Locations on MyCynosure: Policies
Policy Owner: Data Protection Committee
Applies to: All Cynosure Employees, Contractors, and Applicants
Cynosure Privacy Policy for Employees, Contractors, and Applicants (this “Privacy Policy”).
This Privacy Policy relates to information collected online and offline by Cynosure, LLC (along with Cynosure, LLC’s Corporate Affiliates (as defined below), collectively, “Cynosure” “we” or “us” or “our”) from or about you solely in your capacity as a Cynosure employee (each, an “Employee”), as an independent contractor who is a natural person and has been engaged by Cynosure (including without limitation social media influencers (each, an “Influencer”) and professionals (including healthcare professionals): (i) who have contracted with Cynosure as key opinion leaders (each, a “KOL”), or (ii) who have contracted with Cynosure as members of our medical advisory board (each, an “Advisor”) (each, a “Contractor”), or as an applicant for employment with Cynosure as an Employee or engagement by Cynosure as a Contractor (each, an “Applicant”). This Privacy Policy has been prepared for your information and understanding of the policies, philosophies, and practices of Cynosure and shall be effective from and after October 1, 2021 (the “Effective Date”). As used herein, “you” and “your” means any Employee, Contractor, or Applicant. This Privacy Policy will apply to you only if: (i) our Processing of your Personal Data is regulated by the GDPR; and/or (ii) you are a California resident. Cynosure, LLC is based in the United States of America. Cynosure, LLC’s main office is 5 Carlisle Road, Westford, MA 01886.
As of the Effective Date, Cynosure, LLC’s Corporate Affiliates include:
| Corporate Affiliate | Address |
| Lotus Parent, Inc. | 5 Carlisle Road, Westford, MA 01886 |
| Lotus Buyer, Inc. | 5 Carlisle Road, Westford, MA 01886 |
| Cynosure Canada Medical Devices Company ULC | 203 Exeter Road, Unit F, London, ON, N6L 1A4 |
| Cynosure France SARL | 132 boulevard de Verdun, Courbevoie, France |
| Cynosure Maroc SARL | Rue 2 N°40 Wakanati, Route d’azemmour, Ain Diab |
| Cynosure GmbH | Schillerstraße 2,60313 Frankfurt am Main
Robert-Bosch-Str. 11A ; 63225 Langen /Baze c/o |
| Cynosure K.K. | 2-17 Kagurazaka, Shinjuku-ku, Tokyo 162-0825
7-22-17 Nishigtotanda, Shinagawa-ku, Tokyo 141-0031
5-14-22 Nishinakajima, Osaka-si Yodogawa-ku, Osaka 532-0011 |
| Cynosure Korea Limited | 6F Samwon Bldg, 651 Eonju-ro, Gangnam-gu, Seoul 06104 Korea
1F Plaza654 Bldg, 551 Eonju-ro, Gangnam-gu, Seoul, 06138 Korea
B1F, Songam Bldg, 709 Eonju-ro, Gangnam-gu, Seoul 06053 Korea
#A-3003, 32 Centum 3-ro, Haeundae-gu,Busan 48060 Korea |
| Cynosure Mexico, S. de R.L. de C.V. | |
| Cynosure UK Ltd | Chiswick Tower, Floor 17, 389 Chiswick High Road, W4 4AJ
898 Plymouth Road, Slough Trading Estate, SL1 4LP |
| Palomar Medical Technologies, LLC | 5 Carlisle Road, Westford, MA 01886 |
| Cynosure B.V. | Veemarkt 143, 1019 CC Amsterdam, Netherlands |
| Cynosure Pty Ltd | 31 Sabre Drive, Port Melbourne, VIC, 3207
14-16 Suakin Street, Pymble, NSW, 2073 |
| Cynosure Spain S.L. | Edificio Ferbocar, 1º derecha Avenida de Quitapesares, 17,, 28670 Villaviciosa de Odón, Madrid, Spain |
| Cynosure Portugal, Unipessoal, Limitada | Avda. da Republica, número 6 7 esquerdo
1050-191 Lisboa |
| Suzhou Cynosure Medical Devices Company Ltd |
Room 1706-1707,No 555 Dongfeng Road,Yuexiu District, Guangzhou Room Numbers: 03-110-2P and 03-109-4P 2A Worker Stadium North Road Chaoyang District, Beijing, China (PRC) 5F, Yuan Dong Da Sha, 575 Chang Xu Road, Suzhou Room: 203-204(1) Room: 204(2)-205 Room: 303 Room: 502-503 Room: 504-510 |
Alternative formats of this Privacy Policy are available to individuals with a disability. Please contact [email protected] for assistance.
If you provide us with information of an emergency contact, spouse, partner, dependent, or any other third party, it is your responsibility to obtain consent from that third party prior to sharing their information with us. If you are an Applicant, if you intend to provide us with information of a reference or any other third party as part of your application process, it is your responsibility to obtain consent from that third party prior to sharing their information with us.
If you are an Influencer, you may also be a consumer (as defined in Cynosure’s general Privacy Notice (available at https://www.cynosure.com/privacy-policy/ (the “General Privacy Notice”))). Such General Privacy Notice will apply to you to the extent you are a consumer (as defined therein) in your capacity as a consumer (as defined therein).
If you are a KOL, Influencer, or Advisor, you also may be a professional (as defined in Cynosure’s General Privacy Notice). Such General Privacy Notice will apply to you to the extent you are a professional (as defined therein) in your capacity as a professional (as defined therein).
Article I – In General
1. Definitions:
1.1. “CCPA” means the California Consumer Privacy Act, as may be amended from time to time, as well as any regulations promulgated thereunder.
1.2. “GDPR” means the General Data Protection Regulation (EU) 2016/679.
1.3. “GDPR Data” means Personal Data to the extent our Processing of such Personal Data is regulated by the GDPR.
1.4. “Personal Data” means any information relating to any identified or identifiable Employee, Contractor or Applicant, and includes, without limitation, CCPA Information (as defined below). Personal Data excludes anonymous or de-identified data that cannot identify any natural person, household, or device by any means reasonably available to anyone.
1.5. “Processing” (including grammatically inflected forms thereof) means any operation or set of operations which is performed on data or on sets of data, whether or not by automated means, including without limitation collection, recording, organization, structuring, storage, adaptation or alteration, access, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion, erasure or destruction.
1.6. “Sensitive Data” means GDPR Data: (i) that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; (ii) that constitutes genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation; or (iii) relating to criminal convictions and offenses.
2. Personal Data Cynosure Collects: We may collect, store, and use the following types of Personal Data about you:
2.1. Full legal name;
2.2. User name;
2.3. Date of birth;
2.4. Address;
2.5. Telephone number;
2.6. Email address;
2.7. Password;
2.8. Social Security card and number (or equivalent);
2.9. Spouse/partner/dependent/family information (including relationship to any existing Cynosure personnel);
2.10. Race (the disclosure of this data element is voluntary);
2.11. Sex;
2.12. Gender;
2.13. Ethnicity (the disclosure of this data element is voluntary);
2.14. Pregnancy or childbirth and related medical conditions;
2.15. Request for pregnancy disability leave;
2.16. Medical condition;
2.17. Request for family care leave;
2.18. Request for leave for health issue;
2.19. Trade union membership (the disclosure of this data element is voluntary);
2.20. Immigration visa;
2.21. Work eligibility;
2.22. Income tax elections;
2.23. Tax identification number;
2.24. Driver’s license image and number;
2.25. Non-driver identification card image and number;
2.26. State-issued identification card image and number;
2.27. Passport image and number;
2.28. Military identification number;
2.29. Military or veteran status (the disclosure of this data element is optional as part of the application process);
2.30. Other unique identification number issued on a government document;
2.31. Signature;
2.32. Health Insurance policy information, including policy number and subscriber identification number;
2.33. Health insurance application and claims history;
2.34. Background check summary data;
2.35. Education records (including grades);
2.36. Transcripts;
2.37. Employment;
2.38. Current and past employer and job history;
2.39. Reference checks;
2.40. Bank account number;
2.41. Records of products or services purchased for expense reimbursement purposes;
2.42. Marital status;
2.43. Browsing history;
2.44. Search history;
2.45. Information on your interaction with a website, application, or advertisement;
2.46. Photograph (including “before and after” photographs if you are an Influencer);
2.47. Resume;
2.48. Curriculum vitae (“CV”);
2.49. Substantive areas of expertise;
2.50. Professional licenses and certifications;
2.51. Cover letter;
2.52. Payroll withholding information;
2.53. Rate of pay and any other compensation paid;
2.54. Starting date of employment or contract engagement;
2.55. Job or contract applications, and/or other forms of employment or contract engagement inquiries submitted to us;
2.56. Waivers and other employment or contractual engagement agreements;
2.57. Termination notices;
2.58. Documents related to discipline;
2.59. Performance evaluations and other information related to job performance;
2.60. GPS tracking data of company-owned service vehicle location, including real-time vehicle location and status, fuel usage, routes taken, driver location, trip tagging and miles per state, safe driving data such as speeding, braking, stop time, idle time, cornering, sudden acceleration, scoring based on driver behavior, data analytics based on the foregoing data;
2.61. Monitoring and blocking of cell phone activities, including incoming and outgoing calls, sending and receiving text messages and accessing navigation and other applications;
2.62. Audio and visual recordings, including of webinars/trainings;
2.63. Call center telephone calls;
2.64. If you are an Applicant who is not located in the European Economic Area, psychological and behavioral assessment data reflecting behavior and aptitude tendencies;
2.65. Content you create or otherwise provide to us (including social media content you create if you are an Advisor, Influencer, or KOL);
2.66. Content of interviews in which you may participate with medical writers and/or other media (if you are KOL);
2.67. Social media handle and related information;
2.68. Back-end social media performance metrics (if you are a KOL or Influencer);
2.69. Feedback regarding our products and services (if you are a KOL or Advisor);
2.70. Products owned, purchased, and/or considered (if you are a KOL or Advisor);
2.71. Financial and payment disclosure information, including stocks and proprietary interests;
2.72. Other similar identifiers.
With respect to Employees, Applicants, and Contractors, we may obtain the above information from you, from third-party sources (including recruiters) and/or from publicly available sources, such as government data bases and social media sites, including LinkedIn.
Except where otherwise noted above, our collection, storage, use, and Processing of the foregoing types of Personal Data is required in order to facilitate the Employment Relationship (as defined below) or Contractor Relationship (as defined below) or, in the case of Applicants, to evaluate whether or not to enter into an Employment Relationship with you or to engage you as a Contractor (as applicable).
3. Use of Personal Data: We Process Personal Data for the following business or commercial purposes: (i) in the case of Employees, to facilitate, administer and carry out the employer-employee relationship between you and Cynosure (including, without limitation, staffing of projects, verifying eligibility for employment, evaluating eligibility for prospective future positions, benefits administration and payroll and human resources functions, and serving as a reference for prospective employees, the “Employment Relationship”); (ii) in the case of Contractors, to facilitate the business relationship between you and Cynosure, including to facilitate your provision of services to Cynosure and Cynosure’s payment to you in consideration for such services, in each case in accordance with the terms and conditions of your agreement with Cynosure (the “Contractor Relationship”); and (iii) in the case of Applicants, to evaluate whether or not to enter into an Employment Relationship with you or to engage you as a Contractor (as applicable). Without limitation of the foregoing, if you are an Employee who is a member of our service team, we may use your address to send parts to your home to enable you to perform your tasks in furtherance of the Employment Relationship.
3.1. Lawful Basis for Processing. This Article I Section 3.1 shall apply only to GDPR Data. Cynosure acts as the controller (as defined in the GDPR) of your GDPR Data that Cynosure Processes under this Privacy Policy. We will Process your GDPR Data only to the extent the law allows us to do so. Most commonly, we will use your GDPR Data in the following circumstances:
3.1.1. Where we need to Process your GDPR Data in order to perform the contract we have entered into with you.
3.1.2. Where we need to comply with a legal obligation.
3.1.3. Where it is necessary for our legitimate interests (or those of a third party) in facilitating the Employment Relationship or Contractor Relationship or, in the case of Applicants, to evaluate whether or not to enter into an Employment Relationship with you or to engage you as a Contractor (as applicable), and where your interests and fundamental rights do not override those interests.
We may also Process your GDPR Data in the following situations, which are likely to be rare: (i) where we need to protect your interests (or someone else’s interests); or (ii) where it is needed in the public interest or for official purposes.
3.2. Sensitive Data: This Article I Section 3.2 shall apply only to GDPR Data. In general, we will not Process Sensitive Data about you unless it is necessary in facilitating the Employment Relationship or Contractor Relationship or, in the case of Applicants, to evaluate whether or not to enter into an Employment Relationship with you or to engage you as a Contractor (as applicable). On rare occasions, there may be other reasons for Processing, such as it is in the public interest to do so. The situations in which we will Process your Sensitive Data are listed below. We have indicated the purpose or purposes for which we are processing or will process your Sensitive Data.
3.2.1. We may use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits including statutory maternity pay, statutory sick pay, pensions and permanent health insurance. We need to Process this information to exercise rights and perform obligations in connection with your employment.
3.2.2. We may use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting and for work permit purposes.
3.2.3. We may use trade union membership information to pay trade union premiums, register the status of a protected employee and to comply with employment law obligations.
3.3. Retention. We will only retain your Personal Data for as long as necessary to fulfill the purposes for which we collected it. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of that information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
4. Disclosures of Personal Data for a Business or Commercial Purpose: Cynosure may disclose your Personal Data described above to the following categories of third parties for the business or commercial purposes described below.
4.1. Cynosure Customers, Prospective Customers, and Social Media Followers: Cynosure may disclose the Personal Data of Employees and/or Contractors to Cynosure’s customers (in connection with Cynosure’s provision of services to customers) and/or prospective customers (in connection with Cynosure’s business development efforts with respect to prospective customers). Cynosure may also disclose your CV information, substantive areas of expertise, and your photograph to its social media followers.
4.2. Laws and Legal Rights: Cynosure may disclose your Personal Data if we believe in good faith that we are required to do so in order to comply with an applicable statute, regulation, rule or law, a subpoena, a search warrant, a court or regulatory order, lawful requests by public authorities, including to meet national security or law enforcement requirements, or other valid legal process. We may disclose Personal Data in special circumstances when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating a contract with us, to detect fraud, for assistance with a delinquent account, or to protect the safety and/or security of our employees, users, Cynosure’s intellectual property or the general public.
4.3. Outside Contractors: We may employ independent contractors, vendors and suppliers (collectively, “Outside Contractors”) to provide specific services and products related to our business, including the Employment Relationship or Contractor Relationship, such as (in the case of Employees only) facilitating payroll or administering benefits, or (in the case of Applicants) facilitating the application process, or (in the case of Employees, Contractors, and Applicants) data storage and hosting providers. In the course of providing products or services to us, these Outside Contractors may have access to your Personal Data. We use reasonable efforts intended to ensure that these Outside Contractors are capable of protecting the security of your Personal Data. Without limitation of the foregoing, if you are an Influencer, we may share your Personal Data with KOLs and if you are a KOL we may share your Personal Data with Influencers.
4.4. Investment in, or Sale of, Business: We reserve the right to transfer Personal Data to a third party in connection with a sale, merger or other transfer of all or substantially all of the assets of Cynosure or any of its Corporate Affiliates (as defined below), or that portion of Cynosure or any of its Corporate Affiliates to which the Employment Relationship or Contractor Relationship relates, or in connection with a strategic investment by a third party in Cynosure, or in the event that we discontinue our business or file a petition or have filed against us a petition in bankruptcy, reorganization or similar proceeding.
4.5. Corporate Affiliates: We may disclose your Personal Data to our Corporate Affiliates. “Corporate Affiliate” means any person or entity which directly or indirectly controls, is controlled by or is under common control with Cynosure, LLC, whether by ownership or otherwise; and “control” means possessing, directly or indirectly, the power to direct or cause the direction of the management, policies or operations of an entity, whether through ownership of fifty percent (50%) or more of the voting securities, by contract or otherwise.
Article II – GDPR Rights
This Article II shall apply to you only to your GDPR Data. Under certain circumstances and in compliance with the GDPR, you may have the right to:
Request access to your GDPR Data (commonly known as a subject access request). This enables you to receive a copy of the GDPR Data we hold about you and to check that we are lawfully processing it;
Request correction of the GDPR Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
Request erasure of your GDPR Data. This enables you to ask us to delete or remove your GDPR Data where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove all of your GDPR Data in certain circumstances;
Object to processing of your GDPR Data where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground;
Request the restriction of processing of your GDPR Data. This enables you to ask us to suspend the processing of your GDPR Data, for example, if you want us to establish its accuracy or the reason for processing it;
Request the transfer of your GDPR Data to another party; and
Lodge a complaint with the relevant supervisory authority (as defined in the GDPR). If you have any complaints about the way we process your GDPR Data, please do contact us. Alternatively, you may lodge a complaint with the supervisory authority which is established in your country.
If you wish to exercise any of the rights set out above, please contact us at [email protected]. Please note that Cynosure reserves the right to refuse any request to exercise such rights to the extent permitted by applicable law.
Article III – International Data Transfers
This Article III shall apply only to your GDPR Data. GDPR Data collected by Cynosure under this Privacy Policy may be transferred from time to time to our offices or personnel, or to third parties, located throughout the world, including countries that may not have laws of general applicability regulating the use and transfer of such GDPR Data or that do not ensure adequate protection for GDPR Data (as determined by the European Commission), including without limitation the United States. To the extent required by applicable law: whenever we transfer your GDPR Data to third parties located in countries that do not ensure adequate protection for GDPR Data (as determined by the European Commission, and including without limitation the United States, each, an “Inadequate Jurisdiction”), we ensure a similar degree of protection is afforded to it; we may use specific contracts approved by the European Commission which give GDPR Data the same protection it has in the European Economic Area under the GDPR; and if we rely on another basis to transfer your GDPR Data to an Inadequate Jurisdiction, we will keep you updated or contact you if required. Please contact us if you want further information on the specific mechanisms used by us when transferring your GDPR Data to an Inadequate Jurisdiction.
Article IV – Privacy Notice for California Employees, Contractors, and Applicants
This Article IV shall apply to you only if you are a California resident. As used in this Article IV, “sell” (including any grammatically inflected forms thereof) means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, CCPA Information (as defined below) to another business or a third party for monetary or other valuable consideration.
“Selling” does not include: (i) disclosing CCPA Information to a third party at your direction, provided the third party does not sell the CCPA Information except in accordance with the CCPA; (ii) where you intentionally interact with a third party, provided the third party does not also sell the CCPA Information; (iii) using or sharing your CCPA Information with a service provider as necessary to perform business purposes, provided that such service provider provides its services on Cynosure’s behalf and provided that the service provider does not further collect, sell or use the CCPA Information except as necessary to perform the business purpose; or (iv) transfers of your CCPA Information to a third party as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of Cynosure, provided that information is used or shared consistently with the CCPA.
1. CCPA Information Collected: We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you, your device, or your household, to the extent you are a California resident (“CCPA Information”). CCPA Information does not include deidentified or aggregated information, publicly available information from government records, or any other information that is excepted from the definition of “personal information” under the CCPA, or any information that is otherwise not regulated by the CCPA. In particular, we have collected the following categories of CCPA Information from California residents, households or devices within the last twelve (12) months:
|
Category |
Examples | Business or commercial purposes for which we collect and use CCPA Information. | Categories of third parties to whom we have disclosed CCPA Information for a business or commercial purpose in the preceding twelve (12) months. | Categories of sources from which CCPA Information is collected. |
| A. Identifiers. | Full legal name, user name, password, date of birth, Social Security card and number (or equivalent), email address, address, telephone number, gender, signature, photograph (including “before and after” photographs if you are an Influencer), spouse/partner/dependent/ family information (including relationship to any existing Cynosure personnel), emergency contact information, immigration visa, driver’s license image and number, non-driver identification card image and number, state-issued identification card image and number, tax identification number, passport image and number, military identification number, or other unique identification number issued on a government document, content you create or otherwise provide to us (including social media content you create if you are an Advisor, Influencer, or KOL), content of interviews in which you may participate with medical writers and/or other media (if you are KOL), social media handle and related information, financial and payment disclosure information, including stocks and proprietary interests (if you are an Advisor), and other similar identifiers.
|
If you are an Employee, to facilitate the Employment Relationship.
If you are a Contractor, to facilitate the Contractor Relationship. If you are an Applicant, to evaluate whether or not to enter into an Employment Relationship with you or to engage you as a Contractor (as applicable. |
Outside Contractors, as further described in Article I Section 4.3 above.
Business Affiliates. Company customers and prospective customers. KOLs (if you are an Influencer). Influencers (if you are a KOL). |
Submitted to us by you or by employment recruiters.
Collected from publicly available sources, such as LinkedIn. |
| B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | Name, Social Security card and number (or equivalent), email address, address, education, employment, employment history, medical information, bank account number, health insurance policy information, including policy number and subscriber identification number, health insurance application and claims history, driver’s license image and number, non-driver identification card image and number, state-issued identification card image and number, tax identification number, passport image and number, military identification number, or other unique identification number issued on a government document. | If you are an Employee, to facilitate the Employment Relationship.
If you are a Contractor, to facilitate the Contractor Relationship. If you are an Applicant, to evaluate whether or not to enter into an Employment Relationship with you or to engage you as a Contractor (as applicable. |
Outside Contractors, as further described in Article I Section 4.3 above.
Business Affiliates. Company customers and prospective customers (but only to the extent such CCPA Information elements are also listed in Category A above).
|
Submitted to us by you or by employment recruiters.
Collected from publicly available sources, such as LinkedIn. |
| C. Protected classification characteristics under California or federal law. | Race (the disclosure of this data element is voluntary), ethnicity (the disclosure of this data element is voluntary), sex, gender, pregnancy or childbirth and related medical conditions, income tax elections, trade union membership (the disclosure of this data element is voluntary), military or veteran status; marital status, medical condition, request for family care leave, request for leave for health issue, request for pregnancy disability leave. | If you are an Employee, to facilitate the Employment Relationship.
If you are a Contractor, to facilitate the Contractor Relationship.
|
Outside Contractors, as further described in Article I Section 4.3 above.
KOLs (if you are an Influencer). Business Affiliates. |
Submitted to us by you or by employment recruiters.
|
| D. Commercial information. | Records of products or services purchased for expense reimbursement purposes; feedback regarding our products and services (if you are a KOL or Advisor); products owned, purchased, and/or considered (if you are a KOL or Advisor). | If you are an Employee or a Contractor, to facilitate expense reimbursement. | Outside Contractors, as further described in Article I Section 4.3 above.
Business Affiliates. |
Submitted to us by you. |
| E. Internet or other similar network activity. | Browsing history, search history, back-end social media performance metrics (if you are a KOL or Influencer), information on your interaction with a website, application, or advertisement. | If you are an Employee or a Contractor, to facilitate the Employment or Contractor relationship (as applicable) and to protect the integrity of our systems, hardware, infrastructure, and general ethical well-being. | Outside Contractors, as further described in Article I Section 4.3 above.
Business Affiliates. |
Collected when you interact with our IT systems. |
| F. Geolocation data. | GPS tracking data of company-owned service vehicle location, including real-time vehicle location and status, fuel usage, routes taken, driver location, trip tagging and miles per State, safe driving data such as speeding, braking, stop time, idle time, cornering, sudden acceleration, scoring based on driver behavior, data analytics based on the foregoing data. Monitoring and blocking of cell phone activities, including incoming and outgoing calls, sending and receiving text messages and accessing navigation and other applications. | To monitor usage of Company-owned service vehicles for safety and other purposes and to facilitate the Employee or Contractor relationship as applicable.
|
Outside Contractors, as further described in Article I Section 4.3 above.
Business Affiliates. |
Collected through our IT systems when you operate a company-owned service vehicle. |
| G. Sensory data. | Audio and visual recordings, including of webinars/trainings, call center telephone calls.
|
If you are an Employee, to facilitate the Employment Relationship.
If you are a Contractor, to facilitate the Contractor Relationship.
|
Outside Contractors, as further described in Article I Section 4.3 above.
Business Affiliates. Customers. Website users. |
Collected when you interact with our IT systems. |
| H. Professional or employment-related information. | Employment, current and past employer and job history, performance evaluations other information related to job performance, substantive areas of expertise, professional licenses and certifications, payroll withholding information, work eligibility, background check summary data, reference checks, rate of pay and any other compensation paid, starting date of employment or contract engagement, resume, CV, cover letter, job or contract applications, and/or other forms of employment or contract engagement inquiries submitted to us, waivers and other employment or contractual engagement agreements, termination notices, documents related to discipline. | If you are an Employee, to facilitate the Employment Relationship.
If you are a Contractor, to facilitate the Contractor Relationship. If you are an Applicant, to evaluate whether or not to enter into an Employment Relationship with you or to engage you as a Contractor (as applicable). |
Outside Contractors, as further described in Article I Section 4.3 above.
Business Affiliates. |
Submitted to us by you or by employment recruiters. |
| I. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records including grades, transcripts. | If you are an Applicant, to evaluate whether or not to enter into an Employment Relationship with you or to engage you as a Contractor (as applicable). | Outside Contractors, as further described in Article I Section 4.3 above.
Business Affiliates. |
Submitted to us by you or by employment recruiters. |
| J. Inferences drawn from other personal information. | Psychological and behavioral assessment data reflecting behavior and aptitude tendencies.
|
If you are an Applicant, to evaluate whether or not to enter into an Employment Relationship with you or to engage you as a Contractor (as applicable). | Outside Contractors, as further described in Article I Section 4.3 above.
Business Affiliates. |
Submitted to us by you. |
2. Use of CCPA Information; Categories of Sources: We use CCPA Information for the business or commercial purposes described in the table above and for the business or commercial purposes described in Article I Section 3 of this Privacy Policy with respect to Personal Data. Regarding the categories of sources from which CCPA Information is collected, we collect CCPA Information from the categories of sources specified in the table above. With respect to Employees, Applicants, and Contractors, we may obtain the above information from you, from third-party sources (including recruiters), and/or from publicly available sources, such as social media sites, including LinkedIn.
3. Disclosures of CCPA Information: Cynosure may disclose your CCPA Information described in the table above to a third party for a business or commercial purpose, as described in Article I Section 4 of this Privacy Policy with respect to Personal Data In the preceding twelve (12) months, Cynosure has disclosed the categories of CCPA Information described in the table above for a business or commercial purpose to the categories of third parties described in the table above.
4. Sales of CCPA Information: In the preceding twelve (12) months, Cynosure has not sold, and Cynosure does not and will not sell, CCPA Information that is subject to this Privacy Policy.
5. California Residents’ Rights and Choices: Notwithstanding the Effective Date, this Article IV Section 5 shall apply from and after such date required by the CCPA, and not before. The CCPA provides California residents with specific rights regarding their CCPA Information. This Article IV Section 5 describes your CCPA rights (to the extent applicable to you) and explains how to exercise those rights.
5.1. Access to Specific Information and Data Portability Rights: You may have the right to request that Cynosure disclose certain information to you about our collection and use of your CCPA Information over the past 12 months. Once we receive and confirm your verifiable request (in the manner described in Article IV Section 6 below), to the extent required by the CCPA, we will disclose to you:
5.1.1. The categories of CCPA Information we collected about you.
5.1.2. The categories of sources for the CCPA Information we collected about you.
5.1.3. Our business or commercial purpose for collecting that CCPA Information.
5.1.4. The categories of third parties with whom we share that CCPA Information.
5.1.5. The specific pieces of CCPA Information we collected about you (also called a data portability request).
5.1.6. If we disclosed your CCPA Information for a business or commercial purpose, a list disclosing disclosures for a business or commercial purpose, identifying the CCPA Information categories that each category of recipient obtained.
5.2. Deletion Request Rights: You have the right to request that Cynosure delete any of your CCPA Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm a verifiable request from you (if you are a California resident) in the manner described in Article IV Section 6 below (“verifiable request”), we will delete (and direct our service providers to delete) your CCPA Information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
5.2.1. Complete the transaction for which we collected the CCPA Information, provide a product or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
5.2.2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
5.2.3. Debug products or services to identify and repair errors that impair existing intended functionality.
5.2.4. Exercise free speech, ensure the right of another individual to exercise their free speech rights, or exercise another right provided for by law.
5.2.5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
5.2.6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
5.2.7. Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us.
5.2.8. Comply with a legal obligation.
5.2.9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
6. Exercising Access, Data Portability, and Deletion Rights: Notwithstanding the Effective Date, this Article IV Section 6 shall apply from and after such date required by the CCPA, and not before.
6.1. To exercise the access, data portability, and deletion rights described in Article IV Section 5 above, please submit a verifiable request to us by either: (1) calling us at 800.886.2966; (2) visiting www.cynosure.com; or (3) contacting us at [email protected]. Only you, or someone legally authorized to act on your behalf (such as an authorized agent), may make a verifiable request related to your CCPA Information. You may also make a verifiable request on behalf of your minor child. You may make a verifiable request for access or data portability no more than twice within a 12-month period. The verifiable request must: (i) provide sufficient information that allows us to reasonably verify you are the person about whom we collected CCPA Information or an authorized representative; and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with CCPA Information if we cannot verify your identity or authority to make the request and confirm the CCPA Information relates to you. Making a verifiable request does not require you to create an account with us. We will only use CCPA Information provided in a verifiable request to verify the requestor’s identity or authority to make the request.
6.2. We endeavor to respond to a verifiable request within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. If you have an account with us, we may deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your CCPA Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. If your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either charge a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request and notify you of the reason for refusing the request.
7. Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights, including, unless permitted by the CCPA, by:
7.1. Denying you goods or services.
7.2. Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
7.3. Providing you a different level or quality of goods or services.
7.4. Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Article V – Miscellaneous
In this Privacy Policy, unless a clear contrary intention appears: (i) where not inconsistent with the context, words used in the present tense include the future tense and vice versa and words in the plural number include the singular number and vice versa; (ii) the titles and subtitles used in this Privacy Policy are used for convenience only and are not to be considered in construing or interpreting this Privacy Policy; (iii) “hereunder,” “hereof,” “hereto,” and words of similar import shall be deemed references to this Privacy Policy as a whole and not to any particular Section or Subsection of this Privacy Policy; (iv) “including” (and with correlative meaning, “include”) means including without limiting the generality of any description preceding such term; and (viii) where not inconsistent with the context, the word “or” is not exclusive.