Policy Name: Cynosure Privacy Policy for Employees, Contractors, and Applicants
Policy Effective Date: 10/01/2021
Locations on MyCynosure: Policies
Policy Owner: Data Protection Committee
Applies to: All Cynosure Employees, Contractors, and Applicants
Cynosure Privacy Policy for Employees, Contractors, and Applicants (this “Privacy Policy”).
This Privacy Policy relates to information collected online and offline by Cynosure, LLC (along with Cynosure, LLC’s Corporate Affiliates (as defined below), collectively, “Cynosure” “we” or “us” or “our”) from or about you solely in your capacity as a Cynosure employee (each, an “Employee”), as an independent contractor who is a natural person and has been engaged by Cynosure (including without limitation social media influencers (each, an “Influencer”) and professionals (including healthcare professionals): (i) who have contracted with Cynosure as key opinion leaders (each, a “KOL”), or (ii) who have contracted with Cynosure as members of our medical advisory board (each, an “Advisor”) (each, a “Contractor”), or as an applicant for employment with Cynosure as an Employee or engagement by Cynosure as a Contractor (each, an “Applicant”). This Privacy Policy has been prepared for your information and understanding of the policies, philosophies, and practices of Cynosure and shall be effective from and after October 1, 2021 (the “Effective Date”). As used herein, “you” and “your” means any Employee, Contractor, or Applicant. This Privacy Policy will apply to you only if: (i) our Processing of your Personal Data is regulated by the GDPR; and/or (ii) you are a California resident. Cynosure, LLC is based in the United States of America. Cynosure, LLC’s main office is 5 Carlisle Road, Westford, MA 01886.
As of the Effective Date, Cynosure, LLC’s Corporate Affiliates include:
| Corporate Affiliate | Address |
| Lotus Parent, Inc. | 5 Carlisle Road, Westford, MA 01886 |
| Lotus Buyer, Inc. | 5 Carlisle Road, Westford, MA 01886 |
| Cynosure Canada Medical Devices Company ULC | 203 Exeter Road, Unit F, London, ON, N6L 1A4 |
| Cynosure France SARL | 132 boulevard de Verdun, Courbevoie, France |
| Cynosure Maroc SARL | Rue 2 N°40 Wakanati, Route d’azemmour, Ain Diab |
| Cynosure GmbH | Schillerstraße 2,60313 Frankfurt am Main
Robert-Bosch-Str. 11A ; 63225 Langen /Baze c/o |
| Cynosure K.K. | 2-17 Kagurazaka, Shinjuku-ku, Tokyo 162-0825
7-22-17 Nishigtotanda, Shinagawa-ku, Tokyo 141-0031
5-14-22 Nishinakajima, Osaka-si Yodogawa-ku, Osaka 532-0011 |
| Cynosure Korea Limited | 6F Samwon Bldg, 651 Eonju-ro, Gangnam-gu, Seoul 06104 Korea
1F Plaza654 Bldg, 551 Eonju-ro, Gangnam-gu, Seoul, 06138 Korea
B1F, Songam Bldg, 709 Eonju-ro, Gangnam-gu, Seoul 06053 Korea
#A-3003, 32 Centum 3-ro, Haeundae-gu,Busan 48060 Korea |
| Cynosure Mexico, S. de R.L. de C.V. | |
| Cynosure UK Ltd | Chiswick Tower, Floor 17, 389 Chiswick High Road, W4 4AJ
898 Plymouth Road, Slough Trading Estate, SL1 4LP |
| Palomar Medical Technologies, LLC | 5 Carlisle Road, Westford, MA 01886 |
| Cynosure B.V. | Veemarkt 143, 1019 CC Amsterdam, Netherlands |
| Cynosure Pty Ltd | 31 Sabre Drive, Port Melbourne, VIC, 3207
14-16 Suakin Street, Pymble, NSW, 2073 |
| Cynosure Spain S.L. | Edificio Ferbocar, 1º derecha Avenida de Quitapesares, 17,, 28670 Villaviciosa de Odón, Madrid, Spain |
| Cynosure Portugal, Unipessoal, Limitada | Avda. da Republica, número 6 7 esquerdo
1050-191 Lisboa |
| Suzhou Cynosure Medical Devices Company Ltd |
Room 1706-1707,No 555 Dongfeng Road,Yuexiu District, Guangzhou Room Numbers: 03-110-2P and 03-109-4P 2A Worker Stadium North Road Chaoyang District, Beijing, China (PRC) 5F, Yuan Dong Da Sha, 575 Chang Xu Road, Suzhou Room: 203-204(1) Room: 204(2)-205 Room: 303 Room: 502-503 Room: 504-510 |
Alternative formats of this Privacy Policy are available to individuals with a disability. Please contact privacy@cynosure.com for assistance.
If you provide us with information of an emergency contact, spouse, partner, dependent, or any other third party, it is your responsibility to obtain consent from that third party prior to sharing their information with us. If you are an Applicant, if you intend to provide us with information of a reference or any other third party as part of your application process, it is your responsibility to obtain consent from that third party prior to sharing their information with us.
If you are an Influencer, you may also be a consumer (as defined in Cynosure’s general Privacy Notice (available at https://www.cynosurecanada.com/privacy-policy/ (the “General Privacy Notice”))). Such General Privacy Notice will apply to you to the extent you are a consumer (as defined therein) in your capacity as a consumer (as defined therein).
If you are a KOL, Influencer, or Advisor, you also may be a professional (as defined in Cynosure’s General Privacy Notice). Such General Privacy Notice will apply to you to the extent you are a professional (as defined therein) in your capacity as a professional (as defined therein).
Article I – In General
1. Definitions:
1.1. “CCPA” means the California Consumer Privacy Act, as may be amended from time to time, as well as any regulations promulgated thereunder.
1.2. “GDPR” means the General Data Protection Regulation (EU) 2016/679.
1.3. “GDPR Data” means Personal Data to the extent our Processing of such Personal Data is regulated by the GDPR.
1.4. “Personal Data” means any information relating to any identified or identifiable Employee, Contractor or Applicant, and includes, without limitation, CCPA Information (as defined below). Personal Data excludes anonymous or de-identified data that cannot identify any natural person, household, or device by any means reasonably available to anyone.
1.5. “Processing” (including grammatically inflected forms thereof) means any operation or set of operations which is performed on data or on sets of data, whether or not by automated means, including without limitation collection, recording, organization, structuring, storage, adaptation or alteration, access, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion, erasure or destruction.
1.6. “Sensitive Data” means GDPR Data: (i) that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; (ii) that constitutes genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation; or (iii) relating to criminal convictions and offenses.
2. Personal Data Cynosure Collects: We may collect, store, and use the following types of Personal Data about you:
2.1. Full legal name;
2.2. User name;
2.3. Date of birth;
2.4. Address;
2.5. Telephone number;
2.6. Email address;
2.7. Password;
2.8. Social Insurance card and number (or equivalent);
2.9. Spouse/partner/dependent/family information (including relationship to any existing Cynosure personnel);
2.10. Race (the disclosure of this data element is voluntary);
2.11. Sex;
2.12. Gender;
2.13. Ethnicity (the disclosure of this data element is voluntary);
2.14. Pregnancy or childbirth and related medical conditions;
2.15. Request for pregnancy disability leave;
2.16. Medical condition;
2.17. Request for family care leave;
2.18. Request for leave for health issue;
2.19. Trade union membership (the disclosure of this data element is voluntary);
2.20. Immigration visa;
2.21. Work eligibility;
2.22. Income tax elections;
2.23. Tax identification number;
2.24. Driver’s license image and number;
2.25. Non-driver identification card image and number;
2.26. Province-issued identification card image and number;
2.27. Passport image and number;
2.28. Military identification number;
2.29. Military or veteran status (the disclosure of this data element is optional as part of the application process);
2.30. Other unique identification number issued on a government document;
2.31. Signature;
2.32. Health Insurance policy information, including policy number and subscriber identification number;
2.33. Health insurance application and claims history;
2.34. Background check summary data;
2.35. Education records (including grades);
2.36. Transcripts;
2.37. Employment;
2.38. Current and past employer and job history;
2.39. Reference checks;
2.40. Bank account number;
2.41. Records of products or services purchased for expense reimbursement purposes;
2.42. Marital status;
2.43. Browsing history;
2.44. Search history;
2.45. Information on your interaction with a website, application, or advertisement;
2.46. Photograph (including “before and after” photographs if you are an Influencer);
2.47. Resume;
2.48. Curriculum vitae (“CV”);
2.49. Substantive areas of expertise;
2.50. Professional licenses and certifications;
2.51. Cover letter;
2.52. Payroll withholding information;
2.53. Rate of pay and any other compensation paid;
2.54. Starting date of employment or contract engagement;
2.55. Job or contract applications, and/or other forms of employment or contract engagement inquiries submitted to us;
2.56. Waivers and other employment or contractual engagement agreements;
2.57. Termination notices;
2.58. Documents related to discipline;
2.59. Performance evaluations and other information related to job performance;
2.60. GPS tracking data of company-owned service vehicle location, including real-time vehicle location and status, fuel usage, routes taken, driver location, trip tagging and kilometres per province, safe driving data such as speeding, braking, stop time, idle time, cornering, sudden acceleration, scoring based on driver behaviour, data analytics based on the foregoing data;
2.61. Monitoring and blocking of cell phone activities, including incoming and outgoing calls, sending and receiving text messages and accessing navigation and other applications;
2.62. Audio and visual recordings, including of webinars/trainings;
2.63. Call centre telephone calls;
2.64. If you are an Applicant who is not located in the European Economic Area, psychological and behavioral assessment data reflecting behaviour and aptitude tendencies;
2.65. Content you create or otherwise provide to us (including social media content you create if you are an Advisor, Influencer, or KOL);
2.66. Content of interviews in which you may participate with medical writers and/or other media (if you are KOL);
2.67. Social media handle and related information;
2.68. Back-end social media performance metrics (if you are a KOL or Influencer);
2.69. Feedback regarding our products and services (if you are a KOL or Advisor);
2.70. Products owned, purchased, and/or considered (if you are a KOL or Advisor);
2.71. Financial and payment disclosure information, including stocks and proprietary interests;
2.72. Other similar identifiers.
With respect to Employees, Applicants, and Contractors, we may obtain the above information from you, from third-party sources (including recruiters) and/or from publicly available sources, such as government databases and social media sites, including LinkedIn.
Except where otherwise noted above, our collection, storage, use, and Processing of the foregoing types of Personal Data is required in order to facilitate the Employment Relationship (as defined below) or Contractor Relationship (as defined below) or, in the case of Applicants, to evaluate whether or not to enter into an Employment Relationship with you or to engage you as a Contractor (as applicable).
3. Use of Personal Data: We Process Personal Data for the following business or commercial purposes: (i) in the case of Employees, to facilitate, administer and carry out the employer-employee relationship between you and Cynosure (including, without limitation, staffing of projects, verifying eligibility for employment, evaluating eligibility for prospective future positions, benefits administration and payroll and human resources functions, and serving as a reference for prospective employees, the “Employment Relationship”); (ii) in the case of Contractors, to facilitate the business relationship between you and Cynosure, including to facilitate your provision of services to Cynosure and Cynosure’s payment to you in consideration for such services, in each case in accordance with the terms and conditions of your agreement with Cynosure (the “Contractor Relationship”); and (iii) in the case of Applicants, to evaluate whether or not to enter into an Employment Relationship with you or to engage you as a Contractor (as applicable). Without limitation of the foregoing, if you are an Employee who is a member of our service team, we may use your address to send parts to your home to enable you to perform your tasks in furtherance of the Employment Relationship.
3.1. Lawful Basis for Processing. This Article I Section 3.1 shall apply only to GDPR Data. Cynosure acts as the controller (as defined in the GDPR) of your GDPR Data that Cynosure Processes under this Privacy Policy. We will Process your GDPR Data only to the extent the law allows us to do so. Most commonly, we will use your GDPR Data in the following circumstances:
3.1.1. Where we need to Process your GDPR Data in order to perform the contract we have entered into with you.
3.1.2. Where we need to comply with a legal obligation.
3.1.3. Where it is necessary for our legitimate interests (or those of a third party) in facilitating the Employment Relationship or Contractor Relationship or, in the case of Applicants, to evaluate whether or not to enter into an Employment Relationship with you or to engage you as a Contractor (as applicable), and where your interests and fundamental rights do not override those interests.
We may also Process your GDPR Data in the following situations, which are likely to be rare: (i) where we need to protect your interests (or someone else’s interests); or (ii) where it is needed in the public interest or for official purposes.
3.2. Sensitive Data: This Article I Section 3.2 shall apply only to GDPR Data. In general, we will not Process Sensitive Data about you unless it is necessary in facilitating the Employment Relationship or Contractor Relationship or, in the case of Applicants, to evaluate whether or not to enter into an Employment Relationship with you or to engage you as a Contractor (as applicable). On rare occasions, there may be other reasons for Processing, such as it is in the public interest to do so. The situations in which we will Process your Sensitive Data are listed below. We have indicated the purpose or purposes for which we are processing or will process your Sensitive Data.
3.2.1. We may use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits including statutory maternity pay, statutory sick pay, pensions and permanent health insurance. We need to Process this information to exercise rights and perform obligations in connection with your employment.
3.2.2. We may use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting and for work permit purposes.
3.2.3. We may use trade union membership information to pay trade union premiums, register the status of a protected employee and to comply with employment law obligations.
3.3. Retention. We will only retain your Personal Data for as long as necessary to fulfill the purposes for which we collected it. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of that information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
4. Disclosures of Personal Data for a Business or Commercial Purpose: Cynosure may disclose your Personal Data described above to the following categories of third parties for the business or commercial purposes described below.
4.1. Cynosure Customers, Prospective Customers, and Social Media Followers: Cynosure may disclose the Personal Data of Employees and/or Contractors to Cynosure’s customers (in connection with Cynosure’s provision of services to customers) and/or prospective customers (in connection with Cynosure’s business development efforts with respect to prospective customers). Cynosure may also disclose your CV information, substantive areas of expertise, and your photograph to its social media followers.
4.2. Laws and Legal Rights: Cynosure may disclose your Personal Data if we believe in good faith that we are required to do so in order to comply with an applicable statute, regulation, rule or law, a subpoena, a search warrant, a court or regulatory order, lawful requests by public authorities, including to meet national security or law enforcement requirements, or other valid legal process. We may disclose Personal Data in special circumstances when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating a contract with us, to detect fraud, for assistance with a delinquent account, or to protect the safety and/or security of our employees, users, Cynosure’s intellectual property or the general public.
4.3. Outside Contractors: We may employ independent contractors, vendors and suppliers (collectively, “Outside Contractors”) to provide specific services and products related to our business, including the Employment Relationship or Contractor Relationship, such as (in the case of Employees only) facilitating payroll or administering benefits, or (in the case of Applicants) facilitating the application process, or (in the case of Employees, Contractors, and Applicants) data storage and hosting providers. In the course of providing products or services to us, these Outside Contractors may have access to your Personal Data. We use reasonable efforts intended to ensure that these Outside Contractors are capable of protecting the security of your Personal Data. Without limitation of the foregoing, if you are an Influencer, we may share your Personal Data with KOLs and if you are a KOL we may share your Personal Data with Influencers.
4.4. Investment in, or Sale of, Business: We reserve the right to transfer Personal Data to a third party in connection with a sale, merger or other transfer of all or substantially all of the assets of Cynosure or any of its Corporate Affiliates (as defined below), or that portion of Cynosure or any of its Corporate Affiliates to which the Employment Relationship or Contractor Relationship relates, or in connection with a strategic investment by a third party in Cynosure, or in the event that we discontinue our business or file a petition or have filed against us a petition in bankruptcy, reorganization or similar proceeding.
4.5. Corporate Affiliates: We may disclose your Personal Data to our Corporate Affiliates. “Corporate Affiliate” means any person or entity which directly or indirectly controls, is controlled by or is under common control with Cynosure, LLC, whether by ownership or otherwise; and “control” means possessing, directly or indirectly, the power to direct or cause the direction of the management, policies or operations of an entity, whether through ownership of fifty percent (50%) or more of the voting securities, by contract or otherwise.
Article II – GDPR Rights
This Article II shall apply to you only to your GDPR Data. Under certain circumstances and in compliance with the GDPR, you may have the right to:
Request access to your GDPR Data (commonly known as a subject access request). This enables you to receive a copy of the GDPR Data we hold about you and to check that we are lawfully processing it;
Request correction of the GDPR Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
Request erasure of your GDPR Data. This enables you to ask us to delete or remove your GDPR Data where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove all of your GDPR Data in certain circumstances;
Object to processing of your GDPR Data where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground;
Request the restriction of processing of your GDPR Data. This enables you to ask us to suspend the processing of your GDPR Data, for example, if you want us to establish its accuracy or the reason for processing it;
Request the transfer of your GDPR Data to another party; and
Lodge a complaint with the relevant supervisory authority (as defined in the GDPR). If you have any complaints about the way we process your GDPR Data, please do contact us. Alternatively, you may lodge a complaint with the supervisory authority which is established in your country.
If you wish to exercise any of the rights set out above, please contact us at privacy@cynosure.com. Please note that Cynosure reserves the right to refuse any request to exercise such rights to the extent permitted by applicable law.
Article III – International Data Transfers
This Article III shall apply only to your GDPR Data. GDPR Data collected by Cynosure under this Privacy Policy may be transferred from time to time to our offices or personnel, or to third parties, located throughout the world, including countries that may not have laws of general applicability regulating the use and transfer of such GDPR Data or that do not ensure adequate protection for GDPR Data (as determined by the European Commission), including without limitation the United States. To the extent required by applicable law: whenever we transfer your GDPR Data to third parties located in countries that do not ensure adequate protection for GDPR Data (as determined by the European Commission, and including without limitation the United States, each, an “Inadequate Jurisdiction”), we ensure a similar degree of protection is afforded to it; we may use specific contracts approved by the European Commission which give GDPR Data the same protection it has in the European Economic Area under the GDPR; and if we rely on another basis to transfer your GDPR Data to an Inadequate Jurisdiction, we will keep you updated or contact you if required. Please contact us if you want further information on the specific mechanisms used by us when transferring your GDPR Data to an Inadequate Jurisdiction.
Article IV – Miscellaneous
In this Privacy Policy, unless a clear contrary intention appears: (i) where not inconsistent with the context, words used in the present tense include the future tense and vice versa and words in the plural number include the singular number and vice versa; (ii) the titles and subtitles used in this Privacy Policy are used for convenience only and are not to be considered in construing or interpreting this Privacy Policy; (iii) “hereunder,” “hereof,” “hereto,” and words of similar import shall be deemed references to this Privacy Policy as a whole and not to any particular Section or Subsection of this Privacy Policy; (iv) “including” (and with correlative meaning, “include”) means including without limiting the generality of any description preceding such term; and (viii) where not inconsistent with the context, the word “or” is not exclusive.