Last revised: February 22, 2023 

This website (the “Website”) is operated by Lumenis Be Ltd. (Lumenis Be Ltd. and its subsidiaries shall be hereinafter referred to as “Lumenis”), with its registered office at 9 Ha’Kidma Street, P.O.B 426, Yokneam Industrial Park, Yokneam 2069236, Israel. 

This Privacy Statement (“Statement”) describes our information practices regarding personal information we collect, store, use, and share when Website visitors and other persons (“you” or “Data Subjects”) engage with us online or offline. Residents of the European Union and California should refer to sections 11 and 12 for additional disclosures subject to the EU General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”). By accessing our Website and/or providing us your Personal Information, you signify your acknowledgement of this Statement and our Terms of Use. 

QUICK REFERENCE GUIDE

1. Scope
2. Collection of Your Personal Information
3. Use of Your Personal Information
4. Disclosure of Personal Information
5. Transfers of Personal Information Outside the European Economic Area or Your Country of Residence 
6. Use and Disclosure of Non-Personal Information
7. Use of Cookies
8. Changes to this Policy
9. Regulatory Requirements and Law Enforcement
10. Online Privacy for Children
11. Retention of Personal Information
12. Important Additional Information for EU Residents
13. Important Additional Information for California Residents
14. Contact Information

1. 1. SCOPE

This Privacy Statement applies to personal information collected on this Website or otherwise in connection with the provision of our products and services (“Lumenis Services”). The type of data collected and the purposes and use thereof may vary according to the context in which the data is collected and your dealings with Lumenis. Lumenis typically deals with business-to-business customers, such as physicians, clinics, med spas, distributors and resellers (“B2B customers”). Lumenis does not provide healthcare or Lumenis Services to patients. However, some parts of our Website are intended to provide general information to individuals interested in learning more   about the procedures done with our products and locate providers. The information we collect from Data Subjects may vary as described below.

For example: 

(A) if you browse the Website the data and uses pertaining to you will be as described in “Collection of Certain Data through the Website” and in “Use of Cookies” below, and related information; 

(B) if you submitted your details through this Website or other web form referring to this Privacy Statement, or if you otherwise provided your details to Lumenis and were notified that your details may be used by Lumenis in accordance with this Privacy Statement, then the data provided by you may be used for sending updates, offers and marketing contents to you and for other related purposes described herein; 

(C) if you are negotiating or have made a transaction with Lumenis, the data provided by or generated on you may be used in order to determine your credit terms, to carry out the transaction, providing services for any products you purchased from Lumenis, sending updates, offers and marketing contents to you and for other related purposes described herein; and 

(D) if you are a patient, your details and queries may be used to refer you to the appropriate professional, respond to your queries, contact you with updates, offers and marketing contents and for other related purposes described herein. 

Other general purposes such as compliance with legal or regulatory obligations, protection of Lumenis rights and conducting legal proceedings may also be applicable. We have tried our best to make it clear to you which data is used and how we use it in the relevant context of your interaction with us, but in case there is any doubt or if you need any clarification, please contact us as per the instructions in this statement below. Please take the time to read and understand this Privacy Statement. By using this Website or otherwise proceeding with your interaction with Lumenis after having been referred to this Privacy Statement, you acknowledge that you understand and agree (where such agreement is requested or required under the applicable law) to the terms of this Privacy Statement.

This Policy does not apply to personal information that we collect and process about Lumenis employees or job applicants. If you are an employee or applicant of Lumenis, please refer to the Employee Privacy Policy and Job Applicant Statement in the relevant jurisdiction of employment with Lumenis for more information. This Policy also does not apply to the extent we process personal information as a service provider or processor, on behalf of our B2B customers. Our processing of B2B customers’ personal information is subject to the terms of our contracts with each B2B customer, who is the business or controller of such personal information that we process on their behalf. 

1. 1. COLLECTION OF PERSONAL INFORMATION

The personal information we collect directly from you may include: 

1. 1. • Contact Information. This includes your name and contact information, which may be your email address and/or phone number depending on whether you contact us online or over the phone;
      • Online Identifiers. We collect your IP address, device ID, and other online identifiers;
      • Other Identifying Information. If you have an actual or prospective business relationship with Lumenis, including if you are an actual or prospective customer, vendor, supplier, or service provider, you may be required to provide us with personal information such as I.D. number and card copy and passport number and copy;
      • Communications with Lumenis. If you share information with us through forms, correspondence, business cards, contracts, and purchase orders, any personal information that you choose to share or disclose may be collected and used by Lumenis;
      • Financial Information. B2B customers may be required to provide us with bank account information and other financial data;
      • Professional Information. Prospective B2B customers may submit their occupation, professional field, and employer in order to open an account with us;
      • Internet or Network Activity Information. We collect your browsing history and interactions with our website, including domain name, page views, a date/time stamp, browser type, device type, internet service provider, referring and exiting URLs, operating system, language, clickstream data, and similar device and usage information; 
      • Event Information. We keep records of attendance at our tradeshows, webinars, or other events;
      • Health Information. Data Subjects may choose to submit their health conditions and concerns to us;
      • Commercial Information. This includes records of products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies;
      • Demographic Information. We may collect your age, gender, preferences, interests and favorites and other respective data;
      • Social Media. If you follow or friend us on any social networking platforms, such as Twitter, Facebook, LinkedIn, and Instagram, both Lumenis and/or the social media platform may collect personal information about you, including your username, content you share or post on our social media pages, and, depending on your privacy settings, your contacts, followers, or friends on the social media platforms;
      • Questionnaires and Assessments. If you fill in a questionnaire, participate in a course or training and/or take a test, we collect data on your participation, answers, and scores;
      • Device Transmitted Information. Certain Lumenis products designated for professional treatments may, pursuant to their specifications, collect and transmit to Lumenis certain system performance and usage data, including device serial number and location, as well as other personal identifiers of the owner and any product user performing treatments;
      • Geolocation Information. We may be able to infer your general location based on your IP address; and
      • Audio, Electronic, and Similar Information. We collect records of calls with our customer service representatives and messages you send via our customer service web chat feature.

This Website may use Google’s “reCAPTCHA” as login/registration security tool, which involves the automatic collection of certain data of yours (e.g., IP number). The collection and use of such data by Google is subject to Google’s privacy statement.

Third-party websites:

The Website may contain links or references to other websites outside of our control. Please be aware that this Statement does not apply to these websites. We encourage you to read the privacy statements and terms and conditions of linked or referenced websites you enter. These third-party websites may send their own cookies and other tracking devices to you, log your IP address, and otherwise collect data regarding your use of the Website or solicit personal information. The company does not control and is not responsible for what third parties do in connection with their websites, or how they handle your personal information. Please exercise caution and consult the privacy policies posted on each third-party website for further information.

Sensitive personal data:

Certain forms of “sensitive personal data” are subject to specific protection or restriction by law in certain territories, including the EU. For these purposes, “sensitive personal data” is data relating to: racial or ethnic origin; political opinions; religious philosophical beliefs; trade union membership; genetic data; biometric data; data concerning health or sex life or sexual orientation. In addition, data on criminal activity or proceedings is treated in a similar way.

We do not, as a rule, collect sensitive personal data unless provided directly by you or otherwise specifically disclosed to you prior to collection. Collection of sensitive personal data may occur, for example, if you voluntarily provide us with data, such as on your medical or health condition or concerns, when contacting us. In cases that we do collect health, medical or other data which is not directly provided by you and would otherwise be considered “sensitive personal data”, such as through treatments, such data is not personally identifiable and therefore is not considered to be “personal data”, unless otherwise specifically disclosed to you prior to collection.   

Update of information and opt-out of mailings and marketing materials:

You may contact us to update or correct much of your personal information that you provide to us through the Website or other means other than the limited information described below under the Regulatory Requirements and Law Enforcement Section, or to opt-out from our mailings and other services and communications that you may have signed up for. To do so, please contact us at privacy@lumenis.com.

1. 1. USE OF PERSONAL INFORMATION 

Lumenis uses personal information for, among other things, the following purposes(as applicable in the context of your interaction with Lumenis – see examples in the second paragraph of this Privacy Statement):

1. 1. • Services and support. To deliver our Services, to interact with you and provide or procure responses for comments, questions and requests if posted by you on the Website or otherwise made, and to operate the Website;
      • Security. To protect our materials and content, and the security of our networks and systems;
      • Marketing. To efficiently market and sell our products and services, including by categorizing and classifying Data Subjects in order to personalize our services and advertising to, and interaction with, such persons; 
      • Promotions. To inform you of, and offer to you, products or services available from Lumenis, including through e-mail messages;
      • Surveys. We may also contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered;
      • Transactions. To ensure that we can facilitate efficient transactions with, and perform our obligations and exercise our rights under contracts with you, if relevant;
      • Analytics and improvements. To improve, calibrate and customize our products and services;
      • Correspondence. To efficiently manage our business correspondents;
      • in general, to efficiently, effectively and securely manage and protect our business, assets and facilities;
      • Other business purposes. To otherwise fulfil legitimate business purposes (e.g., in relation to a sale of all or part of our business);
      • Compliance. To comply with any legal or regulatory obligations to which we are subject (including compliance with any request from regulatory authorities or other relevant public authorities (see “Regulatory Requirements and Law Enforcement” below);
      • Legal process. To establish, exercise, or defend our legal rights or for the purpose of legal proceedings;
      • Detecting fraud and protecting our rights. To prevent and detect crime or acts of dishonesty, malpractice, or other improper or unauthorized conduct;
      • General business and operational support. If we sell any of our business or assets, we may disclose your personal data to the prospective buyer for due diligence purposes; and
      • Sensitive data. We may use non-sensitive personal data for any other purpose for which we may use sensitive personal data, as detailed below.

We note that, where possible, we rely on a lawful basis other than your consent, for the processing by us of your personal data (e.g., under GDPR Article 6). We also note that, where your consent has been granted to the processing by us of your personal data, we may choose not to rely on such consent where such other lawful basis applies and such consent is not otherwise lawfully required.

Use of sensitive personal data:

We will only process your “sensitive personal data” if permitted by law and only if one of the following conditions is met:

1. 1. • you have given explicit consent in writing to the processing of the data (and, for that purpose, if such data is provided by you through the Website, then your submission of the respective form, comment or post in the Website will constitute “explicit consent” in writing);
      • the processing is necessary to protect your health, safety or other vital interests in an emergency (or that of another person) where you are physically or legally incapable of giving consent;
      • the data in question has been made public by you;
      • the processing is necessary for the purpose of, or in connection with, any actual or prospective legal proceedings, for the purpose of obtaining legal advice or otherwise for the purposes of establishing, exercising or defending legal rights subject to applicable local legislation or where courts are acting in their judicial capacity;
      • the processing is necessary for reasons of substantial public interest on the basis of local law which is proportionate to the aim pursued and which contains appropriate safeguarding measures;
      • the processing is necessary for preventative or occupational medicine;
      • the processing is necessary for prevention or detection of crime or acts of dishonesty, malpractice or other improper or unauthorized conduct;
      • the processing is necessary for archiving purposes in the public interest or scientific and historical research purposes or statistical purposes; or
      • the processing is otherwise permitted by law.

In each case, we will meet any legal requirements and enforce any applicable duties of confidentiality vigorously, for example in relation to access to health records.

1. 1. DISCLOSURE OF PERSONAL INFORMATION 

Corporate Affiliates. Lumenis does not sell, rent, or lease personal data to third parties. We may share your personal information among the corporate affiliates within the Lumenis group of companies for the purposes described above. Lumenis will take steps to ensure that the personal information is accessed only by employees of such companies that have a need to do so for the purposes described in this Statement.

Suppliers and Service Providers. In addition, Lumenis may share data with suppliers and service provides outside Lumenis corporate group for some or all of the purposes described above, including without limitation to help us advertise and market our products and services, perform statistical analysis, surveys, campaigns, send email or postal mail, provide customer support, host databases, provide contact platforms, provide project management tools, process payments, supply goods or services that you can purchase through the use of the Lumenis Services, or arrange for deliveries and provide financial and legal advice and services. 

Lumenis may also refer questions posted in our Website to third parties such as local distributors or such suppliers or service providers, for response. We note that such third parties may independently collect personal data as part of and/or in order to perform their services. 

Business Partners. We may also share data with our business partners in the relevant territories, to be controlled and used by them in connection with their own business as far as it pertains to the Lumenis Services, including for marketing purposes (electronically or otherwise), it being clarified that, once lawfully transferred to them, they will be responsible for the lawful processing of such data, and the processing of such data by them shall be subject to their own privacy notices and policies. 

1. 1. TRANSFERS OF PERSONAL INFORMATION OUTSIDE THE EUROPEAN ECONOMIC AREA OR YOUR COUNTRY OF RESIDENCE

The personal information that we collect from you may be transferred to, and stored at, a destination outside the country in which you reside. It may also be processed by staff operating outside of that country who work for Lumenis, professional advisors or banks.

Where we transfer your personal information to another country, we will ensure that any transfer of your personal information is compliant with data protection law.

You can obtain more details of the protection given to your personal information when it is subject to an ex-EEA Transfer or outside your country of residence (including a copy of the standard data protection clauses which we have entered or will enter into with recipients of your personal information, if required) by contacting us in accordance with the “Contacting us” section below.

1. 1. USE AND DISCLOSURE OF NON-PERSONAL INFORMATION

Lumenis will not treat as confidential any information that you provide that is not personally identifiable, such as questions, comments, ideas, or suggestions. You should be aware that Lumenis will be free to disclose through any means and use for any purpose such information in its sole discretion. By providing such information to Lumenis, you understand and agree that no relationship has been created between Lumenis and yourself, and Lumenis has no obligation to you whatsoever regarding such information. Where such communications are personally identifiable, they will be treated in accordance with Section 2 above.

1. 1. USE OF COOKIES

General. We and our service providers use cookies, pixels, tags, and other similar tracking mechanisms to automatically collect information about browsing activity, type of device and similar information within our Services. We use this information to, for example, analyze and understand how you access, use, and interact with our Services, as well to identify and resolve bugs and errors in our Services, and to assess, secure, protect, optimize, and improve the performance of our Services.

Cookies. “Cookies” are alphanumeric identifiers we transfer to your device’s hard drive for tracking purposes. Some cookies allow us to make it easier for you to navigate our Service, while others are used to enable and optimize certain Service functions, support the security and performance of the Service, or allow us to track activity and usage data within our Service.

Pixel Tags. Pixel tags (sometime called web beacons or clear GIFs) are tiny graphics with a unique identifier, similar in function to cookies. While cookies are stored locally on your device, pixel tags are embedded invisibly within web pages and online content. We may use these, in connection with our Service to, among other things, track the activities of users, and help us manage content and compile usage statistics. We may also use these in our emails to let us know when they have been opened or forwarded, so we can track response rates and gauge the effectiveness of our communications.

Third-Party Analytics and Tools. We use third party tools, such as Google Analytics, which are operated by third party companies. These third-party analytics companies may collect usage data (using cookies, pixels and similar tools) about our Services in order to provide us with reports and metrics that help us evaluate usage of our Services, improve our Sites, and enhance performance and user experiences. To learn more about Google’s privacy practices, please review the Google Privacy Policy at https://www.google.com/policies/privacy/partners/. 

Purposes

One of the primary purposes of cookies is to help you personalize your online experience and provide a convenience feature to save you time. The purpose of a cookie is to tell the webserver that you have returned to a specific page. For example, if you personalize the Website pages, or register with Website services or sites, a cookie helps the Website to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as your subscription details. When you return to the Website, the information you previously provided can be retrieved, so you can easily use the Website’s features that you customized.

Other primary purposes of cookies include:

1. 1. • The tracking of Website usage and collecting and recording information about visitors and their use of the Website.  This helps us improve the way our Websites work, identify what our users are interested in, and assess the effectiveness of our content by providing statistics and data relating to website use.
      • Marketing: Marketing cookies allow us (or third parties) to monitor the behavior of users of our Websites so as to effectively target relevant content delivery, including advertisements, to users, based on their specific interests on our Websites and of third-party sites. This information also enables us to monitor the effectiveness of our digital marketing campaigns and to understand how useful our advertisements are.

Please note that third parties providing services and tools to this Website may use cookies. The kind of cookies and the consequent data processing carried out by such third parties are regulated by their privacy policies. Please see below.

Controlling Cookies

If the cookie banner displayed to you offers a cookie preference management tool, you may use that tool to manage your cookie preferences as instructed. Otherwise, and in addition, while most web browsers automatically accept cookies, you can usually modify your browser setting to decline cookies if you prefer. The instructions for removing cookies from your computer or mobile device depend on the operating system and web browser you use. If you choose to decline or remove cookies, you may not be able to fully experience the interactive features of the Website’s services. 

For more information about cookies, including how to set your internet browser to reject cookies, please go to www.allaboutcookies.org.

Third Party Cookies

We may use some or all of the following third-party systems and/or similar ones that rely on use of cookies data:

1. 1. 1. Google Analytics– This Website uses Google Analytics to analyze the use of this Website. Google Analytics uses cookies, to collect standard Internet log information and visitor behavior information in an anonymous form. The information generated by the cookie about your use of the Website (including IP address) is transmitted to Google. This information is then used by us to evaluate visitors’ use of the Website and to compile statistical reports on Website activity. The information may be also used by Google in accordance with Google’s privacy practices.  Google’s privacy policy is available at: http://www.google.com/privacypolicy.html.You can opt-out from Google Analytics using currently available method available at https://tools.google.com/dlpage/gaoptout/.
      2. Hotjar web analytics– This Website uses Hotjar web analytics service. Hotjar may record mouse clicks, mouse movements and scrolling activity where we use this information to improve user experience. Hotjar collects information regarding pages visited, actions which are taken, country, device used, operating system, and browser used. Hotjar does not collect personal information that you do not voluntarily enter in this Website. Hotjar does not track your browsing habits across web sites which do not use Hotjar services. For more information about cookies used by Hotjar you may visit:https://www.hotjar.com/legal/policies/cookie-information.If you do not want to be tracked by Hotjar on websites, you can turn it off with a “do not track” header or visit   https://www.hotjar.com/legal/compliance/opt-out.
      3. Display advertising (remarketing)– Display advertising (remarketing)– This Website uses Google Display Advertising and Bing Ads to reflect your interests across the web (remarketing). To determine your interests, Google/Bing will track your behavior across the web using cookies. You can view, delete or add interest categories associated with your browser using Google’s Ads Preference Manager, available at: http://www.google.com/ads/preferences/ and Bing’s Ads Manager, available at: https://account.microsoft.com/privacy/ad-settings/. However, this opt-out mechanism uses a cookie, and if you clear the cookies from your browser your opt-out will not be maintained. To ensure that an opt-out is maintained in respect of a particular browser/account, you should use the Google browser plug-in available at: http://www.google.com/ads/preferences/plugin and Bing advertising opt-out available at: https://about.ads.microsoft.com/en-gb/resources/policies/opt-out-of-the-microsoft-advertising-optimization-program.
      4. Hubspot– This Website uses Hubspot cookies for certain functional purposes as well as for tracking visitors’ identity, sessions and activity on the Website and authentication. For information on Hubspot cookies you may visit:   https://knowledge.hubspot.com/articles/kcs_article/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser.We use some but not all of the cookies listed in the above link. Note that we do not use the Hubspot feature that gives users the choice to  opt out of cookies. We also note that we manually place the social media websites’ pixel codes on our pages (see below), and not through the use of Hubspot’s ads tool, and therefore Hubspot will not be able to control the placement of social media sites’ cookies on your browsers.         
         Hubspot is using Cloudflare to detect malicious visitors to our website and minimizes blocking legitimate users. Cloudfare cookies may be placed on our visitors’ devices to identify individual users behind a shared IP address and apply security settings on a per-user basis. They are necessary for supporting Cloudflare’s security features. See https://www.cloudflare.com/privacypolicy/.
      5. Social Media– When we perform advertising campaigns on Facebook, LinkedIn, twitter, Instagram, Pinterest, YouTube, and Vimeo, we use cookies provided by such websites for some or all of the purposes described above. In addition, such social media platforms may use your data for their own or purposes or for third party subscribers of their services, as set forth in their respective privacy statements, which you are encouraged to review.

For additional information relating to social media cookies, you may visit:

 for Facebook: https://www.facebook.com/policies/cookies/;
  for LinkedIn:   https://www.linkedin.com/legal/cookie-policy;
  for Twitter:   https://help.twitter.com/en/rules-and-policies/twitter-cookies;
  for Instagram:   https://help.instagram.com/1896641480634370?ref=ig;
  for Pinterest:   https://policy.pinterest.com/en/cookies;
  for YouTube: https://policies.google.com/privacy;
  for Vimeo: https://vimeo.com/cookie_policy.

1. 1. 1. Eventbrite – Events management service – we use this tool owned by Eventbrite, a USA based organization that provides event booking and ticketing services, both off its own site and embedded in other websites. Under Eventbrite’s privacy policy of Eventbrite, among other things, they reserve the right to use data collected by them for marketing and advertising purposes. For Eventbrite’s privacy policy: https://www.eventbrite.com/support/articles/en_US/Troubleshooting/eventbrite-privacy-policy.
      2. AddThis – Social bookmarking service – https://www.addthis.com/. The AddThis widget is added to this website and enables visitors to create and share links to the content across social networks. AddThis makes use of the data collected to provide advertisers and marketers with profile information for targeted, behavioral advertising. For add this privacy policy: https://www.oracle.com/legal/privacy/privacy-policy.html
      3. Brandify (where2getit) – Clinics locator service – https://www.brandify.com/. Brandify may place certain of their, as well as other parties’ cookies on Website visitors’ browsers. See https://www.brandify.com/company/privacy-policy.  
      4. GeoTargetly – Geo targeting of Website visitors – https://geotargetly.com/. When a user visits a web page that contains a Geo Targetly script, the script will route the visitor through GeoTargetly servers. By obtaining the visitor’s IP address the approximate location of the visitor’s device is identified, and along with other information gathered from the visitor (e.g., relevant URLs, browser screen size etc.), geo personalized content, redirects (such as to the visitor’s local/relevant Lumenis website), popups, notification bars and other forms of output may be served onto the Website for the particular visitor. See explanation in https://geotargetly.com/gdpr.  
      5. Trendemon –  Trendemon is an attribution-based personalization service that uses cookies to monitor and track the Website visitors’ behavior, and to help serving more personalized user experience by offering relevant promotions, links recommendations and other in-page dynamic content. The service integrates with other analytical and marketing services used in the Website such as HubSpot to support with analysis and marketing automation activities. See https://support.trendemon.com/implemented-cookies/ for more information about Trendemon’s cookies, and Trendmon’s privacy notice: https://trendemon.com/privacy.html.
   2. SECURITY OF YOUR PERSONAL INFORMATION

We have implemented safeguards that are intended to protect the personal data we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our efforts, no data security measures can guarantee security.

1. 1. REGULATORY REQUIREMENTS AND LAW ENFORCEMENT

Lumenis may be required, by court order or as otherwise required by law, to divulge personal information to law enforcement authorities, the courts, or regulatory authorities. Lumenis will cooperate in responding to such requests, in accordance with the regulatory or legal process, and will take appropriate measures to ensure that the requester understands the sensitive nature of any health-related personal information they receive.

If you contact us regarding your experience with using any of our products, we may use the information you provide in submitting reports to the U.S. FDA and/or similar regulatory bodies in other jurisdictions, and as otherwise required of us by law or governmental audit. We may also use the information to contact your healthcare professional to follow up regarding an unexpected event involving the use of any one of our products. You understand that in order to comply with the law, Lumenis may not be permitted to comply with your request to amend or remove personal information that was provided to Lumenis by a healthcare professional or a consumer regarding an adverse event or reaction involving medicine, medical products or medical devices.

1. 1. ONLINE PRIVACY FOR CHILDREN

Lumenis is committed to the privacy of children. We do not intend to collect personal information from children under 18 years old, however Lumenis is dependent on the Website’ users to identify themselves as children under 18 years old and therefore Lumenis will assume no liability thereon if the user’s age was not stated properly or at all. If a child has provided us with personal information, the parent or guardian of that child may contact us at privacy@lumenis.com.

1. 1. RETENTION OF PERSONAL INFORMATION

How long we hold your personal information will vary. The retention period will be determined by various criteria including:

1. 1. • the purpose for which we are using it – we will need to keep the data for as long as is necessary for that purpose; and
      • legal obligations – laws or regulation may set a minimum period for which we have to keep your personal information.
      • advisability of retention taking into account our legal considerations (such as statutes of limitations, litigation or regulatory investigations). 
   2. IMPORTANT ADDITIONAL INFORMATION FOR EU RESIDENTS 

EU residents have a number of legal rights in relation to the personal information that we hold about you. These rights include:

1. 1. • the right to obtain information regarding the processing of your personal information and access to the personal information which we hold about you;
      • the right to withdraw your consent to our processing of your personal information at any time. Please note, however, that we may still be entitled to process your personal information if we have another legitimate reason (other than consent) for doing so;
      • in some circumstances, the right to receive some personal information in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal information which you have provided to us;
      • the right to request that we rectify your personal information if it is inaccurate or incomplete;
      • the right to request that we erase your personal information in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal information but we are legally entitled to retain it;
      • the right to request that we restrict our processing of your personal information in certain circumstances. Again, there may be circumstances where you ask us to restrict our processing of your personal information but we are legally entitled to refuse that request; and
      • the right to lodge a complaint with the data protection regulator (details of which are provided below) if you think that any of your rights have been infringed by us.

You can exercise your rights by contacting us using the details set out in the “Contact Information” section below.

You can find out more information about your rights by contacting the data protection regulator in your jurisdiction, or by searching their website. A list of National Data Protection Authorities in Europe can be found at
 http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080. If you are unsure about which is the correct regulator, please feel free to contact us as provided above for assistance.

1. 1. IMPORTANT ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS

In this section, we provide information for California residents about how we handle their personal information as required under California privacy laws, including the California Consumer Privacy Act (“CCPA”). 

Under the CCPA, “personal information” is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. 

Personal Information Not Covered by this California Section 

This section does not address nor apply to:

1. 1. 1. Device Transmitted Data. As described in Section 2, our devices may transmit patient data that is de-identified in accordance with the Expert Determination method under the United States Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy Rule.  Such deidentified data is not subject to regulation under the CCPA. 
      2. Publicly Available Data. Our handling of publicly available information made lawfully available by state or federal governments is not subject to the CCPA.  
      3. Workforce Data. Personal information we collect about California job applicants, independent contractors, or current or former full-time, part-time and temporary employees and staff, officers, directors or owners of Lumenis, and used solely in that context is not subject to this Statement.  Employees can see the Employee Privacy Notice on the intranet for more information. Job Applicants can refer to the Job Applicant Statement for more information.

California Residents’ Rights

Subject to certain exceptions, California residents have the right to make the following requests:

Request to Delete: California residents have the right to request deletion of their personal information that we have collected about them and to have such personal information deleted, except where an exemption applies.  

Request to Know: California residents have the right to request certain information about how we have handled their personal information, including the: 

1. 1. • categories of personal information collected;
      • categories of sources of personal information;
      • business and/or commercial purposes for collecting and selling their personal information;
      • categories of third parties to whom we have disclosed personal information;
      • categories of personal information that we have disclosed for a business purpose and the categories of persons to whom the personal information was disclosed; and
      • categories of personal information that we have sold or shared about the consumer and the categories of third parties to whom we have sold or shared the consumer’s personal information.

California residents may make Requests to Know up to twice every 12 months. 

Request to Correct: California residents have the right to request that we correct inaccuracies in their personal information.

Right to Opt-Out of Sales/Sharing: California residents may have the right to opt-out of “sales” or “sharing” of their personal information under the CCPA. CCPA defines a “sale” as disclosing or making personal information available to a third-party in exchange for monetary or other valuable consideration. CCPA also defines “sharing” as disclosing or making available personal information to a third party for purposes of cross-context behavioral advertising. While we do not disclose personal information to third parties in exchange for monetary compensation, we may “sell” or “share” (as defined by the CCPA) personal information, such as device identifiers and internet and electronic network activity information to third-party ad networks. We do so in order to improve and evaluate our advertising campaigns and better reach customers and prospective customers with more relevant ads and content. We may also share personal information collected through webforms and other tools with third parties, including relevant healthcare providers, for their own direct marketing use. If you use one of these tools, you will be directed to a page with an option to opt-out.

To opt-out of the sharing or sale of personal information collected through advertising cookies, please click on the “Do Not Sell or Share My Personal Information” button in the website banner. You may also click the “Cookie Settings” button in our website footer. Please note that submitting an opt-out request will only opt you out of disclosures that are considered “sales” or “sharing” under the CCPA, but it will not opt out of other disclosures, such as to our service providers. 

You may also opt-out of the sharing or sale of personal information collected by advertising cookies through the use of an opt-out preference signal. If our website detects that your browser or device is transmitting an opt-out preference signal, such as the “global privacy control” or “GPC” signal, we will opt that browser or device out of cookies on our website that result in a “sale” or “sharing” of your personal information. Please note, if you come to our website from a different device or a different browser on the same device, you will need to opt out, or use an opt-out preference signal, for that browser and/or device as well.

We do not sell or share sensitive personal information, nor do we sell or share any personal information about individuals who we know are under sixteen (16) years old. We do not provide your personal information to third parties for their direct marketing purposes.

Right to Limit the Use and Disclosure of Sensitive Personal Information: We do not use or disclose sensitive personal information for any purpose that would require us to provide you with a right to limit the use of your sensitive personal information under the CCPA.

Submitting Requests. California residents’ rights requests may be submitted by sending your questions or comments to privacy@lumenis.com or by contacting us at 877-586-3647 (toll free).  You may also submit a request in writing to CCPA Manager at Lumenis Be Inc., 2077 Gateway Place, Suite 300, San Jose, CA 95110.  Upon receipt of your request, we may ask for information to verify your identity or that you are a current resident of CA.  We will respond to verifiable requests received from California consumers as required by law.

Right to Non-Discrimination. The CCPA prohibits discrimination against California residents for exercising their rights under the CCPA. Discrimination may exist where a business denies or provides a different level or quality of goods or services, or charges (or suggests that it will charge) different prices, rates, or penalties on residents who exercise their CCPA rights, unless doing so is reasonably related to the value provided to the business by the residents’ data.  A business may offer financial incentives for the collection, sale or deletion of California residents’ personal information, provided the incentive is not unjust, unreasonable, coercive or usurious and is made available in compliance with applicable transparency, informed consent, and opt-out requirements.

California Privacy Rights under California’s Shine-the-Light Law

Under California’s “Shine the Light” law (Cal. Civ. Code § 1798.83), California residents who provide us certain personal information are entitled to request and obtain from us, free of charge, information about the personal information (if any) we have shared with third parties for their own direct marketing use.  Such requests may be made once per calendar year for information about any relevant third party sharing in the prior calendar year. California residents who would like to make such a request may submit a request in writing to CCPA Manager at either privacy@lumenis.com or at Lumenis Be Inc., 2077 Gateway Place, Suite 300, San Jose, CA 95110. The request should attest to the fact that the requester is a California resident and provide a current California address.

1. 1. CONTACT INFORMATION

Lumenis welcomes your comments and questions regarding this Privacy Statement. If you would like further information on the collection, use, disclosure, transfer or purposes of processing of your personal information or the exercise of any of the rights listed above, please address questions, comments and requests to privacy@lumenis.com. 

Version 6