To exercise your rights as a Canadian based consumer, please submit our PIPEDA electronic request form HERE.
Access to Your Information If you are a Canadian based consumer, you have certain rights with respect to ZO’s use and disclosure of your Personal Information. Canadian consumers have the right to request that we disclose information about our collection and use of their personal information collected over the past 12 months, including:
• The categories of personal information we have collected about you and the specific personal information we may have collected.
• The categories of sources from which personal information has been collected and the entity or individual we may collect this information from.
• Our business purpose(s) for collecting and storing this information and how we could use it.
• The categories of third parties with whom we may share that personal information.
• The categories of personal information we have shared and the reasons we shared it.
Identifiers: First and last name, address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.
Personal Information: First and last name, physical characteristics or description, address, telephone number, bank account number, credit card number, debit card number, or any other financial information, personal medical information. (Some personal information included in this category may overlap with other categories.)
Protected Classifications: Age (40 years or older), race, color, ancestry, national origin, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression), pregnancy or childbirth and related medical conditions, genetic information (including familial genetic information).
Commercial Transactions: Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Internet or Network Activity: Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
Geolocation Data: Physical location.
Please note, personal information does not include:
• Publicly available information from government records.
• De-identified or aggregated consumer information.
• Information excluded from the PIPEDA's scope: personal information covered by certain sector-specific privacy laws; health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA); or clinical trial data.
Sources of Personal Information
We may obtain personal information as listed above from the following categories of sources:
• Directly from you as voluntarily provided or indirectly from our interactions with you, such as information that we may collect in the course of providing our services.
• Directly and indirectly from activity on our Sites. For example, from creating an account on our website, submissions on or through our Sites, or website usage details collected automatically.
• From third parties that interact with us in connection with the services we perform, such as order processing and credit card processing.
Purposes for Collecting Personal Information
Our everyday business practices fall under the “Business Purposes” definition (as further defined in the PIPEDA) and the following related purposes for which personal information may be used:
• To provide the information, product or service requested by the consumer or as reasonably expected given the context in which with the personal information was collected (such as providing our products or services, customer service, product and service offering updates, or recalls).
• To make back-up copies for business continuity and disaster recovery, as well as to protect the security of our Sites and associated systems, databases, networks, applications and data, including detecting, analyzing and resolving security threats.
• For corporate audit, analysis and reporting, as well as for fraud detection and prevention.
• To comply with applicable tax, health and safety, labor and employment, and anti-discrimination laws.
• For legal and regulatory compliance, including disclosures of personal information that are required by law including legal investigations, subpoenas, or summons or regulatory agency inquiries.
• To de-identify data or create aggregated datasets, in order to utilize for consolidating reporting, research or analytics.
• For corporate governance, including mergers, acquisitions and divestitures.
Canadian based consumers have the right to request that ZO delete any of your personal information that we may have collected from you and/or retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless there is an applicable exception. We may deny a deletion request where retaining the information is necessary for us or our service providers. For example, data may need to be kept to:
• Process an existing order or provide scheduled services for which we collected the personal information.
• Track consumer complaints or product issues.
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or to comply with a legal obligation.
• To be used internally in a lawful manner that is compatible with the context in which you provided the information.
Exercising Your Rights
Only you or a person registered with the Canadian Secretary of State that you authorize to act on your behalf, may make a request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information, or a legally appointed authorized representative of a Canadian resident who wishes to make a request. To exercise any of your rights, please submit our PIPEDA electronic request form HERE. When you submit a PIPEDA related request through our form functionality, we will use the information you submit and the information we have in our systems to try to verify your identity and to match the personal information we have collected, if any, to your identity. Information provided to submit a request will only be used for request purposes.
If we are successful in validating your identity, we will endeavor to respond to a verified consumer request within 45 days and in the manner required by PIPEDA. If we require more time, we will inform you of the reason and extension in writing. If we cannot validate your identity, we will attempt to contact you to inform you of this issue.
ZO will not discriminate against you for exercising any of your PIPEDA rights. Should you choose to exercise any of your privacy rights as a Canadian based consumer, we will not discriminate against you by offering you different pricing or products, or by providing you with a different level or quality of services, based solely upon your request. However, in some circumstances, for example where you have requested or consented to our services that use your personal information to provide the service, we may not be able to provide this service if you choose to delete your personal information, such as maintaining your account on our Sites.
ZO does not knowingly collect, use or disclose personally identifiable information from anyone under the age of 13. If we determine upon collection that a user is under the age of 13, we will make reasonable efforts to delete such information from our records.
If you believe that we might have any information from or about a child under the age 13, please submit our PIPEDA electronic request form HERE.
Canadian law requires website and online service operators to disclose whether third parties may collect personal information about Canadian based consumers’ online activities over time and across different sites when utilizing the operator’s website or service. We do not knowingly permit such third parties to collect any personal information from our Sites, however third parties that have content or services on our Sites such as social media functionality, data analytics services, or an advertising partner, may obtain information about your browsing or usage habits if you interact with our Site.
Contact Us If you have any further questions regarding your rights to access the data ZO collects under the PIPEDA, please feel free to contact us by email at: firstname.lastname@example.org, via phone at (888) 893-1375, or in writing at:
ZO Skin Health, Inc.
9685 Research Drive
Irvine, CA 92618 USA
Last Updated: June 10, 2020