GDPR Website Privacy Statement
Please visit allergan.com/privacy to view additional privacy notices.
Effective Date: May 25, 2018
What is the scope of this Privacy Statement?
This Privacy Statement applies to websites, mobile applications, and digital services that link to or post this Privacy Statement. This Privacy Statement is intended to let you know what Personal Data Allergan plc, including our affiliated entities (referred to collectively as “Allergan Aesthetics” “we,” “our,” or “us”) may collect about you, how we collect your Personal Data, for what purposes we use your Personal Data, to whom we may disclose your Personal Data, and what rights you may have to limit our use of your Personal Data. In this Privacy Statement, we will collectively refer to the websites, applications, and digital services that may link to or post this Privacy Statement as “websites.”
What Personal Data may we collect about you?
Through our websites linking to this Privacy Statement, we will collect and process Personal Data that does not directly identify you by name (such as IP Address) or include your contact information, but which may be used to identify that a specific computer or device has accessed our website and which if combined with certain other information could be used to identify you. We receive this Personal Data through your interactions with our websites.
The Personal Data we process about you through our websites linking to this Privacy Statement may include the following categories of Personal Data:
- Demographic data;
- Online identifiers;
- IP address;
- Data from our cookies;
- 3rd party cookies; and/or
- Social media use and utilization
Where we collect directly identifiable Personal Data about you, the following privacy notices will provide you with additional information around what we may collect, how we will collect it, for what purposes we may collect it, to whom we may disclose it, and what rights you may have to limit our use of it. Please view on the privacy notices that are applicable to your interactions with us:
How will we use your Personal Data?
Processing of your Personal Data includes where we may record, organize, structure, store, adapt or alter, retrieve, consult, use, disclose by transmission, dissemination, or otherwise make available, align or combine, restrict, erase, or destroy your Personal Data.
We may process your Personal Data for the following purposes:
- Our company compliance and facility and network security purposes;
- Authorizing, granting, administering, monitoring, and terminating access to or use of Allergan Aesthetics systems, facilities, records, property, and infrastructure;
- Tracking your interactions with us;
- Auditing our programs and services for compliance purposes;
- Where we have Legal obligations to process the personal data;
- Statistical analysis, including analytics performed by our vendors Website administration; and/or
- Marketing Activities, including Third Party Cookie Tracking and Creating an Interestbased Profile related to your interactions with us or others
For any additional purposes where we are required to notify you and get your consent, including those purposes required by local law, we will obtain your consent before we process your Personal Data for those purposes.
What is our legal basis for Processing your Personal Data?
The applicable legal basis for which we process your Personal Data for the specific purposes listed above, include the following:
- Based on your consent: In some cases, we may ask you for your consent to collect and process your Personal Data. If you choose to provide us with your consent, you may later withdraw your consent (or opt-out) by contacting us as described in the “how do you contact us” section below. Please note that if you withdraw your consent it will not affect any processing of your Personal Data that has already occurred. Where we process your Personal Data based on consent, we will provide more detailed information to you at the time when we obtain your consent.
- Compliance with applicable laws or performance of a contract: In specific circumstances, we may need to process your Personal Data to comply with a relevant law/regulation or to fulfill our obligations under a contract to which you are subject. Where we process your Personal Data to meet our legal obligations, you will likely not be permitted to object to this processing activity, but you will usually have the right to access or review this information unless it would impede our legal obligations. Where we are processing to fulfill our contract obligations under a contract where you are a party, you might not be able to object to this processing, or if you do choose to opt-out or object to our processing, it may impact our ability to perform a contractual obligation that you are owed.
- Our legitimate interest: We may process your Personal Data based on our legitimate interests in communicating with you and managing our interactions with you regarding our products and services, scientific research, and education opportunities. In addition to the other rights you may have described below, you have the right to object to such processing of your Personal Data. You can register your objection by contacting us as described in the “how do you contact us” section below.
Cookies and Similar Technologies that collect Personal Data
Our websites may use a technology known as web beacons that allows the collection of web log information. A web beacon is a tiny graphic on a web page or in an e-mail message designed to track pages viewed or messages opened. Web log information is gathered when you visit one of our websites by the computer that hosts our website (called a "webserver").
On certain web pages or in emails we send to you, we may utilize a technology called a “web beacon” (also known as an “action tag” or “clear GIF technology”). We may use web beacons to help determine which email messages sent by us were opened and whether a message was acted upon. Web beacons also help analyze the effectiveness of websites by measuring the number of visitors to a site or how many visitors clicked on key elements of a site.
Do Not Track
There are different ways you can prevent tracking of your online activity. One of them is setting a preference in your browser that alerts websites you visit that you do not want them to collect certain information about you. This is referred to as a Do-Not-Track (“DNT”) signal. Please note that currently our websites and web-based resources do not respond to these signals from web browsers. At this time, there is no universally accepted standard for what a company should do when a DNT signal is detected.
This information is used to administer and update the website, and we will also assess whether the visitors to the site match the expected site demographics and determine how key audiences are navigating the content.
- Opt-Out Provision
Google analytics offers an opt-out provision for website visitors who do not want their data to be collected. You can receive more information about this option here:
Google's Use of Data:
Social Media Plugins
Our websites may use Social Media Plugins to enable you to easily share information with others. When you visit our websites, the operator of the social media plugin that is on our website can place a cookie on your computer that lets that operator recognize individuals on their website who have previously visited our sites. If you have previously logged into the social media website while browsing on our website, social media plugins may allow that social media website to receive directly identifiable information about you that shows you have visited our website. The social media plugin may collect this information for visitors who have logged into social networks, whether or not they specifically interact with the plugin on our website. Social media plugins also allow the social media website to share information about your activities on our website with other users of their social media website. Allergan does not control any of the content from social media plugins. For more information about social plugins from social media websites you should refer to those sites’ privacy and data sharing statements.
Children’s Personal Data
This site is not intended for or designed for individuals under the age of 16. We do not knowingly collect Personal Data from any person under the age of 16.
How do we protect your Personal Data?
We use industry-standard administrative, technical, and physical safeguards to protect your Personal Data against loss, theft, misuse, unauthorized access, modification, disclosure, and destruction. We restrict access to your Personal Data to only those employees and third parties acting on our behalf who have a legitimate business need for such access. We will only transfer your Personal Data to third parties acting on our behalf where we have received written assurances that your Personal Data will be protected in a manner consistent with this Privacy Notice and our privacy policies and procedures.
To whom and when will we disclose or share your Personal Data?
We will share or disclose your Personal Data with the following entities:
- Our global affiliates, as we discuss below.
- Third parties with whom we contract to carry out services on our behalf to perform activities or functions related to the processing purposes regarding your Personal Data that are described above. If we do, we will require that these third parties acting on our behalf protect the confidentiality and security of your Personal Data that we share with them. Unless otherwise specifically stated in this Privacy Statement, these third parties must contractually agree that they will not use or disclose your Personal Data for any other purposes than necessary to provide us services, perform services on our behalf, or to comply with applicable laws or regulations.
- Government agencies, auditors, and authorities. We may disclose your Personal Data to government agencies, authorities, and auditors in response to authorized information requests or as otherwise required by laws, regulations, or industry codes.
- Potential or actual third party purchasers. If we decide to reorganize or divest our business through a sale, merger, or acquisition, we may share your Personal Data with actual or prospective purchasers. We will require that any such purchasers treat your Personal Data consistently with this Privacy Notice.
How do we transfer your Personal Data internationally?
We may transmit your Personal Data to our other global affiliates. Allergan Aesthetics affiliate names and contact details can be found at https://www.allergan.com/home. Additionally, these affiliates may further transmit your Personal Data to our other global affiliates. Some of our affiliates and their database locations may be in countries that do not ensure an adequate level of data protection similar to the laws in the country in which you reside. Regardless, all our affiliates are required to treat your Personal Data in accordance with this Privacy Notice and our privacy and data protection policies and procedures.EU-US and Swiss-US Privacy Shield Notice: Allergan Aesthetics and its affiliates in the United States may receive Personal Data from individuals in the European Economic Area (EEA) and Switzerland. We comply with the EU-US and Swiss-US Privacy Shield Principles (Privacy Shield Principles), with respect to the collection, use, and retention of Personal Data from the EEA and Switzerland. If there is any conflict between the terms of this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles will govern. For more information about the Privacy Shield Framework and to view our certification, go to https://www.privacyshield.gov/ . The International Centre for Dispute Resolution (ICDR) acts as our third-party dispute resolution provider, as required by the Privacy Shield Framework. If you have a complaint about our Privacy Shield compliance, you can contact us directly or contact the ICDR at http://go.adr.org/privacyshield.html. In certain circumstances it may be possible for you to invoke binding arbitration. We are subject to the investigatory and enforcement powers of the US Federal Trade Commission regarding our adherence to the Privacy Shield Principles.
We may transmit your Personal Data to our third parties with whom we contract to carry out services on our behalf to perform activities or functions related to the processing purposes regarding your Personal Data that are described above. Our third parties are contractually obligated to comply with applicable laws or regulations, including having a valid EU Personal Data cross-border transfer mechanism in place to receive the EU personal data, which can include an “adequacy” determination by the European Commission, EU-US and/or Swiss-US Privacy Shield certifications, and/or executing EU Standard Contractual Clauses with us.
For more information about our cross-border transfers of your Personal Data, please contact us using the information as described in the “how do you contact us” section below.
How long do we retain your Personal Data?Your Personal Data will be maintained for the duration of your relationship with us. We will store and retain the Personal Data we collect about you in accordance with our Corporate Record Retention Policy, after which it will be archived or deleted. A detailed schedule of our retention practices can be found at https://www.allergan.com/home. Please note that certain information could be retained for longer periods of time if we have continuing obligations to you or if required by local law.
Links to Third Party WebsiteAs a convenience to our visitors, this website may contain links to other sites owned and operated by third parties that we believe may offer useful information. The policies and procedures we describe here do not apply to those sites. We are not responsible for the collection or use of Personal Data by or on any third party sites. Therefore, we disclaim any liability for any third party's use of Personal Data obtained through using the third party web site. We suggest contacting those sites directly for information on their privacy, security, data collection, and distribution policies.
What are your rights?
You have the right to see and get a copy of your Personal Data, including an electronic copy, that we have as well as to ask us to make any corrections to inaccurate or incomplete Personal Data we have about you. You can also request that we erase your Personal Data when it is no longer needed for the purposes for which you provided it, restrict how we process your Personal Data to certain limited purposes where erasure is not possible, or object to our processing of your Personal Data. In certain circumstances you may be able to request that we send a copy of your Personal Data to a third party of your choosing.
To exercise any of these rights, please contact us as set forth in the “how do you contact us” section below. You also have the right to lodge a complaint with the supervisory authority (see details under “remedies” below) where you believe that your rights have been violated.
What if we revise this Privacy Notice?
From time to time we may make changes to this Privacy Notice to reflect changes in our legal obligations or the ways in which we process your Personal Data. We will communicate to you any material edits to this Privacy Notice and it will become effective when it is communicated.
How do you contact us if you have any questions or concerns?
Please contact Allergan’s EU Data Protection Officer (DPO) using the below information to:
- Ask questions;
- File a concern or complaint;
- Opt-out of a program or service; and/or
- To exercise any of your rights listed above, including access, correction, portability, objection, restriction, and erasure.
Allergan’s EU DPO
Allergan Ltd, Marlow International Parkway, Marlow, Buckinghamshire, SL7 1YL, UK
What remedies do you have available?For more information about your privacy and data protection rights, or if you are not able to resolve a problem directly with us and wish to make a complaint, please contact your country-specific data protection authority or Allergan’s lead data protection supervisory authority:
Irish Data Protection Commissioner
Canal House, Station Road, Portarlington, R32 AP23 Co. Laois
+353 57 8684800
+353 (0)761 104 800