PENGUIN HEALTH GROUP PRIVACY POLICY

We here at Penguin Health Group welcome you to our website www.penguinhealth.co. As you may already know, users of our Site can learn about and purchase various medical attire of superior quality (such as gowns, masks, etc.) through our website. Whether your intention is to make a purchase, simply browse our Site or interact with us in any other way, this Privacy Policy was developed with the intention of clarifying how your information is collected, used and disclosed in addition to explaining your rights and choices concerning this information.

In our Privacy Policy, “Personal Information” is defined as information or opinions that can directly, or indirectly, be used to identify, describe, relate to, be sensibly used to associate with or be reasonably linked to an individual. Sensitive information, including information about an individual’s racial or ethnic background, can also be regarded as “Personal Information”.

The use of our website implies agreement with our Terms of Use as well as consent to the various activities detailed in the Privacy Policy including the collection, use and disclosure of information.

Residents of California or Nevada may refer to “Additional Disclosures for California Residents” or “Additional Disclosures for Nevada Residents” respectively, for supplementary information. Residents of the European Union may refer to “Additional Disclosures for EU Residents” for more information.

Please refer to our “Contact Us” section if any questions arise or you have decided to use your rights and choices.

Methods of Data Collection and Storage

Information Provided by You

Every time this site is used, Personal Information is collected. Information that has been collected over a 12-month period can be split into various categories, including:

  • Contact Data, which includes but is not limited to name, phone number, address, email address, and other similar information related to your employer.
  • Demographic Data, which includes but is not limited to date of birth, gender, profession, country, Military status or student status.
  • Transaction Data, which includes but is not limited to details of past and present purchases and the final 4 numbers of the card used for payment.
  • Profile Data, which includes but is not limited to your sizes, interests, favourites and preferences
  • Content, which includes but is not limited to the content of feedback, questions or any such messages sent directly to us, or the content of public posts, like product reviews.
  • Referral Data, which includes but is not limited to the names and email addresses of friends who have been referred through “Refer a Friend”.
  • Job Application Data, which includes but is not limited to history of education and employment as well as references, transcripts and writing samples.

Information that hasn’t been requested may be provided at the user’s discretion.

Inability to provide the requested information may result in limited access to our websites and/or services.

Information is collected and held in the following ways:

  • Create An Account. An account does not need to be created to have full access to and place an order through our website. When creating an account, the Contact Data and Demographic Data will be collected. Passwords are stored by service providers and we will not be able to access it nor will we ever ask you for it. We may permit the storage of Profile Data and other information in your account.
  • Contact Data and Profile Data will need to be provided when placing an order while payment processing is done through service providers.
  • Marketing Communications. Contact Data, among other information, is collected voluntarily when a user subscribes to our email mailing list.
  • Contests and Promotions. Entering a contest or promotion is voluntary and may require you to provide Contact Data as well as other details or content based on the particularities of the contest or promotion. For every contest or promotion that you choose to enter, it is recommended that you read the rules.
  • Contact Us. Contact Data, among other information or content, is collected every time a comment, complaint or concern is sent to us through social media, telephone or email.
  • Surveys and Customer Research. Contact Data, among other information, is collected when you participate in our occasional surveys or customer research.
  • Ambassador Program. You may choose to voluntarily apply to and participate in our FIGS Ambassador Program, which may require you to provide Contact Data and Demographic Data, among other information or content, throughout the process.
  • Refer a Friend. Use of this feature implies your agreement and acknowledgement of  your friend’s permission to use their contact information to send emails regarding our services.
  • Apply for a Job. Applying for a job with us will require you to provide Job Application Data, which will then be used as needed when considering you for job openings.

 

Automatically Collected Information

Additionally, every time you use our site, some Personal Information is automatically collected and held. Information that has been automatically collected and held over a 12-month period can be split into various categories, including:

  • Site Use Data, which comprises of data regarding features used, pages visited, searches made,  products viewed and bought, referring/exiting pages, the name of the domain, clickstream data and the stamp with the date/time of your visit.
  • Device Connectivity and Configuration Data, which comprises of data about the browser or type of device you used, your Internet Service Provider (ISP), the operating system of your device as well as several identifiers for your device, including its’ regional and language settings and its’ Internet Protocol (IP) address (this is a spontaneously generated number given to your device that changes each time you access the internet).

The methods of collecting this information when our Site is used include a variety of old and currently used tracking technologies, such as:

  • Log Files, files that automatically track information about how you are using the Site.
  • Cookies, bits of information in your browser that create a unique identity tag for your browser. In order to make your experience on the Site more individualized and interactive, both session (those that expire once the browser is closed) and persistent (those that remain for longer time periods) cookies may be used. We use Cookies to ensure that our website can remember your preferences, be more helpful to you, maintain security features, familiarize with your use of the Site, tailor to your general experience on the Site and provide you with advertising on the Site and off.
  • Pixels (or web beacons), bits of code that are embedded in a video, email, website, or advertisement that relay data to the server regarding your use. Pixels work by allowing us or a third party read or drop cookies stored in your browser every time you watch a video, browse a website, send or read an email, or watch an advertisement. Many types of pixels exist, such as image pixels (tiny graphic images) and JavaScript pixels (containing JavaScript code). Pixels usually work with cookies in order to track your device’s browser activity and this information is used to analyze trends, for Site administration, to track a user’s movement throughout the Site, compile details about the demographics of our users as a whole, and provide you with advertising on the Site and off. For instance, every time you visit our Site information that had been previously collected will be used to tailor advertisements and other details to your liking.
  • Device Fingerprinting, a process that creates a “fingerprint” that identifies your browser and device as unique through the analysis and combination of various browser elements, including installed fonts and JavaScript objects.

Please refer to “Analytics and Advertising” and “Your Rights and Choices” below in order to get additional details on our utilization of tracking technologies for analytics and advertising as well as your relevant rights and choices in regards to them.

Information from Other Sources

Personal information from various other sources is also collected and held by us. Information from other sources that has been collected and held over a 12-month period can be split into various categories, including:

  • Data brokers or resellers that sell us additional data to complement ours
  • Social networks when you give us access to information from social networks as well as when you connect with our subject matter and refer to our Site.
  • Partners which provide services through branding partnerships, are involved in the selling and distribution of our products or participate in partnered marketing endeavours.
  • Customers during transaction and purchase processing
  • Publicly-available sources which comprises public domain data

How We Utilize Information

Following the practices described in this Privacy Policy, Personal Information has been compiled, stored, used and disclosed by us for the purpose of business and commercialization. Information compiled for business purposes is collected and held over a 12-month period and can be split into various categories, including:

  • For the operation and management of our website
  • For the processing of transactions and purchases
  • For fulfilling our duty to provide services for you, like following up with any queries, comments or requests, and offering customer service
  • Notifying you about any updates, technicalities, policy changes, security alerts, and messages regarding support and administration.
  • Addressing and blocking any fraud attempts, policy or terms violations, and threats to harm.
  • Tracking and analysis of usage, trends and activity
  • For the purposes of research through  methods such as surveys and focus groups
  • For discovering methods to further develop and tailor our websites, products, marketing endeavours, apps and services.
  • For the administration of our Ambassador Program as well as evaluation of candidates for it.
  • In order to supply you with direct marketing, such as advertisements and communications regarding products, promotions, services, events, offers and rewards from us or other parties.
  • For the administration of contest or promotion participation and the delivery of prizes to winners
  • Advertising purposes
  • Meeting other potential business or commercial purposes with your consent
  • Notwithstanding the above, information not used for identifying you (such as aggregated or de-identified information) may be utilized for various purposes excluding those that the relevant laws prohibit.

Please refer to “Your Rights and Choices” below for further information on your rights and choices in regards to our use of your information.

How We Share Information

Collected Personal Information is shared in agreement with the practices outlined in this Privacy Policy. The entities with whom we share or have previously shared information over a 12-month period can be split into various categories, including:

  • Service Providers. Service providers receive and process your information for us in various ways, such us processing your purchases, Site hosting, providing analytics, providing technical support, supporting prevention of fraud, evaluating whether or not you are eligible for certain discounts, marketing and advertising.  Information sent to service providers only comprises that which is necessary for them to do their appointed task and the use of this information by them for other purposes is strictly prohibited, though information not identifying you (such as aggregated and de-identified information) may be utilized for other purposes excluding those that the relevant laws prohibit. The service providers that we use may be based in the U.S., Canada or various other foreign jurisdictions.
  • Vendors and Other Parties. Vendors and other parties, such as analytics and advertising technology companies, may use the information we disclose to perform tasks as service providers or, depending on the situations, may choose a different way to process this information at their own discretion. Please refer to “Advertising and Analytics” for further details on advertising and analytics.
  • Affiliates. This category includes a parent company, joint ventures, subsidiaries as well as other companies  that may be under common control, if such affiliations were to occur in the future.
  • Partners. Information sent to partners are for the purpose of participating in branding partnerships, involvement in the selling and distribution of our products, promotional activities or participation in partnered marketing endeavours.
  • Customers. Information shared to customers is related to the transaction and purchase processing.
  • Legal and Compliance. Certain situations may necessitate the disclosure of your information by us or our various U.S., Canadian and foreign service providers, including (i) resolution of disputes, investigation of issues or enforcement of our Terms of Use; (ii) in order to act in accordance with applicable laws or in response to the requests of law enforcement, regulatory bodies or various government officials in relation to ongoing investigations or suspected illegal activity, or concerning a subpoena, search warrant or other legal order or inquiry; (iii) with a different organization for the investigation of a potential breach of agreements or violation of law, or for the discovery, handling or prevention of fraud; or (iv) in order to protect the rights or property of you, our company and various other third parties.
  • Sale of Business. Your information may prove essential for a potential or finalized sale, acquisition or merger (transfers in response to insolvency or bankruptcy proceeding included) in relation to all or part of FIGS or in relation to a corporate reorganization or any other modifications to corporate control.
  • Reviews are included in information you share that we make public and this information may or may not be editable, so discretion is advised about your choice of content as you and you alone will be responsible for its publicizing. Please refer to “You Rights and Choices” for additional information.
  • Facilitating Requests. Information may be shared in relation to a request or direction made by you, such as through the “Refer a Friend” feature.
  • Consent. We notify you and receive your consent before sharing your information

Notwithstanding the above, information not used for identifying you (such as aggregated or de-identified information) may be disclosed for various purposes excluding those that the relevant laws prohibit. Please refer to “You Rights and Choices” for additional information in regards to your rights and choices in relation to how we share your information.

Social Media and Technology Integrations

Certain websites, services and platforms that we use for our Site as well as a variety of technologies are controlled or operated by various other external parties, including:

  • Links. Our website may include links that will direct you to external sites, such as social media websites or our partners’ sites, not in our control or ownership. The existence of these links does not imply endorsement or referral to the linked website. Clicking on these links will direct you off of our website and linked websites will include their own notices, privacy policies, and terms or use.
  • Brand Pages and Chatbots. Content and information that we provide through social media and that you share with us (including our Facebook or Instagram brand page as well as our Facebook Messenger chatbot) is handled in agreement with our Privacy Policy. Public references made about our Site on social media ( including a tweet or post with a hashtag referencing us) may be used by us.

It is highly recommended that you read the privacy policies of any external website you visit as we cannot take responsibility for, have no power over and do not review these privacy policies or any part of their content. Therefore, as far as the law permits us, we do not have any responsibility or liability for the ways in which the organizations that run these websites collect, use, disclose, secure or otherwise handle information that they may collect or ask from you separately.

Analytics and Advertising

Tracking and analytics services, like Google Analytics, are used by us in order to keep track of and analyze the way our Site is used by visitors. The Google Analytics Terms of Service  and the  Google Privacy Policy outlines Google’s rights to utilizes and distribute any information compiled by Google Analytics regarding your visits. We place our advertisements in various other websites that can be viewed either on their platforms or on other Sites or services. This is done through partnerships with several agencies, ad networks and different advertising companies, such as Facebook and Google.

For this purpose, tracking technologies, such as cookies and pixels, may be used to collect various information about your use over time (incuding your use of the Site, other visited web pages, interactions with ads and other communications) in order to tailor the advertisements you see on the Internet to you. This information is used in order to predict and match your preferences, make the content more personalized, gather reports as well as deliver ads tailored especially to you on other websites (“Internet-based Advertising”). We may also utilize this information during ad campaign evaluations.

Through audience matching services, which involve uploading a customer list onto a technology service or making a pixel from a different technology service part of our Site and subsequently using the service to find common factors between our and their data, we can reach a larger scope of people (or alike people) that visit our Site or have been identified by at least one of our many databases (“Matched Ads”). We may, for example, choose to integrate the Facebook pixel onto our Site while also sharing your email address with Facebook as part of our utilization of Facebook Custom Audiences.

As already mentioned above, it is highly recommended that you read and consult the privacy policies and terms of use of the various vendors and parties that we may use as service providers or, depending on the situation, that may choose their own ways of processing your information at their own discretion.

Please refer to “Information Collected Automatically” and “Your Rights and Choices” to get more information on tracking technologies and your rights and choices in regards to analytics, Internet-based Advertising, Matched-Ads.

Your Rights and Choices

Account Information and Ambassador Program

Users that have created an account with us or are participants of our Ambassador Program can make requests in regards to accessing, updating or making corrections to any information that was you contributed through your account or into the Ambassador Program by emailing us at privacy@penguinhealthgroup.com. For the purposes of confirming the identity of the person requesting access to their records, we may require you to provide additional information.

Requests for the deletion of certain information from your account or from the Ambassador Program may also be accepted, though if necessary we may (in accordance with relevant laws or otherwise) have to keep this information and will therefore be unable to delete it (or we may choose to keep the information for a limited time period and will therefore process your deletion request after this time period). Deleted information is removed from the active database, though it may be retained in the archives. Information not identifying you regarding the use of our Site as well as product purchasing information may be retained in accordance with relevant laws.

Communications

You may consent to receiving marketing communications through mail, email or any other channel.

In order to stop receiving these marketing emails, you may unsubscribe at any time by clicking the link labelled “unsubscribe” at the end of every email or by contacting us at privacy@penguinhealthgroup.com with the subject field being UNSUBSCRIBE. However, emails regarding transactions, placing an order, or communications regarding the Site or a product (such as emails regarding your comments or orders) may still be sent to you by us.

In order to stop receiving marketing communications by mail, you can email us at privacy@penguinhealthgroup.com.

We may need up to 5 business days to process your opt-out request regarding marketing emails or up to 30 days for any other changes made to your marketing preferences or in response to any marketing-related requests unless the law requires us to process your requests earlier.

Tracking Technology Choices

Cookies are usually accepted automatically by browsers and you can modify your browser settings to decline and delete cookies. Each separate browser on your device has its own settings and limitations regarding cookies and you will have to modify each separately.

You may choose to allow your browser to transmit a “Do Not Track” signal automatically through your settings to various online services that you use. Though it is important to note that there is no industry consensus about what should be done by operators of apps or sites regarding these signals. We ourselves do not observe or take measures in relation to these signals or any other mechanisms. Visit https://www.allaboutdnt.com for further information regarding “Do Not Track”. It is important to note that certain Site functions may not work if tracking technologies are blocked or removed.

Analytics and Internet-Based Advertising

You have the option to stop Google Analytics from processing certain data by installing a plug-in for your browser through https://tools.google.com/dlpage/gaoptout that gives you the option to opt out. It is compulsory for companies that we cooperate with us to create ads tailored to you to provide you with the option to opt- out of receiving those ads. A variety of these companies are part of the Digital Advertising Alliance (DAA) and/or the Network Advertising Initiative (NAI). Additional information regarding internet-based Advertising as well as details about your options, such as your ability to opt-out of behavioural ads from contributing companies, can be found on the DAA website opt-out at https://optout.aboutads.info/?c=2&lang=EN, the DAA of Canada website opt out at https://youradchoices.ca/choices, or the NAI opt-out at https://www.networkadvertising.org/choices/. Opting-out of a contributing party’s internet-based advertising may still allow the collection of data for analytics or other purposes by tracking technologies. Our ads will still be shown to you however ads from contributors that you have chosen to opt-out of will be less tailored to your interests, as the relevant behavioural information will not be available.

It is important to make note of the fact that each separate browser will require you to individually select the opt-out option on every device you use. Cookies need to be enabled on your browser (check your browser’s instructions on cookies and the way to enable them) in order to opt-out successfully. You will be required to opt-out once again if saved cookies are deleted.

In order to stop us from utilizing your data for Matched ads, you may get in touch with us through the channels specified in our “Contact Us” section below and let us know about your wish to opt-out. We will send a request to the relevant technology service to stop giving you Matched Ads that depend on the information we have provided it. You may also choose to get in touch with the relevant technology service yourself in order to opt out.

The statements made by companies in regards to their opt-out options or programs as well as the potential success of and compliance with these options and programs, are not our responsibility.

Safeguards

A variety of administrative, technical and physical procedures have been put in place to safeguard the information we have stored and protect against theft, loss and unauthorized access, utilization, changes and release. However we cannot fully guarantee the protection of your information as the internet is not always secure.

International Transfer

As a company based in Canada, information collected by us is governed by Canadian law in addition to the law of the jurisdiction where you live. Accessing our Site from outside of Canada may lead to your information being processed in Canada as well as  by other foreign recipients. Personal information may potentially be disclosed by us to jurisdictions outside of the one in which it was collected. Personal information may be transferred to, held or accessed by several different countries such as the U.S., Canada, United Kingdom, Australia, Netherlands, Italy, France, Spain, Germany and Poland, some of which have data protection laws that are less rigorous than your country’s laws. Your use of our Site and choice to provide your information implies consent with our transfer and processing of your information in accordance with this Privacy Policy.

Access to and Correction of Information

We will make all attempts to fulfil the requests that you make through the contact channels outlined in our “Contact Us” section for corrections, updates or access to the information on your file in a timely manner and will only deny access where the law permits.

Retention and Deletion of Information

Your personal data will only be retained and processed for the amount of time it takes to fulfil the purpose for which it was collected in the first place and however long we are legally obligated to do so by the relevant laws.

Once your personal information is no longer useful to us and we have retained it in accordance to our legal obligations in order to exercise our legal rights, your information will be removed from our records and systems and we will take necessary measures to protect your anonymity by ensuring that this information cannot be used to identify you in agreement with relevant laws. Deleted information is removed from the active database, though it may be retained in the archives. Information not identifying you (including de-indentified or aggregated information) regarding the use of our Site as well as product purchasing information may be retained in accordance with relevant laws.

Children

Our website is not intended for use by children under the age of 13 and personal information collected about children under 13 is not collected intentionally (as outlined by the U.S. Children’s Privacy Protection Act , or COPPA). You may contact us at privacy@penguinhealthgroup.com if you believe that we have collected information about a child under 13 and we will promptly delete any information from a child under 13 when found. Furthermore, products may not be purchased by those under the age of the majority (usually 18 or 19, or according to your jurisdiction). It is not our intention to “sell”, according to the definition of this word under the CCPA, the personal information of California residents under the age of 16.

Changes to this Privacy Policy

Prospectively, we may make regular revisions to this Privacy Policy. Revised copies of the Privacy Policy will always be posted on this page and if material changes are made then a notification will be sent either to the email address that you last provided us or some other method. Your continued use of our Site as well as your continued purchase of our products implies that you and acknowledge the changes and agree to the terms and conditions that come with these changes.

Contact Us

Please reach us at privacy@penguinhealthgroup.com with any queries, complaints or comments regarding this Privacy Policy or the ways in which we deal with your personal information, or if you require an alternative format of this Privacy Policy due to a disability.

Your request will need to be written out to us in a majority of cases and after sufficient investigation into your complaint has been done, we will do our best to respond promptly. If you do not receive a response from us or the response you have received is not to your liking then you may have the right to submit a complaint to relevant privacy authorities. For example, in Australia, complaints can be directed to the Office of the Australian Information Commissioner (www.oaic.gov.au).

Additional Disclosure for California Residents

California residents are subject to additional disclosures as outlined by this section of our Privacy Policy. The California Consumer Privacy Act of 2018 (CCPA) outlines added rights to know, delete and opt-out while concurrently obligating businesses that collect or disclose personal information to offer notices and methods for exercising rights.

Right to Opt-Out of Sale

Although we, much like other online businesses, may opt to disclose certain information to contracted third parties for the purposes of improving our services and advertising, as outlined in our “Analytics and Advertising” section above, we do not sell any part of this information to these parties for a profit.  Our limited disclosure of personal information to these third parties may be classified as “sale” of personal information according to the CCPA. As such, we provide the option to op-out of sharing this information. Requests for opting-out can be submitted through email at donotsell@penguinhealthgroup.com.

Authorized Agent

An authorized agent can be chosen by you to send requests on your behalf as long as there is sufficient written proof that the agent has received permission and your identity has been verified directly.

 

Right to Non-Discrimination

It is your right to not be discriminated against by us for exercising any of your rights.

Additional Disclosures for EU Residents

EU residents are the only ones that these additional disclosures apply to. The personal information of EU residents is collected and processed by Penguin health, Inc., located in Toronto, Canada in accordance with relevant data protection laws, particularly the General Data Protection Regulation, European Regulation 2016/679 (GDPR).

The “How we Collect Information” section above can provide you with additional details on how information is collected, while the “How we Use Information” section above outlines the various ways in which we utilize and process various categories of information for the purpose of business. Our “How We Share Information” section provides details regarding the different parties that we have shared our information with. We are not involved in the use of automated decision-making that excludes human involvement, such as profiling, in a way which may create legal effects in relation to you or may considerably affect you in other ways.

Our collection and processing of your personal information depends on a variety of legal bases, including: (i) as needed to make a transaction ( for example, transaction and purchase processing and fulfilment); (ii) as needed for compliance with legal obligations (for example, providing you with notice about changes to our policies as well as the addressing and prevention of fraud, violation of policies or terms and threats or harm); (iii) consent (where consent has been provided in accordance with relevant law, like  performing various business or commercial purposes as directed by you, completing your requested services, overseeing your involvement in a contest or promotion as well as making sure you receive your prize should you win, assess your eligibility for our Ambassador Program as well as administering its benefits); and (iv) as needed for our own justifiable interests. These justifiable interests, excluding those that are overruled by you that needs protection of personal information and by your interests, your rights and your freedoms, include the operation and management of our Site, sending of technical notices, security alerts, updates, and support and administrative messages, discovering methods to improve and tailor our Site and other websites, apps, products, services and marketing efforts, bringing advertising to you, and for the development and delivery of direct marketing, which includes ads and communications regarding our products, and those of third parties, promotions, events, offers, rewards and services.

As detailed in our “Retention and Deletion of Information” section above, your personal data will only be retained and processed for the amount of time it takes to fulfil the purpose for which it was collected in the first place.

Our “How We Share Information” section provides details regarding the different parties that we have shared our information with. This may include entities located within or outside of the European Economic Area (EEA), which may also include countries that do not have the same stringent personal information protection laws as the EEA, such as the United States, for the above listed purposes. Nevertheless, relevant technical and organizational safeguards that follow the appropriate data protection laws will be put in place in order to provide a sufficient amount of protection to the information being transferred out of the EEA.

You entitlement as a EU resident include:

  • The right to access. You reserve the right to have access to copies of your Personal Information.
  • The right to rectification. You reserve the right to request the correction of any information you have deemed inaccurate or incomplete.
  • The right to erasure. You reserve the right to request for the conditional erasure of your Personal Information.
  • The right to restrict processing. Giver certain circumstances, you reserve the right to restrict our the ways in which we process Personal Information.
  • The right to object to processing. Giver certain circumstances, you reserve the right to object to the ways in which we process your Personal Information.
  • The right to data portability. Giver certain circumstances, you reserve the right to request a transfer of our collected data to you directly or to another organization.
  • The right to withdraw consent. You reserve the right to, at any time, withdraw consent in regards to the processing of your Personal Information where consent was required. It is important to note that Personal Information that was processed and used before withdrawal will not be affected after withdrawal.

Please refer to our “Contact Us” section if you wish to exercise your rights. If you believe that we are not in compliance with relevant data privacy legislation, you may, at any time, also choose to file a complaint through your data protection authority.

Last updated: October 2, 2020