Prestige Brands (UK) Limited (“Prestige Brands” or “we” or “our” or “us”) and each of its affiliates and subsidiaries (collectively, the “Prestige Brands Group”) is committed to respecting your privacy. This Privacy Statement describes to users of the website https://www.prestigebrands.com/ (our “Website”) how Prestige Brands, as Controller (within the meaning of the General Data Protection Regulation (referred to herein as “GDPR”), collects and processes personal data and other information of such users in connection with their use of our Website. Please read this Privacy Statement carefully, and if you do not agree with our policies and practices, your choice is to not use our Website. By accessing or using our Website, you agree to this Privacy Statement. This Privacy Statement may change from time to time and note that your continued use of this Website after we make changes is deemed to be acceptance of those changes, so please check back periodically. Please also note that for other Prestige Brands Group websites, other privacy terms and information may apply. This Privacy Statement is not intended to and does not create any contractual or other legal right in or on behalf of any party. This Privacy Statement does not apply to third-party sites which may be linked to from our Website. All capitalized terms in this Privacy Statement, if not otherwise defined, have the same meaning as defined in the GDPR
CONTENT OF THIS PRIVACY STATMENT:
- Categories of Personal Data, Processing Purposes and Legal Basis for Processing
- Consequences of Not Providing Your Data
- Categories of Recipients and International Transfers
- Applicable Retention Periods
- Your Rights as to Personal Data
- Cookies and Other Tracking Technologies
- Questions and Contact Information
1.Categories of Personal Data, Processing Purposes and Legal Basis for Processing – What Personal Data do we process about you and why?
ii. If you visit our Website and create an account on our Website, you will be required to provide the following personal data constituting account data: user ID, password, email address, name, address, information about your age, (and may be asked to provide information about your business or occupation and why you are interested in our Website and communicating with us). The purposes for collecting such personal data is to use for account administration and security, response to your inquiries and/or information requests, providing you with marketing materials and information to the extent permitted by applicable law, whilst ensuring and maintaining the user-friendly quality of our Website (including timely delivery of information to meet your needs). The legal bases for processing this information is that it is necessary for the: (a) purposes of legitimate business interests, except where such interests are overridden by the interests or fundamental rights and freedoms of a data subject (user of our Website) which require protection of personal data pursuant to GDPR (Art. 6(1)(f)). Such interests are to create and administer your account as requested by you, as well as to achieve other purposes set forth below. Additional information may be requested by contacting us using the details set forth below; and/or (b) performance of a contract to which you are a party or in order to take steps pursuant to your request prior to entering into a contract pursuant to GDPR (Art. 6(1)(a)); and/or (c) compliance with a legal obligation to which we are subject GDPR (Art. 6(1)(c)).
iii. If you participate in surveys or contests through our Website, we collect and process the following personal data about you: email address, name, address, information about your business or occupation, feedback to the survey or contest or other information provided in connection with the contest, and additional demographic information. The purposes for collecting such personal data is to use for effecting the survey or contest, informing the winner(s), delivering the prize(s), analysing your interest (for marketing purposes, improving our products and assessing interest, demand). The legal bases for processing this information is that it is necessary for the: (a) purposes of legitimate business interests, except where such interests are overridden by the interests or fundamental rights and freedoms of a data subject (user of our Website) which require protection of personal data pursuant to GDPR (Art. 6(1)(f)). Such interests are to create and administer your account as requested by you, as well as to achieve other purposes set forth below. Additional information may be requested by contacting us using the details set forth below; and/or (b) compliance with a legal obligation to which we are subject GDPR (Art. 6(1)(c)). Additionally, there is a legal basis based on that you have given your consent to the processing of your personal data for one or more specific purposes (i.e. the survey or contest) GDPR (Art. 6(1)(a)).
2. Consequences of Not Providing Your Data
Upon visiting our Website, it is necessary for you to provide your personal data to enter into a contract with us or to receive marketing, information, and/or other responses to your requests. Where the provision of your personal data is voluntary and you do not provide your personal data, you may not then be able to receive such marketing, information and/or other responses to your requests. However, unless otherwise specifically required, not providing your personal data will not result in any legal consequences to or for you.
3. Categories of Recipients and International Transfers
Your personal data may be transferred by us to the following parties for the processing purposes.
i. The Prestige Brands Group: our parent entity, Prestige Consumer Healthcare Company Inc., in the USA and each of its affiliates and subsidiaries within the global Prestige Brands Group may receive your personal data as necessary for the processing purposes described above. Depending on the categories of personal data and the purposes for which the personal data has been collected, different internal departments within Prestige Brands may receive your personal data. For example, our IT department has access to your account data, and our Marketing and/or Medical Affairs departments may have access to your data relating to an inquiry in order to respond to it. Moreover, other of our internal departments may have access to certain personal data about you on a need to know basis, such as the Legal department or the Finance department.
ii. Data Processors: our Website requires certain third party service providers to support its information technology (“IT”), who will receive and process your personal data as directed by us (referred to as “Processors”) as necessary for the processing purposes described herein. Processors may include service providers such as IT support, customer care, medical affairs, and marketing. We ensure that such Processors are subject to data privacy addendum agreements that include contractual obligations of such Processors: (a) to implement and maintain appropriate technical and organizational measures to ensure data security and safeguard your personal data; and (b) to process only such personal data as instructed by us.
iii. Other Recipients in compliance with applicable data protection laws and regulations: we may transfer your personal data to law enforcement agencies, governmental authorities, judicial bodies, legal counsel, consultants and business associates. In the case of a corporate merger or acquisition, personal data may only be transferred by us to third parties involved in such transaction and only under strict agreement of confidentiality. Any other disclosure of your personal data shall only be done by us with your permission, and only as permitted by applicable law.
iv. International Transfers. We ensure that the personal data of EU residents within the EU will not be transferred outside the European Economic Area (“EEA”) without a data protection addendum contract in place by an between us and the processor (recipient) which includes not only the processor’s implementation of appropriate technical and organizational measures, but also includes the Standard Contractual Clauses (“SCCs”) for purposes of GDPR Art. 26(2). Further, we are committed to comply with the Court of Justice of the European Union (“CJEU”) holding in in Case C-311/18 Data Protection Commission vs. Facebook Ireland and Maximillian Schrems (“Schrems II”) and will continue to monitor each recipient’s ability to comply with the SCCs, making sure we take all necessary measures to ensure that transfers outside of the EEA are adequately protected.
4. Applicable Retention Periods
We do not keep your personal data any longer than is necessary to provide you with the information, services and/or responses you have requested. Upon your termination of the relationship with us. Once you have terminated your account with us or otherwise end your relationship, we will remove your personal data and/or properly anonymize it so that you can no longer be identified from it (unless there is some other GDPR basis for longer retention or other compliance obligation to which we are subject GDPR (Art. 6(1)(c)). Additionally, we will retain your contact information in order to continue to send you marketing materials and offers, as only may be allowable by applicable law. As to any personal data in connection with a contractual relationship, your data will be maintained on a need to know basis after the termination of such contractual relationship and only retained as necessary to comply with applicable laws or in defence of a claim.
5. Your Rights as to Personal Data
You have the following rights which you may exercise by using the contact information as set forth below:
i. Right to withdraw your consent. You can withdraw your consent to our processing of your personal data at any time.
ii. Right to request access to your personal data. You can request that we confirm whether or not your personal data is being processed and if we are, the you have the right to request access to such personal data, including a listing of the categories of personal data, the categories of recipients of it, and the right to obtain a copy free of charge. However, please note that there may be other bases under GDPR that may restrict this right to access your personal data.
iii. Right to request rectification of your personal data. You have the right to have any incomplete or incorrect personal data completed or corrected.
iv. Right to request erasure (right to be forgotten). You have the right to obtain from us the erasure of your personal data and (depending on the basis for processing), we may be obliged to erase such personal data.
v. Right to request restriction of processing. You have the right to obtain from a us a statement that we may be obligated to restrict the processing of your personal data, unless there is a basis overriding such restriction pursuant to GDPR.
vi. Right to request data portability. You have the right to receive your personal data which you have provided to us in a structured, commonly used and readable format. Further you have the right to transmit such personal data to another entity without any hindrance from us, where our processing is carried out by automated means and is based on consent pursuant to GDPR Art. 6(1)(a).
vii. Right to object. You have the right to object, under certain circumstances, to our processing of your personal data, unless there in an overriding basis for such processing pursuant to GDPR. If your objection is not overridden by applicable law, your personal data will no longer be processed for such purposes by us.
viii. Right to lodge a complaint. You have the right to lodge a complaint with the competent data protection supervisory authority in the relevant Member State found here: https://edpb.europa.eu/about-edpb/board/members_en.
6. Cookies and Other Tracking Technologies
7. Contact and Other Information
If you have any questions about this Privacy Statement, you want to exercise your rights as stated above, or you have any concern about your privacy in connection with this policy, please send us a thorough description of your concern to and contact us at: Prestige Brands (UK) Limited, Clockhouse Court, 5-7 London Road, St. Albans, AL1 1LA; visit our Contact Us page and send us an e-mail; or send an e-mail to: Privacy@PrestigeBrands.com.