Philips Sonicare Privacy Notice

• The personal data we collect may include your name, email address, country, language and password. We also process information on your App usage, including your session, login and authentication information, which we use to manage your account. For China users, we collect the users’ phone numbers.
• If you choose to log in via social media, the personal data we collect may include your basic public profile (e.g., profile photo, identifier, gender, profile URL, birthday, homepage, and location) and email for authentication purposes.  In this case, your social media provider may collect information on the fact that you are using the App and logging in using your social media account. Please read your social media provider’s Privacy Notice (e.g., Facebook, Google, Apple) to learn about their privacy practices, including, what type of personal data they collect, and how they use, process and protect them.
• We use your Account Data to create and manage your account and provide personalized Services. You can use your account to securely login to the App. If you create a MyPhilips account to login to the App, we will send you a welcoming email to verify your username and password, to communicate with you in response to your inquiries, to send you strictly service-related announcements, or direct marketing communications in case you have provided consent.  You may also use your MyPhilips account to order a Philips product or service, participate in a promotion or game, participate in a social media activity related to a Philips promotion (for example clicking "like" or "share"), and participate in product testing or surveys.

Because we use your Account Data to provide the Services, we consider this processing to be necessary for the performance of a contract to which you are party and lawful under Article 6.1. (b) of Regulation (EU) 2016/679.

When you consent to making the app better based on your app interactions, feedback and crash information, we collect and process your App usage data as detailed in our Analytics Notice,  which you can find under the App settings of the App.  To do so, we may use several service providers that process your App data on our behalf and pursuant to our instructions.  Our service providers use Cookies to help us collect your information.     Before we use Cookies for analytics purposes, we will ask your consent.

We consider the processing of your Customer Support data to be necessary for the performance of a contract to which you are party and lawful under Article 6.1.(b) of Regulation (EU) 2016/679. In some cases, we consider the processing of your Customer Support Data to be based on a legitimate interest of Philips and lawful under Article 6.1. (f) of Regulation (EU) 2016/679.

• Bluetooth.  The App requires Bluetooth connection to connect the Device to the App. You can at any time block your Bluetooth connection through the settings of your mobile device.  
• Calendar.  If you want the App to remind you about your upcoming dental appointments, the App will require permission to access your calendar.  We will not copy or store your calendar information. This information will remain in your mobile device.
• Location. Android operating systems require coarse geo-graphic location to connect to your Device.  iOS operating systems require geo-location to recognize when the App and the Device are nearby. However, Philips will not process such location data in any manner.  The data will remain on your mobile device, where Philips will not have access to it. If you delete your profile and/or the App, the data will be deleted from your mobile device. You can at any time block geo-location collection through the settings of your mobile device.  
• Files. The App requires access to the mobile device’s files to store the language configurations and other files that the App uses to operate (e.g., graphics, media files, or other large program assets). If you delete the App, the data will be deleted from your mobile device.
• Sometimes a permission is a technical precondition of the operating systems of your mobile device. In such case, the App may ask your permission to access such sensors or data. However we will not collect such data, unless when required to provide you the Services and only after you provided consent.

Service providers

We work with third-party service providers to help us operate, provide, improve, understand, customize, support, and market our Services.

We may share your personal data with the following service providers:

• IT and cloud providers

These service providers deliver the necessary hardware, software, networking, storage, transactional services and/or related technology required to run the App or provide the Services.

• Analytics Service Providers.

These service providers deliver the necessary hardware, software, networking, storage, and/or related technology that we require to perform App analytics.

Philips requires its service providers to provide an adequate level of protection to your personal data similar to the level that we provide. We require our service providers to process your personal data only in accordance with our instructions and only for the specific purposes mentioned above, to have access to the minimum amount of data they need to deliver a specific service, and to protect the security of your personal data.

Other third parties

Philips may also work with third parties who process your personal data for their own purposes. If Philips shares personal data with third parties that use your personal data for their own purposes, Philips will ensure to inform you and/or obtain your consent in accordance with applicable laws before sharing your personal data. In this case, please read their privacy notices carefully as they inform about their privacy practices, including, what type of personal data they collect, how they use, process and protect them.

Philips sometimes sells a business or a part of a business to another company. Such a transfer of ownership could include the transfer of your personal data directly related to that business, to the purchasing company. All of our rights and obligations under our Privacy Notice are freely assignable by Philips to any of our affiliates, in connection with a merger, acquisition, restructuring, or sale of assets, or by operation of law or otherwise, and we may transfer your personal data to any of our affiliates, successor entities, or new owner.

At your request, we may share your personal data with the following third parties:

• Your insurance company or oral healthcare provider, if this option is available in your country and you have instructed us to do the disclosure;
• Amazon (If Amazon DRS is available in your country – see further details below).

These third parties may provide their own services to you. We may share your personal data with these third parties at your request and/or in accordance with applicable laws.

Please note that when you log in through your Facebook social media account via Android, you enable Facebook to collect the following information through the Facebook SDK:

• App Events: This covers generic App Events (e.g. App Install, app launch) and other standard logging for product metrics (e.g. SDK loading and SDK performance).
• Configuration data: After a user has logged in, the SDK makes periodic background requests to manage the lifetime of the access token automatically.
• Error information: The SDK captures error information, including during initialisation of the SDK, which may include a user ID of individuals who are logged in to Facebook.
• Short-term data: The SDK measures some user activity for purposes of managing fraud and abuse. This data is only retained for a very short period for those not logged in to Facebook.

Facebook may also collect analytics data on your use of the SDK, information about the name of the App you are using, the date when you authorized the login, and any URL associated with your login.  You can find out more about how Facebook uses your information by reading Facebook's Data Policy.  Please note that the Facebook login functionality is completely optional, we will always allow you to login using your MyPhilips account.

Amazon Dash Replenishment Services

In some countries, we support our BrushSync Reorder services (“BrushSync”). When you subscribe to BrushSync, the App will place automatic brush head orders for you via Amazon’s Dash Replenishment Service (“DRS”). For such purposes, you will have to log in to your Amazon Account, and Amazon will provide its own services to you. Please read Amazon’s Terms and Conditions and Privacy Notice as they inform about its privacy practices, including, what type of personal data it collects, and how it uses, processes and protects them.

When you set-up your BrushSync suscription, we share the following data with Amazon: the serial number of your Device, the model (hx number) of your Device, and when it is time to order a new brush head (“BrushSync Data”).  To keep track of your subscription, we store your Amazon Customer ID. If you unsubscribe to BrushSync, we will delete such Customer ID.  You can at any time (i) pause or change orders using the Reorder Settings in the My Brush Head Page of the App; and/or (ii) cancel any order via Amazon.

You understand that Amazon provides its own voice services to you and by activating BrushSync, you instruct us to share your BrushSync Data with Amazon, which may process the same in countries outside of your country of residence which may not provide adequate protection to personal data.

Cross-border transfer

Your personal data may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Services you acknowledge the transfer (if any) of information to countries outside of your country of residence, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your personal data.

If you are located in the EEA, your personal data may be transferred to our affiliates or service providers in non-EEA countries that are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here (https://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm). For transfers from the EEA to countries not considered adequate by the European Commission, such as the United States, we have put in place adequate measures, such as our Binding Corporate Rules for Customer, Supplier and Business Partner Data and/or standard contractual clauses adopted by the European Commission to protect your personal data. You may obtain a copy of these measures by following the link above or by contacting us here.

In your request, please make clear what personal data you would like to access, rectify, erase, restrict or object to its processing. For your protection, we may only implement requests with respect to the personal data associated with your account, your email address or other account information, that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.

Where we rely on consent to collect and/or process your personal data, you may withdraw your consent at any time, without affecting the lawfulness of processing based on consent before your withdrawal. Where we rely on performance of a contract to process your personal data for purposes of the Services, we may not be able to provide the Services if we do not receive your information.  

Please note that if you make use of (some of) your choices and rights, you may not be able to use, in whole or in part, our Services anymore.

When we process your personal data based on a legal obligation to which we are subject, including when you interact with us to exercise any of your rights, we consider the processing to be lawful in accordance with Article 6.1.(c) of Regulation (EU) 2016/679.

We take seriously our duty to protect the data you entrust to Philips against accidental or unauthorized alteration, loss, misuse, disclosure or access. Philips uses a variety of security technologies, technical and organizational measures to help protect your data. For this purpose we implement, among others, access controls, use firewalls and secure protocols.

While the Services are not directed to children, as defined under applicable law, it is Philips policy to comply with the law when it requires parent or guardian permission before collecting, using or disclosing personal data of children. We are committed to protecting the privacy needs of children and we strongly encourage parents and guardians to take an active role in their children’s online activities and interests.

If a parent or guardian becomes aware that his or her child has provided us with his or her personal data without their consent, please contact us here. If we become aware that a child has provided us with personal data, we will delete his/her data from our files.

Our Services may change from time to time without prior notice to you. For this reason, we reserve the right to amend or update this Privacy Notice from time to time. When we update this Privacy Notice, we will also update the date at the top of this Privacy Notice.

We encourage you to review regularly the latest version of this Privacy Notice.

The new Privacy Notice will become effective immediately upon publication. If you do not agree to the revised notice, you should alter your preferences, or consider stop using our Services. By continuing to access or make use of our Services after those changes become effective, you acknowledge that you have been informed and agree to the Privacy Notice as amended.

California Civil Code Section 1798.83 permits our customers who are California residents to request and obtain from us once a year, free of charge, information about the personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year.  If you are a California resident and like to make such a request, please visit our privacy website: https://www.philips.com/a-w/privacy/questions-and-feedback.html. 

Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), we are providing the following details regarding the categories of Personal Information that we collect and process about California residents via the Device and/or the App.  For details on how we handle Personal Information pursuant to the CCPA in other contexts, please go here.  Under the CCPA, “Personal Information” is information that identifies, relates to, or could reasonably be linked with a particular California resident or household.  

Sources of Personal Information 

We collect Personal Information from: 

1. Our interactions with you through the Device and/or the App; and 
2. Our affiliates.

Collection and Disclosure of Personal Information 

The following chart details which categories of Personal Information about California residents we plan to collect, as well as which categories of Personal Information we have collected and disclosed for our operational business purposes in the preceding 12 months