Privacy Policy
This Privacy Statement explains how Personal Information about our (potential) customers and other individuals using our services is collected, used, and disclosed by Surgise, and its respective affiliates ("us", "we", "our" or "Surgise"). This Privacy Statement describes our privacy practices in relation to the use of our websites (including any customer portal or interactive customer website), forms, and tools for lead generation purposes (such as matching customers with cosmetic surgeons), as well as your choices regarding use, access, storage, and correction of Personal Information. It also describes how we collect, use, disclose, and otherwise process Personal Information collected in relation to our Services and otherwise in the course of our business activities.
By signing up for our Services and by agreeing to our General Terms and Conditions required to use certain of our Services, you agree to the collection, usage, storage, and disclosure of information as described in this Privacy Statement.
Our Services may contain links to other websites or services; and the information practices and/or content of such other websites or services shall be governed by the privacy statements of such other websites or services.
We may change this Privacy Statement from time to time. If we make changes, we will notify you by revising the date at the top of the statement and providing additional notifications of such changes (e.g., by adding a statement to our homepage or sending you a notification). We encourage you to review the Privacy Statement whenever you use our Services to stay informed about our information practices and how you can help protect your privacy.
Personal information collection
We only use your personal information to provide you with our lead generation services and to communicate with you about the services.
With respect to any information you may choose to share through our forms or website, we take the privacy and confidentiality of such information seriously. We employ industry-standard techniques to protect against unauthorized access to the data about you that we store, including personal information.
We do not share personal information you have provided to us without your consent, unless:
It is necessary to carry out your own request (e.g., sharing your information with a cosmetic surgeon you consented to);
We believe it is needed to enforce our Terms of Service, or that it is legally required;
It is needed to detect, prevent, or address fraud, security, or technical issues;
To otherwise protect our property, legal rights, or that of others.
As part of our business operations, including the administration of you as a customer and to comply with local laws and regulations, we collect your personal information. We will not process personal information for other purposes than those described in this Privacy Statement.
Personal information you provide to us
While using our Services, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. For example, we collect information when you fill out a form, request customer support, or otherwise communicate with us. The types of information we may collect include basic user information (such as your name, email address, telephone number, and any other information you choose to provide related to your inquiry for cosmetic surgery).
We do not collect financial information directly from you (such as your payment card number, expiration date, or security code). All payments for our services are handled via a third party. Any financial transactions related to cosmetic surgery financing options are handled by respective partners (e.g., surgeons or financial institutions) with their own privacy policies. We encourage you to review their Privacy Statements for more information on how your financial data is processed.
Personal information we Collect automatically when you use our services
Log Information: We collect details about your interactions with our Services, such as the type and version of your browser, device and operating system, access times, usage times, pages viewed, IP address, the page you visited before using our Services, and any errors or debug information. This information helps us monitor usage patterns, improve our Services, and ensure smooth operations.
Information Collected by Cookies and Other Tracking Technologies: We use cookies and similar tracking technologies to collect information that enhances your experience on our platform. Cookies are small data files stored on your device, allowing us to understand which parts of our Services are most popular and improve user experience. You can control cookies through your browser settings; however, some features of our Services may be unavailable if you choose to disable cookies.
If you consent, we may also use web beacons (tracking pixels) in our notifications to assess the effectiveness of our campaigns and track whether emails have been opened and links clicked. We also partner with third-party services such as Google Analytics to help analyze usage and improve our offerings.
Social Sharing Features: Our Services may include social sharing features, allowing you to share content directly from our platform to external media. Please note that when you use these features, information may be shared publicly or with the social media platforms, depending on your settings. We may collect data from these platforms in line with their privacy policies.
Third Parties: We may receive additional Personal Information from third-party sources, including LinkedIn, Facebook, Twitter, and publicly available records. This helps us enhance your experience and services offered to you.
Support and Service Requests: When you contact us for customer support, we collect and store any information you provide, such as the nature of your request, to help resolve your issue and improve future interactions.
Our Access to Your Content: We only access your content in limited and lawful ways, such as addressing technical or legal issues, responding to your feedback, or improving our services. This may involve automated systems analyzing content to enhance the overall experience. Please note that access to personal content is strictly regulated and only performed when necessary.
Marketing or Promotional Communications: If you have opted into our newsletter, we may use your contact information to send you marketing or promotional materials. You can unsubscribe from these communications at any time by using the unsubscribe link in our emails or contacting us at support@surgise.com. We aim to process all unsubscribe requests within two business days.
Personal information we use
For individuals in the European Economic Area (EEA), our processing (i.e., use) of your Personal Information is based on the following legal grounds:
The processing is necessary to fulfill a contract we have with you or to take steps to enter into a contract at your request;
The processing is necessary for us to comply with our legal obligations;
The processing is based on our legitimate interests, and these interests are not overridden by your privacy rights; and/or
You have provided your consent for us to process your Personal Information.
We collect and process your Personal Information for the following purposes:
To fulfill the terms of our agreement with you and other parties;
To process, evaluate, and complete specific transactions involving our Services;
To operate, evaluate, maintain, improve, customize, and develop our Services (including by monitoring and analyzing how you access and use the Services, to enhance customer experience, and to ensure the security of our Services);
To provide you with documentation, communication, or any other requested services;
To correspond with you, addressing any queries or complaints you may have;
To protect and safeguard our Intellectual Property Rights;
To manage, protect against, and investigate fraud, risks, claims, and liabilities, including but not limited to breaches of contract terms or violations of applicable (international) laws and regulations;
To ensure compliance with our legal obligations worldwide.
Personal information we disclose
We operate worldwide and we may share your Personal Information with our affiliated businesses as part of our business operations, administration of the Services and to comply with local laws and regulations. We may also appoint third party service providers (who will operate under our instructions) to assist us in providing information, products or services to you, in conducting and managing our business, or in managing and improving our Services. We may share your personal data with these affiliates and third parties to perform services that the third parties have been engaged by us to perform on our behalf, subject to appropriate contractual restrictions and security measures, or if we believe it is reasonably necessary to prevent harm or loss, or if we believe that the disclosure will further an investigation of suspected or actual illegal activities.
We reserve the right to share any information that is not deemed Personal Information or is not otherwise subject to contractual restrictions.
Where Personal Information is transferred outside the European Economic Area to our affiliated companies or to third party service providers, we will take steps to ensure that your Personal Information is protected by the same level of protection as if it remained within the European Economic Area, including by entering into data transfer agreements using the European Commission approved Standard Contractual Clauses. We contractually require agents, service providers, and affiliates who may process Personal Information related to the Services to provide the same level of protection for Personal Information as required under the European Union General Data Protection Regulation ("GDPR").
We are committed to processing personal data in accordance with our obligations as a data “processor” or “subprocessor” under applicable EU data protection laws. If your organization is based in the EU or is otherwise directly or indirectly subject to EU data protection laws, including the GDPR, we have executed, or upon request by your organization will execute, and have otherwise committed to comply with the applicable Standard Contractual Clauses approved by the European Commission related to our processing or subprocessing of personal data in connection with the services we provide to your organization as our customer. For our customers to which such EU data protection laws apply, these requirements include:
- Processing personal data only in compliance with our customers’ instructions, and promptly informing them if we cannot comply;
- Promptly notifying our customers if we have any reason to believe that law applicable to us would prevent us from complying with our customers’ processing instructions;
- Implementing and maintaining specific and appropriate technical and organizational security measures to protect personal data;
- Promptly notifying our customers about any legally binding request for disclosure of personal data by law enforcement, or any accidental or unauthorized access to any personal data, or any request received by us from an EU-based individual whose personal data we may be processing pursuant to the customers’ instructions;
- Submitting our data processing facilities to audit by our customers;
- Providing a copy or summary of the applicable contract between us and our customer to individuals who are unable to obtain such a copy or summary directly from their organization;
- Obtaining consent from our customers for our use of any service providers who will be processing any personal data; and
- Ensuring that any such service providers agree in writing to comply with these requirements.
We may share Personal Information with third parties in connection with potential or actual sale of our company or any of our assets, or those of any affiliated company, in which case Personal Information held by us about our customers and/or users may be one of the transferred assets.
In accordance with our legal obligations, we may also process Personal Information, subject to a lawful request, to public authorities for law enforcement or national security purposes. Further we may also disclose Personal Information where otherwise required by local law or regulations.
Security
The security of your Personal Information is important to us. We therefore aim to safeguard and protect your Personal Information from unauthorized access, improper use or disclosure, unauthorized modification, or unlawful destruction or accidental loss, and we utilize and maintain certain reasonable processes, systems, and technologies to do so. This also means that our personnel is only allowed to access or process Personal Information if this is reasonably required to do so for work related tasks, to adhere to your request or to fulfill a legal obligation on behalf of us.
Please remember that no method of transmission over the internet, or method of electronic storage, is 100% secure or error-free. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. Accordingly, we cannot be held responsible for unauthorized or unintended access that is beyond our control.
Transferring Personal Information: As also mentioned above, where Personal Information is transferred outside the European Economic Area to our affiliated companies or to third party service providers, we will take steps to ensure that your Personal Information is protected by the same level of protection as if it remained within the European Economic Area, including by entering into data transfer agreements using the European Commission approved Standard Contractual Clauses. We contractually require agents, service providers, and affiliates who may process Personal Information related to the Services to provide the same level of protection for Personal Information as required under the GDPR.
Personal Information Breach: In the case of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Information transmitted, stored, or otherwise processed by us about our customers and/or users, we shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the Personal Information breach to the local supervisory authority, unless the Personal Information breach is unlikely to result in a risk to the rights and freedoms of natural persons. When the Personal Information breach is likely to result in a high risk to the rights and freedoms of natural persons we shall communicate the Personal Information breach without undue delay on our security page, unless we have already i) implemented appropriate technical and organizational protection measures, and those measures are applied to the Personal Information affected by the breach, in particular those that render the Personal Information unintelligible to any person who is not authorized to access it, such as encryption, or ii) we have taken subsequent measures which ensure that the high risk to the rights and freedoms of natural persons is no longer likely to materialize.
Retention of personal information
In general the collected Personal Information is not stored by us for longer than three years, unless you do a prior deletion request. However, in some circumstances, we may retain certain Personal Information for other periods of time, for instance where we are required to do so in accordance with legal, tax, and accounting requirements, or if required by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required. In specific circumstances, we may also retain certain Personal Information for longer periods of time corresponding to a statute of limitation, so that we have an accurate record of your dealings with us in the event of any complaints or challenges.
Children
The Services are not for use by children under the age of 16 years and we do not knowingly collect, store, share, or use Personal Information of children under 16 years. If you are under the age of 16 years, please do not provide any Personal Information, even if prompted by the Services to do so. If you are under the age of 16 years and you have provided Personal Information, please ask your parent(s) or guardian(s) to notify us and we will delete all such Personal Information.