EEA Privacy Notice
Prestige Consumer Healthcare EEA Privacy Notice
Effective Date: June 1, 2024
Who We Are
Prestige Consumer Healthcare Inc. and each of its affiliates and subsidiary entities (collectively, “Prestige,” “we,” “our,” or “us”) are committed to protecting your personal data. We are headquartered in Tarrytown, NY and we market, sell, manufacture, and distribute consumer healthcare products to retail outlets in the US, Canada, Australia, and certain other international markets.
Unless stated otherwise, this EEA Privacy Notice supplements our main Privacy Notice in connection with the personal data of residents of the European Economic Area (“EEA”) in order to comply with the EU General Data Protection Regulation 2016/679, the UK Data Protection Act 2018, and GDPR as incorporated into UK law by virtue of the European Union (Withdrawal) Act 2018 (“UK GDPR”). In this EEA Privacy Notice, “you” means anyone who uses our Website, our products or services, or otherwise communicates with us. “Personal data,” “processor,” “processing,” and “controller” have the same meanings given as in GDPR.
We also have Terms of Use , which applies to your use and access of our Website, and which you may access by clicking on the hyperlink. By clicking the “ACCEPT” box, you expressly acknowledge and agree that you have read, understand, and consent to the data processing practices described in our Privacy Notice.
- Controller/Contact Us
- Legal Bases on Which We Collect our Personal Data
- What Are My Personal Data Rights?
- Where Is My Personal Data Transferred and Stored?
CONTROLLER/CONTACT US
Unless otherwise stated elsewhere, we are a data controller. You may contact us at Prestige Consumer Healthcare Inc., ATTN: Privacy, 660 White Plains Rd., #250, Tarrytown, NY 10591. You also may email us and reach our Data Protection Officer at [email protected].
LEGAL BASES ON WHICH WE COLLECT YOUR PERSONAL DATA
Under EU and UK data protection laws, we are required to rely on one or more legal bases to collect, use, share, and otherwise process the personal data we have about you. We describe these legal bases and some accompanying examples in more detail below.
Your Consent
- We use cookies and similar technologies, as described in more detail in our Advertising and Cookie Policy, based on your consent.
- Where you choose a method of verification to confirm who you are, we do so in accordance with your consent.
- If you decide to use location services in the context of our Website, we collect and process such location personal data based on your consent.
- We may send you questions or surveys in connection with our events, collaborations, or content where you have consented to receiving such communications in accordance with applicable law.
Legal Obligation
We may process your personal data in order to comply with a legal obligation, a court order, or to exercise and defend legal claims. For example,
- We may preserve and disclose your personal data if it is necessary to respond, based on applicable law, to a valid legal request (e.g. a subpoena, search warrant, court order, or other binding request from government or law enforcement).
- We may retain and process your personal data where it is necessary for compliance with applicable tax laws.
Vital Interests
We may process your personal data in certain circumstances when it is necessary to protect your vital interests, or those of others. For example,
- We may need to process your personal data in order to protect your life or safety or the lives or safety of others, or otherwise prevent physical injury or other harm to any person, including you, other natural persons, other companies, visitors, our staff, or the public.
- We may preserve or share your personal data with law enforcement and related authorities where we have a good faith belief that it is required in the context of an imminent threat.
- We may share your personal data with disaster relief agencies, first responders and other individuals to facilitate disaster or emergency response efforts.
Legitimate Interests
We may process your personal data where it is necessary for the purposes of our legitimate interests, or a third party’s legitimate interests, such as those of other employees or users, or our corporate partners or those organizations we collaborate with for certain projects or services. In particular, we process your personal data in furtherance of the following legitimate interests:
- Keeping our Website and information systems safe and secure, and to pursue our legitimate interests and the legitimate interests of our customers and users of our products and services in ensuring the security of our Website and information systems, such as implementing and enhancing security measures and protections, protecting against fraud, spam and abuse, and enforcing our Terms of Use.
- Providing, improving, and developing our Website, products, and services. We do so as it is necessary to pursue our legitimate interests of improving our products, to provide customer service-related activities, and to improve the experience on our Website on a sustained basis.
- Providing seamless platform and Website experience across our affiliated companies, products, and brands. We may share your personal data with affiliates to provide and improve our Website, products, and services to assist technically and infrastructurally.
- Sending marketing communications. We rely on our legitimate interests in marketing and promoting our Website and products and services to use your contact personal data and send you marketing communications in accordance with applicable law, except where applicable law requires that we rely on your consent to send such communications.
- Sending you questions or surveys in connection with our products and services, or the functionality of our Website and to promote them in accordance with applicable law, except where applicable law requires that we rely on your consent to send such communications.
- Sharing personal data for legal and safety reasons. Where required for legal and safety reasons, we may disclose personal data to law enforcement and related agencies and authorities in furtherance of the legitimate interests described further below.
- As detailed in our Privacy Policy, where we process your personal data based on legitimate interests, you have the right to object to such processing. Where you exercise your right to object, we will cease processing your personal data for that specific purpose, unless there are compelling legitimate grounds overriding your objection or where your personal data is processed for legal reasons.
WHAT ARE MY PERSONAL DATA RIGHTS?
You benefit from a number of rights in relation to your personal data that we process. While some of these rights apply generally, certain rights apply only in certain limited cases. You may
- request and obtain a copy of the personal data we have about you. If requested and required to do so by applicable law, we will provide your information in an easily accessible format and assist in transferring some of this information to third parties as you request.
- Have us rectify, restrict, or delete your information if requested and if required to do so by applicable law.
- If we process your personal data based on our legitimate interests explained above, you can object to this processing in certain circumstances. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing (including if we are permitted to continue processing under applicable law) or where it is needed for legal reasons. Where we use your data for direct marketing, you can always object by using the unsubscribe link in such communications, changing your email account settings or by contacting us [email protected] or submit a request via the EEA Data Request Form by clicking here.
To contact us in connection with our data rights, you may email us at [email protected] or submit a request via the EEA Data Request Form by clicking here.
In addition to the rights outlined under the “Data Subject Rights” Section, you have the following additional rights in respect of your personal data that we hold:
- Right to withdraw consent: You have the right to withdraw consent that you have provided. Where consent is required for processing your personal data under applicable law, you may withdraw your consent to the processing of your personal data at any time. If you withdraw your consent to the use of your personal data for the purposes set out in this Privacy Notice, you may not have access to all (or any) of our Website, and we may not be able to provide you all (or any) of our services under this Privacy Notice. In certain cases, we may continue to process your information after you have withdrawn consent if we have a legal basis to do so, or if your withdrawal of consent was limited to certain processing activities. Please also understand that, if you withdraw your consent, that does not impact the lawfulness of processing that occurred before your consent was withdrawn.
- Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority in the member state of your habitual residence. Further information about how to contact your local data protection authority is available at:
- Right to data portability: You have the right to receive the personal data that you have provided to us, in a structured, commonly used, and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible.
- Right to Standard Contractural Clauses:You have the right to review and request standard contractual clauses, which are used as a data transfer mechanism primarily designed to help controllers and processors legally facilitate data transfers to countries outside the EEA and UK.
WHERE IS MY PERSONAL DATA STORED AND TRANSFERRED
We may transfer your personal data to other jurisdictions where we have facilities or service providers, including the United States, where data protection laws may not provide the same protections as the laws of your home country.
When we transfer personal data of data subjects in the UK or EU to a third country that is not subject to an adequacy decision, we will do so in accordance with all applicable data protection laws. We may rely on standard contractual clauses to provide an adequate level of protection for personal data. “Standard Contractual Clauses” refers to contracts between companies transferring personal data from Europe to third countries that contain standard commitments approved by the European Commission protecting the privacy and security of the personal data transferred.
If you have questions about these international transfers of personal data, please email us at [email protected]