Privacy Policy Our Privacy Principles Watsons Personal Care Stores (Philippines), Inc. and/or Family Health & Beauty Corp. (“Watsons” or “we” or “us” or “our”), member of the A.S. Watson group of companies (“ASW Group”) and SM group of companies (“SM Group”), respectively, we take your privacy seriously. Here are our 5 privacy promises to you: 1. We will ALWAYS ensure that your personal data is used in line with applicable data protection laws. 2. We will ALWAYS be transparent with you about how we use your personal data. This includes informing you about what information we collect, what we do with it, with whom we share it and who you should contact if you have any concerns. 3. We will ALWAYS provide you simple options to say 'STOP' when you are no longer wish to receive our marketing communications. 4. We will ALWAYS take all reasonable steps to protect your personal data and make sure no unauthorized person accesses it. 5. We will ALWAYS respond to any questions on processing of your personal data without undue delay. Our Privacy Policy We are committed to safeguarding your privacy rights and ensuring that your personal data is protected. This Privacy Policy explains the types of personal data we collect and how we process and protect that data in connection with the services we offer. This includes information collected offline in our stores or through our customer services, and online through our websites, applications (including mobile apps) and third party platforms (together referred to as “Sites”). This Privacy Policy also applies to our targeted or personalised content, including online offers and advertisements for products and services, which you may see on third party websites, platforms and applications (“Third Party Sites”) based on your online activity. These Third Party Sites may have their own privacy policies and terms and conditions. We encourage you to read them before using those Third Party Sites. 1. WHO IS RESPONSIBLE FOR WHAT HAPPENS WITH YOUR DATA? We are responsible for processing your personal data on our Sites. 2. HOW DO I MAKE ENQUIRIES ABOUT MY PERSONAL DATA? If you have any question in relation to how we process your personal data you can contact our Data Protection Officer through any of the following contact details: Data Protection Officer 9/F West Quadrant, One E-Com Center, Ocean Drive, Mall of Asia Complex, Pasay City, 1300, Philippines +632 7902 8893 data-privacy@watsons.com.ph 3. WHAT IS PERSONAL DATA? Personal Data generally refers to information that can directly identify you ("Personal Data"). This typically includes information such as your name, address, email address, and telephone number, but can also include other information such as IP address, shopping habits, information about health and beauty, information about your lifestyle or preferences such as your hobbies and interests. Information about health are called “special categories of Personal Data” that require special protection because of their sensitivity. 4. WHAT HAPPENS WHEN YOU PROVIDE US WITH YOUR PERSONAL DATA OR WHEN WE OTHERWISE RECEIVE YOUR PERSONAL DATA? We collect your Personal Data directly in a number of ways, for example when you provide us with your information to register as a customer for our Sites or as a member of any of our loyalty programs, register for prize draws, games or competitions, subscribe to our newsletter, receive information or mailings, use our applications, buy a product or service from us, complete a survey, complete a beauty or health diagnostic test, make a comment or enquiry or contact our customer services. When you provide us with your Personal Data, we will process it in accordance with this Privacy Policy. If you do not wish us to process your Personal Data in this way, please do not provide us with your personal information. We may also receive your Personal Data from other sources, including information from commercially available sources, such as public databases and data aggregators, and information from third parties. If you do not want us to receive your Personal Data from other sources, please communicate your preferences directly with the relevant sources. We process your Personal Data to provide you with our services as further explained below. In certain instances, we only process your Personal Data if you have given us permission to do so, for example in most cases where we process your Personal Data for marketing purposes, use Cookies (as defined in Clause 6.2 below) or location data or where we process your sensitive personal information. In other instances we may rely on other legal grounds for processing your personal data, such as performance of the contract with you or legitimate interests, like fraud prevention. If you become a member of any of our loyalty programmes, we may infer in a transparent manner - and only where permitted by applicable law - that you would like us to process your Personal Data for marketing purposes. You can always opt out of marketing communications without detriment to your loyalty benefits. Where we process your Personal Data on the basis of your consent, we will ask for your consent explicitly and only for a particular purpose. We will also ask you to provide additional consent if we need to use your Personal Data for purposes not covered by this Privacy Policy. Please refer to Section 6 of this Privacy Policy for details of the various types of Personal Data we may collect, the relevant purposes and the legal basis for such processing. 5. WHAT HAPPENS IF OUR CUSTOMER IS A CHILD? Our Sites are intended only for persons who are at least eighteen (18) years old. We neither offer products or services to, nor knowingly collect Personal Data of, persons below the age of eighteen (18) years (“Minors”) without any parental consent. Should we become aware that we were provided with Personal Data of Minors without any legal basis, we will delete the same from our database. If you are a Minor, please do not provide any Personal Data to us, such as your name, age, gender, email address, contact information and the like. Parents or guardians may make purchases for minors. Note however that access to certain parts of our Sites and/or eligibility to receive prizes, samples or other rewards may be limited to users over a certain age.We may use your Personal Data to carry out age verification checks and enforce any such age restrictions. 6. FOR WHICH PURPOSES DO WE PROCESS YOUR PERSONAL DATA? 6.1 We process the following categories of Personal Data for the following purposes: What Personal Data may we collect? What is the purpose of the processing? How long do we store your Personal Data? Browsing on our Sites Information about the type of browser you use when visiting our Sites, your IP and device address, hyperlinks that you have clicked, websites you visited before arriving at our Sites and information collected by Cookies or similar tracking devices. Your user name, profile picture, gender, networks and any other information you choose to share when using Third Party Sites (such as when you use the “Like” functionality on Facebook). We (and third party service providers acting on our behalf) use Cookies and similar technologies to process data about you when you visit our Sites. We would like to know whether you have visited us before and your preferences to provide you with a tailored experience of our Sites. See Section 6.2. below for more information about Cookies. Please check the Cookie Consent Tool to learn about the storage periods for each Cookie. Purchasing products / Agreeing to a Service Name, title, postal address, email address, home telephone, mobile number, loyalty card number, passwords, order history, payment history, payment information (i.e. bank or credit card details), order history/wishlist, age/date of birth, gender, information on the handling of your request (including information relating to controlled drugs and other medicine or beauty products that you order), and other Personal Data you voluntarily provide to us. We process Personal Data to provide you with our products or services that you request from us, including sending you products or samples that you have requested. As long as you keep shopping with us. If you have no activity after three years, we will delete or anonymise your Personal Data, unless we are required by law to store it for a longer period. Customer Service Name, title, postal address, email address, home telephone, mobile number, loyalty card number, passwords, order history, payment history, payment information (i.e. bank or credit card details), order history/wishlist, age/date of birth, gender, information on the handling of your query, posts and other content you submit to our Sites, and further information submitted by you in relation to a purchase or service request or other query (including sensitive personal information). We process your Personal Data whenever you contact us and when we respond to your enquries, comments and complaints. For general enquiries and comments relating to service issues, store standards, stock availability etc., we will store such data for three years from the last communication with you. Communications relating to personal injuries, accidents and other health and safety issues may need to be kept for a longer period in case of legal claims or settlements. Suggesting products & services which may interest you Name, title, postal address, email address, mobile number, loyalty card number, order history/wishlist (including purchases you make on our Site, mobile app, in-store or pharmacy), payment history, age, date of birth, gender, products you view on our Site, brands you prefer, favourite store, actions you take on our website (including comments made by you in using our Sites) or when viewing our emails, answers you provide in surveys or competitions, your shopping habits and preferences and information about your lifestyle, such as your hobbies and interests. To suggest tailored products or services (including those of relevant third parties) that we think may be of interest to you based on your shopping history and behaviour, your preferences, and our market segmentation strategies. We may do this by sending you - via post, email, newsletter, SMS, push notifications or phone - details of products, services, special offers, promotions and other information. We may also contact you to offer the opportunity to take part in customer research surveys, promotions, prize draws or competitions. You may also receive in-store promotions (such as special coupons) from us when you have an account with us or are a member of any of our loyalty programs. As long as you keep shopping with us and/or using our loyalty card. If you are a registered shopper and/or are a loyalty card member and you have no transactions after three years, we will delete or anonymise your Personal Data, unless we are required by the law to store it for a longer period. If you purchase online and check-out as a guest, we will retain your data for one year from the date of transaction. If you have signed up to any of our newsletters, we will retain your data until you unsubscribe. Competitions, events and games Name, title, postal address, email address, home telephone or mobile number, age, date of birth, gender, images collected during any events, user generated content or any other relevant Personal Data that you submit – as required for the competition or game. To carry out prize draws, games or competitions which you chose to participate in and to determine the winner or to provide the prize if you win. Three months after the competition or game is completed, unless we are required by law to store them for a longer period. Online Shopping Name, title, postal address, email address, home telephone or mobile number, information about products you order, (including health products or drugs if you order from our online pharmacy), order history, details about your purchase, payment information, payment history, age. To process your online purchase and deliver the product to you as ordered. Your payment and delivery related Personal Data may be transferred to payment and courier service providers to process your payments and delivery your orders, respectively. As long as you keep shopping with us. If after three years, you have no transactions, we will delete or anonymise your Personal Data, unless we are required by law to store it for a longer period. If you check out as a guest, we will retain your data for one year from the date of transaction. In-app features (such as in-app beauty filters, comments and postings, etc.) Actions you take when you access or use the relevant in-app features in our Sites (including comments, personal images, and other content or information submitted by you). If you choose to use our in-app beauty filter features, we will process your image to fulfill your request. For some in-app features the images collected will only be stored in your personal device and will not be collected by us. We will ask for your separate permissions for our app to access your camera. If you change your mind, you will be able to revoke them any time by changing the settings on your device. Please note that rejecting or switching off these permissions will limit the features you can use in our app. We use face recognition technology already included in your phone (such as TrueDepth API) or other software for depth of facial mapping information to create augmented reality effects within the app. We do not share information with third parties, do not store or process in any other way the data which our app accesses and uses via this technology. As long as you are a member of any of our loyalty programs or shopping with us. If you have no activity after three years, we will delete or anonymise your Personal Data, unless we are required by law to store it for a longer period in the event that such data is collected and stored by us. Loyalty Program Name, title, postal address, email address, home telephone or mobile number, information about products you order using the Loyalty Program, transactions relevant for the Loyalty Program, account status and details regarding points collected and redeemed, payment information (i.e. bank details), payment history, age. To provide you with all services under the Loyalty Program including exclusive offers and points schemes. As long as you are a member of any of our loyalty programs. If you have no activity after three years, we will delete or anonymise your Personal Data, unless we are required by law to store it for a longer period. Fraud prevention and other administrative services, such as registration Name, title, postal address, email address, home telephone or mobile number, information about health or diagnostic data, NHS number (UK only), payment information (i.e. bank details), payment history, age. To carry out administrative services, including processing any application you submit to us for providing the services, preventing or detecting fraud or other crimes, verifying your identity and credit/payment status, or processing payment instructions. Your payment related Personal Data may be transferred to payment service providers to process your payments or the police for fraud prevention purposes. As long as you keep shopping with us. If you have no activities after three years, we will delete or anonymise your Personal Data, unless we are required by the law to store them for a longer period. 6.2 Cookies and Similar Technologies We use cookies pixel tags, web beacons and similar technologies (together referred to as “Cookies”) to improve our products and your experience on our Sites by collecting information on how you use our Sites. Some of the Cookies we use are required to enable core site functionality, for example to provide secure log-in or to remember how far you are through an order,but we also use Cookies that allow us to analyze site usage (so we can measure and improve performance), and advertisement Cookies which are used by advertising companies to serve ads that are relevant to your interests. We may also tailor our Sites and our products to your interests and needs, by collecting information about your device and linking this to your Personal Data so as to ensure that our Sites present the best experience on our Sites for you. The types of data we may collect from you when you visit the Sites include: • information about the mobile device used and the characteristics of such mobile device; • information about the type of browser you use; • details of the web pages you have viewed; • your IP address; • the hyperlinks you have clicked; and • the websites you visited before arriving at our Site. Our websites are initially set up to accept Cookies. Within your browser you can choose whether you wish to accept cookies or not. Different browsers make different controls available to you. You can opt-out of or delete historical cookies by changing the settings on your web browsers. Each browser’s website should contain instructions on how you can do this. However, if you do so, you may find that certain features on our website and/or our app do not work properly. 6.3 About using our Sites When you choose to use access or download our Sites or allow connectivity via Wi-Fi connections to your device, we receive information about your location and mobile device, including a unique identifier for your personalised device, your GPS data or wireless networks data (WLAN). Location data is neither stored nor transmitted to third parties. If you agree with the localisation function and/or enable the notifications function on your device mobile, we can provide you with location-based services including advertising, search results and personalised content. When you are near one of our Stores, then we can use push email communications or notifications (such as recommended promotion and recommended products) to you based on your geo-location data services and/or immediately previous on-line activities if you have provided your consent to receive such communications and advertising or if similar products upon our own legitimate interests. Most mobile devices allow you to turn off location services and push notifications on your device. Should you wish to do so, please access your own device and vary the settings for notification on your device to reflect your own preference to be notified (or not) following the relevant instructions under your device. 7. WHO DO WE SHARE YOUR PERSONAL DATA WITH? To protect your privacy, we will endeavour to only share with third parties data which has either been aggregated and anonymised or which otherwise does not contain your name or contact details. However, there may be limited circumstances where we will share data (which may include your Personal Data) with third parties who may or may not be located overseas, as detailed in this section. By using our Sites, you agree to allow us to share your Personal Data with third parties and to the cross-border transfer of your personal data in accordance with this section. Regardless of where we store or process your Personal Data, we are committed to protecting it and will take reasonable steps to safeguard it in accordance with this Privacy Policy and all applicable laws. 7.1 Partners Your Personal Data may be shared with our trustered business partners (“Partners”) to facilitate the processing of loyalty points issuance and redemption and related transactions, as well as for data analytics purposes in order to improve their operations, services or products. Please be aware that our Partners may themselves directly collect personal data from you if you give it to them when you purchase any goods or services at their store, or if you register with them as a customer. The handling of your data collected by our Partners will be governed by the relevant Partner's separate privacy policy (and not this Privacy Policy), and we are not involved or responsible for the collection and handling of such data. 7.2 ASW Group, CK Hutchison Group and SM Group Your Personal Data may be transferred to any members of ASW Group, CK Hutchison Group and/or SM Group (which are Watsons’ affilates and associates) for any of the purposes we have set out in Section 6 above. However, we will not provide your Personal Data to any member of ASW Group, CK Hutchison Group or SM Group in order for them to send you marketing materials regarding their own products and services, unless we obtain your prior consent. 7.3 Our service providers Your Personal Data may be shared with our service providers (including agents and contractors) which process Personal Data on our behalf to help us administer and operate our business and our Sites to conduct data analytics, to help aggregate and anonymise the personal data, or to carry out any of the purposes set out in Section 6 above. These may include IT vendors, back-office and front-end or ancillary service providers, logistic and delivery service providers, call centre operators, marketing agencies, data management and analytics service providers, and customer contact services. Our service providers may contact you on our behalf or on our behalf for any of the purposes set out in Section 6 above. 7.4 Professional advisors and assignees When necessary, we may share your Personal Data with our professional advisors, including lawyers, accountants, financial advisors and insurers. Your Personal Data may also be shared with third parties in connection with any merger, acquisition, consolidation, restructuring, sale of assets, financing or any other similar scenarios involving the transfer of some or all of our business assets. 7.5 Government and regulatory authorities We will disclose your Personal Data to courts, law enforcement, regulatory or other governmental agencies if we are required to do so by law, or by a warrant, subpoena or court order. 7.6 Other recipients We will transfer your Personal Data in the following scenarios: a) To data analytical firms, such as Google Analytics Inc. (to the extent that such Personal Data is not aggregated or anonymised); b) in an emergency, such as life, health or property of an individual; and/or c) with your consent to proceed to share your Personal Data with third parties where required by law. 8. TO WHICH COUNTRIES DO WE TRANSFER YOUR PERSONAL DATA? Many of our trusted third parties and Group companies are based in countries that provide an adequate level of data protection, such as the European Economic Area ("EEA"), Singapore and Hong Kong to ensure your Personal Data are safeguarded with sufficient protection at a level as required by our own standards. When we need to transfer your Personal Data to a trusted third party or Group company based in a country where data protection laws are considered not to offer the same level of protection, we ensure adequate data protection safeguards by relying on other legitimate means, such as the Privacy Shield certification and/or Standard Contractual Clauses. More details on the transfer mechanism can be obtained from our Data Protection Officer (see contact details in Section 2). 9. HOW LONG DO WE PROCESS YOUR PERSONAL DATA? We will store your Personal Data only until the aforementioned purposes for which we have collected or received your Personal Data are fulfilled and once our statutory obligations to preserve records have expired as further described in Section 5. 10. WHAT ARE YOUR RIGHTS? If certain requirements are fulfilled, you have the right to: • obtain from us confirmation as to whether or not we process Personal Data from you and, where that is the case, access to your Personal Data; • rectification of inaccurate Personal Data; • withdraw you consent for marketing communications (by logging into your account under “Marketing Preferences” or using the unsubscribe link in any of our marketing communications); and • withdraw your consent for use of Cookies (via adjusting the setting under your web browser). 11. HOW DO WE PROTECT YOUR PERSONAL DATA? We maintain appropriate technical and organizational measures to protect the Personal Data you provide to us against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to your Personal Data. 12. CAN WE CHANGE OUR PRIVACY POLICY? We may change this Privacy Policy from time to time by posting the updated version of the Privacy Policy here. We encourage you to visit this area frequently to stay informed. Remarks: a) ASW Group is part of the multinational conglomerate CK Hutchison Holdings Limited and its affiliated or related companies (“CK Hutchison Group”). b) SM Group are members of SM Investments Corporation.