Last modified: January 2, 2024

Introduction

All Skin Inc. and its affiliates (“we”, “our”, “us”, and “All Skin”) respect your privacy and are committed to protecting your rights under the Personal Information Protection and Electronic Documents Act and applicable Canadian provincial privacy legislation (collectively, “Privacy Laws”). This is our privacy policy (the “Policy”), and it tells you how we collect, use, and disclose your personal information in accordance with Privacy Laws when you visit and use the All Skin website, at allskinhealth.com, and All Skin Mobile Application (collectively, the “Platform”).

Please read this Policy carefully to understand our practices for collecting, using, and disclosing your personal information. By downloading, accessing, or using our Platform, you indicate that you understand, accept, and consent to the collection, use, and disclosure of your personal information as described in this Policy.

Please note that this Policy may change from time to time. We include the date this Policy was last revised at the top of the page. You are responsible for checking this page periodically for updates to our Policy, as your continued use of the Platform after we make changes indicates that you accept and consent to those changes. If we make any material changes to this Policy or the way that we collect, use, or disclose your personal information, we will notify you via email or through a notice on the Platform’s home page.

What is “personal information”?

"Personal information" is any information about an identifiable individual, which includes information that can be used on its own or with other information to identify, contact, or locate a single person. This may include your name, address, phone number, email address, or other information. If the information we collect identifies you, or could reasonably be used to identify you, it is considered personal information.

What personal information do we collect?

When you use our Platform, we may collect the following personal information from you:

• name;

• email address;

• phone number;

• province, territory, or state of residence;

• age or birth year;

• gender;

• skin colour;

• hair type;

• details you provide to us regarding your medical history, including skin conditions, skin allergies, menstrual cycle, and whether you are pregnant or breastfeeding;

• details regarding potential allergies;

• details you provide to us regarding your lifestyle information, including cosmetic use, sleep habits, exercise habits, stress level, diet, smoking habits, UV or sun exposure, and skincare routine;

• details you provide to us regarding your membership or enrolment status in rewards programs offered by third-party retailers;

• photographs that you choose to upload; and

• technical information including your login information, location, device type, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, or information about your internet connection, the equipment you use to access our Platform, and usage details.

We may also collect information from you that is not considered personal information because it cannot be used to identify you or anyone else, such as statistical or aggregate information about how users interact with our Platform.

How do we collect your personal information?

We collect personal information when you provide that information to us directly, including:

• when you make an inquiry about our services using the contact information on our Platform;

• when you request to be placed on our mailing list;

• when you fill in forms or enter other information on our Platform, including during the account registration process; and

• when you make search queries on our Platform.

We may also collect information about you indirectly using cookies or other automatic data collection technologies, described in more detail below.

What happens if we cannot collect your personal information?

If we cannot collect your personal information, we may not be able to provide our services to you, or your user experience may not be as useful or enjoyable.

For what purposes do we collect and use your personal information?

We collect personal information so that we can perform our business activities and provide you with the best possible user experience. We collect, use, and disclose your personal information for the following purposes:

• to provide and personalize information, services, or products you request from us;

• to assist you with making informed decisions about your skincare;

• to help you track your progress and achieve your skincare goals;

• to process transactions;

• to answer inquiries;

• to send communications requested by you;

• for administrative, planning, product or service development, quality control, and research purposes;

• for marketing and advertising (including direct marketing), if you have consented by opt-in;

• to notify you about changes to our Platform, or any products or services we offer or provide;

• to update our records and keep your personal information up to date; and to process and respond to any complaint made by you.

For what purposes do we disclose your personal information?

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose personal information that we collect from you:

• in accordance with applicable law, to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of All Skin’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by All Skin about our customers and users is among the assets transferred;

• to our employees, contractors, service providers, and other third parties we use to support our business (such as webhosting, database management, communications management, analytics, and search engine providers that assist us with improving and optimizing our Platform), and who are contractually obligated to keep personal information confidential, use it only for the purposes for which we disclose it to them, and to process the personal information with the same standards set out in this Policy;

• to enforce or apply our Terms and Conditions of Use, which can be found at www.allskinhealth.com/terms-and-conditions-of-use, including for billing and collection purposes; and

• to comply with any law, rule, regulation, lawful and binding determination, decision, or direction of a regulator, or in co-operation with any governmental authority.

How do we use cookies?

A “cookie” is a small summary file containing a unique ID number. When you access our Platform, we may use cookies or similar automatic data collection technologies, including third-party cookies such as Google Analytics, to indirectly collect information about you. Cookies enable us to recognize your computer and greet you each time you visit our Platform without bothering you with a request to register. Cookies also enable us to keep track of services you view so that, if you consent, we can send you news about those services.

We may also use cookies to measure traffic patterns, to determine which areas of our Platform have been visited and to measure transaction patterns in the aggregate. We use this to research our users’ habits so that we can improve our services. If you do not wish to receive cookies, you can set your browser so that your computer does not accept them. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of our Platform may not be accessible or may not function properly.

We may also use these technologies to collect information about your online activities over time and across third-party websites or other online services (known as behavioral tracking, tailored, or targeted advertising). To learn more or to opt-out of tailored advertising, please visit the Digital Advertising Alliance of Canada Opt-Out Tool for information.

How do we communicate with you?

We may send you direct marketing communications and information about our services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS text messages, push notifications, and email, in accordance with applicable marketing laws, such as Canada’s Anti-Spam Legislation (CASL). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from us by contacting our Chief Privacy Officer using the details below, or by using opt-out facilities provided in the marketing communications. If you choose to opt-out of receiving marketing communications from us, we will ensure your name is removed from our mailing list.

Where is your personal information transferred or stored?

We may process, store, transfer, or disclose your personal information to contractors, service providers, and other third parties we use to support our business for the purposes listed above.

We may disclose your personal information to entities located in a foreign country, including hosting services providers located in Canada and the United States, that assist us with the operation of our business.

In these circumstances, the governments, courts, law enforcement, or regulatory agencies of that country may be able to obtain access to your personal information through the laws of the foreign country. Whenever we engage a service provider, we require that its privacy and security standards adhere to this policy and applicable Canadian privacy legislation.

You may access written information about our policies and practices with respect to service providers outside Canada by contacting our Chief Privacy Officer (see the details below). Our Chief Privacy Officer can answer any questions you may have about the collection, use, disclosure, or storage of personal information by service providers outside Canada for or on behalf of All Skin.

How is your personal information kept secure?

The security of your personal information is very important to us. We use physical, electronic, and administrative measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.

The safety and security of your information also depends on you. Where you have chosen a password for access to certain parts of our Platform, you are responsible for keeping this password confidential. Do not share your password with anyone.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Platform. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Platform.

How long do we keep your personal information?

We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, or until we are no longer required by law to retain it (whichever is the latter). Under some circumstances, we may anonymize or de-identify your personal information so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.

How can you access or correct your personal information?

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes. You have the right to request access to and to correct the personal information that we hold about you. You can review and change your personal information by logging into the Platform and visiting your account profile page, or by contacting our Chief Privacy Officer using the details below. Before providing access to any information, we will first verify your identity, and you consent to our collection and use of your personal information for verification purposes.

We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. We may request specific information from you to help us confirm your identity, and to provide you with the personal information that we hold about you or make your requested changes. If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

How can you withdraw consent to the collection, use, and disclosure of your personal information?

Where you have provided your consent to the collection, use, and disclosure of your personal information, you may have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, if applicable, contact our Chief Privacy Officer using the details below. Please note that if you withdraw your consent, we may not be able to provide our services to you, or your user experience may not be as useful or enjoyable. We will explain the impact to you at the time to help you with your decision.

Does our Platform contain links to third-party websites?

Our Platform may include links to third-party websites, plug-ins, services, social networks, or applications. Clicking on those links or enabling those connections may allow the third party to collect or share data about you. If you follow a link to a third-party website or engage a third-party plugin, please note that these third parties have their own privacy policies and we do not accept any responsibility or liability for these policies. We do not control these third-party websites, and we encourage you to read the privacy policy of every website you visit.

What is the process for complaining about a breach of this Policy?

If you believe that this Policy has been breached, please contact our Chief Privacy Officer using the details below. We have procedures in place to receive and respond to complaints or inquiries about our handling of personal information, our compliance with this Policy, and with applicable Privacy Laws. We will treat your complaint confidentially, investigate the alleged breach, and aim to ensure that we contact you and resolve your complaint within a reasonable time (and in any event, within the time required by the relevant Privacy Laws, if applicable).

Contact Information

We welcome your questions, comments, and requests regarding this Policy and our privacy practices. Please contact:

Chief Privacy Officer 32 Royal Vista Drive NW Calgary, Alberta, Canada T3R 0H9 info@allskinhealth.com