General privacy policy

All the companies of the Cooper Group (i.e. the companies held or controlled by more than 50% by Cooper Consumer Health SAS) pay great attention to protecting the personal data of their partners, whether they are suppliers, clients – professional or otherwise, consumers, internet users, patients or employees.

The European Regulation 2016/679 of 27 April 2016, known as GDPR, as well as the different local laws applicable depending on the location of the Cooper Group company or partner, have been taken into account to establish this General Privacy Policy of the Cooper Group for Personal Data Protection.

  1. Introduction and Scope

This General Privacy Policy (“Policy”) explains how personal data is collected, used, disclosed, retained, processed and protected by one or more entities of the Cooper Group (“the Group”, “we”, “us”, “our”). It applies to all personal data processing operations carried out by any Group entity, whether online or offline, regardless of the country in which the individual or the Group entity is located and includes processing carried out through our websites, digital platforms, contact forms, and other online services:

This Policy applies to all individuals who interact with a Group entity, including but not limited to:

  • Customers and consumers,
  • Suppliers and service providers,
  • Healthcare professionals,
  • Website and digital service users,
  • Job applicants and candidates,
  • Participants in events or surveys,
  • Visitors to our sites or premises,
  • Individuals contacting our customer service, regulatory, quality, vigilance, or medical information teams.

Each Group entity acts as an independent data controller for the processing activities it performs.

  1. Categories of Personal Data We Collect

We may collect the personal data listed in this article 2. The personal data collected depends on the nature of your relationship with us and the channels through which you interact with us, including when using our websites.

  1. Data collected directly from you
  • Identification and contact data (name, title, postal address, email address, telephone number).
  • Professional data (function, employer, qualifications, professional registration number where applicable).
  • Account and login data (username, identifiers, preferences) where digital accounts apply.
  • Financial and transactional data (bank details, payment data, invoices).
  • Customer relationship data (orders, delivery information, claims, vigilance or product quality reports, correspondence).
  • Recruitment data (CVs, qualifications, interviews, references).
  • Information you voluntarily provide (contact forms, inquiries, surveys, email requests, documents uploaded via online forms).
  1. Data collected automatically or indirectly
  • Technical and browsing data (e.g. cookies, trackers, IP address, device information).
  • Identity or professional data from business partners or publicly available sources.
  • Health-related data strictly required for vigilance activities (pharmaco-, materiovigilance, cosmetovigilance, etc.).
  • Reporting information related to product quality or safety incidents.
  1. Special categories of data

We may process health-related data strictly when required, particularly for product vigilance or regulatory obligations, and always in compliance with applicable laws.

For more information, please refer to section 3.3 below and to our Privacy Notice for vigilance, Medical information and Product quality inquiries.

  1. Processing Purposes and Legal Basis

We process your personal data for the following purposes and under the following legal basis:

PURPOSE

LEGAL BASIS

Management of contractual and business relationships, including:

  • Managing contracts, orders, deliveries, invoices, payments.
  • Managing customer, supplier, and partner accounts.
  • Handling claims, returns, disputes, and customer service interactions.

Art. 6-1-b of the GDPR: performance of a contract or pre-contractual measures

Art. 6-1-c of the GDPR: compliance with a legal obligation

Art. 6-1-f of the GDPR: pursuit of a legitimate interest

Website use and digital services, including:

  • Providing access to websites, online services, and accounts.
  • Ensuring website security and performance.
  • Personalising user experience.
  • Managing cookies and similar technologies.

For more information, please refer to our Website policy available on all Products websites.

Art. 6-1-b of the GDPR: performance of a contract

Art. 6-1-f of the GDPR: pursuit of a legitimate interest

Art. 6-1-a of the GDPR: consent for non-essential cookies and optional functionalities

For more information, please refer to our Website Privacy Notice.

Product quality, vigilance, and regulatory compliance, including:

  • Managing reports of adverse events, incidents, or product quality issues.
  • Fulfilling regulatory and public health obligations.
  • Ensuring product monitoring and safety.

Art. 6-1-c of the GDPR: compliance with a legal obligation

Art. 9-2(i) of the GDPR: public interest in the area of public health

Marketing and communication, including:

  • Sending newsletters, surveys, satisfaction studies, and product or service information.
  • Conducting surveys or satisfaction assessments.
  • Contacting professional customers.

Art. 6-1-f of the GDPR: pursuit of a legitimate interest

Art. 6-1-a of the GDPR: consent in some situations

Security, fraud prevention, and compliance, including:

  • Ensuring safety of individuals and assets (including video surveillance).
  • Ensuring IT security.
  • Preventing fraud, misuse, or unlawful activities.
  • Managing legal claims and defending rights.

Art. 6-1-c of the GDPR: compliance with a legal obligation

Art. 6-1-f of the GDPR: pursuit of a legitimate interest

Recruitment, including:

  • Managing job applications, interviews.
  • Hiring processes.

Art. 6-1-f of the GDPR: pursuit of a legitimate interest

Art. 6-1-b of the GDPR: performance of pre-contractual measures

Management of data subject rights requests

Art. 6-1-c of the GDPR: compliance with a legal obligation

Note: Where processing is based on consent, you may withdraw it at any time.

  1. Recipients of Personal Data

Your personal data may be shared only on a need-to-know basis with:

  • Authorised personnel of Group entities (e.g., customer service, sales, accounting, regulatory, vigilance, medical information, quality, legal, HR, IT).
  • Other Group entities when necessary for internal administration or operational purposes.
  • Service providers and processors (e.g., hosting, IT services, logistics, payment services, call centres, marketing providers, vigilance service providers, medical surveillance providers).
  • Healthcare professionals and regulatory authorities in the context of vigilance obligations.
  • Legal advisers, auditors, courts, or authorities when required by law or for the protection of our rights.
  • Business partners involved in the life cycle of our products (e.g., laboratories, distributors).
  • Potential acquirers in the context of corporate transactions, subject to appropriate safeguards.

We do not sell your personal data to third parties.

  1. International Data Transfers

Personal data may be transferred to countries outside the European Economic Area (EEA) or where local data protection laws may differ.

Where such transfers occur, we use appropriate safeguards, including:

  • Adequacy decisions.
  • Standard Contractual Clauses (SCCs).
  • Binding corporate rules or equivalent mechanisms.
  • Derogations for important public interest reasons (e.g., vigilance reporting obligations).
  1. Data Retention Periods

In accordance with applicable personal data protection legislation, personal data is retained no longer than necessary for the purpose for which it was collected. After the retention period, data will be deleted or anonymized, unless further retention is required by law or for archival purposes.

  1. Data Security

We implement appropriate technical and organisational measures to ensure the confidentiality, integrity, and availability of personal data, including:

  • Access control and authentication.
  • Encryption and secure data hosting.
  • Logging and audit mechanisms.
  • Staff training and confidentiality commitments.
  • Security incident and breach management procedure.

In case of a personal data breach, we will comply with applicable notification obligations.

  1. Data Protection Rights

Under GDPR, you have the following rights regarding your personal data:

  • Access (Art. 15 of the GDPR): access your personal data and related information.
  • Rectification (Art. 16 of the GDPR): correct inaccurate or incomplete personal data.
  • Erasure (Art. 17 of the GDPR): request deletion under certain conditions.
  • Restriction of Processing (Art. 18 of the GDPR): temporarily limit processing.
  • Data Portability (Art. 20 of the GDPR): receive your personal data in a machine-readable format.
  • Object (Art. 21 of the GDPR): object to processing based on legitimate interest.

Without limiting the rights above mentioned and without limiting the possibility of seeking any other administrative or judicial remedy, you may at any time exercise your right to submit a complaint to a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes data protection law (Right to lodge a complaint, Art. 77 of the GDPR).

If you are located in the European Economic Area, you may find the list of national supervisory authorities and their contact details here.

  1. How to Exercise Your Rights

You may exercise your rights or contact us with any privacy-related request by writing to:

Email: privacy@cooperconsumerhealth.com.

To process your request, we may require proof of your identity.

  1. Cookies

Group websites may use cookies for functionality, analytics, personalisation, marketing, or social media integration. Non-essential cookies are only installed with your consent. Each Group website includes a dedicated Cookie Policy.

  1. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, technologies, or legal requirements. Any updates will be published on this page, with an updated version date.