Categories of Personal Information Collected	Examples	Collected YES \| NO
A. Personal Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.	Yes
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.	Yes
C. Protected classification characteristics under California or federal law.	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	Yes
D. Commercial information.	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	Yes
E. Biometric information.	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.	No
F. Internet or other similar network activity.	Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.	No
G. Geolocation data.	Physical location or movements.	Yes
H. Sensory data.	Audio, electronic, visual, thermal, olfactory, or similar information.	No
I. Professional or employment related information.	Current or past job history or performance evaluations.	Yes
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	No
K. Inferences drawn from other personal information.	Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	No

We may collect categories of personal information listed above from the following categories of sources:

Third-party vendors
Our business partners (non-vendors)
Joint marketing partnerships
Contractors (e.g., consultants, agents, and representatives)
Consumer reporting agencies
Directly from covered individuals
Other Company entities

Some of this data is collected in the following situations when:

You apply for a position, or to do business, with our company
We establish a contractual employment or commercial relationship
You provide us with any type of service as a vendor
When we provide you with any type of service, product or support

Generally, we collect, use and disclose your personal information to provide you products and services and as otherwise related to the operation of our business. For more specific detail on our disclosures of personal information, see the next section ''Sharing and Disclosures to Third Parties''.

Subject to restrictions and obligations of applicable laws, Henry Schein and our vendors may use your personal information for some or all the following business purposes:

Processing Interactions and Transactions
Managing Interactions and Transactions
Performing Services
Research and Development
Fulfilling regulatory requirements and Quality Assurance
Security
Debugging

In addition, we may collect, use and disclose your personal information for the following additional operational business purposes for which we are providing you notice as permitted by applicable law:

Employees and candidates: if you apply for a job via our career center, we use your personal information to consider you for employment and to administer your account. If you have an employment or commercial relationship with Henry Schein, we use your personal information to develop our contractual relationship, to conduct performance evaluations and to comply with legal obligations, including tax and labor regulations.

Customers: we use our customers' information to maintain our commercial relationship, to ensure the proper operation of the day-to-day business, to comply with tax and other regulations, and to administer sales and marketing activities.

Patients of our customers: we provide support services to our patients that use our health care products and services, when required.

Prospective customers: information from prospective customers are used to respond to their requests for information, products or services, and for marketing activities.

Vendors and suppliers: if you have a business or professional relationship with Henry Schein, we will use your information to develop and conduct our business relationship with you, and to comply with tax and other regulations.

Visitors of company facilities: some of our buildings have physical access controls and video surveillance systems for security purposes.

Website and social media users: we collect personal information from visitors and users of our website and social media pages. We use the information to manage your account registration, to store your preferences and settings, to provide interest-based advertising, to conduct statistics and to analyze how you use our website and online services.

Henry Schein shall use personal information for purposes disclosed above. To the extent required by law, Henry Schein shall inform the individual if their personal information will be used for an additional purpose, and this disclosure shall occur prior to the data being so used, and the individual shall be given a mechanism to provide their consent.

As permitted by applicable law, we do not treat deidentified data or aggregate customer information as personal information and we reserve the right to convert, or permit others to convert, your personal information into deidentified data or aggregate consumer information. We have no obligation to re-identify such information to respond to your requests.

Our customers may engage service providers or subcontractors to enable them to perform services on our behalf. This sub-processing is, for purposes of clarity, an additional business purpose for which we are providing you notice.

In addition, we may collect, use, and disclose your personal information as required or permitted by applicable law.

Disclosures for Business Purposes:

In the preceding twelve (12) months, Henry Schein may have disclosed the following categories of personal information for a business purpose:

A. Personal Identifiers
B. Personal Information Records
C. Protected Classifications
D. Commercial Information
E. Biometric Information
F. Internet Usage Information
G. Geolocation Data
H. Sensory Data
I. Professional or Employment Information
J. Non-public Education Information
K. Inferences from Personal Information Collected

Notwithstanding anything to the contrary in our other privacy notices, we restrict use of your personal information shared with our vendors for business purposes.

We may disclose your personal information for a business purpose to the following categories of third parties:

Our subsidiaries and affiliates
Third parties to whom you authorize us to disclose your personal information in connection with products or services we provide to you
B2B Customers
Business Partners
Customer Service Representatives
Executive/Board of Directors
External Agencies
External Auditors
Finance/Accounting Teams
Internal Auditors
Internal Employees on a need-to-know basis
Legal, Compliance, and Regulatory-Quality Teams
Operations/Maintenance Teams
Public Authorities/Government Bodies
Sales/Marketing Teams, Representatives, or Agents
Service Providers and Vendors, such as for advertising or marketing purposes, internet service providers, data analytic providers, operating systems and platforms, and social networks
Trade Unions/Work Councils

In the preceding twelve (12) months, Henry Schein may have disclosed personal information for the following business purposes:

Processing Interactions and Transactions
Managing Interactions and Transactions
Performing Services
Research and Development
Fulfilling Regulatory Requirements and Quality Assurance
Security
Debugging

We engage with third party contractors, service providers and other vendors for certain services. If the engagement involves the transmission of personal information, Henry Schein directs the service provider to treat that data consistent with legal requirements. A contract to protect the personal information should be executed before any data is disclosed.

In certain circumstances, Henry Schein may be required to disclose personal information when required by law, when required to protect our legal rights, or in an emergency situation where the health or security of an individual is endangered.

We may also disclose personal information in the context of any sale or transaction involving all or a portion of the business.

Henry Schein uses DigiCert, Inc. for its sites' security certificates. Please be aware that these protection tools do not protect information that is not collected through our Web site, such as information provided to us by e-mail.

We also conduct information risk assessments, we train our staff to understand the importance of protecting personal information, and we are responsibly managing access rights within the company. We include both physical security and IT security in our overall data security approach. We are diligent in selecting vendors that process personal information on our behalf so that they also ensure appropriate technical and organizational measures to protect the data.

Henry Schein makes reasonable efforts to notify individuals and regulatory authorities, as required by law, if we reasonably believe that personal information has been stolen, disclosed, altered or infringed by an unauthorized person.

We also endorse the concept of privacy by design which is an approach to projects that promotes privacy and data protection compliance from the outset. This means considering the privacy and security implications for any new project or process throughout its lifecycle.

Under certain circumstances, you may have the privacy rights described in this section. Any request you submit to us is subject to an identification and verification process. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected personal information.

If you require this notice to be provided in a different format (e.g audio and Braille), please submit the request to Henry Schein by either:

Calling us at 1-800-367-3674
Visiting www.prorepair.com

If we cannot comply with a request, we will explain the reasons in our response. We will use personal information provided in a verifiable request only to verify your identity or authority to make the request and to track and document request responses.

We will make commercially reasonable efforts to identify personal information that we collect, process, store, disclose and otherwise use and to respond to your applicable privacy rights requests. In some cases, we may suggest that you receive the most recent or a summary of your personal information and give you the opportunity to elect whether you want the rest. We will typically not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded or overly burdensome. If we determine that the request warrants a fee, or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request.

Pursuant to applicable data protection laws, your privacy rights may include the following:

Information Rights:

You may have the right to send us a request, no more than twice in a twelve-month period, for any of the following for the period that is 12 months prior to the request date:

The categories of personal information we have collected about you.
The categories of sources from which we collected your personal information.
The business or commercial purposes for our collecting your personal information.
The categories of third parties to whom we have shared your personal information.
The specific pieces of personal information we have collected about you.
A list of the categories of personal information disclosed for a business purpose in the prior 12 months, or that no disclosure occurred.
A list of the categories of personal information sold about you in the prior 12 months, or that no sale occurred. If we sold your personal information, we will explain:
- The categories of your personal information we have sold.
- The categories of third parties to which we sold personal information, by categories of personal information sold for each third party.

To make a request, e-mail us at custserv@henryschein.com or call us at 1-800-472-4346.

Obtaining Copies of Personal Information:

You may have the right to obtain a copy, no more than twice in a twelve-month period, of your personal information that we have collected and are maintaining. To make a request, e-mail us at custserv@henryschein.com or call us at 1-800-472-4346.

Do Not Sell:

We do not sell personal information.

You may alternatively exercise more limited control of your personal information by instead exercising one of the following options: Emailing prorepair@henryschein.com or calling 1-800-367-3674

We do not sell the personal information of an individual we know are under 16 unless we receive an opt-in from the individual who is between 13 and 16, or the parent or guardian of an individual younger than 13. Individuals who opt-in to personal information sales may opt-out at any time.

Delete:

Except to the extent we have a basis for retention under applicable law, you may request pursuant to applicable law that we delete your personal information that we have collected and are maintaining. Our retention rights include, without limitation, complete transactions and service you have requested or that are reasonably anticipated, for security purposes, for legitimate internal business purposes, including maintaining business records, to comply with law, to exercise or defend legal claims, and to cooperate with law enforcement. To make a request, e-mail us at custserv@henryschein.com or call us at 1-800-472-4346.

We will not discriminate against you in a manner prohibited by applicable law because you exercise your privacy rights. You may have the right to exercise these rights via an authorized agent who meets the agency requirements of the applicable law.

DATA PRIVACY STATEMENT

1. About Henry Schein

2. Overview

3. Categories of Personal Information We Collect and Use

4. Categories of sources of personal information

5. Business uses and purposes for which personal information was collected

6. Sharing and Disclosures to Third Parties

Disclosures for Business Purposes:

7. Our Policy Toward Children

8. Security

9. Your data protection rights and choices

Information Rights:

Obtaining Copies of Personal Information:

10. Changes to this notice

11. Contact Information