General Privacy Notice

1. Introduction

LABS SOPHIA USA, INC (“LABS SOPHIA”) respects your privacy and is committed to protecting your personal information. As part of our activity, which is solely to provide you with educational information about our products, LABS SOPHIA needs to collect and process personal data from its users. We therefore provide you with our General Privacy Notice, which explains how we collect, use, and protect your data when you use our website, or related services (“Our Platforms”), automatically as you interact with our online services, as well as when you contact us.

Above all, with regard to personal data that requires special protection and care, exclusively for the purposes indicated in this General Privacy Notice, it will be understood that you have given us your express consent for the processing and transfer of your personal data when you access Our Platforms, contact us through any of our media, and/or when you have not stated otherwise.

2. Information We Collect

To provide our services correctly and ensure the proper use of Our Platforms, the personal data we collect directly from you may be:

• Full name
• Country of residence
• US State of residence
• Address (only for pharmacovigilance cases)
• Email address

We may also implicitly collect technical information such as IP address and usage statistics through cookies and analytical tools, by means of usability and access metrics to Our Platforms.

If any of the above information is not necessary or explicitly requested, we will not require it. If you do not provide your information correctly, we will not be liable in any way for this.

Furthermore, we inform you that we will not request in any way and at any time personal data classified as sensitive, that is, intimate personal data or data whose misuse could give rise to discrimination or entail a serious risk to you, such as medical history, genetic information, religious, philosophical, and/or moral beliefs, union membership, political opinions, and/or sexual preference. We ask you please do not to provide us with this type of data. However, if for any reason you were to provide them to us, they will be stored as “narrative” and will be processed for Pharmacovigilance and regulatory compliance.

3. Personal Information of Minors, Incapacitated or Incapable People, and/or Third Parties

We are particularly concerned about protecting the personal data of minors and incapacitated people, and therefore we do not intentionally collect or process their personal data, unless required to do so by applicable law. 

In the event that you share personal data of minors, incapacitated or incapable people, or third parties, you acknowledge that you have the consent and authorization to provide us with the personal data of such persons and agree to inform them that you have provided us with their personal data, as well as the locations where this Comprehensive General Privacy Notice is available for their consultation. We reserve the right to request legal or formal authorization from you regarding the person to whom you are transferring the data, which may include signed permission provided by such individuals.

4. How We Use Your Data

We will use your data for the following primary purposes:

• To inform you and properly offer our products, or, where applicable, to provide our services to answer any questions you may have regarding the products or information found on Our Platforms.
• To identify you and/or contact you, if necessary, regarding any request you have made.
• To be able to identify you and/or contact you, if necessary, regarding any request or inquiries you have made.
• To process and handle your data correctly.
• To improve Our Platforms.
• For Pharmacovigilance and regulatory compliance.
• To perform data analysis and feedback on the use of Our Platforms to understand consumer needs.
• To measure the effectiveness of Our Platforms and advertising, as well as user actions on Our Platforms.
• For fraud prevention.
• To comply with legal obligations.

Additionally, secondary purposes, which are not strictly necessary but allow us to provide you with better service, include:

• To keep a historical record of your data and information for satisfaction purposes, to develop an analysis of your interests and needs, to provide you with better service.
• Website analytics and tracking using cookies.
• Evaluate the quality of the services provided.

If you do not want your personal data to be processed for secondary purposes, you can contact us to submit your refusal for such use at any time, using the corresponding form that we will provide you with once you request it through our contact channels. Otherwise, we will understand that you have given us your consent for such uses.

5. Data Sharing

Third parties to whom your personal data may be transferred, including those acting as suppliers/service providers under our instructions (“Data Processors”), will only receive data that is essential for them to carry out their activities and/or to comply with applicable regulations. Some of these Processors may be located outside the United States or Mexico (T-Mec), resulting in an international data transfer. In this case, we undertake to carry out such transfers with the guarantees established in the applicable regulations.

Third parties or Data Processors may be:

• to subsidiaries and affiliates of the group of companies of which LABS SOPHIA is a part.
• to third parties who provide services to us, such as those who respond to requests for personal information, respond to forms, administer programs or projects, assist in research and development, deliver advertisements or other communications, or host databases or servers, for example our Godaddy Server.
• to business partners who offer products or services jointly with LABS SOPHIA.
• to allow an external business partner to provide marketing communications or products that may be of interest to you, subject to any choices you have made.
• to identify you with anyone to whom you send messages through Our Platforms or media.
• to anyone you instruct us to contact.
• When the transfer is necessary or legally required to safeguard public interest, or for the procurement or administration of justice.
• When the transfer is necessary for medical prevention or diagnosis, and in cases where it is required by the health authority.
• When the transfer is necessary for the recognition, exercise, or defense of a right in a judicial proceeding.
• When the transfer is necessary for the maintenance or fulfillment of an administrative or legal relationship between the controller and the data subject.

If any of the transfers mentioned above are not necessary, we will not carry them out, but those that are strictly necessary must be carried out with your prior consent as a user, since, if we are unable to carry them out or obtain your consent, we would not be able to fully comply with the Services we provide to you. If you decide not to authorize certain transfers of personal data, you accept the possibility of not having access to the Services we provide; you also accept that we will not be able to complete or comply with those processes in which we require such transfers, without any liability on our part.

If you do not want your personal data to be transferred in accordance with the points outlined above and which require your consent, you can submit your refusal to such transfers at this time, using the corresponding form that we will make available to you upon request. Otherwise, if you do not express your refusal to such transfers, we will understand that you have given us your consent for them.

Your personal data will not be transferred for purposes other than those mentioned in this General Privacy Notice.

6. Cookies & Analytics

Our Platforms uses cookies and similar technologies to enhance your experience, analyze usage, and improve Our Platforms, also for our advertising and marketing studies. You can manage cookies through your browser settings, except for those that, for technical reasons, are necessary for the use of the Platforms or the provision of the Services.

7. Data Security and Retention

We implement reasonable administrative, technical, and organizational security measures to protect your data, in accordance with applicable regulations, ensuring confidentiality and preventing unauthorized access, damage, loss, alteration, or destruction of your personal data. However, in the event of security breaches, LABS SOPHIA shall be obliged to notify users within the legally required time frame and act in accordance with applicable regulations.

Personal data and/or privacy request forms goes to Godaddy Server, then that data goes to our email webmaster@sophialab.com, to fulfill the purposes described. In both cases, it has a timer to autodelete and blocked your data in 06 months after the last service provided by us.

Which is stored securely in the cloud and retained only for as long as necessary, that is, within 05 years after the last service provided by us, your data will be deleted and blocked, in accordance with applicable regulations, and will only be available upon request by authorities during the statute of limitations period for any actions that may arise (from five to ten years), after which it will be deleted.

8. Your Rights

As a user of Our Platforms, it is our obligation to inform you about our General Privacy Policy and the collection of your data, as well as to inform you of your rights (Notice): 

• To know what personal data we hold about you, what we use it for, and the conditions under which we use it or disclosed about you in the prior 12 months and to have this delivered, free of charge, in a portable and, to the extent technically feasible, readily useable format (Access).
• To request the correction of your personal information if it is outdated, inaccurate, or incomplete (Rectify);
• To have it removed from our records or databases when you believe it is not being used appropriately (Delete);
• To object to the use of your personal data for specific purposes (Opposition); 
• To request that we provide you certain information about how we have handled your personal information (Know) and, 
• In the event that we suffer security breaches due to a lack of reasonable measures, to Take Action. 
• You may opt out of our use of your personal information for targeted advertising (Opt-Out)
• You may Request that we limit use and disclosure of your sensitive personal information to certain business purposes. 
• To be free from unlawful discrimination for exercising your rights under applicable law.
• To decide not to sell or share your personal information

It is important to note that we may not be able to comply with your request or terminate use immediately in all cases, as we may be required by law to continue processing your personal data. You should also bear in mind that, for certain purposes, revoking your consent will mean that we will no longer be able to provide you with the Services you have requested or that your relationship with us will be terminated.

To find out the procedure and requirements for exercising these rights, you should contact our Data Protection Department through its email privacy@sophiaint.com or using the Privacy Request Form available here. and it will provide you with the respective application form. We will ask you for information that allows us to reasonably verify your identity and will use that information only for that purpose. 

We may request that you submit a signed statement under penalty of perjury that you are the individual you claim to be. Note that only you, or a person appropriately registered and legally authorized to act as a representative on your behalf, may submit a request related to your personal information and the exercise of your privacy rights outlined herein.

If you want to make a request as an authorized agent on behalf of an individual under applicable local law, as part of our verification process, we may request that you provide us with proof that you have been authorized by the individual on whose behalf you are making the request under applicable local law, which may include signed permission provided by such individual.

9. Legal Basis

This policy complies with applicable U.S. laws, including the provisions of the Federal Trade Commission (“FTC”), General Data Protection Regulation (“GDPR”), Children’s Online Privacy Protection Act (“COPPA”), Controlling the Assault of Non-Solicited Pornography and Marketing Act (“CAN-SPAM”), California Consumer Privacy Act (“CPPA”) and Nevada Privacy of Information Collected on the Internet from Consumers Act (“NPICICA”). 

10. Updates

LABS SOPHIA reserves the right to modify or update this General Privacy Notice periodically, and any changes will be published on our website with the new effective date, or by sending an email.

11. Contact

If you have any questions or concerns regarding this General Privacy Notice, you can contact us using the following contact details:

Address: 1725 Hughes Landing Boulevard Suite 890 The Woodlands, TX, 77380.

Phone: 1-866-282-8871. Office hours are Monday through Friday from 9:00 a.m. to 5:00 p.m. (GMT-7)

Website: Splasheyedrops.com / Splashtears.com

Email: webmaster@sophialab.com or privacy@sophiaint.com

This General Privacy Notice was drafted on March 20th, 2026.