Last updated: October, 2021
LifeScan may collect and process the following Personal Data when you use the Services:
- contact details (such as name, address, email address, telephone number);
- demographic information (such as date of birth, gender);
- health information (such as diabetes type and method of management, glucose readings, exercise and carbohydrate intake);
- account-related information (such as the password you select to use the Services or the serial number of any devices associated with the account);
- payment or commercial information, such as billing details and past transactional behavior;
- complaint or adverse event information;
- photographs, videos or voice recordings if, for example, you provide a testimonial; and
- your preferences (such as communication, language and time zone).
When you are asked to provide your Personal Data you may have an option to choose not to provide it but if you do so, it may inhibit our ability to provide some elements of the Services to you.
If you are a healthcare professional, LifeScan may collect:
- your professional qualifications, educational and professional history, professional and government affiliations, information included on a resume, languages spoken, information about publications with which you have been involved;
- information about the LifeScan programs, products and activities with which you have engaged;
- details about our interactions with you, your prescribing of our products and any agreements you have or had with LifeScan, including payment or other financial details;
- information collected in connection with LifeScan events, training or activities you have attended or with which you have been involved; and
- public information such as license information and other due diligence related information.
We may combine information you provide with information from other sources, for example social media or from public sources.
HOW LIFESCAN COLLECTS PERSONAL DATA
LifeScan collects Personal Data in a number of ways, including:
- directly from you or your authorized representative, for example, when you sign up for an account for one of the Services;
- when you use one of our Services;
- when you share your social media profile with LifeScan or use it to contact us;
- when you respond to LifeScan surveys or promotions, where permitted;
- when you contact LifeScan for customer service assistance;
- when you share complaints or adverse event information with LifeScan;
- when you authorize third parties to provide your information to us;
- from other products, services or applications that are integrated with our Services (such as, for example, when a third party product, service or application is linked with our Services or vice versa);
- from public or third party information sources;
- from third party service providers or our business partners;
- from social media, for example mentioning a LifeScan product or service in a Tweet. We encourage you to read the Privacy Policies of the social media platforms that you use;
- if you are a healthcare professional, if you engage with one of our sales representatives, attend an online or live event such as a conference, training or advisory board meeting; and
- indirectly through tracking technologies, including over time and across third-party websites and online services. You can read more about this here. We may also automatically collect information about you from website interaction, analytics partners, and other parties.
HOW LIFESCAN USES PERSONAL DATA
We process your health information when you use the Services on the basis of your explicit consent.
We use your Personal Data for the following purposes where it is necessary for us to perform our contractual obligations to you:
- manage your account on our Services;
- provide our products or the Services to you;
- provide customer service support to you; and
We use your Personal Data for the following purposes where it is necessary in our legitimate interests in order to:
- operate our business;
- improve our products and Services;
- respond to your enquiries and fulfill your requests, such as to send you documents you request or e-mail alerts;
- invite you to provide feedback on our products and/or services;
- personalize your experience when you interact with us;
- undertake market research, analytics or segmentation so that we can better understand your needs and so that we can: improve our products and services; understand the effectiveness of our marketing campaigns and to tailor our communications with you;
- in connection with our cybersecurity efforts; and
- to ensure continuity of service to you if we sell, assign or transfer part of our business or enter into a relationship with a distributor.
We use your Personal Data to provide you with information about our products and services or the products and services of selected third-party partners, provided that you have opted-in to receive such communication, where an opt-in is required by law. If you have opted-in to receive such communications, our legal basis for processing your Personal Data for this purpose is your consent.
We use your Personal Data for the following purposes in order to comply with a legal obligation that we are subject to, or where necessary to establish, exercise or defend legal claims:
- comply with legal or regulatory obligations to which LifeScan is subject, such as reporting complaints or adverse events; anti- corruption; trade compliance or transparency reporting requirements for healthcare professionals; and
- to defend LifeScan against actual, potential or threatened litigation.
We may also use your Personal Data in other ways, with your consent.
HOW LIFESCAN SHARES PERSONAL DATA
We may share your Personal Data:
- with your authorized health care provider (such as a clinic, pharmacy or healthcare professional), payor or to other third parties that you choose to provide access to your Personal Data. Some of our Services permit you to share all of the information you enter within the particular Service or to share certain information with a relative, friend or caregiver;
- when you provide your consent for us to do so, for example with third party partners with whom we offer a co-branded or co- marketed promotion;
- with our third-party service providers who provide services to you or us such as website hosting and moderating, mobile application hosting, data analysis, payment processing, order fulfillment, infrastructure provision, IT services, customer service, e-mail and direct mail delivery services, credit card processing, auditing services, and other services, in order to enable them to provide services to you or us;
- with third parties or business partners where you choose to integrate their products or services with the Services;
- with a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings);
- with third parties or service providers involved in the provision of advertising and analytics;
- for our business purposes, such as data analysis, audits, developing new products, enhancing our website, improving our products and services, identifying usage trends, where permitted, personalizing your experience by presenting products and offers tailored to you, and determining the effectiveness of our promotional campaigns;
- as otherwise described to you at the time of collection;
- If you are a OneTouch® Solutions user, we will share your Personal Data with:
- third parties involved in the fulfillment of your orders, such as for example to coordinate with our prescription, shipment, and logistics providers.
- our business partners, such as, for example, when you link our Services with a partner’s product, application or service (or vice versa).
In addition, we may use and disclose information collected through our Services as we believe to be necessary or appropriate: (a) as permitted by applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence;
(d) to enforce our terms and conditions; (e) to protect the operations of LifeScan group companies; (f) to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
OTHER PRODUCTS, SERVICES AND APPS
Where you agree, we may send you email messages promoting our Services or with other information about our programs and offers. As further described below under “Your Privacy Rights and Choices,” you may opt out of these messages at any time by contacting us or by using the “My Account” or “Settings” function if applicable.
COOKIES, INTERNET-BASED ADVERTISING AND OTHER TOOLS
We use persistent identifiers to authenticate you to the Services to analyze how the Services are used, to link information about how you use the Services with your account, to analyze the effectiveness of our messaging and to help to tailor our products and the Services. We may also use persistent identifiers to identify you across other media or through your use of our other products or the Services to help to tailor our offerings and to provide enhanced personalization and communications.
You can refuse to accept these cookies by following your browser’s instructions; however, if you do not accept them, you may experience some inconvenience in your use of the Site. In addition, you may not receive advertising or other offers from us that are relevant to your interests and needs. To learn more about cookies, please visit http://www.allaboutcookies.org.
Using pixel tags, web beacons, clear GIFs, or other similar technologies. These may be used in connection with some web pages and HTML-formatted e-mail messages to, among other things, track the actions of users and e-mail recipients, measure the success of our marketing campaigns, and compile statistics about usage and response rates.
We use Hotjar in order to better understand our users’ experience (such as how much time they spend on pages and which links they click). This enables us to improve our service based on user feedback. Hotjar collects data on users’ behavior and devices (for example, a device's IP address (in a de-identified form), unique device identifiers, browser information, country location, and language used to display our website). Hotjar stores this information on our behalf in a deidentified user profile. You can read more about Hotjar’s privacy practices at: https://www.hotjar.com/privacy. If you wish to opt-out please go to: https://www.hotjar.com/policies/do-not-track/.
We also use mobile analytics services, such as AppFlyer Inc's mobile attribution and analytics platform, to understand use of the Services. This allows us to understand, assess and adjust our marketing campaigns and their performance. For example, this helps us to understand which campaigns lead people to download the Services. You can learn about AppsFlyer's data processing at: https://www.appsflyer.com/privacy-policy/. If you wish to opt-out please go to: https://www.appsflyer.com/optout.
Retargeting of Advertisements and Opting Out. We try to deliver relevant advertisements by using a common form of online advertising known as “retargeting”. Retargeting provides advertisements on a website based on a user’s activities on a different, unrelated site. To enable this, LifeScan or its advertising service providers may use a device ID, cookie, pixel, web beacon or similar technology placed by LifeScan or its third-party service provider when you visit our Services. The placing of these cookies or other technologies on your device may enable you to be identified across multiple websites.
You can opt-out of having your online activity collected for advertising purposes and receiving behaviorally targeted advertisements by using the links below depending on your region:
- USA: http://www.networkadvertising
- Canada: https://youradchoices.ca;
- Europe: www.youronlinechoices.eu.
Please note that the choices you make are specific to the browser and device on which you implement such controls.
Mobile advertising identifier controls. Apple and Android mobile devices generate an advertising identifier that can be accessed by apps and used by advertisers in a way similar to how cookies are used on websites. Apple and Android operating systems provide options to limit tracking.
Do Not Track. Some browsers have a Do Not Track (“DNT”) feature that allow a user to indicate a preference not to have their online activities tracked. If you limit a website’s ability to set cookies, your user experience may be affected. The DNT function is not available when you are accessing the Services through a mobile application rather than through the relevant website.
YOUR PRIVACY RIGHTS AND CHOICES
Depending on the laws in your country, you may have rights to:
- withdraw your consent to us processing your Personal Data for direct marketing;
- obtain copies of your Personal Data and additional information about the processing of your data;
- correct any inaccurate or incomplete information about you which we hold;
- request deletion of your Personal Data. This right is subject to certain exclusions such as compliance with legal or regulatory obligations;
- restrict processing of your Personal Data. This right is subject to certain restrictions;
- object to processing of your Personal Data. This right is subject to certain restrictions;
- ask us to transfer your Personal Data to another organization, under certain circumstances; and
- make a complaint to a privacy regulator.
In order to protect your Personal Data, we may require that you provide evidence to confirm your identity before we provide the requested information. We will respond to your request within the relevant time limit under applicable law.
If you are a healthcare professional and no longer wish to receive communications from the LifeScan Diabetes Institute, you can update your preferences in your member profile at www.lifescandiabetesinstitute.com or by unsubscribing, here.
DE-IDENTIFIED, PERMANENTLY ANONYMIZED, AND AGGREGATED DATA
We may de-identify data that we collect about you. We may use or share this data with third parties to perform analytics and research, for product development or improvement, and for other compatible purposes or as otherwise permitted by law. We may also permanently anonymize your Personal Data so that it is no longer personal data under relevant laws. After permanent anonymization, you can never be identified and the data is not traceable to you. We may use or share such anonymized data for statistical analysis, clinical research, demographic analysis or other similar activities. We may export and process permanently anonymized data in any country in which we or one of our service providers or business partners has operations. We may also combine or aggregate this data with other third-party data that we collect about you.
HOW LONG WE RETAIN AND HOW WE SECURE YOUR DATA
LifeScan uses various technical, organizational and administrative measures to protect your Personal Data against loss, unauthorized use or access. For example, when we transmit your health-related Personal Data, through our Services we use encryption technology. When our Services communicate with our analytics providers, encryption is also used. However, you should be aware that no data storage or method of transmission can be guaranteed to be 100% secure or error-free.
SAFETY AND OTHER REGULATORY REPORTING
In order to ensure the safety of medical devices, regulators place a legal obligation on manufacturers to report certain complaints and potential adverse events to them. LifeScan may share this information with other LifeScan companies in other countries, its service providers or business partners who assist in the maintenance and operation of LifeScan’s complaints database.
In some cases, LifeScan may not be the legal manufacturer of devices that we promote or make available, in those circumstances, we are obliged to pass on details of complaints and potential adverse events to the device’s legal manufacturer so that they may report the matter to applicable regional or national regulatory bodies, including those that may have different data protection laws than the laws that apply in your country.
Where relevant, LifeScan enters into European Union standard contractual clauses (or equivalent measures) with the party outside the European Economic Area receiving the personal data. A copy of the relevant standard contractual clauses is available upon request.
LifeScan processes complaint and adverse event data in order to comply with legal requirements to which it or its business partners are subject. Where LifeScan processes health data (which is a special category of data) for these purposes, LifeScan does so for reasons of public interest in ensuring high standards of quality and safety of medical devices. Any data provided for complaint and/or adverse event reporting purposes will not be used for direct marketing.
If you are a healthcare professional, LifeScan may be required, by law or industry codes of practice, to report on or to make public disclosures of certain payments or transfers of value to healthcare professionals (such as consulting fees, travel and other permitted expenses). Where required by local law, we will disclose your identity, your location and the nature and amount of the transfer of value or payment.
LINKS TO OTHER SITES
TRANSFERS TO OTHER COUNTRIES
As a global company, we have operations and service providers that may not be located in your country. By using any of our Services or, where required by law, by providing us with your consent, your information may be processed and / or stored outside of your country of residence. Data protection laws in those countries may differ from the laws in your country. Appropriate contractual and other measures are in place to protect Personal Data when it is transferred to LifeScan company or third parties in other countries.
For residents of the European Economic Area (“EEA”): Some countries outside the EEA are recognized by the European Commission as providing an adequate level of data protection (the full list of these countries is available here). For transfers from the EEA to countries not considered adequate by the European Commission, we shall ensure that adequate measures are in place, including by ensuring that the recipient is bound by the European Union’s Standard Contractual Clauses or by another method which has been approved by the European Commission.
If you are using the Services in the Kingdom of Saudi Arabia, you specifically acknowledge and agree that none of the data within the Services constitutes medical records under the laws of the Kingdom of Saudi Arabia.
We do not collect knowingly data directly from children under the age of 13. Some of the Services allow the creation of a parent or guardian account which allows for the submission of a child’s Personal Data by a parent or guardian. Please contact us if you believe that a child has provided his or her Personal Data to us directly, without the consent of a parent and we will remove it.
USA: NOTICE FOR CALIFORNIA RESIDENTS
In the previous 12 months, LifeScan has collected and disclosed for its business purposes the following categories of Personal Data. This Personal Data was collected from sources including yourself directly, business partners, and third parties, as further described above under “How LifeScan Collects Personal Data”:
- Identifiers, such as your name, contact information and online identifiers.
- Information protected by California Civil Code Section 1798.80, subdivision (e), such as names, contact information, financial information, and health insurance information.
- Protected classification characteristics under California or federal law, such as age, ancestry, and medical condition.
- Commercial information, such as records of products or services purchased.
- Medical, health, and biometric information, where that information is outside the scope of other applicable laws.
- Internet or other similar network activity, such as information about your interactions with our Services or advertisements.
- Audio, electronic and visual information, such as testimonials.
- Professional information and education information, such as information about medical specialty.
- Inferences we derive from the information that we collect, to create profiles reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Sale of Personal Data. LifeScan does not sell Personal Data for money, but in the last 12 months has shared Personal Data such as online identifiers and internet or similar network activity details, with providers of advertising services. This sharing may be considered a sale under the CCPA.
De-identification: We may use or share de-identified data derived from your personal information with third parties to perform analytics and research, for product development or improvement, and for other compatible purposes or as otherwise permitted by law.
Exercising Access, Data Portability, and Deletion Rights: To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either calling our customer service team at: (800) 227-8862 or by email to: [email protected]
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Data. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Data provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format: We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your Personal Data’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
NOTICE FOR EUROPEAN UNION USERS: HOW TO COMPLAIN TO A REGULATOR AND DPO CONTACT DETAILS
If you are a European Union citizen or you are accessing any of our Services from within the European Economic Area, you may lodge a complaint with the supervisory authority for your country of residence. Their details can be found here.
You may contact our Data Protection Officer (“DPO”) by sending an email to [email protected]
HOW YOU CAN CONTACT US
|Country||LifeScan company name and address|
LifeScan, Inc. 20 Valley Stream Parkway, Malvern, Pennsylvania, 19355
For privacy-related enquiries or complaints, please send an email to the relevant customer service email address in the table above. You can also write to our privacy officer at: LifeScan Privacy Office, LifeScan Global Corporation, 20 Valley Stream Parkway, Malvern, Pennsylvania, 19355, United States of America or by sending an email to: [email protected].