ALEXION PRIVACY NOTICE
At Alexion, our mission is to transform the lives of people affected by rare and devastating diseases by continuously innovating and creating meaningful value in all that we do. As stewards of data about patients who use our medicines, their caregivers, and the healthcare professionals who serve them, we believe that respecting and protecting Personal Data is a key part of delivering lifesaving medicines. We are committed to handling Personal Data fairly and transparently in support of our mission and in accordance with the laws and regulations that govern data protection and privacy.
In this Privacy Notice, Alexion Pharmaceuticals, Inc. and its local affiliates (collectively, “Alexion”, “we”, “us”) describe our general practices regarding how we collect, use, and disclose Personal Data of patients, caregivers, and healthcare professionals—as well as other individuals with whom we interact, for example, research study participants, researchers, visitors to our online services, job applicants, service providers, business partners, and investors. Personal Data does not include, and this Privacy Notice does not apply to, aggregate information or information that has been de-identified or anonymized in accordance with applicable law.
If you are a healthcare professional (HCP), both this Privacy Notice and the HCP privacy notice specific to your jurisdiction (if any) apply to you. You can access our HCP privacy notices here.
In this Privacy Notice, you’ll learn about the following:
How We Collect Personal Data
The Types of Personal Data We Process
Why We Process Your Personal Data
How We Share Your Personal Data
Cookies and Other Tracking Technologies
Your Rights and Choices
Privacy Statement for Minors
Updates to this Privacy Notice
How to Contact Us
HOW WE COLLECT PERSONAL DATA
We collect Personal Data in a variety of ways, including:
- Directly from you, such as through an online webform, when you register for an event, when you enroll in our Alexion programs, when you collaborate with us for research, when you submit a job application, and when you contact us or request information from us.
- From third parties, such as HCPs, patients, public databases, references and referral sources, patient advocacy groups, study sites, and data aggregators and management systems.
- Automatically, such as through cookies or other technologies that provide us with information about your use of our online services.
THE TYPES OF PERSONAL DATA WE PROCESS
The types of Personal Data we collect, access, disclose, store, use, or otherwise process (“process”) include:
- Identifiers and contact information, such as name, address, email address, phone number, and other similar identifiers and contact information.
- Health and medical information, such as diseases, symptoms, complications, therapies, medications, outcomes, barriers to access, and insurance information.
- Mental and physical characteristics, such as level of fatigue, weight, and slurred speech.
- Professional or employment-related information, such as employer, title, specialty, employment history, awards and honors, membership in professional organizations, speaking engagements, and affiliations with patient advocacy organizations.
- Audio or visual information, such as video recordings if you visit our locations or audio or video recordings of you describing your experience as a patient, caregiver, or HCP.
- Education information, such as level of education attained, institutions attended, majors and areas of study, and grades.
- Account information, such as username and password.
- Financial information, such as bank account information and amounts paid.
- Demographic information, such as age, date of birth, and gender.
- Inferences, such as notes about preferences and aptitudes.
- Internet or other electronic network activity information, such as IP address, country or geographic region location, browser type, device type, operating system, dates and times you access our services, browsing history, and other information about your interactions with our online services. We collect such information through cookies and other tracking technologies. Please see our “Cookies and Other Tracking Technologies” section below.
In addition to the above, we will collect any other information that you provide to us, such as stories about a doctor’s visit, questions related to our diseases and therapies, research interests, and cover letters.
WHY WE PROCESS YOUR PERSONAL DATA
We process Personal Data for the business and commercial purposes described in the bullet points below. The laws of certain jurisdictions require that we have a “legal basis” for our processing of Personal Data; where those law apply, we have identified our legal bases in the first-line bullet points, and those legal bases apply only for those jurisdictions.
- As necessary for our legitimate interests in:
- Operating and overseeing our business, for example, supporting quality and safety, enabling ethical and compliant business operations, conducting audits and investigations, managing your accounts, providing our products and services, improving and developing new products and services, researching market trends, monitoring service providers, analyzing potential talent, and otherwise administering our business (e.g., providing key functions like human resources, finance, accounting, IT, security, legal, and compliance). For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information, certain health and medical information, education information, and video and audio information (as part of monitoring our compliance with applicable laws and internet or other electronic network activity information to monitor online safety).
- Communicating with you, for example, responding to your inquiries (including unsolicited requests for information about our indications or scientific information), providing you with information we think may interest you, contacting you for your input, and maintaining records of our interactions with you. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information.
- Promoting our business and research, for example, carrying out marketing and sales activities, measuring the effectiveness of our promotional campaigns, and targeting advertisements on third-party services. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information, professional or employment-related information, inferences, demographic information, and internet or other electronic network activity information.
- Personalizing our interactions with you, for example, understanding your professional and personal interests and adapting our services to your needs and preferences. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information, professional or employment-related information, inferences, demographic information, and internet or other electronic network activity information.
- Protecting rights and interests, for example, protecting the health, safety, and security of Alexion, its employees, patients, caregivers, HCPs, and the general public; enforcing our legal rights; and pursuing remedies or otherwise taking steps to limit damages and liabilities. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information to investigate violations of our contracts or health and medical information in the event of an emergency.
- Identifying potential talent, for example, reviewing information to identify candidates for our talent pipeline via online or public sources. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information, professional or employment-related information, education information, and demographic information.
- Pursuant to a contract, for example, negotiating contracts in advance of entering into one and honoring our contractual commitments, such as:
- Engaging you to provide services on our behalf or as a business partner, for example, engaging with services providers that provide market research services or working with research collaborators. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information and financial information.
- Providing patient support services, for example, supporting you, assisting you with claims and authorizations, and connecting you with other resources or organizations. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information, health and medical information, and mental and physical characteristics.
- Providing grants, sponsorships, and other opportunities, for example, offering our access to medicines programs and sponsoring and participating in research, events, and conferences. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information, health and medical information, mental and physical characteristics, professional or employment-related information, education information, and demographic information.
- With your consent, or if you are a Minor (defined in the “Privacy Statement for Minors” section below), with your or your parent’s or legal guardian’s consent, in order to:
- Send promotional materials, for example, if you are a patient who enrolls in one of our patient support programs and you have consented to promotional communications. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information.
- Evaluate job candidates, for example, reviewing your job applications, talking to references, and reviewing information to identify candidates for our talent pipeline. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information, professional or employment-related information, education information, and demographic information.
- Share your story with others, for example, when we share patient stories to help our employees and others better understand our patients and their journeys. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information and audio and visual information.
- Collect information from or about you, for example, when we are legally required to obtain your consent before collecting certain Personal Data (e.g., sensitive information, such as health and medical information and mental and physical characteristics) about you.
As required by law, for example, by:
- Monitoring adverse events and product complaints, for example, providing infrastructure to intake adverse event reports and complaints, maintaining records of such events and complaints, appropriately responding to reports and complaints, and providing appropriate information to regulators. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information, health and medical information, and mental and physical characteristics.
- Complying with transparency requirements, for example, monitoring payments and other transfers of value. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information, professional or employment-related information, and financial information.
- Monitoring fraud and abuse, for example, investigating potential claims of fraud and abuse. For these purposes, we may use any of the types of Personal Data described above, for example, financial information.
- Responding to legal process, for example, complying with legal requests from administrative or judicial authorities and complying with subpoenas. For these purposes, we may use any of the types of Personal Data described above, for example, identifiers and contact information, professional or employment-related information, and financial information.
Due to the nature of our business, Alexion is subject to a number of legal requirements. As a result, Alexion may be required to process Personal Data, for example, sensitive Personal Data (including health and medical information and mental and physical characteristics), in order to meet these obligations. We will process your Personal Data in accordance with our legal obligations and in a way that protects your privacy to the extent possible, for example, pseudonymizing information, while still complying with our legal obligations.
HOW WE SHARE YOUR PERSONAL DATA
Alexion may share your Personal Data in the following ways:
- With vendors and service providers who work on Alexion’s behalf to provide certain services, for example, entities that provide us with research services, data storage, data analysis and processing, distribution, patient support, IT and data security, and legal services. When we share Personal Data with vendors and service providers, we endeavor to require that they keep your Personal Data confidential and secure and process it for limited and specified purposes.
- To Alexion affiliates and subsidiaries, for example, current and future companies within the Alexion family of companies.
- With business partners, for example, researchers with whom we collaborate, companies with whom we co-develop a therapy, or companies with whom we co-promote a product.
- In connection with a business transfer, for example, as part of a sale, assignment, or transfer of an Alexion business or assets, or acquisition of or merger with another entity. We may also share your Personal Data in contemplation of such transactions, such as during due diligence.
- In response to requests from government or law enforcement agencies or where required or permitted by applicable laws, court orders, or government regulations, for example, in response to a subpoena or regulatory inquiry.
- To protect rights and interests, for example, when needed for corporate audits, to investigate or respond to a complaint or threat, or to exercise our legal rights.
- With your consent, for example, when you agree that we can share your Personal Data with an HCP.
COOKIES AND OTHER TRACKING TECHNOLOGIES
We automatically process certain types of information whenever you interact with us on our online services and in some emails we may send to you. Automatic technologies we use may include, for example, cookies and web beacons.
- Web Beacons: On certain websites or emails, Alexion may utilize a common Internet technology called a “web beacon” (also known as a “pixel tag”, an “action tag”, or “clear GIF technology”). Web beacons help analyze the effectiveness of advertising campaigns and websites by measuring, for example, the number of visitors to a site or how many visitors clicked on key elements of a website.
Do Not Track (DNT) is a privacy preference that you can set in certain web browsers. Our websites may not recognize or respond to DNT signals, as the industry is currently working toward defining what DNT means and developing a common approach to responding to DNT signals. You can learn more about DNT here.
Some of our online services may integrate third-party advertising technologies that allow for the delivery of relevant content and advertising on non-Alexion services or that you use. The ads on third-party services may be based on various factors, such as the content of the page you are visiting, your searches, demographic data, and your activities on our websites and third-party services.
The opt-outs described at the links above are device- and browser-specific and may not work on all devices. If you clear cookies on your device or in your browser, you will have to go through the process of opting out again. If you choose to use any of these opt-out tools, this does not mean you will cease to see advertising. Rather, the ads you see will just not be based on your interests.
YOUR RIGHTS AND CHOICES
If you receive promotional communications from us, you may opt out of those communications by following the opt-out instructions in the communication (e.g., through an unsubscribe link or texting “STOP” in response to a text message). If you opt out of receiving promotional communications from us, we may still send you important administrative messages (e.g., updates about your account with us).
In addition, depending on the jurisdiction in which you are located or reside, you may have certain rights with regard to your Personal Data. We will honor your request in accordance with applicable laws and regulations, and we may verify your identity before responding to your request. Please note that the rights described below may be subject to limitations under applicable laws and regulations.
- General Rights: To the extent provided for under applicable law, you may contact us at any time to ask what Personal Data we process about you, request that we correct inaccurate Personal Data, opt out of or suppress certain Personal Data processing, request deletion of your Personal Data, impose restrictions on our processing of your Personal Data, and withdraw your consent to certain processing of your Personal Data. You can exercise your rights by emailing us at firstname.lastname@example.org. You may also have the right to lodge a complaint with the privacy or data protection regulator in your country of residence.
- Rights of California Residents: Under the California Consumer Privacy Act (CCPA), California residents have the following rights:
- Right to Know and Right to Request Deletion: You have the right to request (i) information about our collection, use, disclosure, and sale of your Personal Data and (ii) access to the specific pieces of Personal Data we have about you. You also have the right to request that we delete your Personal Data. You may request to exercise these rights by calling us at +1-844-935-1326 or emailing us at email@example.com. We will verify your request by comparing the information that you provide as part of your request with the information (if any) that we have about you in identifiable form. To make your request, you must provide us with your first and last name, email address, city and state of residence, and the nature of your request (e.g., whether you would like information about how handling of your Personal Data, would like the specific pieces of your Personal Data, or would like to delete your Personal Data).
- You may designate an authorized agent to make a request on your behalf by drafting, signing, and notarizing a letter that makes clear (i) the identity of your agent and (ii) the purposes for which you are appointing the agent.
- If you are an authorized agent, you must provide us with the information described above about the consumer on whose behalf you are acting as an agent, as well as your own first and last name and email address, and a letter that has been signed and notarized by the consumer appointing you as an agent.
- Right to Opt Out of the Sale of Personal Data: We do not “sell” Personal Data, as that term is defined in the CCPA.
- Right to Non-Discrimination: You have a right not to receive discriminatory treatment by Alexion for your exercise of your CCPA privacy rights.
Alexion is an international organization with affiliates and subsidiaries worldwide. Some of these have their registered offices in, or are located in, countries that do not have the same level of data protection as your country. We comply with legal requirements for cross-border data protection, for example, through the use of standard contractual clauses and, in some cases, other transfer mechanism permitted under applicable laws.
Alexion has implemented privacy and security controls designed to help protect your Personal Data. Please note, however, that no security measures are 100% effective, and we cannot guarantee absolute security of your Personal Data. We encourage you to take steps to protect yourself, for example, by not sharing login credentials to your accounts, not sending us sensitive information using unsecure methods (e.g., via unencrypted email), and protecting your devices (e.g., with passwords).
Alexion retains your Personal Data for as long as necessary for the purpose for which it was collected, unless a longer period is required to comply with applicable laws. Our retention periods vary depending on the purpose(s) for which your data was collected. Some of the criteria we use to assess appropriate retention periods include: (i) the nature of the Personal Data and the activities involved, (ii) when and for how long you interact with Alexion, and (iii) our legal obligations. To provide security and business continuity we make backups of certain data, which we may retain for longer than the original data.
PRIVACY STATEMENT FOR MINORS
We may process Personal Data about persons under the age of 18 (“Minors”) with the consent of their parent or guardian for the provision of certain services, such as patient support programs or research activities. We do not, however, knowingly solicit Personal Data from, or market or advertise to, Minors. If we become aware that we have collected Personal Data about a Minor without the consent of his/her parent or guardian, we will take reasonable steps to delete it in accordance with applicable legal requirements. Please contact us as described in the “How to Contact Us” section below to make us aware of Personal Data that we process about a Minor without consent.
We may provide you with links to or information about third-party resources. For example, we provide patients with information about patient advocacy groups, and we provide researchers with links to clinical trial registries. Please note that Alexion does not control the privacy policies or practices of such third parties, and we encourage you to review the privacy notices of the third parties with which you interact.
UPDATES TO THIS PRIVACY NOTICE
We may change this Privacy Notice from time to time, and we will post any changes to this Privacy Notice online. The date on which this notice was last updated is included at the end of this Privacy Notice. We may not notify you of any changes to this Privacy Notice, so you should check back occasionally to ensure that you are aware of the most recent version.
HOW TO CONTACT US
Alexion Pharmaceuticals, Inc., 121 Seaport Boulevard, Boston, Massachusetts, USA, and the Alexion affiliate in the country in which you are located or with which you interact are the “data controllers.” Our contact information is as follows:
For general questions or comments about Alexion’s privacy practices from anyone anywhere in the world:
Alexion Pharmaceuticals, Inc.
121 Seaport Boulevard
Boston, MA 02210
By email: firstname.lastname@example.org
For general questions or comments about Alexion’s privacy practices from individuals located in the European Economic Area and for which the individual would prefer to contact a DPO:
Alexion Data Protection Officer (DPO)
20-21 Saint Patricks Road
A96 DV76, IRELAND
By email: email@example.com
For general questions or comments about Alexion’s privacy practices from individuals located in Germany and for which the individual would prefer to contact Alexion’s German DPO:
Alexion Pharma Germany GmbH
c/o Alexion DPO, activeMind AG
Potsdamer Str. 3
By email: firstname.lastname@example.org
Last updated on: 16 December 2019