LifeScan Global Privacy Policy

Last updated: 10/2023

LifeScan is concerned about privacy issues and wants you to be familiar with how we collect, use and disclose information. In this Privacy Policy, we may refer to ourselves as "we," "us," or, "our," by which we mean LifeScan Global Corporation and its subsidiaries. The controller of your data is the LifeScan company listed next to your country, here ("Controller") except for healthcare professionals who subscribe to LifeScan Diabetes Institute, in that case, LifeScan Institute LLC is the Controller.

This Privacy Policy describes our practices that we or our service providers collect through the website or mobile application (such as OneTouch Reveal®), operated and controlled by LifeScan, through which you are accessing this Privacy Policy (the "Services") or if you contact our customer care team. If local laws in your country require that we process your Personal Data in a different way, we will comply with those local laws. Please read this entire Privacy Policy before using any of the LifeScan Services.

PERSONAL DATA

The term "Personal Data" in this Privacy Policy means any information which could identify you as an individual, either directly (for example, your name) or indirectly (such as an IP address or other unique identifier).

LifeScan may collect and process the following Personal Data when you use the Services:

When you are asked to provide your Personal Data you may have an option to choose not to provide it but if you do so, it may inhibit our ability to provide some elements of the Services to you.

If you are providing information of someone other than yourself (for example, if you are a caregiver, parent or guardian or a healthcare professional providing a patient's information) then you are confirming to us that you have any legally required authorization, consent or other lawful authority to share the other person's information and for us to use it in accordance with this Privacy Policy.

If you are a healthcare professional, LifeScan may collect:

We may combine information you provide with information from other sources, for example social media or from public sources.

HOW LIFESCAN COLLECTS PERSONAL DATA

LifeScan collects Personal Data in a number of ways, including:

HOW LIFESCAN USES PERSONAL DATA

We process your health information when you use the Services on the basis of your explicit consent.

We use your Personal Data for the following purposes where it is necessary for us to perform our contractual obligations to you:

We use your Personal Data for the following purposes where it is necessary in our legitimate interests in order to:

We use your Personal Data to provide you with information about our products and services or the products and services of selected third-party partners, provided that you have opted-in to receive such communication, where an opt-in is required by law. If you have opted-in to receive such communications, our legal basis for processing your Personal Data for this purpose is your consent.

We use your Personal Data for the following purposes in order to comply with a legal obligation that we are subject to, or where necessary to establish, exercise or defend legal claims:

We may also use your Personal Data in other ways, with your consent.

HOW LIFESCAN SHARES PERSONAL DATA

We may share your Personal Data:

In addition, we may use and disclose information collected through our Services as we believe to be necessary or appropriate: (a) as permitted by applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect the operations of LifeScan group companies; (f) to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

OTHER PRODUCTS, SERVICES AND APPS

The Services may include functionality that allows for links to or integrations with the products, services or apps of our business partners ("Partner Apps"). In the event that you use Services that include such functionality, our business partners' privacy policies will govern how they handle your Personal Data in connection with such Partner Apps, while this Privacy Policy will continue to govern how we handle your Personal Data. We are not responsible for our business partners' privacy practices, and you should review the applicable Partner App privacy policies before using such functionality.

EMAIL COMMUNICATIONS

Where you agree, we may send you email messages promoting our Services or with other information about our programs and offers. As further described below under "Your Privacy Rights and Choices," you may opt out of these messages at any time by contacting us or by using the "My Account" or "Settings" function if applicable.

COOKIES, INTERNET-BASED ADVERTISING AND OTHER TOOLS

We use persistent identifiers to authenticate you to the Services to analyze how the Services are used, to link information about how you use the Services with your account, to analyze the effectiveness of our messaging and to help to tailor our products and the Services. We may also use persistent identifiers to identify you across other media or through your use of our other products or the Services to help to tailor our offerings and to provide enhanced personalization and communications.

Cookies: Cookies are pieces of information stored directly on the computer you are using. Cookies allow us to collect information such as browser type, time spent on a website, pages visited, and language preferences. We and our service providers use the information for security purposes, to facilitate navigation, display information more effectively, and to personalize your experience while using a website. We also use cookies to recognize your computer or device, which makes your use of the Services easier, such as to remember what is in your shopping cart. In addition, we use cookies to gather statistical information about usage of our Services in order to continually improve design and functionality, understand how individuals use them and to assist us with resolving questions regarding the Services. Cookies further allow us to select which of our advertisements or offers are most likely to appeal to you and display them while you are using the Services. We may also use cookies in online advertising to track consumer responses to our advertisements. Please read our Cookie Policy for information about the cookies used and how to disable them.

You can refuse to accept these cookies by following your browser's instructions; however, if you do not accept them, you may experience some inconvenience in your use of the Site. In addition, you may not receive advertising or other offers from us that are relevant to your interests and needs. To learn more about cookies, please visit http://www.allaboutcookies.org.

Using pixel tags, web beacons, clear GIFs, or other similar technologies. These may be used in connection with some web pages and HTML-formatted e-mail messages to, among other things, track the actions of users and e-mail recipients, measure the success of our marketing campaigns, and compile statistics about usage and response rates.

Analytics. In certain markets we may use analytics providers such as Google Analytics and Firebase Analytics, which use cookies and similar technologies to collect and analyze information about use of the Services and report on activities and trends. The Services may also collect information regarding the use of other websites, apps and online resources. You can learn about Google's practices by going to: http://www.google.com/policies/privacy/partners and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.

We may also use mobile analytics services, such as AppFlyer Inc's mobile attribution and analytics platform, to understand use of the Services. This allows us to understand, assess and adjust our marketing campaigns and their performance. For example, this helps us to understand which campaigns lead people to download the Services. You can learn about AppsFlyer's data processing at: https://www.appsflyer.com/privacy-policy. If you wish to opt-out please go to: https://www.appsflyer.com/optout.

Retargeting of Advertisements and Opting Out. We try to deliver relevant advertisements by using a common form of online advertising known as "retargeting." Retargeting provides advertisements on a website based on a user's activities on a different, unrelated site. To enable this, LifeScan or its advertising service providers may use a device ID, cookie, pixel, web beacon or similar technology placed by LifeScan or its third-party service provider when you visit our Services. The placing of these cookies or other technologies on your device may enable you to be identified across multiple websites.

You can opt-out of having your online activity collected for advertising purposes and receiving behaviorally targeted advertisements by using the links below depending on your region:

Please note that the choices you make are specific to the browser and device on which you implement such controls.

We may use Facebook's custom audience tools which allows us to provide you with advertising to you when you use Facebook's platforms which you may find to be more relevant to you. You can learn more about Facebook's privacy policy here. This is done by converting your email address into a unique number that Facebook uses to match to a unique number that Facebook generates based on the email address that you have provided to Facebook. You can change your advertising preferences within the "Ad Settings" and "Ad Preferences" sections of your Facebook account.

On some pages of our websites, we allow third-party advertising partners to use cookies, web beacons, and similar technologies to collect or receive information regarding your activities on those web pages (e.g., your IP address, page(s) visited, time of day, and cookie identifiers). We may also share such information we have collected with advertising and analytics companies, they may use this information (and combine it with information collected over time and across other websites, apps, or other digital services) to deliver targeted advertisements.

Mobile advertising identifier controls. Apple and Android mobile devices generate an advertising identifier that can be accessed by apps and used by advertisers in a way similar to how cookies are used on websites. Apple and Android operating systems provide options to limit tracking.

Do Not Track. Some browsers have a Do Not Track ("DNT") feature that allow a user to indicate a preference not to have their online activities tracked. If you limit a website's ability to set cookies, your user experience may be affected. The DNT function is not available when you are accessing the Services through a mobile application rather than through the relevant website.

YOUR PRIVACY RIGHTS AND CHOICES

Depending on the laws in your country, you may have rights to:

In order to protect your Personal Data, we may require that you provide evidence to confirm your identity before we provide the requested information. We will respond to your request within the relevant time limit under applicable law.

If you wish to opt-out of receiving marketing emails from LifeScan, you may update your preferences by sending an email to your Customer Service email address: contact@onetouch.com or, where there is a "My Account" or Settings feature, you can update your marketing preferences there. If you choose to opt-out of receiving such messages, we may still send you service-related announcements such as changes to the Privacy Policy, planned maintenance or downtime.

If you are a healthcare professional and no longer wish to receive communications from the LifeScan Diabetes Institute, you can update your preferences in your member profile at www.lifescandiabetesinstitute.com or by unsubscribing, here.

DE-IDENTIFIED, PERMANENTLY ANONYMIZED, AND AGGREGATED DATA

We may de-identify data that we collect about you. We may use or share this data with third parties to perform analytics and research, for product development or improvement, and for other compatible purposes or as otherwise permitted by law. We may also permanently anonymize your Personal Data so that it is no longer personal data under relevant laws. After permanent anonymization, you can never be identified and the data is not traceable to you. We may use or share such anonymized data for statistical analysis, clinical research, demographic analysis or other similar activities. We may export and process permanently anonymized data in any country in which we or one of our service providers or business partners has operations. We may also combine or aggregate this data with other third-party data that we collect about you.

HOW LONG WE RETAIN AND HOW WE SECURE YOUR DATA

We retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or allowed by law or is needed in order to fulfill a legal requirement to which LifeScan is subject.

LifeScan uses various technical, organizational and administrative measures to protect your Personal Data against loss, unauthorized use or access. For example, when we transmit your health-related Personal Data, through our Services we use encryption technology. When our Services communicate with our analytics providers, encryption is also used. However, you should be aware that no data storage or method of transmission can be guaranteed to be 100% secure or error-free.

SAFETY AND OTHER REGULATORY REPORTING

In order to ensure the safety of medical devices, regulators place a legal obligation on manufacturers to report certain complaints and potential adverse events to them. LifeScan may share this information with other LifeScan companies in other countries, its service providers or business partners who assist in the maintenance and operation of LifeScan's complaints database.

In some cases, LifeScan may not be the legal manufacturer of devices that we promote or make available, in those circumstances, we are obliged to pass on details of complaints and potential adverse events to the device's legal manufacturer so that they may report the matter to applicable regional or national regulatory bodies, including those that may have different data protection laws than the laws that apply in your country. Where relevant, LifeScan enters into European Union standard contractual clauses (or equivalent measures) with the party outside the European Economic Area receiving the personal data. A copy of the relevant standard contractual clauses is available upon request.

LifeScan processes complaint and adverse event data in order to comply with legal requirements to which it or its business partners are subject. Where LifeScan processes health data (which is a special category of data) for these purposes, LifeScan does so for reasons of public interest in ensuring high standards of quality and safety of medical devices. Any data provided for complaint and/or adverse event reporting purposes will not be used for direct marketing.

If you are a healthcare professional, LifeScan may be required, by law or industry codes of practice, to report on or to make public disclosures of certain payments or transfers of value to healthcare professionals (such as consulting fees, travel and other permitted expenses). Where required by local law, we will disclose your identity, your location and the nature and amount of the transfer of value or payment.

LINKS TO OTHER SITES

When we provide a link to another website or application that is not owned or controlled by LifeScan, we are not responsible for how such websites or applications handle your Personal Data. We urge you to read the linked website's privacy policy. The inclusion of a link to a third-party website or application does not mean that LifeScan endorses that website or application.

TRANSFERS TO OTHER COUNTRIES

As a global company, we have operations and service providers that may not be located in your country. By using any of our Services or, where required by law, by providing us with your consent, your information may be processed and / or stored outside of your country of residence. Data protection laws in those countries may differ from the laws in your country. Appropriate contractual and other measures are in place to protect Personal Data when it is transferred to LifeScan company or third parties in other countries.

For residents of the European Economic Area ("EEA"): Some countries outside the EEA are recognized by the European Commission as providing an adequate level of data protection (the full list of these countries is available here). For transfers from the EEA to countries not considered adequate by the European Commission, we shall ensure that adequate measures are in place, including by ensuring that the recipient is bound by the European Union's Standard Contractual Clauses or by another method which has been approved by the European Commission.

If you are using the Services in the Kingdom of Saudi Arabia, you specifically acknowledge and agree that none of the data within the Services constitutes medical records under the laws of the Kingdom of Saudi Arabia.

CHILDREN'S PRIVACY

We do not collect knowingly data directly from children under the age of 13. Some of the Services allow the creation of a parent or guardian account which allows for the submission of a child's Personal Data by a parent or guardian. Please contact us if you believe that a child has provided their Personal Data to us directly, without the consent of a parent and we will remove it.

NOTICE FOR EUROPEAN UNION USERS: HOW TO COMPLAIN TO A REGULATOR AND DPO CONTACT DETAILS

If you are a European Union citizen or you are accessing any of our Services from within the European Economic Area, you may lodge a complaint with the supervisory authority for your country of residence. Their details can be found here.

You may contact our Data Protection Officer ("DPO") by sending an email to emeaprivacy@lifescan.com.

HOW YOU CAN CONTACT US

The company responsible for collection use and disclosure of your Personal Data under this Privacy Policy is:

Country LifeScan company name and address
the United States LifeScan, Inc., Attention: Office of Privacy, 20 Valley Stream Parkway, Malvern, PA 19355
Global LifeScan Institute, LLC, 20 Valley Stream Parkway, Malvern, PA 19355

For privacy-related enquiries or complaints, please send an email to the relevant customer service email address in the table above. You can also write to our privacy officer at: LifeScan Privacy Office, LifeScan Global Corporation, 20 Valley Stream Parkway, Malvern, Pennsylvania, 19355, United States of America or by sending an email to: privacy@lifescan.com.

UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. To the extent permitted by applicable law, any changes will be effective when we post the revised Privacy Policy on our Services and your continued use of the relevant Service after these changes means that you accept the relevant changes. If the changes are significant, we may provide a more prominent notice to let you know what the changes are. This Privacy Policy was last updated as of the "Last Updated" date shown at the top of this Privacy Policy.

USA: SUPPLEMENTAL NOTICE FOR CERTAIN UNITED STATES RESIDENTS (“US STATE SUPPLEMENTAL PRIVACY NOTICE”)

This US State Supplemental Privacy Notice applies to information collected about Consumers (as defined in the relevant laws listed below) of California, Colorado, Connecticut, Virginia and Utah. In conjunction with the Global Privacy Policy, it provides the information required by the following laws:

Collectively referred to in this US State Supplemental Privacy Notice as “State Privacy Laws”.

This US State Supplemental Privacy Notice supplements and should be read in conjunction with the Global Privacy Policy. In the event of a conflict between the Global Privacy Policy and the US State Supplemental Notice, the US State Supplemental Notice shall prevail for residents of the states listed above.

State Privacy Laws give residents of the relevant state certain rights (“Consumer Rights”) in relation to their personal information.

California provides their state residents with rights to:

In the previous 12 months, LifeScan has collected and disclosed for its business purposes the following categories of personal information. Your personal information was collected from sources including yourself directly, business partners, and third parties, as further described above under "How LifeScan Collects Personal Data":

Colorado, Connecticut, Virginia, and Utah each provide their state residents with rights to:

Colorado, Connecticut, and Virginia also provide their state residents with rights to:

Nevada provides its residents with a limited right to:

Exercising Consumer Rights under State Privacy Laws: Residents of states with State Privacy Laws may exercise their Consumer Rights by submitting a verifiable consumer request to us by either calling our customer service team at: 1 866 693-0599 or by email to: contact@onetouch.com.

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

Response Timing and Format: We endeavor to respond to a verifiable Consumer Rights request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt or such other period as may be required by the applicable State Privacy Law. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is: permitted by the applicable State Privacy Law, is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Appeals Related to a Consumer Rights Request: To appeal a decision regarding a consumer rights request please send a copy of the decision on your consumer rights request so that we may deal with your appeal. We will deal with your appeal in accordance with the applicable state law.

Non-Discrimination: We will not discriminate against you for exercising any Consumer Rights request under any State Privacy Law. Unless permitted by applicable law, we will not:

However, we may offer you certain financial incentives permitted by applicable State Privacy Laws that can result in different prices, rates, or quality levels. For any financial incentive permitted by applicable State Privacy Laws we offer will reasonably relate to your Personal Data's value and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.


Version Number: 5.10