Insulet EU Privacy Notice

NOTE: TO ACCESS THE PRIVACY POLICY RELEVANT TO HEALTHCARE PROFESSIONALS AND BUSINESS CONTACTS PLEASE CLICK HERE

PRIVACY NOTICE

This privacy notice describes how the Insulet entity that services your country ('we', 'us') (to access the details of your local Insulet entity please click HERE) collects personal information about you; how we use this information, and your rights in relation to this information. This entity will be the data controller of your personal information.

We respect the importance of your privacy. We will only use your personal information in the ways we explain in this Privacy Notice. Please read this Notice carefully to understand more. You can contact our Data Privacy Office at any time at dataprivacy@insulet.com.

1. Personal Information we Use

We will collect personal information about you from a variety of sources, including information we collect from you directly (e.g. when you contact us and provide information to us), information we collect on www.myomnipod.com (the "Websites"), the My Omnipod® mobile application or other mobile applications we make available or accessible for download (the "Applications") and information we collect about you from other sources, such as other web-based communication channels or services we create, use, offer or operate.

1.1 Information we Collect Directly from You

The categories of information that we may collect directly from you include the following:

(a) personal details (e.g. name, date of birth);

(b) contact details (e.g. phone number, email address, postal address or mobile number);

(c) payment details (e.g. card information, billing address details);

(d) technical device information (e.g. the Internet Protocol address for your device or device identifier);

(e) medical information – any information about your diabetes condition and treatment, (e.g. information about your use of the Omnipod® Insulin Management System or supplies, health insurance coverage).

We may be required to collect some of this information from you in order to fulfil a contract we have with you (e.g. we cannot deliver products to you without your postal address or take payment without your card details), and we will inform you of this when we collect that information.

1.2 Information we Collect from Other Sources:

The following are examples of the categories of information we may collect from other sources:

(a) personal details (e.g. name, date of birth);

(b) contact details (e.g. phone number, email address, postal address or mobile number); and

(c) medical insurance information from health insurance companies where required.

2. How we use Personal Information and the Basis on which we Use it

We may use your personal information for the following purposes:

  • Identification and authentication: We use your identification information to verify your identity when you access and use our services and to ensure the security of your personal information. We rely on the legitimate interest legal basis to do so in order to provide you with a secure service.
  • Operating the services: We process your personal information to provide the services and products you have requested. We do this to meet any contractual obligations we have to you (for example to deliver services), or we rely on the legitimate interest legal basis in order to provide the best service possible if we do not have a contract with you.
  • Responding to your requests and inquiries: We use your personal information to respond to any requests and inquiries you make to us. We rely on the legitimate interest legal basis to do so in order to provide an efficient response to your request.
  • Contract & Contract Implementation: We use your personal information in order to conclude and execute contracts with you at your request, including contracts for the purchase/loan of the Omnipod® or supplies. We rely on the legal basis of processing for the performance of a contract.
  • Improving our services: We analyse information about how you use our services to provide an improved experience for our customers. It is in our legitimate business interests to use the information provided to us for this purpose so we can understand any issues with our services to improve it.
  • Exercising our rights: We may use any of the categories of your personal information to exercise our legal rights where it is necessary to do so, for example to detect, prevent and respond to fraud claims, intellectual property infringement claims or violations of law or the contract. It is in our legitimate interests to respond to any such claims in order to defend our legal rights.
  • Marketing: We may use your personal information to personalize the marketing messages we send to you and to make them more relevant and interesting, including providing you with information on any of our new and/or existing products. It is in our legitimate interest to carry out marketing in order to promote our business and, where necessary, we will obtain your consent first. You always have the right to opt-out.

Where we rely on our legitimate interests to process personal data, you can find out more about this basis for processing, or object to these uses of personal data by contacting us using the details set out above.

3. How we Use Your Medical Information and the Basis on which we Use it

We may use your medical information when you wish to use or are using our products and/or services for the following purposes:

  • Product Support and payment: We may use your Medical Information for product support, where applicable to obtain payment or reimbursement for products from your healthcare provider or insurer, and to evaluate the quality of service that you receive. We rely on your explicit consent as the lawful basis for this purpose.
  • Emergencies: If you require emergency treatment and we are unable to obtain your consent, we may disclose your Medical Information to a family member or relative who is involved in your care. We rely on the vital interests lawful basis for this purpose.
  • Contract & Contract Implementation: We use your medical data as far as you provide us with in the context of a contract initiation or execution, in order to conclude/ execute the contract with you. We rely on your explicit consentas a legal basis for this purpose.
  • Legal Claims: We may use or disclose your Medical Information to the extent necessary to establish, exercise or defend legal claims when it is in our legitimate interests. You will be notified of any such uses or disclosures to the extent permitted by law.
  • Public Health: We may disclose your Medical Information for public health activities and purposes in the public interest (including to protect against serious cross-border threats to health) where permitted by law. The disclosure will be made for the purpose of preventing or controlling disease, injury or disability. We may also disclose your Medical Information, if directed by the public health authority and permitted by law, to a foreign government agency that is collaborating with the public health authority.
  • Health Regulators: We may disclose Medical Information to health regulators for activities authorised by law, such as audits, investigations, and inspections where necessary in the public interest for the quality and safety of medical devices or where required under a legal obligation. Health regulators seeking this information include government agencies that oversee the healthcare system and other government regulatory programmes.
  • Criminal Activity: We may disclose your Medical Information where we consider the disclosure is necessary for reasons of substantial public interest as permitted by law such as to prevent or lessen a serious and imminent threat to the health or safety of a person or the public (including to a law enforcement authority where required by law).

When we rely on your explicit consent to use your Medical Information you always have the right to withdraw your consent. Please contact us using the details above if you wish to withdraw your consent. You can also contact us to find out more about the precise circumstances in which we use your Medical Information for the purposes described above.

4. Your Rights Over Your Personal Information

You have certain rights regarding your personal information (including your Medical Information), subject to local law. These include the following rights to:

(a) access your personal information;

(b) rectify the information we hold about you;

(c) erase your personal information;

(d) restrict our use of your personal information;

(e) object to our use of your personal information as described above;

(f) receive your personal information in a usable electronic format and transmit it to a third party (right to data portability).

We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate. Please note that we will likely require additional information from you in order to honour your requests.

If you would like to discuss or exercise such rights, or if you have any complaints about our use of your personal information, please contact us using the details set out above.

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to a data protection authority, e.g. to the data protection authority which is supervising the Insulet entity that services your country.

5. Information Sharing

We may share your personal information (including health information) with third parties under the following circumstances and to the extent permitted by law:

(a) Service providers and business partners. We may share your personal information with our service providers and business partners that perform customer support services and other business operations for us. For example, we may partner with other companies to process secure payments, fulfil orders, optimize our services, support email and messaging services and analyse information.

(b)Insulet Group companies. We are owned by Insulet Corporation and our main European entity is Insulet International Limited, so we work closely with other businesses and companies that fall under the Insulet family. We may share certain information about our business relationship with you including the products and services provided to you and your use of the same, your browsing history on our website, etc., with Insulet Corporation, Insulet International and other Insulet companies for business operations and marketing purposes.

(c) Law enforcement agency, court, regulator, government authority or other third party. We may share your personal information with these parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.

(d) Asset purchasers. We may share your personal information with any third party that purchases, or to which we transfer, all or substantially all of our assets and business. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal information uses it in a manner that is consistent with this Privacy Notice.

6. Information Security and Retention

We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. We evaluate these measures on a regular basis to ensure the security of the processing.

We will keep your personal information for as long as we have a relationship with you. When deciding how long to keep your personal information after our relationship with you has ended, we take into account our legal obligations and regulators' expectations, as well as the amount of time necessary for us to maintain records for analysis and audit purposes,. We may also retain records to investigate or defend potential legal claims and to deal with any complaints raised. We will not retain your personal information longer than is permitted by applicable law.

7. International Data Transfer

Your personal information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal information under European Union law or by the European Commission. However, we have put in place appropriate safeguards (such as contractual commitments on the basis of accepted Standard Contractual Clauses) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.

8. Changes to the Notice

You may request a copy of this privacy notice from us using the contact details set out above.

Our commitment to be the leading provider of innovative insulin delivery systems means that our business will continue to evolve as we introduce new services and features. Because of this, from time to time, our policies will be reviewed and may be revised. We reserve the right to change this Privacy Notice at any time and notify you by posting an updated version of the Privacy Notice on the Websites. It is your responsibility to periodically check the Websites so that you are aware of what information we collect, how we process and use it, and under what circumstances we might disclose it. Where we are required to do so, we will collect new explicit consents from you.

We may modify or update this privacy notice from time to time. You will be able to see when we last updated the privacy notice because we will include a revision date. Changes and additions to this privacy notice are effective from the date on which they are posted. Please review this privacy notice from time to time to check whether we have made any changes to the way in which we use your personal information.

Version: 22 June 2018