Dexcom Privacy Notice

Last Updated July, 2024

Who We Are | Purpose of this Privacy Notice | Personal Data Collected, Purposes, and Recipients | Special Note to Individuals in the United States | Marketing, Cookies, and Analytics | Service Providers and Third Parties | Your Rights Regarding Your Personal Data | Safeguarding Personal Data | How Long Your Personal Data Will Be Kept | Transfer of Personal Data | Changes to This Privacy Notice | Contact Us | Consumer Health Data Privacy Policy

Who We Are

Dexcom, Inc., and its directly or indirectly controlled affiliate(s) or subsidiaries, listed here (Dexcom, we, our, or us) value your privacy and the protection of your Personal Data. This Privacy Notice (Notice) explains how we collect, store, use, share, transfer, delete, and otherwise process information collected from or about you known as Personal Data (defined further below in this Notice). As an international company, Dexcom has multiple legal entities in different countries that may be responsible for the Personal Data they process, and we process Personal Data in accordance with these laws.

Purpose of this Privacy Notice

This Notice describes the types of Personal Data that Dexcom may collect or process, how we may use and disclose that Personal Data, and how you may exercise any rights you may have regarding our processing of your Personal Data.

This Notice applies to Personal Data collected or processed by us:

·       Through online activities and services we offer (through this and other of our websites, our online store, web surveys, newsletters, applications, email, online messaging services or channels, including online “chats” with live individuals and artificial intelligence, through social media, through our telephone customer service centers, through email or SMS/text messages, and otherwise) (Online Services);

·       Through your account and through our products and services, whether provided directly to you or your patient, or if you are a patient, through your doctor, hospital, medical treatment facility, or other healthcare provider (Healthcare Provider), including the Stelo Glucose Biosensor System, Dexcom G7® CGM System, Dexcom G6® CGM System, Dexcom ONE CGM System, Dexcom G5® CGM System, Dexcom G6 Pro, Clarity Clinic and our mobile apps such as Dexcom Clarity, Dexcom Share, Stelo by Dexcom app, the Dexcom G7 app, the Dexcom G6 app, the Dexcom ONE app, the Dexcom G5 App, and Dexcom Follow (Products), including individuals who act as Dexcom Warriors;

·       In other situations where you interact with us, including but not limited to interacting with us by visiting our sites, offices, or our events (such as tradeshows and conferences) (Events) (our Online Services, Products, and Events are collectively called Products and Services in this Notice);

·       Related to activities we undertake in recruiting participants for participation in clinical trials or activities related to identifying and contracting with study investigators and their staff;

·       In connection with adverse events, complaints, and reports;

·       When you interact with us in a professional capacity, for example, if you are a Healthcare Provider or an employee of a company we do business with or provide Products and Services to;

·       When we undertake employment recruiting activities; or

·       Anywhere this Notice is posted or referenced.

Dexcom may provide you with a different privacy notice in certain specific situations, in which case that privacy notice or policy will apply to the Personal Data collected or processed in that specific situation, rather than this one. If you are a patient in the United States, please refer to our Notice of Privacy Practices for additional information about how we use, share, disclose, and otherwise process your protected health information. For additional information about our processing of consumer health data beyond your protected health information, please refer to our Consumer Health Data Privacy Policy.

If you provide us with Personal Data related to anyone other than yourself (such as a patient or family member), please note that you are responsible for complying with all privacy and data protection laws prior to providing that information to Dexcom (including collecting consent, if required).

The Dexcom company, subsidiary, or affiliate with whom you, your employer, your Healthcare Provider, or your patient is interacting or the Dexcom company, subsidiary, or affiliate who owns and operates the Product or Service is, where applicable, the entity responsible for the collection and use of your Personal Data (known in some jurisdictions as the “data controller”). A list of the data controllers can be found here, and contact details can be found in the Contact Us section at the end of this Notice and in the list of data controllers.

Please review this Notice carefully. To the extent permitted by law, by providing us your Personal Data or otherwise interacting with us, you are agreeing to this Notice. If you do not agree with our policies and practices, it is your choice not to use our Products and Services or otherwise engage with us.

Personal Data Collected, Purposes, and Recipients

What is Personal Data?

Personal Data is any information—as electronically or otherwise recorded—that can be used to identify a person or that we can link to or associate with a specific individual, such as a name, address, email address, or telephone number. Personal Data in some countries can include information that indirectly identifies a person, even absent other identifying information.

Personal Data may include information considered sensitive in some countries, such as biometric information, genetic information, health information, financial account information, specific geolocation, ethnic or racial origin, information concerning your sex life or your sexual orientation, social security number, driver’s license number, state identification card number, passport number, and other similar information. Personal Data that could be considered sensitive Personal Data under any law is indicated with a caret (^) in the chart below.

We will process any Personal Data we collect in accordance with law and as described in this Notice (unless, as explained above, a separate policy or notice governs). In some circumstances, if you do not provide us with certain Personal Data, there may be some Products and Services that are unavailable to you.

We may include third-party features or integrations for your optional use. For example, we may integrate with third party health apps or application programming interfaces (APIs) such as Apple HealthKit or Google Health Connect. Such data may include other nutrition/diet/food diary, hydration logs, sleep, heart rate, heart rate variability, body temperature, activity, exercise, daily calories burned, weight, body mass, and is used to help you understand how activity choices and glucose impact your body. Your use of these optional integrations is voluntary, and you have the ability to change or revoke the authorization of data sharing. Dexcom’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements and we will not sell Health Connect data to third parties. This Notice does not apply to any personal data that you provide directly to a third-party feature or integration.

The below table is a high-level summary of the types of Personal Data we may collect from you. Following that high-level summary is additional detail and information on how we collect, process, and use Personal Data and the potential recipients of your Personal Data, now and in the preceding 12 months. Some countries require us to state the legal bases for processing your Personal Data, which are the legally recognized reasons for processing your Personal Data, but please note that not all countries recognize all legal bases. The types of Personal Data we collect and disclose depends on your relationship with Dexcom. Not all of the categories listed in the following charts may apply to you. If the nature of your relationship with Dexcom changes, additional categories of Personal Data may also apply.


 

Identity and Contact Information

Demographic Information

Video, Audio, and Recorded Information

Technical Information

Health Information

Commercial and Financial Information

Professional and Educational Information

Anonymized / De-Identified Data

 

This may include name, email, phone number, etc.

This may include age, gender, disability, etc.

This may include photos, video, call, or chat recordings, etc.

This may include Internet Protocol (IP) address, browser, device type, etc.

This may include information related to your health condition and treatment, etc.

This may include financial information, order information, etc.

This may include job title or position, employer, etc.

Data that removes individual personal data

Users of Online Services

X

X^

X

X

X^

X

 

 

X

X

Patients and Users of Our Products

X^

X^

X^

X^

X^

X^

X^

X

Individuals Who Contact Us

X

 

X^

X

X^

 

X

X

Patients Applying to or Enrolled in Patient Support Programs

X

X

X^

X

X^

X^

X

X

Business Partners and Their Employees, Agents, and Contractors

X

X

 

X

 

X^

X

X

Healthcare Providers

X

 

X^

X

 

X^

X

X

Attendees and Participants at Events

X

X

X^

X

X^

X^

X

X

Clinical Investigators and Members of Investigator Teams

X

X

X^

X

 

 

X

X

Clinical Study Candidates

X

X^

X^

X

X^

X^

X

X

Employment and Apprenticeship Candidates

X

X^

 

X

 

 

X

X

Children*

X

X^

X^

X

X^

 

 

X

Personal Data that may be considered sensitive is noted with a “^”.

*Dexcom may process Personal Data of minors who are users of a Dexcom Product. In those instances, Dexcom seeks consent from the minor’s parents or legal guardians to process their Personal Data. Dexcom does not knowingly collect, maintain, disclose, or otherwise process Personal Data from minors below the age of 16 in other circumstances, including through Online Services or Interactions.


Users of Online Services

Patients and Users of Our Products

Patients Applying to or Enrolled In Patient Support Programs

Business Partners and Their Employees, Agents, and Contractors

Healthcare Providers

Attendees and Participants at Events

Clinical Investigators and Members of Investigator Teams

Clinical Study Candidates

Employment and Apprenticeship Candidates

Children

 

Users of Online Services

We may process your Personal Data by (1) engaging with online activities and services we offer through this and other of our websites, applications, email, SMS/text messages, online messaging services and channels, including online “chats” with live individuals and artificial intelligence, through social media, and otherwise; (2) interacting with our online store; (3) signing up for our newsletters or other informational or marketing materials; (4) contacting our customer service centers through phone, email, SMS/text messages, chats, or otherwise; and/or (5) completing a survey or other online questionnaire or form.

Examples of the types of data we process (Personal Data that may be considered sensitive is noted with a “^”)

Identity and contact information, such as:

       first and last name or unique pseudonym

       honorifics and titles, preferred form of address

       employer / company

       email address

       postal address

       phone number

       username or code and password^, security answers^, and user preferences

       contact information for related persons, such as authorized users of your account or designated representatives

       customer number

       company ID number such as account number

       National Provider Identifier (NPI)

Demographic information, such as:

       age

       gender

       marital status

       preferred language

       disability^

       date of birth

Video, audio, and recorded information, such as:

       still images

       video (including via CCTV)

       voicemails

       recordings of your interactions with our Online Services, including with our customer service, whether through phone, email, SMS/text message, or chat

Technical information, such as:

       Internet Protocol (IP) addresses (which may identify your general geographic location or company)

       browser type and browser language

       device type

       advertising IDs associated with your device (such as Apple’s Identifier for Advertising (IDFA) or Android’s Advertising ID (AAID))

       date and time you use our Products and Services

       Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving and after leaving our Products and Services

       activity and online behavior while on our Products and Services and referring websites or applications, including forms and other information submitted, videos watched, shopping cart contents, your clicks on our site pages, and product descriptions read

       data collected from cookies or other similar technologies***

Health information, such as

       genetic information^

       glucose readings and related date, time, and device identifier related to that reading^

       thresholds entered into our Products and notifications associated with such thresholds^

       identification of pathologies/diseases^

       identification number associated with your Products, including the serial identification numbers associated with any receiver and transmitter provided^

       treatment dates^

       medical history and treatment information^

       user activity^

       therapy completion and use details^

       drug allergies^

       prescriptions and dosing^

       health values, such as heart rate and blood pressure^

       adverse event information^

       health insurance information and other information on payment for healthcare services^

       pregnancy status^

       contact information for designated recipients of your health information

       location data^

       patient ID number^

Commercial and financial information, such as:

       Products and Services purchased, obtained, or considered

       request documentation

       customer service records

Professional and educational information, such as:

       job title or position

       your employer, company with which you are associated, or principal

       working location

       National Provider Identifier (NPI)

       state medical license number

       work skills

       employment history

       graduate degrees

       certifications

       specialized training

       responses to surveys and questionnaires

       enrolment history for our education and training events

       records of collaborations with Dexcom, such as participation on an advisory board commissioned by Dexcom

Anonymized / de-identified data:

       Anonymized and/or de-identified data is data for which your individual personal characteristics and information have been removed such that you are not identified or identifiable and the information is no longer considered Personal Data under data protection laws****

Where do we get the data?

       you directly

       those authorized to provide Personal Data on your behalf, such as your caregiver or authorized representative

       your devices

       our security systems (including CCTV)

       third parties that provide access to information you make available, such as social media companies

       companies conducting non-clinical research such as market research companies

       business partners and other third parties that assist us in providing and improving our Products and Services

Why do we process the data?

       to enroll you in our programs and provide you with our Products and Services

       to communicate with you

       to administer our relationship with your organization

       to send you updates

       to identify and authenticate you

       to customize content for you and tailor your experience when using our Products and Services

       to detect security incidents

       to protect against malicious, fraudulent, or illegal activity

       to ensure the appropriate use of our Products and Services

       to improve our Products and Services

       for short-term, transient use

       for administrative purposes

       for marketing

       for internal research and development to evaluate the effectiveness of and improve our Products and Services and to develop new products and services

       for quality assurance and to assist in training and development of our representatives

       to determine and verify program and Products and Services eligibility and coverage

       in connection with adverse event and complaint tracking and reporting

       to procure third party products and services, including to manage and satisfy related third party contractual obligations

       advertising and promotion, including to contact you regarding programs, Products and Services, and topics that may be of interest or useful to you

       to comply with legal and regulatory obligations

What are the Lawful or Legal Bases of Processing?

       for the purposes of our legitimate interests

       in preparation for or to perform a contract with you

       to comply with legal and regulatory obligations and to establish, exercise, or defend our legal claims and rights

       to provide health care or treatment

       for reasons of public health, including ensuring high standards of quality and safety of healthcare, medicinal products, and medical devices

       in circumstances where we have requested and received consent and for other purposes that may be required or allowed by law*

Who receives the data?

       Dexcom, and our Affiliates

       Healthcare Providers

       our customers

       your company / employer

       individuals or entities that you designate as “followers” within our Products and Services

       individuals or entities that you designate or instruct us to share your Personal Data with

       authorized representatives, family members, and caregivers

       third parties whose products or services that you choose to integrate into our Products and Services, including any connected insulin pens or pumps

       third parties whose products or services within which you choose to access or otherwise integrate our Products and Services, or the data generated from our Products and Services, including third party health applications

       third parties who assist with fraud prevention, detection, and mitigation

       third parties who assist with our information technology and security programs and our loss prevention programs

       Dexcom’s lawyers, auditors, and consultants

       partners that assist us in providing or improving our Products and Services or help us improve our marketing or administration**

 


Patients and Users of Medical Products

We may process your Personal Data when you are a patient or user of our Products, including the Stelo Glucose Biosensor System, Dexcom G7® CGM System, Dexcom G6® CGM System, Dexcom G5® CGM System, Dexcom ONE CGM System, Dexcom G6 Pro System, and our mobile apps such as Dexcom Clarity, Dexcom Share, Stelo by Dexcom app, the Dexcom G7 app, the Dexcom G6 app, the Dexcom ONE app, the Dexcom G5 App, and Dexcom Follow, whether provided directly to you or through your Healthcare Provider, including Dexcom Warriors.

Examples of the types of data we process (Personal Data that may be considered sensitive, to the extent associated with a patient or user, is noted with a “^”)

Identity and contact information, such as:

       first and last name or unique pseudonym^

       honorifics and titles, preferred form of address^

       employer / company^

       email address^

       postal address^

       phone number^

       username or code and password^, security answers^, and user preferences^

       contact information for related persons, such as authorized users of your account

Demographic information, such as:

       age^

       gender^

       preferred language^

       marital status^

       disability^

       ethnicity^

       date of birth^

Video, audio, and recorded information, such as:

       still images^

       video (including via CCTV) ^

       recordings of your calls with our customer service representatives^

       voicemails^

       recordings of your interactions with our Online Services, whether through email, SMS/text message, or chat^

       pictures and videos of treatment activities^

Technical information, such as:

       Internet Protocol (IP) addresses (which may identify your general geographic location or company) ^

       browser type and browser language^

       device type^

       date and time you use our Products and Services^

       Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving and after leaving our Products and Services^

       activity and online behavior while on our Products and Services and referring websites or applications, including forms and other information submitted, videos watched, shopping cart contents, your clicks on our site pages, and product descriptions read^

       data collected from cookies or other similar technologies^***

Health information, such as:

       genetic information^

       glucose readings and related date, time, and device identifier related to that reading^

       thresholds entered into our Products and notifications associated with such thresholds^

       identification of pathologies/diseases^

       identification number associated with your Products, including the serial identification numbers associated with any receiver and transmitter provided^

       areas of interest in medical research^

       treatment dates^

       medical history and treatment information^

       patient-reported outcome measures (for example, responses to questionnaires and surveys about your health or treatment)^

       X-rays, magnetic resonance imaging, and medical scans^

       user activity^

       therapy completion and use details^

       communications with your Healthcare Provider, including audio, video, or other recordings from telehealth sessions^

       drug allergies^

       prescriptions and dosing^

       health values taken, such as heart rate and blood pressure^

       adverse event information^

       health insurance information and other information on payment for healthcare services^

       pregnancy status^

       contact information for designated recipients of your health information

       location data^

       pictures and videos of treatment activities^

       patient ID number^

Commercial and financial information, such as:

       Products and Services purchased, obtained, or considered^

       bank account number and details^

       request documentation^

       customer service records^

       financial transaction history^

       financial account number^

       other payment information^

Anonymized / de-identified data:

       Anonymized and/or de-identified data is data for which your individual personal characteristics and information have been removed such that you are not identified or identifiable and the information is no longer considered Personal Data under data protection laws****

Where do we get the data?

       you directly

       Healthcare Providers

       Clinical investigators and/or members of investigator teams

       those authorized to provide Personal Data on your behalf, such as your caregiver or authorized representative

       your devices

       our security systems (including CCTV)

       third parties that provide access to information you make available, such as social media

       companies conducting non-clinical research such as market research companies

       business partners or other third parties that assist us in providing and improving our Products and Services

Why do we process the data?

       to enroll you in our programs and provide you with our Products and Services

       to communicate with you

       to administer our relationship with you

       to send you updates

       to identify and authenticate you

       to detect security incidents

       to protect against malicious or illegal activity

       to ensure the appropriate use of our Products and Services

       to improve our Products and Services

       for short-term, transient use

       for administrative purposes

       for quality assurance

       for marketing

       for internal research and development to evaluate the effectiveness of and improve our Products and Services and to develop new products and services

       to determine and verify program and Products and Services eligibility and coverage

       in connection with adverse event and complaint tracking and reporting

       to procure third party products and services, including to manage and satisfy related third party contractual obligations

       advertising and product promotion, including to contact you regarding programs, Products and Services, and topics that may be of interest or useful

       to comply with legal and regulatory obligations

What are the Lawful or Legal Bases of Processing?

       for the purposes of our legitimate interests

       for medical diagnosis or to provide healthcare or treatment

       to comply with legal and regulatory obligations and to establish, exercise, or defend our legal claims and rights

       in preparation for or to perform a contract with you

       to protect vital interests or in the public interest

       for reasons of public health, including ensuring high standards of quality and safety of healthcare, medicinal products, and medical devices

       for scientific+ or historical research purposes; note: for Clinical Studies, see the Clinical Study Candidates section of this Notice

       in circumstances where we have requested and received consent and for other purposes that may be required or allowed by law*

Who receives the data?

       Dexcom, and our Affiliates

       Healthcare Providers

       individuals or entities that you designate as “followers” within our Products and Services

       individuals or entities that you designate or instruct us to share your Personal Data with

       authorized legal representatives, family members, and caregivers

       third parties whose products or services that you choose to integrate into our Products and Services, including any connected insulin pens or pumps

       third parties whose products or services within which you choose to access or otherwise integrate our Products and Services, or the data generated from our Products and Services, including third party health applications

       third parties who assist with fraud prevention, detection, and mitigation

       third parties who assist with our information technology and security programs and our loss prevention programs

       Dexcom’s lawyers, auditors, and consultants

       third parties with your consent

       partners that assist us in providing or improving our Products and Services or help us improve our administration**

 

Patients Applying to or Enrolled in Patient Support Programs

We may process your Personal Data when you are applying to or enrolled in patient support programs.

Examples of the types of data we process (Personal Data that may be considered sensitive, to the extent associated with a patient or user, is noted with a “^”)

Identity and contact information, such as:

       first and last name or unique pseudonym^

       honorifics and titles, preferred form of address^

       employer / company^

       email address^

       postal address^

       phone number^

       username or code and password^, security answers^, and user preferences^

       contact information for related persons, such as authorized users of your account or designated representatives

Demographic information, such as:

       age^

       gender^

       preferred language^

       marital status^

       disability^

       ethnicity^

       date of birth^

Video, audio, and recorded information, such as:

       still images^

       video (including via CCTV)^

       recordings of your calls with our customer service representatives^

       voicemails^

       recordings of your interactions with our Online Services, whether through email, SMS/text message, or chat^

       pictures and videos of treatment activities^

Technical information, such as:

       Internet Protocol (IP) addresses (which may identify your general geographic location or company) ^

       browser type and browser language^

       device type^

       advertising IDs associated with your device (such as Apple’s Identifier for Advertising (IDFA) or Android’s Advertising ID (AAID)) ^

       date and time you use our Products and Services^

       Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving and after leaving our Products and Services^

       activity and online behavior while on our Products and Services and referring websites or applications, including forms and other information submitted, videos watched, shopping cart contents, your clicks on our site pages, and product descriptions read^

       data collected from cookies or other similar technologies^***

Health information, such as:

       genetic information^

       glucose readings and related date, time, and device identifier related to that reading^

       thresholds entered into our Products and notifications associated with such thresholds^

       identification of pathologies/diseases^

       identification number associated with your Products, including the serial identification numbers associated with any receiver and transmitter provided^

       areas of interest in medical research^

       treatment dates^

       medical history and treatment information^

       patient-reported outcome measures (for example, responses to questionnaires and surveys about your health or treatment)^

       X-rays, magnetic resonance imaging, and medical scans^

       user activity^

       therapy completion and use details^

       communications with your Healthcare Provider, including audio, video, or other recordings from telehealth sessions^

       drug allergies^

       prescriptions and dosing^

       health values taken, such as heart rate and blood pressure^

       adverse event information^

       health insurance information and other information on payment for healthcare services^

       pregnancy status^

       contact information for designated recipients of your health information

       location data^

       pictures and videos of treatment activities^

       patient ID number^

Commercial and financial information, such as:

       Products and Services purchased, obtained, or considered^

       bank account number and details^

       request documentation^

       customer service records^

       financial transaction history^

       financial account number^

       other payment information^

Anonymized / de-identified data:

       Anonymized and/or de-identified data is data for which your individual personal characteristics and information have been removed such that you are not identified or identifiable and the information is no longer considered Personal Data under data protection laws****

Where do we get the data?

       you directly

       Healthcare Providers

       clinical investigators and/or members of investigator teams

       those authorized to provide Personal Data on your behalf, such as your caregiver or authorized representative

       your devices

       our security systems (including CCTV)

       third parties that provide access to information you make available, such as social media companies

       companies conducting non-clinical research such as market research companies

       business partners or other third parties that assist us in providing and improving our Products and Services

Why do we process the data?

       to enroll you in our programs and provide you with our Products and Services

       to communicate with you

       to send you updates

       to identify and authenticate you

       to customize content for you and tailor your experience when using our Products and Services

       to detect security incidents

       to protect against malicious, fraudulent, or illegal activity

       to ensure the appropriate use of our Products and Services

       to improve our Products and Services

       for short-term, transient use

       for administrative purposes

       for marketing

       for internal research and development to evaluate the effectiveness of and improve our Products and Services and to develop new products and services

       for quality assurance and to assist in training and development of our representatives

       to determine and verify program and Products and Services eligibility and coverage

       in connection with adverse event and complaint tracking and reporting

       to procure third party products and services, including to manage and satisfy related third party contractual obligations

       advertising and promotion, including to contact you regarding programs, Products and Services, and topics that may be of interest or useful to you

       to comply with legal and regulatory obligations

What are the Lawful or Legal Bases of Processing?

       for the purposes of our legitimate interests

       for medical diagnosis or to provide healthcare or treatment

       to comply with legal and regulatory obligations and to establish, exercise, or defend our legal claims and rights

       in preparation for or to perform a contract with you

       to protect vital interests or in the public interest

       for reasons of public health, including ensuring high standards of quality and safety of healthcare, medicinal products, and medical devices

       for scientific+ or historical research purposes; note: for Clinical Studies, see the Clinical Study Candidates section of this Notice

       in circumstances where we have requested and received consent and for other purposes that may be required or allowed by law*

Who receives the data?

       Dexcom, and our Affiliates

       Healthcare Providers

       individuals or entities that you designate as “followers” within our Products and Services

       individuals or entities that you designate or instruct us to share your Personal Data with

       authorized legal representatives, family members, and caregivers

       third parties whose products or services that you choose to integrate into our Products and Services, including any connected insulin pens or pumps

       third parties whose products or services within which you choose to access or otherwise integrate our Products and Services, or the data generated from our Products and Services, including third party health applications

       third parties who assist with fraud prevention, detection, and mitigation

       third parties who assist with our information technology and security programs and our loss prevention programs

       Dexcom’s lawyers, auditors, and consultants

       partners that assist us in providing or improving our Products and Services or help us improve our marketing or administration**

 


Business Partners and Their Employees, Agents, and Contractors

We may process your Personal Data if you are a current Dexcom business partner or an employee, agent, or contractor of a Dexcom business partner, including collaboration partners, key opinion leaders, and vendors or suppliers of Dexcom.

Examples of the types of data we process (Personal Data that may be considered sensitive is noted with a “^”)

Identity and contact information, such as:

       first and last name or unique pseudonym

       honorifics and titles, preferred form of address

       employer / company

       email address

       postal address

       phone number

       username or code and password^, security answers^, and user preferences

       customer number

       company ID number such as account number

       National Provider Identifier (NPI)

Demographic information, such as:

       preferred language

       disability^

Technical information, such as:

       Internet Protocol (IP) addresses (which may identify your general geographic location or company)

       browser type and browser language

       device type

       advertising IDs associated with your device (such as Apple’s Identifier for Advertising (IDFA) or Android’s Advertising ID (AAID))

       date and time you use our Products and Services

       Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving and after leaving our Products and Services

       activity and online behavior while on our Products and Services and referring websites or applications, including forms and other information submitted, videos watched, shopping cart contents, your clicks on our site pages, and product descriptions read

       data collected from cookies or other similar technologies***

Commercial and financial information, such as:

       Products and Services purchased, obtained, or considered

       request documentation

       customer service records

       financial transaction history

       financial account number^

       bank account number and details^

       other payment information

       tax identification number^

Professional and educational information, such as:

       job title or position

       your employer, company with which you are associated, or principal

       working location

       National Provider Identifier number

       state medical license number

       work skills

       employment history

       graduate degrees

       certifications

       specialized training

       responses to surveys and questionnaires

       enrolment history for our education and training events

       records of collaborations with Dexcom, such as participation on an advisory board commissioned by Dexcom

       information from references

       background checks^

Anonymized / de-identified data:

       Anonymized and/or de-identified data is data for which your individual personal characteristics and information have been removed such that you are not identified or identifiable and the information is no longer considered Personal Data under data protection laws****

Where do we get the data?

       you directly

       your employer, company with which you are associated, or principal

       your references and third parties that assist us in conducting background checks

       your devices

       our security systems (including CCTV)

       third parties that provide access to information you make available, such as social media companies

       companies conducting non-clinical research such as market research companies

       business partners or other third parties that assist us in providing and improving our Products and Services

       Healthcare Providers

       clinical investigators and/or members of investigator teams

       patients

Why do we process the data?

       to enroll you in our programs and provide you with our Products and Services

       to communicate with you

       to administer our relationship with your organization

       to send you updates

       to identify and authenticate you

       to customize content for you and tailor your experience when using our Products and Services

       to detect security incidents

       to protect against malicious, fraudulent, or illegal activity

       to ensure the appropriate use of our Products and Services

       to improve our Products and Services

       for short-term, transient use

       for administrative purposes

       for marketing

       for internal research and development to evaluate the effectiveness of and improve our Products and Services and to develop new products and services

       for quality assurance and to assist in training and development of our representatives

       in connection with adverse event and complaint tracking and reporting

       to procure third party products and services, including to manage and satisfy related third party contractual obligations

       to comply with legal and regulatory obligations

What are the Lawful or Legal Bases of Processing?

       for the purposes of our legitimate interests

       for medical diagnosis or to provide healthcare or treatment

       to comply with legal and regulatory obligations and to establish, exercise, or defend our legal claims and rights

       in preparation for or to perform a contract with you

       for reasons of public health, including ensuring high standards of quality and safety of healthcare, medicinal products, and medical devices

       for scientific+ or historical research purposes; note: for Clinical Studies, see the Clinical Study Candidates section of this Notice

       in circumstances where we have requested and received consent and for other purposes that may be required or allowed by law*

Who receives the data?

       Dexcom, and our Affiliates

       Healthcare Providers

       our customers

       your company / employer

       your references and third parties that assist us in conducting background checks

       third parties that assist us in conducting background checks

       authorized legal representatives

       third parties who assist with fraud prevention, detection, and mitigation

       third parties who assist with our information technology and security programs and our loss prevention programs

       Dexcom’s lawyers, auditors, and consultants

       partners that assist us in providing or improving our Products and Services or help us improve our marketing or administration**

 

Healthcare Providers

We may process your Personal Data when you are a Healthcare Provider who is a current or prospective Dexcom customer, uses Dexcom Products and Services, or treats patients with Dexcom Products and Services, including use of Dexcom’s online portals.

Examples of the types of data we process (Personal Data that may be considered sensitive is noted with a “^”)

Identity and contact information, such as:

       first and last name or unique pseudonym

       honorifics and titles, preferred form of address

       employer / company

       email address

       postal address

       phone number

       username or code and password^, security answers^, and user preferences

       contact information for related persons, such as authorized users of your account or designated representatives

       customer number

       company ID number such as account number

       National Provider Identifier (NPI)

Demographic information, such as:

       age

       gender

       preferred language

       marital status

       disability^

       date of birth

Video, audio, and recorded information, such as:

       still images

       video (including via CCTV)

       voicemails

       recordings of your interactions with our Online Services, including with our customer service, whether through phone, email, SMS/text message, or chat

Technical information, such as:

       Internet Protocol (IP) addresses (which may identify your general geographic location or company)

       browser type and browser language

       device type

       advertising IDs associated with your device (such as Apple’s Identifier for Advertising (IDFA) or Android’s Advertising ID (AAID))

       date and time you use our Products and Services

       Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving and after leaving our Products and Services

       activity and online behavior while on our Products and Services and referring websites or applications, including forms and other information submitted, videos watched, shopping cart contents, your clicks on our site pages, and product descriptions read

       data collected from cookies or other similar technologies***

Commercial and financial information, such as:

       Products and Services purchased, obtained, or considered

       bank account number and details^

       request documentation

       customer service records

       financial transaction history

       financial account number^

       other payment information

       tax identification number^

Professional and educational information, such as:

       job title or position

       your employer, company with which you are associated, or principal

       working location

       National Provider Identifier (NPI)

       state medical license number

       work skills

       employment history

       graduate degrees

       certifications

       specialized training

       responses to surveys and questionnaires

       enrolment history for our education and training events

       records of collaborations with Dexcom, such as participation on an advisory board commissioned by Dexcom

       information from references

       background checks^

Anonymized / de-identified data:

       Anonymized and/or de-identified data is data for which your individual personal characteristics and information have been removed such that you are not identified or identifiable and the information is no longer considered Personal Data under data protection laws****

Where do we get the data?

       you directly

       Healthcare Providers

       your employer, company with which you are associated, or principal

       your devices

       your references and third parties that assist us in conducting background checks

       our security systems (including CCTV)

       third parties that provide access to information you make available, such as social media companies

       companies conducting non-clinical research such as market research companies

       business partners or other third parties that assist us in providing and improving our Products and Services

       your patients

       clinical investigators and/or members of investigator teams

Why do we process the data?

       to enroll you in our programs and provide you with our Products and Services

       to communicate with you

       to administer our relationship with your organization

       to send you updates

       to identify and authenticate you

       to customize content for you and tailor your experience when using our Products and Services

       to detect security incidents

       to protect against malicious, fraudulent, or illegal activity

       to ensure the appropriate use of our Products and Services

       to improve our Products and Services

       for short-term, transient use

       for administrative purposes

       for marketing

       for internal research and development to evaluate the effectiveness of and improve our Products and Services and to develop new products and services

       for quality assurance and to assist in training and development of our representatives

       in connection with adverse event and complaint tracking and reporting

       to procure third party products and services, including to manage and satisfy related third party contractual obligations

       advertising and promotion, including to contact you regarding programs, Products and Services, and topics that may be of interest or useful to you

       to comply with legal and regulatory obligations

What are the Lawful or Legal Bases of Processing?

       for the purposes of our legitimate interests

       for medical diagnosis or to provide healthcare or treatment

       to comply with legal and regulatory obligations and to establish, exercise, or defend our legal claims and rights

       in preparation for or to perform a contract with you

       to protect vital interests or in the public interest

       for reasons of public health, including ensuring high standards of quality and safety of healthcare, medicinal products, and medical devices

       for scientific+ or historical research purposes; note: for Clinical Studies, see the Clinical Study Candidates section of this Notice

       in circumstances where we have requested and received consent and for other purposes that may be required or allowed by law*

Who receives the data?

       Dexcom, and our Affiliates

       Healthcare Providers

       our customers

       your company / employer

       your patients

       your references and third parties that assist us in conducting background checks

       individuals or entities that you designate or instruct us to share your Personal Data with

       authorized legal representatives, family members, and caregivers of your patients

       third parties who assist with fraud prevention, detection, and mitigation

       third parties who assist with our information technology and security programs and our loss prevention programs

       Dexcom’s lawyers, auditors, and consultants

       partners that assist us in providing or improving our Products and Services or help us improve our marketing or administration**

 

Attendees and Participants at Events

We may process your Personal Data when you attend or participate in professional and educational events or conferences we sponsor or hold.

Examples of the types of data we process (Personal Data that may be considered sensitive is noted with a “^”)

Identity and contact information, such as:

       first and last name or unique pseudonym

       honorifics and titles, preferred form of address

       employer / company

       email address

       postal address

       phone number

       username or code and password^, security answers^, and user preferences

       contact information for related persons, such as authorized users of your account or designated representatives

       customer number

       company ID number such as account number

       National Provider Identifier (NPI)

Demographic information, such as:

       preferred language

       disability^

       date of birth

Video, audio, and recorded information, such as:

       still images

       video (including via CCTV)

Technical information, such as:

       Internet Protocol (IP) addresses (which may identify your general geographic location or company)

       browser type and browser language

       device type

       advertising IDs associated with your device (such as Apple’s Identifier for Advertising (IDFA) or Android’s Advertising ID (AAID))

       date and time you use our Products and Services

       Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving and after leaving our Products and Services

       activity and online behavior while on our Products and Services and referring websites or applications, including forms and other information submitted, videos watched, shopping cart contents, your clicks on our site pages, and product descriptions read

       data collected from cookies or other similar technologies***

Commercial and financial information, such as:

       Products and Services purchased, obtained, or considered

       bank account number and details^

       request documentation

       financial transaction history

       financial account number^

       other payment information

       tax identification number^

Professional and educational information, such as:

 

       job title or position

       your employer, company with which you are associated, or principal

       working location

       National Provider Identifier (NPI)

       state medical license number

       work skills

       employment history

       graduate degrees

       certifications

       specialized training

       responses to surveys and questionnaires

       enrolment history for our education and training events

       records of collaborations with Dexcom, such as participation on an advisory board commissioned by Dexcom

Anonymized / de-identified data:

       Anonymized and/or de-identified data is data for which your individual personal characteristics and information have been removed such that you are not identified or identifiable and the information is no longer considered Personal Data under data protection laws****

Where do we get the data?

       you directly

       Healthcare Providers

       your employer, company with which you are associated, or principal

       those authorized to provide Personal Data on your behalf

       your devices

       our security systems (including CCTV)

       third parties that provide access to information you make available, such as social media companies

       companies conducting non-clinical research such as market research companies

       business partners or other third parties that assist us in providing and improving our Products and Services

Why do we process the data?

       to register you for the event or conference and other attendance-related purposes

       to communicate with you

       to administer our relationship with your organization

       to send you update

       to identify and authenticate you

       to detect security incidents

       to protect against malicious or illegal activity

       for short-term, transient use

       for administrative purposes

       for marketing

       for internal research and development to evaluate the effectiveness of and improve our Products and Services and to develop new products and services

       advertising and promotion, including to contact you regarding programs, Products and Services, and topics that may be of interest or useful to you

       to comply with legal and regulatory obligations

What are the Lawful or Legal Bases of Processing?

       for the purposes of our legitimate interests

       to comply with legal and regulatory obligations and to establish, exercise, or defend our legal claims and rights

       in preparation for or to perform a contract with you

       for scientific+ or historical research purposes

       in circumstances where we have requested and received consent and for other purposes that may be required or allowed by law*

Who receives the data?

       Dexcom, and our Affiliates

       Healthcare Providers

       your company / employer

       other third parties attending the Events

       individuals or entities that you designate or instruct us to share your Personal Data with

       third parties who assist with fraud prevention, detection, and mitigation

       third parties who assist with our information technology and security programs and our loss prevention programs

       Dexcom’s lawyers, auditors, and consultants

       partners that assist us in providing or improving our Events, Products, and Services or help us improve our marketing or administration**

 

Clinical Investigators and Members of Investigator Teams

We may process your Personal Data if you are an existing or prospective clinical investigator or a member of an investigation team for a clinical study that Dexcom sponsors.

Examples of the types of data we process (Personal Data that may be considered sensitive is noted with a “^”)

Identity and contact information, such as:

       first and last name or unique pseudonym

       honorifics and titles, preferred form of address

       employer / company

       email address

       postal address

       phone number

       username or code and password^, security answers^, and user preferences

       contact information for related persons, such as authorized users of your account or designated representatives

       customer number

       company ID number such as account number

       National Provider Identifier (NPI)

Demographic information, such as:

       age

       gender

       preferred language

       disability^

       date of birth

Video, audio, and recorded information, such as:

       still images

       video (including via CCTV)

       voicemails

       recordings of your interactions with our Online Services, including with our customer service, whether through phone, email, SMS/text message, or chat

       pictures and videos of treatment activities^

Technical information, such as:

       Internet Protocol (IP) addresses (which may identify your general geographic location or company)

       browser type and browser language

       device type

       date and time you use our Products and Services

       Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving and after leaving our Products and Services

       activity and online behavior while on our Products and Services and referring websites or applications, including forms and other information submitted, videos watched, shopping cart contents, your clicks on our site pages, and product descriptions read

       data collected from cookies or other similar technologies***

Commercial and financial information, such as:

       bank account number and details^

       customer service records

       financial transaction history

       financial account number^

       other payment information

Professional and educational information, such as:

       job title or position

       your employer, company with which you are associated, or principal

       working location

       National Provider Identifier (NPI)

       state medical license number

       work skills

       employment history

       graduate degrees

       certifications

       specialized training

       responses to surveys and questionnaires

       enrolment history for our education and training events

       records of collaborations with Dexcom, such as participation on an advisory board commissioned by Dexcom

       information from references

       background checks^

Anonymized / de-identified data:

       Anonymized and/or de-identified data is data for which your individual personal characteristics and information have been removed such that you are not identified or identifiable and the information is no longer considered Personal Data under data protection laws****

Where do we get the data?

       you directly

       Healthcare Providers

       your employer, company with which you are associated, or principal

       those authorized to provide Personal Data on your behalf

       your references and third parties that assist us in conducting background checks

       our security systems (including CCTV)

       third parties that provide access to information you make available, such as social media companies

       companies conducting non-clinical research such as market research companies

       business partners or other third parties that assist us in providing and improving our Products and Services

       patients

       other clinical investigators and/or members of investigator teams

Why do we process the data?

       to determine your suitability to the role

       to assist us with running the clinical trial

       to communicate with you

       to administer our relationship with your organization

       to send you updates

       to identify and authenticate you

       to customize content for you and tailor your experience when using our Products and Services

       to detect security incidents

       to protect against malicious, fraudulent, or illegal activity

       to ensure the appropriate use of our Products and Services

       to improve our Products and Services

       for short-term, transient use

       for administrative purposes

       for marketing

       for internal research and development to evaluate the effectiveness of and improve our Products and Services and to develop new products and services

       for quality assurance and to assist in training and development of our representatives

       in connection with adverse event and complaint tracking and reporting

       to procure third party products and services, including to manage and satisfy related third party contractual obligations

       to comply with legal and regulatory obligations

What are the Lawful or Legal Bases of Processing?

       for the purposes of our legitimate interests

       for medical diagnosis or to provide healthcare or treatment

       to comply with legal and regulatory obligations and to establish, exercise, or defend our legal claims and rights

       in preparation for or to perform a contract with you

       to protect vital interests or in the public interest

       for reasons of public health, including ensuring high standards of quality and safety of healthcare, medicinal products, and medical devices

       for scientific+ or historical research purposes

       in circumstances where we have requested and received consent and for other purposes that may be required or allowed by law*

Who receives the data?

       Dexcom, and our Affiliates

       Healthcare Providers

       other clinical investigators and/or members of investigator teams

       your company / employer

       your references and third parties that assist us in hiring and conducting background checks

       individuals or entities that you designate or instruct us to share your Personal Data with

       third parties who assist with fraud prevention, detection, and mitigation

       third parties who assist with our information technology and security programs and our loss prevention programs

       Dexcom’s lawyers, auditors, and consultants

       Patients and their authorized legal representatives, family members, and caregivers

       third parties that assist us in choosing clinical trial investigators

       partners that assist us in providing or improving our Products and Services or help us improve our marketing or administration**

 

Clinical Study Candidates

We may process your Personal Data to determine whether you qualify for or would be interested in participating in a clinical trial and when you have been identified as a potential candidate for clinical studies sponsored by us.

If you are a participant in a clinical study or clinical trial, you should receive a separate privacy notice regarding the Personal Data we process for those purposes. That privacy notice—and not this Notice—governs our processing of such Personal Data once you are chosen for and participating in a trial.

Examples of the types of data we process (Personal Data that may be considered sensitive is noted with a “^”)

Identity and contact information, such as:

       first and last name or unique pseudonym

       honorifics and titles, preferred form of address

       employer / company

       email address

       postal address

       phone number

       username or code and password^, security answers^, and user preferences

       contact information for related persons, such as authorized users of your account or designated representatives

Demographic information, such as:

       age

       gender

       preferred language

       marital status

       disability^

       ethnicity^

       date of birth

Video, audio, and recorded information, such as:

       still images

       video (including via CCTV)

       voicemails

       recordings of your interactions with our Online Services, including with our customer service, whether through phone, email, SMS/text message, or chat

Technical information, such as:

       Internet Protocol (IP) addresses (which may identify your general geographic location or company)

       browser type and browser language

       device type

       date and time you use our Products and Services

       Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving and after leaving our Products and Services

       activity and online behavior while on our Products and Services and referring websites or applications, including forms and other information submitted, videos watched, your clicks on our site pages, and product descriptions read

       data collected from cookies or other similar technologies***

Health information, such as:

       identification of pathologies/diseases^

       areas of interest in medical research^

       medical history and treatment information^

       drug allergies^

       health values taken, such as heart rate and blood pressure^

       pregnancy status^

       location data^

Commercial and financial information, such as:

       Products and Services purchased, obtained, or considered

       bank account number and details^

       request documentation

       customer service records

       financial transaction history

       financial account number^

       other payment information

Anonymized / de-identified data:

       Anonymized and/or de-identified data is data for which your individual personal characteristics and information have been removed such that you are not identified or identifiable and the information is no longer considered Personal Data under data protection laws****

Where do we get the data?

       you directly

       Healthcare Providers

       those authorized to provide Personal Data on your behalf, such as your caregiver or authorized representative

       your devices

       our security systems (including CCTV)

       third parties that provide access to information you make available, such as social media companies

       companies conducting non-clinical research such as market research companies

       business partners or other third parties that assist us in providing and improving our Products and Services

       clinical investigators and/or members of investigator teams

Why do we process the data?

       to determine your suitability and eligibility for participating in a clinical trial and to determine your interest in participating in a clinical trial

       to communicate with you

       to administer our relationship with you

       to send you updates

       to identify and authenticate you

       to customize content for you and tailor your experience when using our Products and Services

       to detect security incidents

       to protect against malicious, fraudulent, or illegal activity

       to ensure the appropriate use of our Products and Services

       to improve our Products and Services

       for short-term, transient use

       for administrative purposes

       for marketing

       for internal research and development to evaluate the effectiveness of and improve our Products and Services and to develop new products and services

       for quality assurance and to assist in training and development of our representatives

       in connection with adverse event and complaint tracking and reporting

       advertising and product promotion, including to contact you regarding programs, Products and Services, and topics that may be of interest or useful

       to comply with legal and regulatory obligations

What are the Lawful or Legal Bases of Processing?

       for the purposes of our legitimate interests

       to comply with legal and regulatory obligations and to establish, exercise, or defend our legal claims and rights

       in preparation for or to perform a contract with you

       to protect vital interests or in the public interest

       for reasons of public health, including ensuring high standards of quality and safety of healthcare, medicinal products, and medical devices

       for scientific+ or historical research purposes

       in circumstances where we have requested and received consent and for other purposes that may be required or allowed by law*

Who receives the data?

       Dexcom, and our Affiliates

       Healthcare Providers

       clinical investigators and/or members of investigator teams

       individuals or entities that you designate or instruct us to share your Personal Data with

       authorized legal representatives, family members, and caregivers

       third parties who assist with fraud prevention, detection, and mitigation

       third parties who assist with our information technology and security programs and our loss prevention programs

       Dexcom’s lawyers, auditors, and consultants

       partners that assist us in providing or improving our Products and Services or help us improve our marketing or administration**

 

Employment and Apprenticeship Candidates

We may process your Personal Data when you apply or are a candidate for employment or apprenticeship at Dexcom.

Examples of the types of data we process (Personal Data that may be considered sensitive is noted with a “^”)

Identity and contact information, such as:

       first and last name or unique pseudonym

       honorifics and titles, preferred form of address

       employer / company

       email address

       postal address

       phone number

       username or code and password^, security answers^, and user preferences

       contact information for related persons, such as authorized users of your account or designated representatives

       customer number

       company ID number such as account number

       National Provider Identifier (NPI)

Demographic information, such as:

       age

       gender

       preferred language

       disability^

       date of birth

Technical information, such as:

       Internet Protocol (IP) addresses (which may identify your general geographic location or company)

       browser type and browser language

       device type

       advertising IDs associated with your device (such as Apple’s Identifier for Advertising (IDFA) or Android’s Advertising ID (AAID))

       date and time you use our Products and Services

       Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving and after leaving our Products and Services

       activity and online behavior while on our Products and Services and referring websites or applications, including forms and other information submitted, videos watched, shopping cart contents, your clicks on our site pages, and product descriptions read

       data collected from cookies or other similar technologies***

Professional and educational information, such as:

       job title or position

       your employer, company with which you are associated, or principal

       working location

       National Provider Identifier (NPI)

       state medical license number

       work skills

       employment history

       graduate degrees

       certifications

       specialized training

       responses to surveys and questionnaires

       information from references

       background checks^

Anonymized / de-identified data:

       Anonymized and/or de-identified data is data for which your individual personal characteristics and information have been removed such that you are not identified or identifiable and the information is no longer considered Personal Data under data protection laws****

Where do we get the data?

       you directly

       your employer, company with which you are associated, or principal

       your references and third parties that assist us in conducting background checks

       those authorized to provide Personal Data on your behalf

       your devices

       our security systems (including CCTV)

       third parties that provide access to information you make available, such as social media companies

       companies conducting non-clinical research such as market research companies

       business partners or other third parties that assist us in providing and improving our Products and Services and in hiring employees and contractors

Why do we process the data?

       to communicate with you

       to administer our relationship

       to send you updates, including with respect to updates on new employment opportunities

       to identify and authenticate you

       to detect security incidents

       to protect against malicious or illegal activity

       for short-term, transient use

       for administrative purposes

       for marketing

       for internal research and development to evaluate the effectiveness of and improve our Products and Services and to develop new products and services

       to procure third party products and services, including to manage and satisfy related third party contractual obligations

       advertising and promotion, including to contact you regarding programs, Products and Services, and topics that may be of interest or useful to you

       to comply with legal and regulatory obligations

What are the Lawful or Legal Bases of Processing?

       for the purposes of our legitimate interests

       to comply with legal and regulatory obligations and to establish, exercise, or defend our legal claims and rights

       in preparation for or to perform a contract with you

       in circumstances where we have requested and received consent and for other purposes that may be required or allowed by law*

Who receives the data?

       Dexcom, and our Affiliates

       your references

       individuals or entities that you designate or instruct us to share your Personal Data with

       third parties who assist with fraud prevention, detection, and mitigation

       third parties who assist with our information technology and security programs and our loss prevention programs

       third parties that assist us in hiring and conducting background checks

       Dexcom’s lawyers, auditors, and consultants

       partners that assist us in providing or improving our Products and Services or help us improve our marketing or administration**

 


Children

Dexcom may process Personal Data of minors who are users of a Dexcom Product. In those instances, Dexcom seeks consent from the minor’s parents or legal guardians to process their Personal Data. Dexcom does not knowingly collect, maintain, disclose, or otherwise process Personal Data from minors below the age of 18 in other circumstances, including through Online Services or Interactions. The below relates solely to the use of Personal Data of children who are users of a Dexcom Product and whose parents or legal guardians have given consent. Where a minor reaches the age of legal capacity, they may contact us at [email protected] to rectify any account changes, modify or withdraw applicable consents, or remove any legal guardians associated with their account.

Examples of the types of data we process (Personal Data that may be considered sensitive is noted with a “^”)

Identity and contact information, such as:

       first and last name or unique pseudonym

       honorifics and titles, preferred form of address

       email address

       postal address

       phone number

       username or code and password^, security answers^, and user preferences

       contact information for related persons, such as authorized users of your account

Demographic information, such as:

       age

       gender

       preferred language

       disability^

       ethnicity^

       date of birth

Video, audio, and recorded information, such as:

       still images

       video (including via CCTV)

       recordings of your calls with our customer service representatives

       voicemails

       recordings of your interactions with our Online Services, whether through email, SMS/text message, or chat

       pictures and videos of treatment activities^

<