Health Data Privacy Policy Supplement

This supplement to our U.S. Privacy Policy (the “U.S. Privacy Policy”) applies to personal health information that we collect about (1) residents of the States of Nevada or Washington and (2) other individuals, to the extent we collect the information in either Nevada or Washington State. In this supplement, we refer to such individuals as “consumers,” consistent with the definitions of “consumer” in the Nevada and Washington State privacy laws governing such individuals’ personal health data.

“Consumer health data” for purposes of this supplement means information that is linked to, or reasonably linkable to, a consumer (as defined above) and that identifies the consumer's past, present, or future physical or mental health status.

This supplement does not apply to any other personal information we collect.

We may update this supplement and provide notice of such updates in the same manner as described in the “Changes to Our Privacy Policy” section of the U.S. Privacy Policy.

Collection of Consumer Health Data

We may collect the following categories of consumer health data:

  • Individual health conditions, treatment, diseases, or diagnosis.
  • Social, psychological, behavioral, and medical interventions.
  • Health-related surgeries or procedures.
  • Use or purchase of prescribed medication.
  • Bodily functions, vital signs, symptoms, or measurements of the information described in this subsection.
  • Diagnoses or diagnostic testing, treatment, or medication.
  • Reproductive or sexual health information.
  • Genetic data.
  • Data that identifies a consumer seeking health care services.
  • Information derived or extrapolated from non-health information that may enable us, or one of our processors, to associate or identify a consumer with any of the types of health data described above.

Sources of Consumer Health Data

We collect consumer health data from the sources described in the “Collection of Personal Information” section of the U.S. Privacy Policy.

Uses of Consumer Health Data

We use consumer health data for the purposes described in the “Purposes of Processing and Use” section of our U.S. Privacy Policy. Absent your consent, we will collect and use your consumer health data only as necessary to provide products or services that you request from us.

Sharing of Consumer Health Data

We may share any of the types of consumer health data that we collect (as described above) with the persons or entities described as potential recipients of personal information in the “Disclosures of Personal Information” section of the U.S. Privacy Policy. However, absent your consent, we will not share your consumer health data with any third party other than as necessary to provide you with products or services that you request from us.

Exercising your rights

Subject to certain legal limitations and exceptions, you have the following rights with respect to any consumer health data we may collect about you:

  • The right to confirm whether we are collecting, sharing, or selling your consumer health data and to access such data, including a list of all third parties and affiliates with whom we have shared or sold the consumer health data and an active email address or other online mechanism that you may use to contact these third parties;
  • The right to withdraw any consent you have provided for us to collect and/or share your consumer health data; and
  • The right to have your consumer health data deleted.

If you would like to exercise your rights as described above, please submit a consumer request to us by completing the form located here or, if you prefer, you may submit your request by calling us at 1-833-746-2910 (toll-free).

You may make a request on your own behalf, and if you are the parent or guardian of a minor child, you also may make a request related to your child’s consumer health data. If you wish to designate an authorized agent to make a request on your behalf, please provide us with a signed declaration stating that your intent is to permit that individual to act on your behalf and include such individual’s full name, address, email address, and phone number. That way we will be sure you have fully authorized us to act in accordance with the requests of that individual.

As indicated above, in order to protect your consumer health data from unauthorized disclosure or deletion at the request of someone other than you or your legal representative, we require identification verification before granting any request to access, withdraw consent, or delete your consumer health data. We take special precautions to help ensure this. We cannot respond to your request or provide you with consumer health data if we cannot verify your identity or authority to make the request and confirm that the consumer health data relates to you. We will only use consumer health data collected in connection with a verifiable consumer request to verify the requestor's identity or authority to make the request.

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 45 additional days), we will inform you of the reason and extension period in writing. If your request is denied, you may appeal that decision by contacting our privacy support team at esi_privacyandrequests@eisai.com.