Privacy Notices

Find here a list of AstraZeneca companies, including their business contact information, such as their email address, mailing address, and telephone number(s), as applicable. 

• From you directly, such as when you:
  • use our websites, attend a virtual event or webcast, or complete an online survey;
  • attend one of our live meetings, such as advisory boards, congresses, or conferences;
  • create or maintain an account on one of our websites, platforms, applications, or systems;
  • register to receive promotional materials from us;
  • share adverse events or medical information enquiries with us (in the event you report an adverse event related to an AstraZeneca product, please review the adverse event reporting notice for your relevant country, to get further information on how we process your personal data in that context);
  • write to us or contact us with questions or comments;
• Automatically from your device when you use one of our platforms, websites, applications, or systems, or when you open an email from us for which we collect email open rate metrics;
• From other sources (where permitted by and in accordance with applicable law) including:
  • public sources such as official registers, hospital websites, healthcare provider directories and social media;
  • joint marketing partners or partners in joint scientific projects;
  • third parties providing services to the healthcare sector, including third-party providers of demographic data and directories;
  • patient organizations;
  • career social networking sites; and
  • social media platforms when you publicly share opinions about AstraZeneca or mention an AstraZeneca product in a comment.  

The table below lists the purposes for which we may collect and use your personal data, the categories of personal data we may collect and use, and, for those jurisdictions that require a “legal basis”, the legal basis we rely on.  

Regarding legal basis, some countries do not allow us to rely on legitimate interest to use your personal data, in which case we may rely on another legal basis such as your consent. We will ask for your consent to collect and use your personal data where required by and in accordance with applicable law. We do not typically collect or process personal data from healthcare professionals that is considered sensitive under applicable privacy and data protection laws. If we do so, or if you provide such information to us voluntarily, we will handle such information to fulfill the limited purpose(s) for which it was collected or provided in accordance with applicable laws.  

We may use artificial intelligence when processing your personal data. When artificial intelligence is used, we adhere to applicable laws, including obtaining and your consent to use artificial intelligence where required by applicable law. 

You are free to choose not to provide us with your personal data when we ask for it. However, if you choose not to provide us with your personal data, it may limit or prevent us from assisting you, responding to your request(s), providing you with the services you have requested, or entering into a collaboration with you, among other things. 

 
We may process your personal data for other purposes not listed above where such processing is at your direction or with your consent. 

• Other AstraZeneca group companies, including our affiliates and subsidiaries. You can find a list of AstraZeneca companies here.
• Service providers, such as:
  • IT providers for the purposes of system management and maintenance, system security and improvement, development, testing, technical support, and data hosting.
  • Web analytics service providers using cookies to analyze patterns and information about your use of our websites, as further explained in the cookie notice (and/or cookie consent interface) on the AstraZeneca website you are visiting. Some of our websites may use Google Analytics, provided by Google, Inc. (“Google”). More information on Google Analytics. You may choose to opt-out of having your data used by Google Analytics. 
  • Event agencies that help us organize conferences and other events, for example, send out invitations, prepare participant lists, and select speakers.
  • Market research companies to include you in our surveys or other scientific opportunities to obtain insights about your experience with our products or services.
  • Marketing consultants that help us send you materials about our products by mail, email, or other channels.
  • Advertising companies to serve you ads online.
• Healthcare service providers and other pharmaceutical companies who partner with us to conduct research into diseases and develop products to treat them, including participation in scientific events, clinical studies, and advisory bodies.
• Auditors and consultants to verify our compliance with internal and external requirements.
• Statutory bodies, law enforcement agencies, legal advisors and litigants.
• A successor or business partner to AstraZeneca or to an AstraZeneca group company in the event that it sells, divests or sets up a collaboration or joint venture for all or part of its business, or in the context of some other type of corporate transaction.
• Other third parties providing services on our behalf.
• To other third parties at your direction or with your consent.  

The entities with whom we share personal data may be located in different jurisdictions globally. When we transfer your personal data across borders, we do so in compliance with applicable privacy and data protection laws. 

Where required by law, we rely on contracts to ensure that the entity receiving your personal data complies with applicable data protection laws. Such contractual arrangements include, for example, AstraZeneca's Binding Corporate Rules and Standard Contract Clauses, or equivalent instruments approved by a competent supervisory authority. You can request information and a copy of the Standard Contract Clauses used by AstraZeneca by contacting us at [email protected]. 

Where required by applicable privacy and data protection laws, we will ask for your consent before transferring your personal data to another jurisdiction. 

Law enforcement, regulatory and security authorities or courts in the jurisdictions to which we transfer your personal data may have a right to access your personal data in accordance with applicable laws. 

We have implemented a variety of privacy and security policies, measures, and technologies to help protect your personal data from a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. In particular, AstraZeneca has implemented physical security controls and developed and implemented robust data transmission and storage systems designed to ensure an appropriate level of security and protection of personal data.  

We have a dedicated process for carefully selecting the service providers and partners we work with, which includes verifying that they have appropriate technical and organizational security measures in place to protect your personal data. We also confirm that these service providers and partners are able to comply with the obligations they have undertaken in the data processing and sharing agreements we sign with them. 

If you suspect or believe that your interactions with us are no longer secure, please contact us as soon as possible. See the “contact us” section below. 

You may have the following rights in relation to your personal data: 

• Right to obtain information on how we use your personal data, including the purposes for which we use it, with whom we share it, how long we retain it, and so forth;
• Right to access to the personal data we hold about you, including receive a copy of your personal data;
• Right to have us correct any inaccuracies in the personal data we hold about you (for example, because it is incomplete or out of date);
• Right to have us delete (erase) your personal data;
• Right to have us transmit the personal data you have provided to us about yourself to a third party;
• Right to object to our use of your personal data (for example, for direct marketing);
• Right to receive meaningful information about the logic involved in any automated decisions we take about you, and the right to be informed of the significance and the envisaged consequences of that decision;
• Right to withdraw any consent you may have given to the collection or use of your personal data; and
• Any other right recognized by applicable data protection law.  

If you want to exercise these rights, please use AstraZeneca’s dedicated online platform. When doing so, please note the following: 

• We may ask you to provide proof that you are who you say you are if we have any doubts about your identity. For example, we may ask you to verify certain data we have about you or, in some cases, to show us your ID.
• If you are making the request on behalf of someone else, we may ask you to provide proof that you have been authorized by that other person to make the request on their behalf.
• We will delete any proof of your identity as soon as we are satisfied that you are who you say you are, or that you are in fact representing someone else. 

In addition to the above rights, you may also have the right to complain to your local data protection authority, depending on the applicable law. 

You can also contact our Data Protection officer at [email protected] or by mail at: Global Data Protection Officer, AstraZeneca 1 Francis Crick Avenue, Cambridge Biomedical Campus, Cambridge, CB2 0AA, United Kingdom. 

If you want to exercise your rights, please use our dedicated online platform. 

This US Supplemental Privacy Notice (“Supplemental Notice”) applies to personal information collected by AstraZeneca and AstraZeneca group companies (“we,” “us,” “our”) about individuals residing in certain jurisdictions in the United States and describes our practices regarding the collection, use, and disclosure of such personal information. Specifically, this Supplemental Notice applies to consumers and healthcare professionals residing in California whose personal information is processed by AstraZeneca, as well as consumers in other states across the U.S., to the extent such states have comprehensive privacy laws that apply to AstraZeneca’s processing of their personal information. We also provide a “Consumer Health Data Privacy Notice” addressed to consumers in Nevada, Washington, and other states with similar laws.  
This Supplemental Notice should be read in conjunction with any underlying privacy notices that link to or refer to this Supplemental Notice, and such other privacy notices provide further details about the processing of your personal information.  
 

II. What personal information do we collect and how do we use it? 

SOURCES OF PERSONAL INFORMATION 

We and our third parties collect personal information in a variety of ways, including from the following sources (as applicable): 

• Directly from you
• From other sources, such as:
  • Joint marketing partners
  • Public databases
  • Data brokers
  • Providers of demographic data
  • Publications
  • Professional organizations
  • Social media platforms
  • Caregivers
  • Third parties when they share the information with us
  • Healthcare providers & insurance companies
  • Third parties who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services
  • Third parties who facilitate, process, and complete transactions for us, such as resellers, sales agents, and program partners
  • Consumer reporting agencies and other third parties who verify the information you provide
  • Third parties who provide website and online security services, fraud prevention, dedication, and mitigation services, or help us maintain our data
• Automatically, such as through cookies or other technologies that provide us with information about your use of our online services
• Any other sources we inform you of in the underlying privacy notice(s) 

CATEGORIES OF PERSONAL INFORMATION 

Depending on the nature of our interactions with you in the prior 12 months, we or our third parties may have collected and processed the following categories of personal information, about you:  

• Identifiers and contact information such as name, alias, online identifiers, account name, address, company-generated identification number, insurance policy number, email, mailing address, and phone number
• Mental and physical health information or conditions, including for purposes of considering your eligibility to participate in one or more of our clinical trials
• Audio or visual information, such as video recordings
• Financial information, such as to determine eligibility for patient assistance programs
• Demographic information, such as age, date of birth, race and gender
• Internet or other electronic network activity information, such as IP address, geographic location, browser type, device type, operating system, dates and times you access our services, browsing history, and other information about your interactions with our online services, or advertisements
• Inferences, such as notes drawn from any of the personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics
• Any other personal information we inform you of in the underlying privacy notice(s) 

We may process personal information that is considered "sensitive" under applicable law. Such personal information is processed for the purposes described below and may be subject to your consent where required by applicable law.      

PURPOSES FOR PROCESSING PERSONAL INFORMATION 

We may use any of the above categories of data to: 

• Operate, manage, promote and maintain our business
• Provide, develop, improve, repair, and maintain our products and services
• Otherwise accomplish our business purposes and objectives
• Any other purposes we inform you of in the relevant privacy notice(s)
• Comply with law, legal processes, and internal policies
• Maintain records
• Exercise and defend legal claims
• Detect and prevent fraud 

Additionally, we process personal information, including sensitive personal information, for the following business and commercial purposes, as applicable, and may use any of the types of personal information described above as indicated below: 

III. With whom do we share your personal data? 

We may share or grant access to personal information to the extent needed to fulfill the purposes described above and require entities that receive personal information processed on our behalf to protect the confidentiality and security of such information. 

We may disclose your personal information for the abovementioned business purposes with the following categories of third parties: 

• Third parties and Business Partners. Third parties and business partners may receive the information we collect directly from you, other people and organizations, public sources, and automatically. We may disclose your personal information to third parties who work on our behalf to provide certain services, for example, entities that provide us with research services, data storage, data analysis and processing, distribution, patient support, IT and data security, and legal services. We also may disclose your data to our business partners, for example, researchers with whom we collaborate, companies with whom we co-develop a therapy, companies with whom we co-promote a product or third-party companies managing our in-countries operations, and so forth.
• Affiliates and Subsidiaries. Our affiliates and subsidiaries may receive the information we collect directly from you, other people and organizations, public sources, and automatically for business purposes. We may disclose your personal information to, for example, current and future companies within the AstraZeneca group of companies so we can improve our offerings and share relevant information with you.
• Corporate Transactions. We may disclose all the information we collect in connection with a business transfer or sale, for example, as part of a sale, assignment, or transfer of an AZ business or asset, acquisition of or merger with another entity, or other types of corporate transactions.
• Government Requests and to Comply with the Law. We also may disclose any of the information we collect in response to requests from government or law enforcement agencies, or where required or permitted by applicable laws, court orders, or government regulations, for example, in response to a subpoena or regulatory inquiry.
• Defend Legal Rights and Interests. We may disclose all the information we collect to protect rights and interests, for example, when needed for corporate audits, to investigate or respond to a complaint or threat, or to exercise our legal rights. 

We may disclose any of the personal information we collect for other purposes we inform you of in the underlying privacy notice(s) or with your consent. 

SALES AND SHARING OF PERSONAL INFORMATION 

Certain state privacy laws define “sale” broadly as disclosing or making available personal information to a third party in exchange for “monetary or other valuable consideration,” and “sharing” as “disclosing or making available personal information to a third party for purposes of cross-context behavioral advertising” (or similar definitions for “targeted advertising” under such laws). While we do not disclose personal information to third parties in exchange for monetary consideration, our activities may involve sharing or enabling access to certain categories of personal information by third parties which may meet the definition of “sale,” “share,” or “targeted advertising” under such state privacy laws. Examples of this may include but is not limited to our use of ad companies, analytics providers, and social networks (through third party tags on our sites) to improve and measure our ad campaigns and reach users with more relevant ads and content. 
Where that is the case, the categories of personal information that we may have “sold” or “shared” in the prior twelve (12) months include: 

• Identifiers
• Internet or other electronic network activity information
• Geolocation information
• Inferences 

Further, the categories of third parties to whom we have disclosed such information include: 

• Data analytics providers
• Advertising networks
• Marketing partners
• Social media networks 

Subject to applicable law, you have the right to opt out of such “sharing” as described under the section   “What are your data protection rights” below. 
We do not knowingly share or sell the personal information of individuals under 16 years of age or share such information for purposes of targeted advertising. 
Disclosure About Direct Marketing for California Residents. California Civil Code § 1798.83 permits California residents to annually request certain information regarding our disclosure of personal information to other entities for their direct marketing purposes in the preceding calendar year. We do not distribute your personal information to other entities for their own direct marketing purposes. 

IV. How long do we keep your personal information? 

We retain your personal information for as long as necessary to fulfill the purpose(s) for which it was collected, as well as to meet Company and legal requirements on processing personal information.  

V. What are your data protection rights? 

Residents of certain states in the U.S. have rights with respect to their personal information, which vary by state. Accordingly, you may be entitled under applicable law (and subject to applicable limitations and exemptions) to request: 

• Access to the personal information we have about you and related information about our processing of such information (including in relation to third parties), and to receive or send such information in a portable format
• Deletion of your personal information
• Correction of personal information that is inaccurate, incomplete, or not up to date
• Opt-out of the “sale,” “share,” or processing of your personal information for targeted advertising (including by clicking the link called “Your Privacy Choices” on any AZ US website) or utilizing the global privacy control feature available on certain browsers. Right to Opt-Out for the Purposes of Profiling: you may have the right to opt-out of processing of personal information for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects. 

You may exercise the privacy rights applicable to you under state law (if any) by submitting a request to AstraZeneca at www.astrazenecapersonaldataretention.com or by calling us at 1-800-236-9933. In some instances, we may decline your request if an exception applies under applicable law. We will respond to your request consistent with any timeframes stipulated by applicable law. 
 
Verification of Request: To make your request, you must provide us with your first and last name, email address, city and state of residence, and which of the right(s) you are intending to exercise. We will verify your request by comparing the information that you provide as part of your request with the information (if any) that we have about you in identifiable form. 

Appeals: To appeal our decision on your data subject requests, you may contact us at [email protected]. Please enclose a copy of, or otherwise specifically reference, the decision you want to appeal. We will respond to your appeal in accordance with applicable law. 

Non-Discrimination: We will not discriminate against you for exercising your data subject rights, although some of the functionality and features available on our services may change or no longer be available to you. 

Use of an Authorized Agent: You may designate an authorized agent to make a request on your behalf by drafting, signing, and authenticating a letter that makes clear (i) the identity of your agent and (ii) the purposes for which you are appointing the agent. If you are an authorized agent, for certain types of rights requests you must provide us with the information described above about the consumer on whose behalf you are acting as an agent, as well as your own first and last name and email address, and a letter that has been signed and notarized by the consumer appointing you as an agent. We may require that you verify your identity to us or confirm with us that you provided your agent with permission to submit the request.  

VI. What are cookies and how are they used?  

There are different types of cookies and related technologies, and some can collect your personal information, some of which may be considered sensitive personal information, such as health data. We may use cookies to personalize our AstraZeneca Sites (“Sites” or “Site), improve their performance and support our marketing efforts.  Cookies are small files that many websites and other online services use to store information about users on the users’ own devices or computers. We use cookies to provide useful features to our users. For more information about cookies, you may visit https://www.allaboutcookies.org. See the section below regarding Your Privacy, Targeted Advertising, and Opt-out Choices to learn more about how you may limit or disable cookies on your computer. If you choose to disable cookies, that could affect your ability to use certain features of the Sites that use cookies to enhance their functionality. 

Web beacons are small files that link web pages to particular web servers and their cookies, and they may be used for a variety of purposes, such as counting the number of visitors to the Sites, analyzing how users navigate around the Sites, assessing how many emails that we send are actually opened and which articles or links are viewed by visitors. 
AstraZeneca websites may use cookies and other related technologies as described in the categories below. 

• Site Delivery Cookies 

These cookies are always active and enable website operations, such as page navigation and access to secure areas of the website, and some allow us to deliver website services, such as count visits and traffic sources so we can measure and improve the performance of our sites.  

Some of these cookies are set in response to the setting of privacy preferences or the completion of forms. Through your browser, you may decline certain cookies, but necessary site functionality may cease to work. 

• Functional Cookies 

These cookies enable the website to provide enhanced functionality, aid site personalisation, maintain user-selected options and site navigation aids. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.  

• Performance and Operational Cookies 

These cookies allow us to count visits and traffic sources, perform customer surveys and other web analytics, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. The information these cookies collect is aggregated and, in some instances, limited identifiable data may be collected.  

• Marketing and Targeted Advertising Cookies 

These cookies are used to track our visitors’ browsing habits and activity across our websites. They can be used to build up a profile of search and/or browsing history for every visitor. Identifiable or unique data may be collected which enables us to show you relevant/personalized marketing content. We do not store directly personal information, but information that uniquely identify your browser and internet device and use this to display targeted advertising and/or share this data with third parties for the same purpose. If you do not allow these cookies, you will experience less personalized marketing content and targeted advertising.  

Where cookies provide deidentified or aggregate information, AZ will not attempt to reidentify the information.  

Finally, companies that provide certain third-party apps, tools, widgets, and plug-ins that may appear on the Sites (for example, Facebook “Like” or “Share” buttons), also may use automated means to collect information regarding your interactions with these features. This information collection is subject to the privacy policies or notices of those third parties. 

Your Privacy, Targeted Advertising, and Opt-Out Choices 

• Blocking cookies. Certain browsers may be configured to notify you when you receive cookies or allow you to restrict or disable certain cookies. If you wish to prevent cookies from tracking your activity on our website or visits across multiple websites, you can set your browser to block certain cookies or notify you when a cookie is set. The Help portion of the toolbar on most browsers will tell you how to prevent your device from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our site and services who disable cookies will be able to browse the site, but some features may not function. 
   
• Disabling local shared objects. Disabling local shared objects. We may use other kinds of local storage that function similarly but are stored in different parts of your computer from ordinary browser cookies. Browsers such as Chrome may allow you to disable its local storage or delete information contained in its HTML5 local storage. Chrome provides the ability to block HTML5 Local Storage as part of its cookie-blocking functionality. Since both technologies ultimately allow websites to store and retrieve data on end-user devices you can manage them in the same way. Just click the Menu icon and choose Options (or Preferences on UNIX-like platforms), click Show advanced settings..., select Content Settings, and choose the Block any sites from setting data option. 
   
• Options concerning third-party ad networks. As described in this notice, we and third parties may use cookies and similar tracking technologies to collect information and infer your interests for interest-based advertising purposes. If you would prefer to not receive personalized ads based on your browser or device usage, you may generally opt out of interest-based advertising and learn more about your options by clicking here. For more information about third-party ad networks and services that use these technologies, you can visit www.aboutads.info You also may visit the NAI’s site for additional options on how to opt out of interest-based advertising. Visitors to our sites and Services may also follow the steps provided by initiatives that educate users on how to set tracking preferences for most online advertising tools. These resources include the Network Advertising Initiative (https://thenai.org/about-online-advertising/) and the Digital Advertising Alliance (https://digitaladvertisingalliance.org/). You can use the Digital Advertising Alliance’s AdChoices opt-out tool (https://youradchoices.com/control) to opt out of the use of your personal information by many third-party ad networks for targeted advertising purpose. The Digital Advertising Alliance also offers an application called AppChoices (https://youradchoices.com/appchoices) that helps users to control interest-based advertising on mobile apps. 
   
• “Do Not Track” Signals. Your browser settings may allow you to automatically transmit a “do not track” signal to websites and online services you visit. At this time there is no consensus among industry participants as to the meaning of “do not track” in this context. Like many other websites, the Sites are not configured to respond to “do not track” signals from browsers. Click here to learn more about “do not track” signals. 

• Social Network and Platform Integration. The Sites may be integrated with social media networks and other platforms whereby information may be shared between us and those platforms. For instance, if you interact with our Sites through a social media feature such as a plug-in, then you may be granting us on-going access to certain information from that social media account. If you do not want a social media platform to collect or share information about you, please review the privacy policy and privacy settings of the applicable social media property before using such features on our Sites. 

Using the resources below does not mean you will no longer receive any advertising through our site, services, or on other websites. You may continue to receive ads, for example, based on the particular site that you are viewing (i.e., context-based ads). 

HOW TO CONTACT US 

If you have any questions, comments, requests, or concerns related to this Supplemental Notice, AstraZeneca’s US privacy practices, or how to access this notice in another format, please contact AstraZeneca at: 

Global Data Protection Officer 
AstraZeneca Middlewood Court, Silk Road 
Macclesfield, Cheshire SK10 2NA 
United Kingdom 
[email protected] 

1-800-236-9933 

UPDATES TO THIS SUPPLEMENTAL PRIVACY NOTICE 

We reserve the right to amend this Supplemental Notice at our discretion and at any time. When we make material changes to this Supplemental Notice, we will notify you by posting an updated Supplemental Notice on our website and listing the effective date of such updates. 

VII. Consumer Health Data Privacy Notice 

This Consumer Health Data Privacy Notice provides additional disclosures with respect to consumer health data regulated by the Nevada Consumer Health Data Privacy Law, Washington My Health My Data Act, and other similar state laws. This Consumer Health Privacy Notice supplements any underlying privacy notices that link to or refer to this Consumer Health Privacy Notice, and such notices provide further details about the processing of your personal information.  

AstraZeneca and AstraZeneca group companies (“we,” “us,” “our”) is committed to protecting the privacy of Consumer Health Data (i.e., personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status).   

1. Consumer Health Data We Collect, Use, and Share 

We may collect, use, or share the following categories of Consumer Health Data: 

• Information about mental and physical health status, including:
• Individual health conditions or diseases
• Social, psychological, behavioral, and medical interventions
• Health-related surgeries or procedures
• Use or purchase of prescribed medication
• Bodily functions, vital signs, symptoms, or measurements of health information
• Diagnoses or diagnostic testing, treatment, or medication
• Genetic data
• Precise location information that could reasonably indicate a Consumer’s attempt to acquire or receive health services or supplies
• Data that identifies a Consumer seeking health care services
• Inferences of the above categories of health data derived or extrapolated from non-health information

2. Sources From Which We Collect Consumer Health Data 

We may collect Consumer Health Data directly from you and from other sources including: 

• Third parties providing services to the healthcare sector, including providers of demographic data, data analytics, marketing and advertising services, market research services, fraud detection and prevention services, payment processors, and so forth
• Healthcare providers, including specialty pharmacies
• Insurance companies and other payors
• Public databases, publications, and professional organizations
• Authorized/legal representatives, family members, and caregivers
• Joint marketing partners
• Social media platforms
• Third parties and Processors who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services
• Third parties and Processors who facilitate, process, and complete transactions for us, such as resellers, sales agents, and program partners
• Consumer reporting agencies and other Third parties who verify the information you provide
• Third parties and processors who provide website and online security services, fraud prevention, dedication, and mitigation services, or help us maintain our data
• Any other sources we inform you of in the underlying privacy notices or where such processing is at your direction with your consent 

We also draw inferences from the information we collect from and about you, such as your preferences, characteristics, attributes, and abilities. 

3. Uses of Consumer Health Data 

We may use Consumer Health Data for business and commercial purposes as reasonably necessary to provide and maintain our products and services that you request from us or as otherwise permitted or required by applicable law, including to: 

• Operate, manage, and maintain our business
• Provide, develop, improve, repair, and maintain our products and services
• Consider you for participation in one or more of our clinical trials
• Communicate with you
• Provide patient assistance programs
• Conduct research, analytics, and data analysis
• Undertake quality and safety assurance measures
• Conduct risk and security controls and monitoring
• Detect and prevent fraud
• Perform identity verification
• Perform accounting, audit, and other internal functions, such as internal investigations
• Comply with law, legal process, and internal policies
• Maintain records
• Exercise and defend legal claims
• Otherwise accomplish our business purposes and objectives
• Any other purposes we inform you of in the relevant privacy notice(s)  

We may also use your Consumer Health Data for other purposes where such processing is at your direction with your consent. 

We may combine the information that we receive from the various sources described in this Consumer Health Privacy Notice, including third party sources, and use or disclose the combined information for the purposes described in this Consumer Health Privacy Notice. 

4. Sharing of Consumer Health Data: 

We may share Consumer Health Data described in Section 1 with affiliates, subsidiaries, and third parties as reasonably necessary to provide products or services or as otherwise required or permitted by law. The types of third parties we may share Consumer Health Data with include: 

• Third parties and business partners. Third parties and business partners may receive the information we collect directly from you, other people and organizations, public sources, and automatically. We may disclose your Consumer Health Data to third parties who work on our behalf to provide certain services, for example, entities that provide us with research services, data storage, data analysis and processing, distribution, patient support, IT and data security, and legal services. We also may disclose your Consumer Health Data to our business partners, for example, researchers with whom we collaborate, companies with whom we co-develop a therapy, companies with whom we co-promote a product or third-party companies managing our in-countries operations, and so forth.
• Affiliates and Subsidiaries. Our affiliates and subsidiaries, including former and future companies within the AstraZeneca group, may receive Consumer Health Data. Information about affiliates can be found here:https://www.astrazeneca.com/global/en/AstraZeneca-Websites.html.
• Corporate Transactions. We may disclose Consumer Health Data in connection with a business transfer or sale, for example, as part of a sale, assignment, or transfer of an AstraZeneca business or asset, acquisition of or merger with another entity, or other types of corporate transactions.
• Government Requests and to Comply with the Law. We may disclose Consumer Health Data in response to requests from government or law enforcement agencies, or where required or permitted by applicable laws, court orders, or government regulations, for example, in response to a subpoena or regulatory inquiry.
• Defend Legal Rights and Interests. We may disclose Consumer Health Data to protect rights and interests, for example, when needed for corporate audits, to investigate or respond to a complaint or threat, or to exercise our legal rights.
• Any other third party we inform you of in the underlying privacy notices  

We may also share your Consumer Health Data for other purposes where such processing is at your direction with your consent. 

5. Individual Rights 

Applicable law may give you rights related to your Consumer Health Data, including the right to know what data we collect and use and who that data is shared with, the right to correct or delete your Consumer Health Data, the right to withdraw your consent to the collection or sharing of your Consumer Health Data, and the right to appeal our decision to deny any of these rights.  

To submit a request to exercise such rights with respect to your Consumer Health Data, to appeal a decision, or if you have questions about this Consumer Health Privacy Notice, you may contact us at any time through any of the following methods. 

• Online. Our Privacy Request Form at: https://www.astrazenecapersonaldataretention.com/
• Mail. AstraZeneca, c/o US Privacy, 1800 Concord Pike, Wilmington, DE 19850
• Email. [email protected]
• Telephone. Toll-Free Number 1 800 236 9933 

If your appeal is unsuccessful, you may raise a concern or file a complaint with the following: 

• For Nevada residents, you can contact the Nevada State Attorney General at https://ag.nv.gov/Complaints/File_Complaint/.
• For Washington residents, you can contact the Washington State Attorney General at http://www.atg.wa.gov/file-complaint. 

6. Changes to This Consumer Health Privacy Notice 

We may update this Consumer Health Privacy Notice from time to time. Any updated Consumer Health Privacy Notice will be effective when posted. Please check this Consumer Health Privacy Notice periodically for updates. If required by law, we will contact you directly to provide you with an updated Consumer Health Privacy Notice. 

Find here a list of AstraZeneca companies, including their business contact information, such as their email address, mailing address, and telephone number(s), as applicable. 

• From you directly, such as when you:
  • use our websites, attend a virtual event or webcast, or complete an online form or survey;
  • attend one of our live meetings, such as a scientific conference or promotional event, as well as when you visit one of our facilities with CCTV cameras;
  • register to receive marketing and promotional communications from us;
  • share adverse events or medical information enquiries with us (in the event you report an adverse event related to an AstraZeneca product, please review the adverse event reporting notice for your relevant country, to get further information on how we process your personal data in that context);
  • write to us or contact us with questions or comments, including when we record calls to our call centers after providing you advance notice;
• Automatically from your device when you use one of our platforms, websites, applications, or systems, or when you open an email from us from which we collect email open rate metrics;
• From other sources (where permitted by and in accordance with applicable law) including:;
  • third parties providing services to the healthcare sector, including providers of demographic data, data analytics, marketing and advertising services, market research services, fraud detection and prevention services, payment processors, and so forth;
  • healthcare providers and insurance companies;
  • public databases, publications and professional organizations;
  • authorized/legal representatives, family members, and caregivers;
  • joint marketing partners;
  • career social networking sites; and
  • social media platforms.  

The table below lists the purposes for which we may collect and use your personal data, the categories of personal data we may collect and use, and, for those jurisdictions that require a “legal basis”, the legal basis we rely on. 

Regarding legal basis, some countries do not allow us to rely on legitimate interest to use your personal data, in which case we may rely on another legal basis such as your consent. We will ask for your consent to collect and use your personal data where required by and in accordance with applicable law. Occasionally, we may process sensitive personal data about you – for example, if you voluntarily provide information about your physical or mental health as part of a request for information. In this case, we use such information only to respond to your inquiry and if applicable to provide you additional guidance (e.g. to inform you of your right to submit an adverse event report). Where we process sensitive personal data, we comply with applicable privacy and data protection laws.  

You are free to choose not to provide us with your personal data when we ask for it. However, if you choose not to provide us with your personal data, it may limit or prevent us from assisting you, responding to your request(s), or providing you with the products or services you have requested, among other things. 

 
We may process your personal data for other purposes not listed above where such processing is at your direction or with your consent.   

• Other AstraZeneca group companies, including affiliates and subsidiaries. 
• Service providers, such as: 
  • IT providers for the purposes of system management and maintenance; system security and improvement, development, testing, and technical support; data hosting, data storage, data analysis and processing; distribution; patient support and legal services; 
  • Web analytics service providers using cookies to analyze patterns and information about your use of our websites, as further explained in the cookie notice (and/or cookie consent interface) on the AstraZeneca website you are visiting. Some of our websites may use Google Analytics, provided by Google, Inc. (“Google”). More information on Google Analytics. You may choose to opt-out of having your data used by Google Analytics.  
  • providers of research services,  
  • Advertising companies to serve you ads online. 
• business partners, for example, researchers with whom we collaborate, companies with whom we co-develop a therapy, companies with whom we co-promote a product or third-party companies managing our in-countries operations; 
• Auditors and consultants to verify our compliance with internal and external requirements. 
• Statutory bodies, law enforcement agencies, legal advisors and litigants. 
• A successor or business partner to AstraZeneca or to an AstraZeneca group company in the event that it sells, divests or sets up a collaboration or joint venture for all or part of its business, or in the context of some other type of corporate transaction. 
• Other third parties providing services on our behalf. 
• To other third parties at your direction or with your consent.  

The entities with whom we share personal data may be located in different jurisdictions globally. When we transfer your personal data across borders, we do so in compliance with applicable privacy and data protection laws. 

Where required by law, we rely on contracts to ensure that the entity receiving your personal data complies with applicable data protection laws. Such contractual arrangements include, for example, AstraZeneca's Binding Corporate Rules and Standard Contract Clauses, or equivalent instruments approved by a competent supervisory authority. You can request information and a copy of the Standard Contract Clauses used by AstraZeneca by contacting us at [email protected]. 

Where required by applicable privacy and data protection laws, we will ask for your consent before transferring your personal data to another jurisdiction. 

Law enforcement, regulatory and security authorities or courts in the jurisdictions to which we transfer your personal data may have a right to access your personal data in accordance with applicable laws. 

We have implemented a variety of privacy and security measures and technologies to help protect your personal data from a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. In particular, AstraZeneca has developed and implemented robust data transmission and storage systems designed to ensure an appropriate level of security and protection of personal data. 

We have a dedicated process for carefully selecting the service providers and partners we work with, which includes verifying that they have appropriate technical and organizational security measures in place to protect your personal data. We also confirm that these service providers and partners are able to comply with the obligations they have undertaken in the data processing and sharing agreements we sign with them. 

If you suspect or believe that your interactions with us are no longer secure, please contact us as soon as possible. See the “contact us” section below. 

You may have the following rights in relation to your personal data: 

• Right to obtain information on how we use your personal data, including the purposes for which we use it, with whom we share it, how long we retain it, and so forth;
• Right to access to the personal data we hold about you, including receive a copy of your personal data;
• Right to have us correct any inaccuracies in the personal data we hold about you (for example, because it is incomplete or out of date);
• Right to have us delete (erase) your personal data;
• Right to have us transmit the personal data you have provided to us about yourself to a third party;
• Right to object to our use of your personal data (for example, for direct marketing);
• Right to receive meaningful information about the logic involved in any automated decisions we take about you, and the right to be informed of the significance and the envisaged consequences of that decision;
• Right to withdraw any consent you may have given to the collection or use of your personal data; and
• Any other right recognized by applicable data protection law.  

If you want to exercise these rights, please use AstraZeneca’s dedicated online platform. When doing so, please note the following: 

• We may ask you to provide proof that you are who you say you are if we have any doubts about your identity. For example, we may ask you to verify certain data we have about you or, in some cases, to show us your ID.
• If you are making the request on behalf of someone else, we may ask you to provide proof that you have been authorized by that other person to make the request on their behalf.
• We will delete any proof of your identity as soon as we are satisfied that you are who you say you are, or that you are in fact representing someone else. 

In addition to the above rights, you may have the right to complain to your local data protection authority, depending on the applicable law. You may also have the right to be notified in the event of a breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to your personal data, depending on applicable law. 

You can also contact our Data Protection officer at [email protected] or by mail at: Global Data Protection Officer, AstraZeneca 1 Francis Crick Avenue, Cambridge Biomedical Campus, Cambridge, CB2 0AA, United Kingdom. 

If you want to exercise your rights, please use our dedicated online platform. 

This US Supplemental Privacy Notice (“Supplemental Notice”) applies to personal information collected by AstraZeneca and AstraZeneca group companies (“we,” “us,” “our”) about individuals residing in certain jurisdictions in the United States and describes our practices regarding the collection, use, and disclosure of such personal information. Specifically, this Supplemental Notice applies to consumers and healthcare professionals residing in California whose personal information is processed by AstraZeneca, as well as consumers in other states across the U.S., to the extent such states have comprehensive privacy laws that apply to AstraZeneca’s processing of their personal information. We also provide a “Consumer Health Data Privacy Notice” addressed to consumers in Nevada, Washington, and other states with similar laws.  
This Supplemental Notice should be read in conjunction with any underlying privacy notices that link to or refer to this Supplemental Notice, and such other privacy notices provide further details about the processing of your personal information.  
 

II. What personal information do we collect and how do we use it? 

SOURCES OF PERSONAL INFORMATION 

We and our third parties collect personal information in a variety of ways, including from the following sources (as applicable): 

• Directly from you
• From other sources, such as:
  • Joint marketing partners
  • Public databases
  • Data brokers
  • Providers of demographic data
  • Publications
  • Professional organizations
  • Social media platforms
  • Caregivers
  • Third parties when they share the information with us
  • Healthcare providers & insurance companies
  • Third parties who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services
  • Third parties who facilitate, process, and complete transactions for us, such as resellers, sales agents, and program partners
  • Consumer reporting agencies and other third parties who verify the information you provide
  • Third parties who provide website and online security services, fraud prevention, dedication, and mitigation services, or help us maintain our data
• Automatically, such as through cookies or other technologies that provide us with information about your use of our online services
• Any other sources we inform you of in the underlying privacy notice(s) 

CATEGORIES OF PERSONAL INFORMATION 

Depending on the nature of our interactions with you in the prior 12 months, we or our third parties may have collected and processed the following categories of personal information, about you:  

• Identifiers and contact information such as name, alias, online identifiers, account name, address, company-generated identification number, insurance policy number, email, mailing address, and phone number
• Mental and physical health information or conditions, including for purposes of considering your eligibility to participate in one or more of our clinical trials
• Audio or visual information, such as video recordings
• Financial information, such as to determine eligibility for patient assistance programs
• Demographic information, such as age, date of birth, race and gender
• Internet or other electronic network activity information, such as IP address, geographic location, browser type, device type, operating system, dates and times you access our services, browsing history, and other information about your interactions with our online services, or advertisements
• Inferences, such as notes drawn from any of the personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics
• Any other personal information we inform you of in the underlying privacy notice(s) 

We may process personal information that is considered "sensitive" under applicable law. Such personal information is processed for the purposes described below and may be subject to your consent where required by applicable law.      

PURPOSES FOR PROCESSING PERSONAL INFORMATION 

We may use any of the above categories of data to: 

• Operate, manage, promote and maintain our business
• Provide, develop, improve, repair, and maintain our products and services
• Otherwise accomplish our business purposes and objectives
• Any other purposes we inform you of in the relevant privacy notice(s)
• Comply with law, legal processes, and internal policies
• Maintain records
• Exercise and defend legal claims
• Detect and prevent fraud 

Additionally, we process personal information, including sensitive personal information, for the following business and commercial purposes, as applicable, and may use any of the types of personal information described above as indicated below: 

III. With whom do we share your personal data? 

We may share or grant access to personal information to the extent needed to fulfill the purposes described above and require entities that receive personal information processed on our behalf to protect the confidentiality and security of such information. 

We may disclose your personal information for the abovementioned business purposes with the following categories of third parties: 

• Third parties and Business Partners. Third parties and business partners may receive the information we collect directly from you, other people and organizations, public sources, and automatically. We may disclose your personal information to third parties who work on our behalf to provide certain services, for example, entities that provide us with research services, data storage, data analysis and processing, distribution, patient support, IT and data security, and legal services. We also may disclose your data to our business partners, for example, researchers with whom we collaborate, companies with whom we co-develop a therapy, companies with whom we co-promote a product or third-party companies managing our in-countries operations, and so forth.
• Affiliates and Subsidiaries. Our affiliates and subsidiaries may receive the information we collect directly from you, other people and organizations, public sources, and automatically for business purposes. We may disclose your personal information to, for example, current and future companies within the AstraZeneca group of companies so we can improve our offerings and share relevant information with you.
• Corporate Transactions. We may disclose all the information we collect in connection with a business transfer or sale, for example, as part of a sale, assignment, or transfer of an AZ business or asset, acquisition of or merger with another entity, or other types of corporate transactions.
• Government Requests and to Comply with the Law. We also may disclose any of the information we collect in response to requests from government or law enforcement agencies, or where required or permitted by applicable laws, court orders, or government regulations, for example, in response to a subpoena or regulatory inquiry.
• Defend Legal Rights and Interests. We may disclose all the information we collect to protect rights and interests, for example, when needed for corporate audits, to investigate or respond to a complaint or threat, or to exercise our legal rights. 

We may disclose any of the personal information we collect for other purposes we inform you of in the underlying privacy notice(s) or with your consent. 

SALES AND SHARING OF PERSONAL INFORMATION 

Certain state privacy laws define “sale” broadly as disclosing or making available personal information to a third party in exchange for “monetary or other valuable consideration,” and “sharing” as “disclosing or making available personal information to a third party for purposes of cross-context behavioral advertising” (or similar definitions for “targeted advertising” under such laws). While we do not disclose personal information to third parties in exchange for monetary consideration, our activities may involve sharing or enabling access to certain categories of personal information by third parties which may meet the definition of “sale,” “share,” or “targeted advertising” under such state privacy laws. Examples of this may include but is not limited to our use of ad companies, analytics providers, and social networks (through third party tags on our sites) to improve and measure our ad campaigns and reach users with more relevant ads and content. 
Where that is the case, the categories of personal information that we may have “sold” or “shared” in the prior twelve (12) months include: 

• Identifiers
• Internet or other electronic network activity information
• Geolocation information
• Inferences 

Further, the categories of third parties to whom we have disclosed such information include: 

• Data analytics providers
• Advertising networks
• Marketing partners
• Social media networks 

Subject to applicable law, you have the right to opt out of such “sharing” as described under the section   “What are your data protection rights” below. 
We do not knowingly share or sell the personal information of individuals under 16 years of age or share such information for purposes of targeted advertising. 
Disclosure About Direct Marketing for California Residents. California Civil Code § 1798.83 permits California residents to annually request certain information regarding our disclosure of personal information to other entities for their direct marketing purposes in the preceding calendar year. We do not distribute your personal information to other entities for their own direct marketing purposes. 

IV. How long do we keep your personal information? 

We retain your personal information for as long as necessary to fulfill the purpose(s) for which it was collected, as well as to meet Company and legal requirements on processing personal information.  

V. What are your data protection rights? 

Residents of certain states in the U.S. have rights with respect to their personal information, which vary by state. Accordingly, you may be entitled under applicable law (and subject to applicable limitations and exemptions) to request: 

• Access to the personal information we have about you and related information about our processing of such information (including in relation to third parties), and to receive or send such information in a portable format
• Deletion of your personal information
• Correction of personal information that is inaccurate, incomplete, or not up to date
• Opt-out of the “sale,” “share,” or processing of your personal information for targeted advertising (including by clicking the link called “Your Privacy Choices” on any AZ US website) or utilizing the global privacy control feature available on certain browsers. Right to Opt-Out for the Purposes of Profiling: you may have the right to opt-out of processing of personal information for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects. 

You may exercise the privacy rights applicable to you under state law (if any) by submitting a request to AstraZeneca at www.astrazenecapersonaldataretention.com or by calling us at 1-800-236-9933. In some instances, we may decline your request if an exception applies under applicable law. We will respond to your request consistent with any timeframes stipulated by applicable law. 
 
Verification of Request: To make your request, you must provide us with your first and last name, email address, city and state of residence, and which of the right(s) you are intending to exercise. We will verify your request by comparing the information that you provide as part of your request with the information (if any) that we have about you in identifiable form. 

Appeals: To appeal our decision on your data subject requests, you may contact us at [email protected]. Please enclose a copy of, or otherwise specifically reference, the decision you want to appeal. We will respond to your appeal in accordance with applicable law. 

Non-Discrimination: We will not discriminate against you for exercising your data subject rights, although some of the functionality and features available on our services may change or no longer be available to you. 

Use of an Authorized Agent: You may designate an authorized agent to make a request on your behalf by drafting, signing, and authenticating a letter that makes clear (i) the identity of your agent and (ii) the purposes for which you are appointing the agent. If you are an authorized agent, for certain types of rights requests you must provide us with the information described above about the consumer on whose behalf you are acting as an agent, as well as your own first and last name and email address, and a letter that has been signed and notarized by the consumer appointing you as an agent. We may require that you verify your identity to us or confirm with us that you provided your agent with permission to submit the request.  

VI. What are cookies and how are they used?  

There are different types of cookies and related technologies, and some can collect your personal information, some of which may be considered sensitive personal information, such as health data. We may use cookies to personalize our AstraZeneca Sites (“Sites” or “Site), improve their performance and support our marketing efforts.  Cookies are small files that many websites and other online services use to store information about users on the users’ own devices or computers. We use cookies to provide useful features to our users. For more information about cookies, you may visit https://www.allaboutcookies.org. See the section below regarding Your Privacy, Targeted Advertising, and Opt-out Choices to learn more about how you may limit or disable cookies on your computer. If you choose to disable cookies, that could affect your ability to use certain features of the Sites that use cookies to enhance their functionality. 

Web beacons are small files that link web pages to particular web servers and their cookies, and they may be used for a variety of purposes, such as counting the number of visitors to the Sites, analyzing how users navigate around the Sites, assessing how many emails that we send are actually opened and which articles or links are viewed by visitors. 
AstraZeneca websites may use cookies and other related technologies as described in the categories below. 

• Site Delivery Cookies 

These cookies are always active and enable website operations, such as page navigation and access to secure areas of the website, and some allow us to deliver website services, such as count visits and traffic sources so we can measure and improve the performance of our sites.  

Some of these cookies are set in response to the setting of privacy preferences or the completion of forms. Through your browser, you may decline certain cookies, but necessary site functionality may cease to work. 

• Functional Cookies 

These cookies enable the website to provide enhanced functionality, aid site personalisation, maintain user-selected options and site navigation aids. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.  

• Performance and Operational Cookies 

These cookies allow us to count visits and traffic sources, perform customer surveys and other web analytics, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. The information these cookies collect is aggregated and, in some instances, limited identifiable data may be collected.  

• Marketing and Targeted Advertising Cookies 

These cookies are used to track our visitors’ browsing habits and activity across our websites. They can be used to build up a profile of search and/or browsing history for every visitor. Identifiable or unique data may be collected which enables us to show you relevant/personalized marketing content. We do not store directly personal information, but information that uniquely identify your browser and internet device and use this to display targeted advertising and/or share this data with third parties for the same purpose. If you do not allow these cookies, you will experience less personalized marketing content and targeted advertising.  

Where cookies provide deidentified or aggregate information, AZ will not attempt to reidentify the information.  

Finally, companies that provide certain third-party apps, tools, widgets, and plug-ins that may appear on the Sites (for example, Facebook “Like” or “Share” buttons), also may use automated means to collect information regarding your interactions with these features. This information collection is subject to the privacy policies or notices of those third parties. 

Your Privacy, Targeted Advertising, and Opt-Out Choices 

• Blocking cookies. Certain browsers may be configured to notify you when you receive cookies or allow you to restrict or disable certain cookies. If you wish to prevent cookies from tracking your activity on our website or visits across multiple websites, you can set your browser to block certain cookies or notify you when a cookie is set. The Help portion of the toolbar on most browsers will tell you how to prevent your device from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our site and services who disable cookies will be able to browse the site, but some features may not function. 
   
• Disabling local shared objects. Disabling local shared objects. We may use other kinds of local storage that function similarly but are stored in different parts of your computer from ordinary browser cookies. Browsers such as Chrome may allow you to disable its local storage or delete information contained in its HTML5 local storage. Chrome provides the ability to block HTML5 Local Storage as part of its cookie-blocking functionality. Since both technologies ultimately allow websites to store and retrieve data on end-user devices you can manage them in the same way. Just click the Menu icon and choose Options (or Preferences on UNIX-like platforms), click Show advanced settings..., select Content Settings, and choose the Block any sites from setting data option. 
   
• Options concerning third-party ad networks. As described in this notice, we and third parties may use cookies and similar tracking technologies to collect information and infer your interests for interest-based advertising purposes. If you would prefer to not receive personalized ads based on your browser or device usage, you may generally opt out of interest-based advertising and learn more about your options by clicking here. For more information about third-party ad networks and services that use these technologies, you can visit www.aboutads.info You also may visit the NAI’s site for additional options on how to opt out of interest-based advertising. Visitors to our sites and Services may also follow the steps provided by initiatives that educate users on how to set tracking preferences for most online advertising tools. These resources include the Network Advertising Initiative (https://thenai.org/about-online-advertising/) and the Digital Advertising Alliance (https://digitaladvertisingalliance.org/). You can use the Digital Advertising Alliance’s AdChoices opt-out tool (https://youradchoices.com/control) to opt out of the use of your personal information by many third-party ad networks for targeted advertising purpose. The Digital Advertising Alliance also offers an application called AppChoices (https://youradchoices.com/appchoices) that helps users to control interest-based advertising on mobile apps. 
   
• “Do Not Track” Signals. Your browser settings may allow you to automatically transmit a “do not track” signal to websites and online services you visit. At this time there is no consensus among industry participants as to the meaning of “do not track” in this context. Like many other websites, the Sites are not configured to respond to “do not track” signals from browsers. Click here to learn more about “do not track” signals. 

• Social Network and Platform Integration. The Sites may be integrated with social media networks and other platforms whereby information may be shared between us and those platforms. For instance, if you interact with our Sites through a social media feature such as a plug-in, then you may be granting us on-going access to certain information from that social media account. If you do not want a social media platform to collect or share information about you, please review the privacy policy and privacy settings of the applicable social media property before using such features on our Sites. 

Using the resources below does not mean you will no longer receive any advertising through our site, services, or on other websites. You may continue to receive ads, for example, based on the particular site that you are viewing (i.e., context-based ads). 

HOW TO CONTACT US 

If you have any questions, comments, requests, or concerns related to this Supplemental Notice, AstraZeneca’s US privacy practices, or how to access this notice in another format, please contact AstraZeneca at: 

Global Data Protection Officer 
AstraZeneca Middlewood Court, Silk Road 
Macclesfield, Cheshire SK10 2NA 
United Kingdom 
[email protected] 

1-800-236-9933 

UPDATES TO THIS SUPPLEMENTAL PRIVACY NOTICE 

We reserve the right to amend this Supplemental Notice at our discretion and at any time. When we make material changes to this Supplemental Notice, we will notify you by posting an updated Supplemental Notice on our website and listing the effective date of such updates. 

VII. Consumer Health Data Privacy Notice 

This Consumer Health Data Privacy Notice provides additional disclosures with respect to consumer health data regulated by the Nevada Consumer Health Data Privacy Law, Washington My Health My Data Act, and other similar state laws. This Consumer Health Privacy Notice supplements any underlying privacy notices that link to or refer to this Consumer Health Privacy Notice, and such notices provide further details about the processing of your personal information.  

AstraZeneca and AstraZeneca group companies (“we,” “us,” “our”) is committed to protecting the privacy of Consumer Health Data (i.e., personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status).   

1. Consumer Health Data We Collect, Use, and Share 

We may collect, use, or share the following categories of Consumer Health Data: 

• Information about mental and physical health status, including:
• Individual health conditions or diseases
• Social, psychological, behavioral, and medical interventions
• Health-related surgeries or procedures
• Use or purchase of prescribed medication
• Bodily functions, vital signs, symptoms, or measurements of health information
• Diagnoses or diagnostic testing, treatment, or medication
• Genetic data
• Precise location information that could reasonably indicate a Consumer’s attempt to acquire or receive health services or supplies
• Data that identifies a Consumer seeking health care services
• Inferences of the above categories of health data derived or extrapolated from non-health information

2. Sources From Which We Collect Consumer Health Data 

We may collect Consumer Health Data directly from you and from other sources including: 

• Third parties providing services to the healthcare sector, including providers of demographic data, data analytics, marketing and advertising services, market research services, fraud detection and prevention services, payment processors, and so forth
• Healthcare providers, including specialty pharmacies
• Insurance companies and other payors
• Public databases, publications, and professional organizations
• Authorized/legal representatives, family members, and caregivers
• Joint marketing partners
• Social media platforms
• Third parties and Processors who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services
• Third parties and Processors who facilitate, process, and complete transactions for us, such as resellers, sales agents, and program partners
• Consumer reporting agencies and other Third parties who verify the information you provide
• Third parties and processors who provide website and online security services, fraud prevention, dedication, and mitigation services, or help us maintain our data
• Any other sources we inform you of in the underlying privacy notices or where such processing is at your direction with your consent 

We also draw inferences from the information we collect from and about you, such as your preferences, characteristics, attributes, and abilities. 

3. Uses of Consumer Health Data 

We may use Consumer Health Data for business and commercial purposes as reasonably necessary to provide and maintain our products and services that you request from us or as otherwise permitted or required by applicable law, including to: 

• Operate, manage, and maintain our business
• Provide, develop, improve, repair, and maintain our products and services
• Consider you for participation in one or more of our clinical trials
• Communicate with you
• Provide patient assistance programs
• Conduct research, analytics, and data analysis
• Undertake quality and safety assurance measures
• Conduct risk and security controls and monitoring
• Detect and prevent fraud
• Perform identity verification
• Perform accounting, audit, and other internal functions, such as internal investigations
• Comply with law, legal process, and internal policies
• Maintain records
• Exercise and defend legal claims
• Otherwise accomplish our business purposes and objectives
• Any other purposes we inform you of in the relevant privacy notice(s)  

We may also use your Consumer Health Data for other purposes where such processing is at your direction with your consent. 

We may combine the information that we receive from the various sources described in this Consumer Health Privacy Notice, including third party sources, and use or disclose the combined information for the purposes described in this Consumer Health Privacy Notice. 

4. Sharing of Consumer Health Data: 

We may share Consumer Health Data described in Section 1 with affiliates, subsidiaries, and third parties as reasonably necessary to provide products or services or as otherwise required or permitted by law. The types of third parties we may share Consumer Health Data with include: 

• Third parties and business partners. Third parties and business partners may receive the information we collect directly from you, other people and organizations, public sources, and automatically. We may disclose your Consumer Health Data to third parties who work on our behalf to provide certain services, for example, entities that provide us with research services, data storage, data analysis and processing, distribution, patient support, IT and data security, and legal services. We also may disclose your Consumer Health Data to our business partners, for example, researchers with whom we collaborate, companies with whom we co-develop a therapy, companies with whom we co-promote a product or third-party companies managing our in-countries operations, and so forth.
• Affiliates and Subsidiaries. Our affiliates and subsidiaries, including former and future companies within the AstraZeneca group, may receive Consumer Health Data. Information about affiliates can be found here:https://www.astrazeneca.com/global/en/AstraZeneca-Websites.html.
• Corporate Transactions. We may disclose Consumer Health Data in connection with a business transfer or sale, for example, as part of a sale, assignment, or transfer of an AstraZeneca business or asset, acquisition of or merger with another entity, or other types of corporate transactions.
• Government Requests and to Comply with the Law. We may disclose Consumer Health Data in response to requests from government or law enforcement agencies, or where required or permitted by applicable laws, court orders, or government regulations, for example, in response to a subpoena or regulatory inquiry.
• Defend Legal Rights and Interests. We may disclose Consumer Health Data to protect rights and interests, for example, when needed for corporate audits, to investigate or respond to a complaint or threat, or to exercise our legal rights.
• Any other third party we inform you of in the underlying privacy notices  

We may also share your Consumer Health Data for other purposes where such processing is at your direction with your consent. 

5. Individual Rights 

Applicable law may give you rights related to your Consumer Health Data, including the right to know what data we collect and use and who that data is shared with, the right to correct or delete your Consumer Health Data, the right to withdraw your consent to the collection or sharing of your Consumer Health Data, and the right to appeal our decision to deny any of these rights.  

To submit a request to exercise such rights with respect to your Consumer Health Data, to appeal a decision, or if you have questions about this Consumer Health Privacy Notice, you may contact us at any time through any of the following methods. 

• Online. Our Privacy Request Form at: https://www.astrazenecapersonaldataretention.com/
• Mail. AstraZeneca, c/o US Privacy, 1800 Concord Pike, Wilmington, DE 19850
• Email. [email protected]
• Telephone. Toll-Free Number 1 800 236 9933 

If your appeal is unsuccessful, you may raise a concern or file a complaint with the following: 

• For Nevada residents, you can contact the Nevada State Attorney General at https://ag.nv.gov/Complaints/File_Complaint/.
• For Washington residents, you can contact the Washington State Attorney General at http://www.atg.wa.gov/file-complaint. 

6. Changes to This Consumer Health Privacy Notice 

We may update this Consumer Health Privacy Notice from time to time. Any updated Consumer Health Privacy Notice will be effective when posted. Please check this Consumer Health Privacy Notice periodically for updates. If required by law, we will contact you directly to provide you with an updated Consumer Health Privacy Notice.