Privacy Statement

This Privacy Statement was last updated on 18 July 2023.
Background Image
Introduction
Scope
Summary of Key Points
Personal Data We Collect
Use of Personal Data
Sharing of Personal Data
Marketing Choices
Cookies
Data Subject Rights
Data Security
Cross-Border Data Transfers
California Consumers
Other Issues
Contact Us

Introduction

Scope

Summary of Key Points

Personal Data We Collect

Use of Personal Data

Sharing of Personal Data

Marketing Choices

Cookies

Data Subject Rights

Data Security

Cross-Border Data Transfers

California Consumers

Other Issues

Contact Us

Introduction and Purpose

The mission of Embecta Corp. and its affiliates and subsidiaries (‘embecta’ or ‘we’) is to develop and provide solutions that make life better for people living with diabetes. In doing so, we collect, use, share and otherwise process individually identifiable data about individuals who engage with us or our Sites (defined below), customers, business contacts, healthcare professionals, patients, individual end-users, business partners and other external parties with whom we interact (‘Personal Data’). embecta takes data privacy seriously, and we believe that carrying out our business activities in compliance with applicable privacy and data protection laws is fundamental to our business success.

Scope

This external Privacy and Cookies statement (‘Privacy Statement’) describes our practices in connection with Personal Data that we or our service providers collect and process through our interactions with individuals, websites, partner websites, applications and other sources (such as embecta partner websites, applications and/or in-person interactions) as part of embecta’s services (collectively, the ‘Sites’). Additional terms may apply when you access specific services in some areas of this website, through mobile applications, when you provide us Personal Data directly or when you click on links that navigate away from Sites. Any data provided in connection with this Privacy Statement or processed in connection with your engagement with the Sites that reference this Privacy Statement are subject to this Privacy Statement and, where applicable, the Terms of Use of the Site.

Quick links

1. Collection

We collect names, contact details and other Personal Data related to our commercial relationships.

2. Use

We use Personal Data to provide our products and services and respond to enquiries, to manage accounts and maintain business operations, to provide relevant marketing and to fulfil other business and compliance purposes.

3. Sharing

We share Personal Data as necessary to provide our products and services and respond to requests, and to fulfil other business and compliance purposes.

4. Marketing choices

You have control over how we use your Personal Data for direct marketing.

5. Cookies

We use cookies and tracking technology on our Site and in our communications and provide choices on use of cookies and tracking technology, including third-party targeting and advertising.

6. Data-subject rights

Certain laws, like the EU’s General Data Protection Regulation (‘GDPR’), provide for certain rights like the right to request access, rectification/correction, deletion or other actions regarding individuals’ Personal Data.

7. Data security

We maintain technical and organisational measures with the intention of protecting Personal Data from loss, misuse, alteration or unintentional destruction.

8. Cross-border data transfers

We provide appropriate protections for cross-border transfers of personal data where specified by law.

9. Notice to California consumers

California, USA consumers may have additional rights with respect to their Personal Data under the California Consumer Privacy Act of 2018 (‘CCPA’) and California Public Records Act (‘CPRA’).

10. Other issues

We provide other information in this Privacy Statement about: (i) the legal basis for collecting and processing Personal Data, (ii) the consequences for not providing Personal Data, (iii) automated decision-making, (iv) do-not-track (DNT) signals, (v) data retention, (vi) employee and contractor issues and (vii) changes to this Privacy Statement.

11. Contact us

Please contact us as detailed below with any questions.

What Personal Data Do We Collect?

We may collect, use, share and otherwise process the following categories of Personal Data about you that have been obtained either directly from you, from third parties (e.g. your employer or the healthcare institution you work for) or automatically through your use of Sites:

  • Identification data, such as full name, title and contact details;
  • Professional data, such as business name and type, business website, area of expertise, job title and description, department and professional experience;
  • Product data, such as types of product and services used or purchased by you or your employer and related data;
  • Communication and interaction details, such as customer service requests, correspondence, notes of calls or meetings, and other customer care or technical service interactions;
  • Training data, such as details or product or clinical training received;
  • Health-related information, such as physical and medical information submitted through one of our Sites or on social media;
  • Financial or payment data (in limited cases only), such as bank account numbers and dates and amounts of payments made or received;
  • Technical Usage Data, such as IP address, device ID and interactions with the Sites; and
  • Other Site-specific data, as further detailed below.
  • Registration and account details, including email address, password, status of consents, device ID (including manufacturer, device type and operating system version), language, country, time zone and IP address;
  • Automated data, including data obtained through tracking technologies, data from connected devices, location data, data sent to mobile devices and usage data.

How Do We Use Personal Data?

We require the above categories of Personal Data for the following purposes:

Purpose of use

Categories of Personal Data

Delivering products and services, including
technical support and maintenance services

Identification data; product data; communication details; health-related information; registration and account details; automated data for the DC App only

Providing customer service and engaging in
other communication with customers, end-users and other third parties

Identification data; product data; communication details; health-related information; registration and account details; automated data for the DC App only

Marketing and customer relationship
activities, which may include 
categorisation of your potential interests in
embecta products and services for tailored
marketing

Identification data; professional data; product data; communication details; health-related information

Product/service development and improvement of quality and functionality of products and service

Product data; registration and account details; automated data for the DC App only

Training records of clinical and other staff

Identification data; professional data; training data; health-related information

Security and fraud prevention activities
such as prevention of fraud, misuse of IT
systems or money laundering; physical
security; IT and network security; or internal
investigations

Identification data; professional data; communication details; product data; financial or payment data; registration and account details; automated data for the DC App only

Complying with legal obligations or
standards, responding to and complying
with requests and legal demands from
regulators or other authorities in or outside
of your home country, compliance with
transparency laws governing interactions
with healthcare professionals and equivalent
laws and regulations, industry standards and
codes, details of training
given to distributors and other
intermediaries relating to compliance

Identification data; professional data; product data; communication details; financial or payment data; registration and account details; health-related information; automated data for the DC App only

How Do We Share Personal Data?

We share with or disclose Personal Data to the following categories of recipients for the following purposes:

  • Within embecta: We share Personal Data within the embecta group of companies as necessary for the purposes described above.
  • Service providers: We share Personal Data with service providers to enable such parties to perform functions on our behalf and under our instructions in order to carry out the purposes identified above, such as marketing, identity management, troubleshooting, data management, analytics, security and web hosting. We require service providers to provide reasonable security for Personal Data and to use and process such Personal Data on our behalf only at our instruction.
  • Third Party: When you engage our Sites, we additionally share Personal Information, where allowed by applicable law, with Third Parties that use the data for processing such as analytics, marketing and product development. Please visit their privacy policies for more information on their uses. You may opt-out of this sharing by opting-out of unnecessary cookies on our Cookie Page.
  • Auditors and advisors: We share Personal Data with auditors for the performance of audit functions and advisors for the provision of legal and other advice.
  • Business reorganisation: We share Personal Data with any corporate purchaser or prospect to the extent permitted by law as part of any merger, acquisition, sale of company assets or transition of service to another provider, as well as in the event of insolvency, bankruptcy or receivership in which Personal Data would be transferred as an asset of embecta.
  • Mandatory disclosures and legal rights: We share Personal Data in order to comply with any subpoena, court order or other legal process, or other governmental request. We also share Personal Data to establish or protect our legal rights, property or safety, or the rights, property or safety of others, or to defend against legal claims.

Marketing Choices

You have control regarding our use of your Personal Data for directing marketing. If you no longer wish to receive any marketing communications, remain on a mailing list to which you previously subscribed or receive any other marketing communication for which you have previously provided your consent, you can choose to not receive such communications at any time. Please follow the unsubscribe link in the relevant email, reply ‘STOP’ to the relevant SMS or contact us as detailed below to stop receiving email marketing or SMS campaigns. Please opt-out of unnecessary cookies on this page to prevent your Personal Data from being used in embecta’s online direct marketing.

Cookies

We use and allow certain trusted partners to use cookies, web beacons and similar tracking technologies (collectively, ‘cookies’) on our Site.

What are cookies?

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. Cookies are small amounts of data that are stored on your browser, device, communication or the page you are viewing. = Some cookies are deleted once you close your browser, while other cookies are retained even after you close your browser so that you can be recognised when you return to a website. More information about cookies and how they work is available at Cookiepedia.

How do we use cookies?

Cookies are used to provide and enhance Sites, products and services, gather information about your usage patterns when you navigate the Sites in order to enhance your personalised experience and to understand usage patterns to improve our Sites, products and services. We also use cookies to provide targeted advertising in some instances and allow certain trusted partner’s cookies on our Sites in order to collect information about your online activities on our Sites over time and across different websites that you visit. This information is used to provide advertising tailored to your interests on websites that you visit, also known as interest-based advertising, and to analyse the effectiveness of such advertising.

Cookies on our Site are generally divided into the following categories:

  • Strictly Necessary Cookies: These cookies are necessary for the Sites to function optimally, and you are unable to opt-out of these cookies. They help to ensure things like functionality, security and compliance of the Sites.  You can set your browser to block or alert you about these cookies, but some parts of the Sites will not then work.

  • Analytical/Performance Cookies: These cookies allow us to analyse visits and traffic sources so we can measure and improve the performance of our Sites. They help us to know which pages are the most and least popular and see how visitors move around the Sites. If you do not allow these cookies, we will not be able to monitor the Sites performance. Depending on your jurisdiction, we may use Google Analytics, and you can see how to exercise choice regarding this cookie by visiting https://tools.google.com/dlpage/gaoptout.

  • Targeting Cookies: These cookies may be set through our Sites by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. If you do not allow these cookies, you will experience less targeted advertising. You can delete these cookies via your browser settings. To learn more about certain cookies used for interest-based advertising by third parties, including through cross-device tracking, and to exercise certain choices regarding such cookies, please visit the Digital Advertising AllianceNetwork Advertising InitiativeDigital Advertising Alliance-CanadaEuropean Interactive Digital Advertising Alliance or your device settings.

What are your options if you do not want cookies on your computer?

With the exception of Strictly Necessary Cookies, you are free to decide which of the above-described categories of cookies you would like to permit on your browser by clicking the Cookies Options link in the website footer of our Sites. Please note that depending on the settings you choose, the full functionality of our Sites may no longer be available. Additionally, you can review your Internet browser settings, typically under the sections 'Help' or 'Internet Options', to exercise browser-based choices that you may have for certain cookies.

If you disable or delete certain cookies in your Internet browser settings, you might not be able to access or use important functions or features of the Sites, and you may be required to re-enter your log-in details. For more information on the practical implications of changing cookie settings, you can consult this external page: https://www.allaboutcookies.org.

Data Subject Rights

Where required by applicable law (such as GDPR or CCPA(CPRA)), you may have the right to obtain confirmation that we maintain certain Personal Data relating to you and the corresponding processing activities, to verify its content, origin and accuracy, as well as the right to access, review, rectify or correct, port, delete or anonymise, or to block or withdraw consent to the processing of certain Personal Data (without affecting the lawfulness of processing based on consent before its withdrawal), by contacting us as outlined below. You may also have the right to request information about third parties with whom we have shared your Personal Data, request that we not share data with third parties, as well as the right to request review of decisions based solely on automated data processing. 

In particular, you have the right to object to our use of Personal Data for direct marketing and in certain other situations at any time. Contact us below for more details. Please note that we need to retain certain Personal Data as required or permitted by applicable law. In some instances, we must be able to verify your identity using information which we currently have on record to process your data rights requests.

You may also have the right to lodge a complaint with the relevant data protection supervisory authority or regulatory body.

Data Security

We takes reasonable steps to protect any Personal Data you provide to us from loss, misuse and unauthorised access, disclosure, alteration or destruction. Unless otherwise stated on the relevant page of a Site or through an embecta partner mobile application, embecta uses general security standards but has not taken additional action to secure data provided to its Sites or from its applications or from an embecta partner, and such transmissions are subject to normal Internet security risks. No Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from this Site may not be secure, and you should therefore take special care in deciding what information you send to us or to our partners. Please keep this in mind when disclosing any Personal Data to embecta or to any other party via the Internet. Moreover, when you use passwords, ID numbers or other special access features on a Site, it is your responsibility to safeguard them.

Cross-Border Data Transfers

Where permitted by applicable law, we transfer Personal Data to various jurisdictions as necessary for the purposes described above, including to jurisdictions that may not provide the same level of data protection as your home country. We provide appropriate protections for cross-border transfers as required by law for international data transfers. With respect to transfers originating from the European Economic Area (‘EEA’), we implement standard contractual clauses approved by the European Commission, and other appropriate solutions to address cross-border transfers as required by applicable law. Where required by such laws, you may request a copy of the suitable mechanisms that we have in place by contacting us as detailed below.

California Consumers

CA Personal Information. If you reside in California, we are required to provide additional information to you about how we use and disclose your Personal Data, and you may have additional rights with regard to how we use your Personal Data. We have included this California-specific information below.

Consistent with the ‘What Personal Data Do We Collect’ section above, we collect certain categories and specific pieces of information about individuals as defined by Californian law. This includes:

  • Identifiers;
  • Personal Information;
  • Protected classification characteristics;
  • Commercial information;
  • Professional or employment-related information;
  • Internet or other electronic network activity information;
  • Geolocation information;
  • Professional and employment information;
  • Inferences drawn from other Personal Information; and
  • Protected classifications under California or federal law in certain limited cases.


Sources. We collect Personal Data either directly from you and other third parties, including:

  • Your employer or the healthcare institution you work for;
  • Third-party applications (including blogs, chat rooms or support centres);
  • Advertising networks; and
  • Other companies or organisations.


Consumer Rights. Subject to certain exceptions,  in many jurisdictions such as the European Economic Area and California, you have the right to: (i) request access to your Personal Data; (ii) request deletion or correction of your Personal Data, (iii) request information about the Personal Data that we have disclosed and/or ‘sold’ (as such term is defined under California law) to third parties, and (iv) to limit certain uses and disclosures of sensitive information. Should you wish to request the exercise of your rights, we will not discriminate against you by offering you different pricing or products, or by providing you with a different level or quality of products, based solely upon this request. Please contact us as detailed below for more information or with any questions. You also have the option of designating an authorised agent to exercise your rights on your behalf. For authorised agents submitting requests, please contact us as described below, with any evidence you have that you have been authorised by a consumer to submit a request on their behalf.

Other Issues

Selling Information. We do not receive payment for any Personal Data. However, some laws define ‘sale’ broadly to include the sharing of Personal Data in exchange for anything of value. If you allow Analytics/Performance or Targeting cookies, the resulting sharing of information may be considered a ‘sale’ of Personal Data under specific laws. If you would like to opt-out of the sale of your Personal Data you can opt-out of Analytics/Performance or Targeting cookies on our Sites or write to us directly.

(i) What is the legal basis of processing?

Some jurisdictions require an explanation of the legal basis for the collection and processing of Personal Data. We have several different legal grounds on which we collect and process Personal Data, including, without limitation: (a) as necessary to perform a transaction or contractual obligation (such as in order to provide the products and services you requested); (b) as necessary to comply with a legal obligation (such as when we use Personal Data for record keeping to substantiate tax liability); (c) consent (where you have provided consent as appropriate under applicable law, such as for direct marketing or certain cookies); and (d) necessary for legitimate interests (such as when we act to maintain our business generally, including maintaining the safety and security of the Site).

(ii) What are the consequences of not providing Personal Data?

You are not required to provide all Personal Data identified in this Privacy Statement to use our Site or to interact with us offline, but certain functionality will not be available if you do not provide certain Personal Data. If you do not provide certain Personal Data, we may not be able to respond to your request, perform a transaction with you or provide you with marketing that we believe you would find valuable.

(iii) Do we engage in automated decision-making without human intervention?

We do not use automated decision-making without human intervention, including profiling, in a way that produces legal effects concerning you or otherwise significantly affects you.

(iv) Does the Site honour Do Not Track (‘DNT’) signals sent via browsers?

Given the divergent practices of organisations that offer browsers and the lack of a standard in the marketplace, we do not respond to DNT signals at this time.

(v) Children’s Privacy

Our Sites are not directed at individuals under the age of 16.  Without permission from a parent or legal guardian, we do not knowingly collect Personal Information directly from individuals under the age of 13. If we learn that we have collected Personal Information of individuals under the age of 13 through our website, we will take appropriate steps to address this matter.

(vi) How long do we retain Personal Data?

We typically retain Personal Data related to marketing activities for as long as you accept marketing communications from us, and upon request we will securely delete such data in accordance with applicable law. For Personal Data that we collect and process for other purposes described above, we typically retain such Personal Data for no longer than for the period necessary to fulfil the purposes outlined in this Privacy Statement and as otherwise needed to address tax, corporate, compliance, litigation and other legal rights and obligations.

(vii) Do we process ‘Sensitive Information’?

There are several definitions of Sensitive Information. Some categories of Personal Data which we process which can fall into the category of Sensitive Information including data like geolocation, and health data. In some jurisdictions, like California, you may have the right to opt-out of certain processing or sharing of Sensitive Information. Please contact us at privacy-embecta@embecta.com to exercise that right.

(viii) Japanese users

If you are reading this Privacy Statement and reside in Japan, we jointly use Personal Data in the medical database (MDB) managed and operated by Nihon Ultmarc, Inc. with specific companies. For the items of Personal Data to be jointly used, the scope of the joint users, the purpose of use by the users, and the person responsible for the management of personal data, please refer to the website of Nihon Ultmarc, Inc. (https://www. Ultmarc.co.jp/privacy/shared_use/index.html). Our Privacy Statement does not apply to the linked sites. If you wish to continue, please click the privacy policy at the linked site.

(ix) How will we handle any changes to this Privacy Statement?

We may update this Privacy Statement from time to time as our services and privacy practices change, or as required by law. The effective date of our Privacy Statement is posted above, and we encourage you to visit our Sites periodically to stay informed about our privacy practices. We will post the updated version of the Privacy Statement on our Site and ask for your consent to the changes if legally required.

Contact Us

If you have questions or comments regarding this Privacy Statement or our privacy practices, please contact us at:


Embecta Corp.
300 Kimball Drive, Suite 300
Parsippany, NJ 07054
Attention: Privacy Office
privacy-embecta@embecta.com