Effective Date: December 20, 2022
Protected health information
Information collection and use
Personal data is data that reasonably relates to or can be used to identify or contact you or another member of your household, such as your name, email address, telephone number or similar information. BSC collects personal data you voluntarily give us, such as but not limited to, when you request information via our Sites, submit your resume, register for Sites or events, sign up for communications or interact with BSC team members.
We collect or obtain personal data from the following sources:
- Directly from you.
- From your interactions with the Sites.
- Service providers and business partners that help us operate, maintain, and improve the Sites, our services, and our business.
- Health care providers.
- Research partners.
- Social media.
- Third-party web Sites and applications, such as WebMD and PulsePoint that may provide information to us via online forms.
Our Sites include interactive digital health tools, including enrollment portals, through which information is collected from users. We also collect information about your interactions with our Sites. We collect such information using web logs, cookies, pixels, beacons and similar tools, some of which may be operated by third parties. Our Sites automatically track certain behavior (usage data) during visits, such as, referring/exit URLs and we also collect other basic information about you which does not directly identify you but which may correspond with you or a particular device. We use this information to learn more about how our Sites and online resources are used and to otherwise improve and administer the Site. We also use this information to enable us to deliver information tailored to your interests and preferences, based on your use of the Site. For example, we may collect the internet protocol address assigned to your computer by your internet service provider. This address may change each time you connect to the internet (a “dynamic” IP address), or it may remain the same (a “static” IP address). In most cases, this information is collected automatically, for our legitimate business interests. If you are a registered user, we may use your usage data with or without your personal data, in order to measure the Site's performance and improve the Site's design and functionality. Depending upon the nature of our interactions with you, we collect and store the following types of information from you:
- Identifiers, such as first and last names, home or other physical address, email address, phone number, username, password, and other registration information;
- Demographic information, such as gender, age, sexual orientation, race, ethnicity, income range, and date of birth, some of which may be protected characteristics under anti-discrimination laws;
- Biometric information;
- Financial information, such as credit card information and transaction history;
- Internet and other electronic network activity information, such as information about how you interact with the Sites, and information collected through cookies and other technologies on the Sites;
- Geolocation data;
- Contact preferences, such as information voluntarily submitted to us for purposes of considering or ordering a product, receiving services and/or when you register for updates, or contact us;
- Information about your emergency contacts, such as name and phone number;
- Recordings of audio/video calls you have with us;
- Professional or employment-related information, such as credentials provided on a curriculum vitae or resumé, professional history, professional license and identification numbers, business contact information, job title, and employer name;
- Testimonials, including information gathered for our blog and community forum posts;
- Surveys and questionnaire responses which can include sensitive information;
- Education information;
- Information that may be deemed sensitive under certain laws, such as login credentials, race or ethnic origin, religious or philosophical beliefs, sexual orientation, precise geolocation, biometric information, genetic data, subject study ID number, health information, medical record number and records provided by you or your healthcare provider(s) on your behalf; and
- Inferences drawn from the categories of personal data described above.
When you provide us with personal data about your contacts we will only use it for the specific reason for which it is provided. If you believe one of your contacts has provided us with your personal data and you want to submit a removal request, please contact us at email@example.com.
Licensed medical professionals must provide additional personal data to register (e.g., profession, title, Medical ID and clinical affiliation) in case of Sites with restricted access. In addition to the uses mentioned above, we use this data to review and verify your registration. We may obtain additional information about you from other sources through your Unique Physician Identification Number (UPIN).
Use of your personal data
We use the information we collect for the following business purposes:
- Sending you product updates, newsletters, marketing communications, requested product or service information, facilitating your patient, study subject or consumer journey, and fulfilling services you have requested;
- Understanding your interests and preferences;
- Operating and improving our business;
- Responding to your questions and requests;
- Administering your account;
- Conducting surveys, other research, and analysis;
- Measuring and improving our Sites, products and services, and marketing efforts;
- Optimizing user experience;
- Displaying personalized content;
- Targeting advertising to you based on your inferred interests and online activities;
- Enabling you to post your resume, search job postings, and contact or be contacted by prospective BSC representatives or agents;
- Notifying you of Policy updates;
- Preventing, detecting and responding to potential security issues and other malicious activities;
- Administering the employment process;
- Complying with legal obligations, responding to legal, court or government regulator requests for information, or enforcing our legal rights; and
- Protecting the security and integrity of the Sites or otherwise protecting BSC’s rights or property, your health and safety, or the health and safety of others.
Disclosing personal data
In addition to the disclosures described throughout this Policy, and subject to applicable law, we and our third parties may disclose your personal data:
- To affiliates and subsidiaries for purposes consistent with this Policy;
- To unaffiliated third parties that are under contract to perform services for or on behalf of BSC (e.g., to maintain computer databases, perform marketing activities, provide security services, conduct analytics, or conduct surveys);
- To research partners;
- To potential transaction partners, service providers, advisors, and other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell or transfer all or a portion of our assets or business;
- To other persons as permitted by applicable law or regulation;
- To healthcare providers involved in your care;
- To law enforcement personnel and governmental and administrative agencies, including to meet public health or national security requirements, or as part of a legal process; and
- As we deem reasonably necessary to protect the rights, property, or safety of us, you, or others.
We may share aggregate data with selected third parties. For example, BSC may disclose aggregate Usage Data to third parties to understand how the Sites are used or performing or for marketing or Site improvement purposes. Aggregate data does not directly identify individuals. See also "Cookies" below.
The access, use and disclosure granted to our affiliates, subsidiaries, and third parties is limited solely to the purposes for which such information was provided. Furthermore, we require our affiliates and subsidiaries to uphold and maintain BSC’s policies with respect to privacy and the treatment of your personal data in accordance with applicable laws and regulations.
On our Sites, we make information available to third parties so that they may provide us with services. Please read the following section on Cookies & Similar Technologies for additional information.
Opt-out of marketing communications and feedback deletion
To "opt-out" of receiving marketing or promotional communications, please follow the unsubscribe instructions included in the specific communication.
If you wish to update or delete a testimonial you submitted, please contact us at firstname.lastname@example.org.
The information you post in publicly-accessible Site blogs or community forums may be read, collected, and used by others who access them. To request removal of your personal data from our blog or community forum, contact us at email@example.com. In some cases, we may not be able to remove your personal data, in which case we will let you know if we are unable to do so and why.
We retain your information while your account is active or as needed to provide you with products, services or relevant information. After such time, we may continue to retain and use your information as necessary to comply with our legal, regulatory and ethical obligations, resolve disputes, exercise our rights, conduct internal research, maintain records, and enforce and comply with our agreements.
BSC deploys physical, technical, and procedural safeguards designed to protect the personal data we collect. However, we cannot guarantee the security of your information, and the transmission of information via the internet, including by email, cannot be guaranteed. Please email any Site or application security questions to firstname.lastname@example.org.
This Policy applies only to BSC Sites and applications that link to this Policy. Our Sites include links to both our affiliated sites and to non-BSC web sites, including access to content, products and services of such affiliated and non-affiliated sites (Other Sites). BSC is not responsible for the privacy practices of Other Sites. You should directly contact these Other Sites to read their privacy policies and for more information about their practices.
Our Sites and applications are not intended for use by individuals under the age of 18, and BSC does not knowingly collect personal data from those in this age group. If you are under 18, please discontinue the use of our Sites and applications. If we become aware that someone under the age of 18 has registered, we will expunge any related personal data from our records.
State privacy information
Residents of any state may issue requests to exercise the rights listed below. Our response to your request may vary depending on your state of residence
- Right to Access. You may be entitled to request that we disclose to you the specific pieces of your personal data that we have collected about you in a portable and, to the extent technically feasible, readily usable format.
- Right to Know. You may have the right to confirm that we have collected personal data about you and know what personal data we have collected about you, including, as applicable, the categories of personal data we have collected, the sources from which we collected that personal data, the business or commercial purposes for which we collected, sold, and shared that personal data, the categories of personal data that we sold, shared, or disclosed to third parties for business purposes and the categories of third parties to whom we sold, shared or disclosed personal data.
- Right to Deletion. You may be entitled to request that we delete the personal data that we have collected from you. We will use commercially reasonable efforts to honor your request, in compliance with applicable laws. Please note, however, that we may need or be required to keep such information, such as for our legitimate business purposes or to comply with applicable law.
- Right to Opt-Out of Sales of Personal Information. You may be entitled to opt out of sales of your personal data to third parties, where we disclose personal data to other entities for valuable consideration.
- Right to Opt-Out of Targeted Advertising. You may be entitled to opt out of our processing of personal data for certain targeted advertising.
- Right to Opt-Out of Profiling. You may be entitled to opt out of certain processing that has legal or similarly significant effects on you.
- Right to Correct. You may request that we correct personal data that we hold about you.
- Right to Non-Discrimination. You have the right not to receive discriminatory treatment if you exercise the rights conferred to you by applicable privacy law.
How to exercise your rights
If you would like to exercise one of your rights or exercise rights on behalf of someone else, please contact us by:
- Emailing email@example.com
- Calling 1 (888) 914-9661 and entering PIN#: 554 415
- Or visiting Consumer Data Request Form
Please provide us with a description of the information we require to address your rights request, including your name, email address, phone number, and the nature of your request.
To process your requests to Know, Access, Delete, or Correct personal information, we must be able to verify your identity to a reasonable degree of certainty. To verify your identity, we will ask you to provide your contact information and additional identifiers based on your relationship with us. Before we process your request, we will match these data points with data points we currently maintain to verify your identity and your relationship with us.
When you use an authorized agent to submit a request, you must provide the authorized agent with written permission to do so, and, in certain circumstances, we may ask you to verify your own identity directly with us. We may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf. Authorized agents may use the channels listed above to submit requests.
You may also contact us using these methods to appeal any decision we make relating to your request to exercise your rights.
BSC CDx may, in its sole discretion, update this Policy by posting the amended Policy on this Site. We will notify you prior to the changes, where required, of material Policy changes via your account email address or by a Site notice.
This Policy was last updated on February 8, 2024.
Please direct privacy-related issues, questions, comments or complaints to one of the following:
Boston Scientific Corporation
Global Privacy Office/Legal
300 Boston Scientific Way
Marlborough, MA 01752 (USA)