Privacy Notices

Find here a list of AstraZeneca companies, including their business contact information, such as their email address, mailing address, and telephone number(s), as applicable. 

• From you directly, such as when you:
  • use our websites, attend a virtual event or webcast, or complete an online survey;
  • attend one of our live meetings, such as advisory boards, congresses, or conferences;
  • create or maintain an account on one of our websites, platforms, applications, or systems;
  • register to receive promotional materials from us;
  • share adverse events or medical information enquiries with us (in the event you report an adverse event related to an AstraZeneca product, please review the adverse event reporting notice for your relevant country, to get further information on how we process your personal data in that context);
  • write to us or contact us with questions or comments;
• Automatically from your device when you use one of our platforms, websites, applications, or systems, or when you open an email from us for which we collect email open rate metrics;
• From other sources (where permitted by and in accordance with applicable law) including:
  • public sources such as official registers, hospital websites, healthcare provider directories and social media;
  • joint marketing partners or partners in joint scientific projects;
  • third parties providing services to the healthcare sector, including third-party providers of demographic data and directories;
  • patient organizations;
  • career social networking sites; and
  • social media platforms when you publicly share opinions about AstraZeneca or mention an AstraZeneca product in a comment.  

The table below lists the purposes for which we may collect and use your personal data, the categories of personal data we may collect and use, and, for those jurisdictions that require a “legal basis”, the legal basis we rely on.  

Regarding legal basis, some countries do not allow us to rely on legitimate interest to use your personal data, in which case we may rely on another legal basis such as your consent. We will ask for your consent to collect and use your personal data where required by and in accordance with applicable law. We do not typically collect or process personal data from healthcare professionals that is considered sensitive under applicable privacy and data protection laws. If we do so, or if you provide such information to us voluntarily, we will handle such information to fulfill the limited purpose(s) for which it was collected or provided in accordance with applicable laws.  

We may use artificial intelligence when processing your personal data. When artificial intelligence is used, we adhere to applicable laws, including obtaining and your consent to use artificial intelligence where required by applicable law. 

You are free to choose not to provide us with your personal data when we ask for it. However, if you choose not to provide us with your personal data, it may limit or prevent us from assisting you, responding to your request(s), providing you with the services you have requested, or entering into a collaboration with you, among other things. 

 
We may process your personal data for other purposes not listed above where such processing is at your direction or with your consent. 

• Other AstraZeneca group companies, including our affiliates and subsidiaries. You can find a list of AstraZeneca companies here.
• Service providers, such as:
  • IT providers for the purposes of system management and maintenance, system security and improvement, development, testing, technical support, and data hosting.
  • Web analytics service providers using cookies to analyze patterns and information about your use of our websites, as further explained in the cookie notice (and/or cookie consent interface) on the AstraZeneca website you are visiting. Some of our websites may use Google Analytics, provided by Google, Inc. (“Google”). More information on Google Analytics. You may choose to opt-out of having your data used by Google Analytics. 
  • Event agencies that help us organize conferences and other events, for example, send out invitations, prepare participant lists, and select speakers.
  • Market research companies to include you in our surveys or other scientific opportunities to obtain insights about your experience with our products or services.
  • Marketing consultants that help us send you materials about our products by mail, email, or other channels.
  • Advertising companies to serve you ads online.
• Healthcare service providers and other pharmaceutical companies who partner with us to conduct research into diseases and develop products to treat them, including participation in scientific events, clinical studies, and advisory bodies.
• Auditors and consultants to verify our compliance with internal and external requirements.
• Statutory bodies, law enforcement agencies, legal advisors and litigants.
• A successor or business partner to AstraZeneca or to an AstraZeneca group company in the event that it sells, divests or sets up a collaboration or joint venture for all or part of its business, or in the context of some other type of corporate transaction.
• Other third parties providing services on our behalf.
• To other third parties at your direction or with your consent.  

The entities with whom we share personal data may be located in different jurisdictions globally. When we transfer your personal data across borders, we do so in compliance with applicable privacy and data protection laws. 

Where required by law, we rely on contracts to ensure that the entity receiving your personal data complies with applicable data protection laws. Such contractual arrangements include, for example, AstraZeneca's Binding Corporate Rules and Standard Contract Clauses, or equivalent instruments approved by a competent supervisory authority. You can request information and a copy of the Standard Contract Clauses used by AstraZeneca by contacting us at Privacy@astrazeneca.com. 

Where required by applicable privacy and data protection laws, we will ask for your consent before transferring your personal data to another jurisdiction. 

Law enforcement, regulatory and security authorities or courts in the jurisdictions to which we transfer your personal data may have a right to access your personal data in accordance with applicable laws. 

We have implemented a variety of privacy and security policies, measures, and technologies to help protect your personal data from a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. In particular, AstraZeneca has implemented physical security controls and developed and implemented robust data transmission and storage systems designed to ensure an appropriate level of security and protection of personal data.  

We have a dedicated process for carefully selecting the service providers and partners we work with, which includes verifying that they have appropriate technical and organizational security measures in place to protect your personal data. We also confirm that these service providers and partners are able to comply with the obligations they have undertaken in the data processing and sharing agreements we sign with them. 

If you suspect or believe that your interactions with us are no longer secure, please contact us as soon as possible. See the “contact us” section below. 

You may have the following rights in relation to your personal data: 

• Right to obtain information on how we use your personal data, including the purposes for which we use it, with whom we share it, how long we retain it, and so forth;
• Right to access to the personal data we hold about you, including receive a copy of your personal data;
• Right to have us correct any inaccuracies in the personal data we hold about you (for example, because it is incomplete or out of date);
• Right to have us delete (erase) your personal data;
• Right to have us transmit the personal data you have provided to us about yourself to a third party;
• Right to object to our use of your personal data (for example, for direct marketing);
• Right to receive meaningful information about the logic involved in any automated decisions we take about you, and the right to be informed of the significance and the envisaged consequences of that decision;
• Right to withdraw any consent you may have given to the collection or use of your personal data; and
• Any other right recognized by applicable data protection law.  

If you want to exercise these rights, please use AstraZeneca’s dedicated online platform. When doing so, please note the following: 

• We may ask you to provide proof that you are who you say you are if we have any doubts about your identity. For example, we may ask you to verify certain data we have about you or, in some cases, to show us your ID.
• If you are making the request on behalf of someone else, we may ask you to provide proof that you have been authorized by that other person to make the request on their behalf.
• We will delete any proof of your identity as soon as we are satisfied that you are who you say you are, or that you are in fact representing someone else. 

In addition to the above rights, you may also have the right to complain to your local data protection authority, depending on the applicable law. 

You can also contact our Data Protection officer at Privacy@astrazeneca.com or by mail at: Global Data Protection Officer, AstraZeneca 1 Francis Crick Avenue, Cambridge Biomedical Campus, Cambridge, CB2 0AA, United Kingdom. 

If you want to exercise your rights, please use our dedicated online platform. 

This US Supplemental Privacy Notice (“Supplemental Notice”) applies to personal information collected by AstraZeneca and AstraZeneca group companies (“we,” “us,” “our”) about individuals residing in certain jurisdictions in the United States and describes our practices regarding the collection, use, and disclosure of such personal information. Specifically, this Supplemental Notice applies to consumers and healthcare professionals residing in California whose personal information is processed by AstraZeneca, as well as consumers in other states across the U.S. such as Colorado, Oregon, and Delaware, to the extent such states have comprehensive privacy laws that apply to AstraZeneca’s processing of their personal information. We also provide a “Consumer Health Data Privacy Notice” addressed to consumers in Nevada, Washington, and other states with similar consumer health data laws. 

This Supplemental Notice should be read in conjunction with any underlying privacy notices that link to or refer to this Supplemental Notice, and such other privacy notices provide further details about the processing of your personal information. 

II. What personal information do we collect and how do we use it?

SOURCES OF PERSONAL INFORMATION

We and authorized third parties collect personal information in a variety of ways, including from the following sources (as applicable):

• Directly from you
• From other sources, such as: 
  • Joint marketing partners
  • Public databases
  • Data brokers
  • Providers of demographic data
  • Publications
  • Professional organizations
  • Social media platforms
  • Caregivers
  • Healthcare providers & insurance companies
  • Third parties who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services
  • Third parties who facilitate, process, and complete transactions for us, such as resellers, sales agents, and program partners
  • Consumer reporting agencies and other third parties who verify the information you provide
  • Third parties who provide website and online security services, fraud prevention, dedication, and mitigation services, or help us maintain our data

  • Other third parties when they share the information with us

     

• Automatically, such as through cookies, pixels, tags, scripts, and or similar technologies (“Cookies”) that provide us with information about your use of our websites, mobile applications, emails, and other online services and interactions (collectively, our “Digital Properties”)
• Any other sources we inform you of at the time we collect your personal information

CATEGORIES OF PERSONAL INFORMATION

Depending on the nature of our interactions with you in the prior 12 months, we and authorized third parties may have collected and processed the following categories of personal information about you: 

• Identifiers and contact information such as name, alias, online identifiers, account name, address, company-generated identification number, email, mailing address, and phone number
• Records about you, such as financial information (e.g., to determine eligibility for patient assistance programs)
• Audio, electronic, visual, or other sensory information, such as video recordings
• Demographic information, such as age, date of birth, and gender
• Internet or other electronic network activity information, such as IP address, browser type, device type, operating system, dates and times you access our services, browsing history, and other information about your interactions with our Digital Properties, including our advertisements
• Geolocation data, such as location information derived from an IP address or an address you provide
• Inferences, such as notes drawn from any of the personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics
• Sensitive personal information, including the following:
  • Racial or ethnic origin
  • Information about your health, including mental and physical health information or conditions
  • Insurance policy information
  • Genetic information, such as when you participate in a clinical trial
• Any other personal information we inform you of at the time of collection

PURPOSES FOR PROCESSING PERSONAL INFORMATION

We may use any of the above categories of data:

• To provide you or your company products and services, such as making our Digital Properties and other products and services available to you; registering, verifying, and maintaining your account with us; providing and delivering you the goods and services you request; providing customer service; processing or fulfilling orders and transactions (including processing payments); verifying customer information and eligibility for certain programs or benefits; communicating with you (including soliciting feedback or responding to requests, complaints, and inquiries); hosting informational webinars; and providing similar services or otherwise facilitating your relationship with us.
• For our internal business purposes, such as day-to-day operation of our business; maintaining internal business records, such as accounting, document management and similar activities; enforcing our policies and rules; management reporting; auditing; and IT security and administration.
• For our internal research and product improvement purposes, such as verifying or maintaining the quality or safety of our products or services; improving our products or services; designing new products and services; developing and improving algorithms, artificial intelligence or machine learning tools and models; evaluating the effectiveness of our advertising or marketing efforts; and debugging and repairing errors with our systems, networks, and equipment.
• For marketing and targeted advertising, such as marketing our products or services or those of our affiliates, business partners, or other third parties.  For example, we may use Personal Data we collect to personalize advertising to you (including by developing product, brand, or services audiences and identifying you across devices/sites); to analyze interactions with us or our Digital Properties; or to send you newsletters, surveys, questionnaires, promotions, or information about events or webinars.  You can unsubscribe from our email marketing via the link in the email, by responding “STOP” to the text message, or by contacting us using the information in Section 9 (Contact Information) below.
• In connection with a corporate transaction, such as if we acquire assets of another business, or sell or transfer all or a portion of our business or assets including through a sale in connection with bankruptcy and other forms of corporate change.
• For legal, safety or security reasons, such as complying with legal, reporting, and similar requirements; investigating and responding to claims against us, our personnel, and our customers; for the establishment, exercise or defense of legal claims; protecting our, your, our customers’, and other third parties’ safety, property or rights; detecting, preventing, and responding to security incidents and health and safety issues and protecting against malicious, deceptive, fraudulent, or illegal activity.
• In connection with a corporate transaction, such as if we acquire assets of another business, or sell or transfer all or a portion of our business or assets including through a sale in connection with bankruptcy and other forms of corporate change.
• To otherwise accomplish our business purposes and objectives
• Any other purposes we inform you of at the time we collect the information

Additionally, we process the following categories of personal information, including sensitive personal information, for the following business and commercial purposes, unless otherwise prohibited by applicable law:

III. To whom do we disclose your personal data?

We may disclose or grant access to your personal information for the abovementioned purposes with the following categories of third parties:

• Service Providers We may disclose your personal information to third parties who work on our behalf to provide certain services, for example, entities that provide us with research services, data storage, data analysis and processing, distribution, patient support, IT and data security, and legal services. 

   

• Business Partners. We also may disclose your data to our business partners or allow our business partners to collect your data, for example: 
  • Researchers with whom we collaborate, companies with whom we co-develop a therapy, and companies with whom we co-promote a product or third-party companies managing our in-countries operations; 
  • Data analytics providers
  • Advertising networks
  • Marketing partners
  • Social media networks
  • Third parties whose Cookies we use as described in the section “What are cookies and how are they used?” below

Where recipients use your personal information for their own purposes independently from us, we are not responsible for their privacy practices or personal information processing policies.  You should consult the privacy notices of those third-party services for details on their practices.

• Affiliates and Subsidiaries. Our affiliates and subsidiaries may receive the information we collect directly from you, other people and organizations, public sources, and automatically for business purposes. We may disclose your personal information to, for example, current and future companies within the AstraZeneca group of companies so we can improve our offerings and share relevant information with you.

   

• Corporate Transactions. We may disclose all the information we collect in connection with a business transfer or sale, for example, as part of a sale, assignment, or transfer of an AZ business or asset, acquisition of or merger with another entity, bankruptcy or other types of corporate transactions.

   

• Government Requests and to Comply with the Law. We also may disclose any of the information we collect in response to requests from government or law enforcement agencies, or where required or permitted by applicable laws, court orders, or government regulations, for example, in response to a subpoena or regulatory inquiry.

   

• Defend Legal Rights and Interests and Other Legal, Safety, or Security Reasons. We may disclose all the information we collect to protect rights and interests, for example, when needed for corporate audits, to investigate or respond to a complaint or threat, or to exercise our legal rights.

   

We may disclose any of the personal information we collect for other purposes we inform you of at the time of collection or disclosure. 

SALES AND SHARING OF PERSONAL INFORMATION

Certain state privacy laws define “sale” broadly as disclosing or making available personal information to a third party in exchange for “monetary or other valuable consideration,” and “sharing” as “disclosing or making available personal information to a third party for purposes of cross-context behavioral advertising” (or similar definitions for “targeted advertising” under such laws). Our activities may involve disclosing or enabling access to certain categories of personal information by third parties which may meet the definition of “sale,” “share,” or “targeted advertising” under such state privacy laws. 

The categories of personal information that we may have “sold” or “shared” or disclosed for “targeted advertising” in the prior twelve (12) months include:

• Identifiers
• Internet or other electronic network activity information
• Geolocation information
• Inferences
• Mental and physical health information or conditions

The categories of third parties to whom we have sold or shared such information for targeted advertising include:

• Data analytics providers
• Advertising networks
• Marketing partners
• Social media networks
• Third parties whose Cookies we use as described in section “What are cookies and how are they used?” below

Subject to applicable law, you may have the right to opt out of such “sale,” “sharing,” and “targeted advertising” as described under the section “What are your data protection rights?” below.

We do not knowingly share or sell the personal information of individuals under 16 years of age or share such information for purposes of targeted advertising.

IV. How long do we keep your personal information?

We retain your personal information for as long as necessary to fulfill the purpose(s) for which it was collected, as well as to meet Company and legal requirements on processing personal information. 

V. What are your data protection rights?

Residents of certain states in the U.S., such as California, Colorado, Oregon, and Delaware, have rights with respect to their personal information, which vary by state. Accordingly, you may be entitled under applicable law (and subject to applicable limitations and exemptions) to request:

• Access to the personal information we have about you and related information about our processing of such information (including in relation to third parties), including the categories of personal information we have collected about you, the categories of sources from which we collected the information, the purposes for collecting, selling, or sharing the information, and to whom we have disclosed your personal information and why.  You may also request the specific pieces of personal information we have about you, in a portable format where applicable. Residents of certain states, such as Oregon, Minnesota, and Maryland, may also request a specific list of third parties to whom we disclose your personal information.
• Deletion of your personal information
• Correction of personal information that is inaccurate, incomplete, or not up to date
• Opt-out of the “sale,” “sharing,” or processing of your personal information for targeted advertising. You can exercise this right by clicking the link called “Your Privacy Choices” in the footer of any AZ US website and following all steps in the webform.  To the extent required by law, we will honor opt-out preference signals sent in a format commonly used and recognized by businesses, such as an HTTP header field or JavaScript object. We will process opt-out preference signals at the browser level. 
• Opt-out for the purposes of profiling: you may have the right to opt-out of processing of personal information for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects.

• Right to Limit Use and Disclosure of Sensitive Personal Information.  You have the right to limit the use and disclosure of your sensitive personal information for targeted advertising by opting out of optional marketing cookies in the webpage cookie banner. Users from certain states may not see the Marketing and Targeted Advertising Cookies toggle because these cookies are always off for patient-facing sites in those jurisdictions.

   

You may exercise the privacy rights applicable to you under state law (if any) by submitting a request to AstraZeneca at www.astrazenecapersonaldataretention.com or by calling us at 1-800-236-9933. In some instances, we may decline your request if an exception applies under applicable law. 
 

Verification of Request: To process rights requests, we may need to obtain information to locate you in our records or verify your identity depending on the nature of the request. 

• For requests to opt-out of sale, sharing, and targeted advertising: We collect your name, email address, and state of residence to locate you in our records.
• For requests to access, deletion, and correction: We collect information necessary to verify your identity and that you are a resident of a state that provides for these rights, including name, email address, country and state of residence, , and details on the nature of your relationship with AstraZeneca. 

Appeals: To appeal our decision on your data subject requests, you may contact us at privacyrequests@astrazeneca.com. Please enclose a copy of, or otherwise specifically reference, the decision you want to appeal. We will respond to your appeal in accordance with applicable law.

Non-Discrimination and Non-Retaliation: We will not discriminate or retaliate against you for exercising your data subject rights, although some of the functionality and features available on our services may change or no longer be available to you.

Use of an Authorized Agent: You may designate an authorized agent to make a request on your behalf by drafting, signing, and authenticating a letter that makes clear (i) the identity of your agent and (ii) the purposes for which you are appointing the agent. Authorized agents can exercise rights on your behalf by submitting a request at www.astrazenecapersonaldataretention.com. 

• If you designate an authorized agent to submit a request to opt out of sale, sharing, and targeted advertising, we may seek additional information directly from the authorized agent to process the request, such as the authorized agent’s first and last name and email address and the letter described above.
• If you designate an authorized agent to submit a request to access, deletion, or correction, we may reach out to you directly to verify your own identity or to confirm that you provided the authorized agent with permission to submit the request.

Disclosure About Direct Marketing for California Residents. California residents may opt out of the disclosure of personal information subject to California Civil Code § 1798.83 to other entities for their direct marketing purposes by clicking the link called “Your Privacy Choices” on any AZ US website and following all instructions for opting out of disclosures that may be a “sale” or “sharing” for targeted advertising.

VI. What are cookies and how are they used? 

Our Digital Properties and authorized third parties use Cookies to collect information about you, your device, and how you interact with our Digital Properties. This section contains additional information about:

• The types of Cookies we use and the purposes for which we use them
• The types of information we collect using these technologies
• How we disclose or make information available to others

• Choices you may have regarding these technologies

   

Types of Cookies

We and the third parties that we authorize may use:

• Cookies, which are a type of technology that install a small amount of information on a user’s computer or other device when they visit our Digital Properties. 
• Pixels, web beacons, and tags, which are types of code or transparent graphics that contain a unique identifier.  In addition to the uses described below, these technologies provide information about interactions with our Digital Properties (including communications such as email we may send to you) and help us customize our marketing activities.  In contrast to cookies, which are stored on a user's device hard drive, pixels, web beacons, and tags are embedded invisibly on our Digital Properties. 
• Session replay tools, which record your interactions with our Digital Properties, such as how you move throughout our Digital Properties and engage with our webforms. In addition to the uses described below, this information helps us improve our Digital Properties and identify and fix technical issues visitors may be having with our Digital Properties.
• Embedded scripts and SDKs, which allow us to build and integrate custom experiences on our Digital Properties. Embedded scripts are temporarily downloaded onto your device from our web server, or from a third party with which we work, and are active only while you are connected to our Digital Properties and are deleted or deactivated thereafter.

We may use both first-party Cookies, which are set by us, and third-party Cookies, which are set by other parties.  Some of the Cookies we use may last solely for your browsing session and are deleted when you close your browser, while others are persistent and stored after you close your browser.

Purposes for Using Cookies

We and authorized third parties use these technologies for purposes including:

• Site Delivery, These cookies are always active and enable website operations, such as page navigation and access to secure areas of the website, and some allow us to deliver website services, such as count visits and traffic sources so we can measure and improve the performance of our sites. Some of these cookies are set in response to the setting of privacy preferences or the completion of forms. Through your browser, you may decline certain cookies, but necessary site functionality may cease to work.
• Functional, These cookies enable the website to provide enhanced functionality, aid site personalisation, maintain user-selected options and site navigation aids. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. 
• Performance and Operational, These cookies allow us to count visits and traffic sources, perform customer surveys and other web analytics, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. The information these cookies collect is aggregated and in some instances limited identifiable data may be collected. 

• Marketing and Targeted Advertising, These cookies are used to track our visitors browsing habits and activity across our websites. They can be used to build up a profile of search and/or browsing history for every visitor. Identifiable or unique data may be collected which enables us to show you relevant/personalized marketing content. We do not store directly personal information, but information that uniquely identify your browser and internet device and use this to display targeted advertising and/or share this data with third parties for the same purpose. If you do not allow these cookies, you will experience less personalized marketing content and targeted advertising.

   

Types of Data Collected

These Cookies collect data about you and your device, which may include IP address, approximate location, cookie ID, device ID, Ad ID, operating system, device type, device settings and other device information, browser used, browser history, search history, pages viewed, search queries, and information entered into webforms, and information about how you interact with our Digital Properties (such as pages on our Digital Properties that you have viewed).

Where cookies provide deidentified or aggregate information, AZ will not attempt to reidentify the information and will implement reasonable measures to ensure that the data cannot be associated with the individual.

Disclosures of Data

We may disclose information to third parties or allow third parties to directly collect information using Cookies on our Digital Properties, such as social media networks, advertising networks, data analytics providers (including providers of ad tracking and reporting services), and others that help us operate our business and Digital Properties

Companies that provide certain third-party apps, tools, widgets, and plug-ins that may appear on the Digital Properties (for example, Facebook “Like” or “Share” buttons), also may use automated means to collect information regarding your interactions with these features. This information collection is subject to the privacy policies or notices of those third parties.

Your Privacy, Targeted Advertising, and Opt-Out Choices

• Blocking cookies. If you want to disable the use of certain specific Cookies or remove them from your device, you can disable or delete them using your browser settings.  Please be aware that not all Cookies can be deleted through browser settings.  Please refer to your browser’s Help instructions to learn more about how to manage Cookies, or use the following links for instructions for commonly used browsers: Apple Safari; Google Chrome; Microsoft Edge; and Mozilla Firefox. Visitors to our websites and services who disable Cookies will be able to browse the site, but some features may not function.
• Disabling local shared objects. We may use other kinds of local storage that function similarly but are stored in different parts of your computer from ordinary browser cookies. Browsers such as Chrome may allow you to disable its local storage or delete information contained in its HTML5 local storage. Chrome provides the ability to block HTML5 Local Storage as part of its cookie-blocking functionality.
• Options concerning third-party ad networks. Some of the third parties we work with participate with the Digital Advertising Alliance (“DAA”).  The DAA provides a mechanism for you to opt out of interest-based advertising performed by participating members at https://youradchoices.com/.  The DAA also offers an application called AppChoices (https://youradchoices.com/appchoices) that helps users to control interest-based advertising on mobile apps. Opting out of interest-based advertising will not opt you out of all advertising, but rather only interest-based advertising from participating companies.  If you are using a mobile device, you can manage interest-based ads on your device by adjusting the settings provided by your device manufacturer or the operating system provider: Manage settings on iOS devices; and Manage settings on Android devices. 
• “Do Not Track” Signals. Your browser settings may allow you to automatically transmit a “do not track” signal to websites and online services you visit. At this time there is no consensus among industry participants as to the meaning of “do not track” in this context. Like many other websites, our Digital Properties are not configured to respond to “do not track” signals from browsers. Click here to learn more about “do not track” signals.
• Social Network and Platform Integration. The Digital Properties may be integrated with social media networks and other platforms whereby information may be shared between us and those platforms. For instance, if you interact with our Digital Properties through a social media feature such as a plug-in, then we may have on-going access to certain information from that social media account. Please review the privacy policy and privacy settings of the applicable social media property before using such features on our Digital Properties.

Using the resources above does not mean you will no longer receive any advertising through our Digital Properties or on other websites. You may continue to receive ads, for example, based on the particular site that you are viewing (i.e., context-based ads).

HOW TO CONTACT US

If you have any questions, comments, requests, or concerns related to this Supplemental Notice, AstraZeneca’s US privacy practices, or how to access this notice in another format, please contact AstraZeneca at:

Global Data Protection Officer
AstraZeneca Middlewood Court, Silk Road
Macclesfield, Cheshire SK10 2NA
United Kingdom
 

privacy@astrazeneca.com

1-800-236-9933

UPDATES TO THIS SUPPLEMENTAL PRIVACY NOTICE

We reserve the right to amend this Supplemental Notice at our discretion and at any time. When we make material changes to this Supplemental Notice, we will notify you by posting an updated Supplemental Notice on our website and listing the effective date of such updates.

VII. Consumer Health Data Privacy Notice

This Consumer Health Data Privacy Notice provides additional disclosures with respect to consumer health data regulated by the Nevada Consumer Health Data Privacy Law, Washington My Health My Data Act, and other similar state laws. This Consumer Health Privacy Notice supplements any underlying privacy notices that link to or refer to this Consumer Health Privacy Notice, and such notices provide further details about the processing of your personal information. 

AstraZeneca and AstraZeneca group companies (“we,” “us,” “our”) is committed to protecting the privacy of Consumer Health Data (i.e., personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status). 

1. Consumer Health Data We Collect, Use, and Share

We may collect, use, or share the following categories of Consumer Health Data:

• Information about mental and physical health status, including:
  • Individual health conditions or diseases
  • Social, psychological, behavioral, and medical interventions
  • Health-related surgeries or procedures
  • Use or purchase of prescribed medication
  • Bodily functions, vital signs, symptoms, or measurements of health information
  • Diagnoses or diagnostic testing, treatment, or medication
  • Genetic data
• Precise location information that could reasonably indicate a Consumer’s attempt to acquire or receive health services or supplies
• Data that identifies a Consumer seeking health care services

• Inferences of the above categories of health data derived or extrapolated from non-health information

   

2. Sources From Which We Collect Consumer Health Data

We may collect Consumer Health Data directly from you and from other sources including:

• Third parties providing services to the healthcare sector, including providers of demographic data, data analytics, marketing and advertising services, market research services, fraud detection and prevention services, payment processors, and so forth
• Healthcare providers, including specialty pharmacies
• Insurance companies and other payors
• Public databases, publications, and professional organizations
• Authorized/legal representatives, family members, and caregivers
• Joint marketing partners
• Social media platforms
• Third parties and Processors who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services
• Third parties and Processors who facilitate, process, and complete transactions for us, such as resellers, sales agents, and program partners
• Consumer reporting agencies and other Third parties who verify the information you provide
• Third parties and processors who provide website and online security services, fraud prevention, dedication, and mitigation services, or help us maintain our data
• Any other sources we inform you of in the underlying privacy notices or where such processing is at your direction with your consent

We also draw inferences from the information we collect from and about you, such as your preferences, characteristics, attributes, and abilities.

3. Uses of Consumer Health Data

We may use Consumer Health Data for business and commercial purposes as reasonably necessary to provide and maintain our products and services that you request from us or as otherwise permitted or required by applicable law, including to:

• Operate, manage, and maintain our business
• Provide, develop, improve, repair, and maintain our products and services
• Consider you for participation in one or more of our clinical trials
• Communicate with you
• Provide patient assistance programs
• Conduct research, analytics, and data analysis
• Undertake quality and safety assurance measures
• Conduct risk and security controls and monitoring
• Detect and prevent fraud
• Perform identity verification
• Perform accounting, audit, and other internal functions, such as internal investigations
• Comply with law, legal process, and internal policies
• Maintain records
• Exercise and defend legal claims
• Otherwise accomplish our business purposes and objectives
• Any other purposes we inform you of in the relevant privacy notice(s) 

We may also use your Consumer Health Data for other purposes where such processing is at your direction with your consent.

We may combine the information that we receive from the various sources described in this Consumer Health Privacy Notice, including third party sources, and use or disclose the combined information for the purposes described in this Consumer Health Privacy Notice.

4. Sharing of Consumer Health Data:

We may share Consumer Health Data described in Section 1 with affiliates, subsidiaries, and third parties as reasonably necessary to provide products or services or as otherwise required or permitted by law. The types of third parties we may share Consumer Health Data with include:

• Third parties and business partners. Third parties and business partners may receive the information we collect directly from you, other people and organizations, public sources, and automatically. We may disclose your Consumer Health Data to third parties who work on our behalf to provide certain services, for example, entities that provide us with research services, data storage, data analysis and processing, distribution, patient support, IT and data security, and legal services. We also may disclose your Consumer Health Data to our business partners, for example, researchers with whom we collaborate, companies with whom we co-develop a therapy, companies with whom we co-promote a product or third-party companies managing our in-countries operations, and so forth.
• Affiliates and Subsidiaries. Our affiliates and subsidiaries, including former and future companies within the AstraZeneca group, may receive Consumer Health Data. Information about affiliates can be found here:https://www.astrazeneca.com/global/en/AstraZeneca-Websites.html.
• Corporate Transactions. We may disclose Consumer Health Data in connection with a business transfer or sale, for example, as part of a sale, assignment, or transfer of an AstraZeneca business or asset, acquisition of or merger with another entity, or other types of corporate transactions.
• Government Requests and to Comply with the Law. We may disclose Consumer Health Data in response to requests from government or law enforcement agencies, or where required or permitted by applicable laws, court orders, or government regulations, for example, in response to a subpoena or regulatory inquiry.
• Defend Legal Rights and Interests. We may disclose Consumer Health Data to protect rights and interests, for example, when needed for corporate audits, to investigate or respond to a complaint or threat, or to exercise our legal rights.
• Any other third party we inform you of in the underlying privacy notices 

We may also share your Consumer Health Data for other purposes where such processing is at your direction with your consent.

5. Individual Rights

Applicable law may give you rights related to your Consumer Health Data, including the right to know what data we collect and use and who that data is shared with, the right to correct or delete your Consumer Health Data, the right to withdraw your consent to the collection or sharing of your Consumer Health Data, and the right to appeal our decision to deny any of these rights. 

To submit a request to exercise such rights with respect to your Consumer Health Data, to appeal a decision, or if you have questions about this Consumer Health Privacy Notice, you may contact us at any time through any of the following methods.

• Online. Our Privacy Request Form at: https://www.astrazenecapersonaldataretention.com/
• Mail. AstraZeneca, c/o US Privacy, 1800 Concord Pike, Wilmington, DE 19850
• Email. privacyrequests@astrazeneca.com
• Telephone. Toll-Free Number 1 800 236 9933

If your appeal is unsuccessful, you may raise a concern or file a complaint with the following:

• For Nevada residents, you can contact the Nevada State Attorney General at https://ag.nv.gov/Complaints/File_Complaint/.

• For Washington residents, you can contact the Washington State Attorney General at http://www.atg.wa.gov/file-complaint.

   

6. Changes to This Consumer Health Privacy Notice

We may update this Consumer Health Privacy Notice from time to time. Any updated Consumer Health Privacy Notice will be effective when posted. Please check this Consumer Health Privacy Notice periodically for updates. If required by law, we will contact you directly to provide you with an updated Consumer Health Privacy Notice.

Find here a list of AstraZeneca companies, including their business contact information, such as their email address, mailing address, and telephone number(s), as applicable. 

• From you directly, such as when you:
  • use our websites, attend a virtual event or webcast, or complete an online form or survey;
  • attend one of our live meetings, such as a scientific conference or promotional event, as well as when you visit one of our facilities with CCTV cameras;
  • register to receive marketing and promotional communications from us;
  • share adverse events or medical information enquiries with us (in the event you report an adverse event related to an AstraZeneca product, please review the adverse event reporting notice for your relevant country, to get further information on how we process your personal data in that context);
  • write to us or contact us with questions or comments, including when we record calls to our call centers after providing you advance notice;
• Automatically from your device when you use one of our platforms, websites, applications, or systems, or when you open an email from us from which we collect email open rate metrics;
• From other sources (where permitted by and in accordance with applicable law) including:;
  • third parties providing services to the healthcare sector, including providers of demographic data, data analytics, marketing and advertising services, market research services, fraud detection and prevention services, payment processors, and so forth;
  • healthcare providers and insurance companies;
  • public databases, publications and professional organizations;
  • authorized/legal representatives, family members, and caregivers;
  • joint marketing partners;
  • career social networking sites; and
  • social media platforms.  

The table below lists the purposes for which we may collect and use your personal data, the categories of personal data we may collect and use, and, for those jurisdictions that require a “legal basis”, the legal basis we rely on. 

Regarding legal basis, some countries do not allow us to rely on legitimate interest to use your personal data, in which case we may rely on another legal basis such as your consent. We will ask for your consent to collect and use your personal data where required by and in accordance with applicable law. Occasionally, we may process sensitive personal data about you – for example, if you voluntarily provide information about your physical or mental health as part of a request for information. In this case, we use such information only to respond to your inquiry and if applicable to provide you additional guidance (e.g. to inform you of your right to submit an adverse event report). Where we process sensitive personal data, we comply with applicable privacy and data protection laws.  

You are free to choose not to provide us with your personal data when we ask for it. However, if you choose not to provide us with your personal data, it may limit or prevent us from assisting you, responding to your request(s), or providing you with the products or services you have requested, among other things. 

 
We may process your personal data for other purposes not listed above where such processing is at your direction or with your consent.   

• Other AstraZeneca group companies, including affiliates and subsidiaries. 
• Service providers, such as: 
  • IT providers for the purposes of system management and maintenance; system security and improvement, development, testing, and technical support; data hosting, data storage, data analysis and processing; distribution; patient support and legal services; 
  • Web analytics service providers using cookies to analyze patterns and information about your use of our websites, as further explained in the cookie notice (and/or cookie consent interface) on the AstraZeneca website you are visiting. Some of our websites may use Google Analytics, provided by Google, Inc. (“Google”). More information on Google Analytics. You may choose to opt-out of having your data used by Google Analytics.  
  • providers of research services,  
  • Advertising companies to serve you ads online. 
• business partners, for example, researchers with whom we collaborate, companies with whom we co-develop a therapy, companies with whom we co-promote a product or third-party companies managing our in-countries operations; 
• Auditors and consultants to verify our compliance with internal and external requirements. 
• Statutory bodies, law enforcement agencies, legal advisors and litigants. 
• A successor or business partner to AstraZeneca or to an AstraZeneca group company in the event that it sells, divests or sets up a collaboration or joint venture for all or part of its business, or in the context of some other type of corporate transaction. 
• Other third parties providing services on our behalf. 
• To other third parties at your direction or with your consent.  

The entities with whom we share personal data may be located in different jurisdictions globally. When we transfer your personal data across borders, we do so in compliance with applicable privacy and data protection laws. 

Where required by law, we rely on contracts to ensure that the entity receiving your personal data complies with applicable data protection laws. Such contractual arrangements include, for example, AstraZeneca's Binding Corporate Rules and Standard Contract Clauses, or equivalent instruments approved by a competent supervisory authority. You can request information and a copy of the Standard Contract Clauses used by AstraZeneca by contacting us at Privacy@astrazeneca.com. 

Where required by applicable privacy and data protection laws, we will ask for your consent before transferring your personal data to another jurisdiction. 

Law enforcement, regulatory and security authorities or courts in the jurisdictions to which we transfer your personal data may have a right to access your personal data in accordance with applicable laws. 

We have implemented a variety of privacy and security measures and technologies to help protect your personal data from a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. In particular, AstraZeneca has developed and implemented robust data transmission and storage systems designed to ensure an appropriate level of security and protection of personal data. 

We have a dedicated process for carefully selecting the service providers and partners we work with, which includes verifying that they have appropriate technical and organizational security measures in place to protect your personal data. We also confirm that these service providers and partners are able to comply with the obligations they have undertaken in the data processing and sharing agreements we sign with them. 

If you suspect or believe that your interactions with us are no longer secure, please contact us as soon as possible. See the “contact us” section below. 

You may have the following rights in relation to your personal data: 

• Right to obtain information on how we use your personal data, including the purposes for which we use it, with whom we share it, how long we retain it, and so forth;
• Right to access to the personal data we hold about you, including receive a copy of your personal data;
• Right to have us correct any inaccuracies in the personal data we hold about you (for example, because it is incomplete or out of date);
• Right to have us delete (erase) your personal data;
• Right to have us transmit the personal data you have provided to us about yourself to a third party;
• Right to object to our use of your personal data (for example, for direct marketing);
• Right to receive meaningful information about the logic involved in any automated decisions we take about you, and the right to be informed of the significance and the envisaged consequences of that decision;
• Right to withdraw any consent you may have given to the collection or use of your personal data; and
• Any other right recognized by applicable data protection law.  

If you want to exercise these rights, please use AstraZeneca’s dedicated online platform. When doing so, please note the following: 

• We may ask you to provide proof that you are who you say you are if we have any doubts about your identity. For example, we may ask you to verify certain data we have about you or, in some cases, to show us your ID.
• If you are making the request on behalf of someone else, we may ask you to provide proof that you have been authorized by that other person to make the request on their behalf.
• We will delete any proof of your identity as soon as we are satisfied that you are who you say you are, or that you are in fact representing someone else. 

In addition to the above rights, you may have the right to complain to your local data protection authority, depending on the applicable law. You may also have the right to be notified in the event of a breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to your personal data, depending on applicable law. 

You can also contact our Data Protection officer at Privacy@astrazeneca.com or by mail at: Global Data Protection Officer, AstraZeneca 1 Francis Crick Avenue, Cambridge Biomedical Campus, Cambridge, CB2 0AA, United Kingdom. 

If you want to exercise your rights, please use our dedicated online platform. 

This US Supplemental Privacy Notice (“Supplemental Notice”) applies to personal information collected by AstraZeneca and AstraZeneca group companies (“we,” “us,” “our”) about individuals residing in certain jurisdictions in the United States and describes our practices regarding the collection, use, and disclosure of such personal information. Specifically, this Supplemental Notice applies to consumers and healthcare professionals residing in California whose personal information is processed by AstraZeneca, as well as consumers in other states across the U.S. such as Colorado, Oregon, and Delaware, to the extent such states have comprehensive privacy laws that apply to AstraZeneca’s processing of their personal information. We also provide a “Consumer Health Data Privacy Notice” addressed to consumers in Nevada, Washington, and other states with similar consumer health data laws. 

This Supplemental Notice should be read in conjunction with any underlying privacy notices that link to or refer to this Supplemental Notice, and such other privacy notices provide further details about the processing of your personal information. 

II. What personal information do we collect and how do we use it?

SOURCES OF PERSONAL INFORMATION

We and authorized third parties collect personal information in a variety of ways, including from the following sources (as applicable):

• Directly from you
• From other sources, such as: 
  • Joint marketing partners
  • Public databases
  • Data brokers
  • Providers of demographic data
  • Publications
  • Professional organizations
  • Social media platforms
  • Caregivers
  • Healthcare providers & insurance companies
  • Third parties who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services
  • Third parties who facilitate, process, and complete transactions for us, such as resellers, sales agents, and program partners
  • Consumer reporting agencies and other third parties who verify the information you provide
  • Third parties who provide website and online security services, fraud prevention, dedication, and mitigation services, or help us maintain our data

  • Other third parties when they share the information with us

     

• Automatically, such as through cookies, pixels, tags, scripts, and or similar technologies (“Cookies”) that provide us with information about your use of our websites, mobile applications, emails, and other online services and interactions (collectively, our “Digital Properties”)
• Any other sources we inform you of at the time we collect your personal information

CATEGORIES OF PERSONAL INFORMATION

Depending on the nature of our interactions with you in the prior 12 months, we and authorized third parties may have collected and processed the following categories of personal information about you: 

• Identifiers and contact information such as name, alias, online identifiers, account name, address, company-generated identification number, email, mailing address, and phone number
• Records about you, such as financial information (e.g., to determine eligibility for patient assistance programs)
• Audio, electronic, visual, or other sensory information, such as video recordings
• Demographic information, such as age, date of birth, and gender
• Internet or other electronic network activity information, such as IP address, browser type, device type, operating system, dates and times you access our services, browsing history, and other information about your interactions with our Digital Properties, including our advertisements
• Geolocation data, such as location information derived from an IP address or an address you provide
• Inferences, such as notes drawn from any of the personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics
• Sensitive personal information, including the following:
  • Racial or ethnic origin
  • Information about your health, including mental and physical health information or conditions
  • Insurance policy information
  • Genetic information, such as when you participate in a clinical trial
• Any other personal information we inform you of at the time of collection

PURPOSES FOR PROCESSING PERSONAL INFORMATION

We may use any of the above categories of data:

• To provide you or your company products and services, such as making our Digital Properties and other products and services available to you; registering, verifying, and maintaining your account with us; providing and delivering you the goods and services you request; providing customer service; processing or fulfilling orders and transactions (including processing payments); verifying customer information and eligibility for certain programs or benefits; communicating with you (including soliciting feedback or responding to requests, complaints, and inquiries); hosting informational webinars; and providing similar services or otherwise facilitating your relationship with us.
• For our internal business purposes, such as day-to-day operation of our business; maintaining internal business records, such as accounting, document management and similar activities; enforcing our policies and rules; management reporting; auditing; and IT security and administration.
• For our internal research and product improvement purposes, such as verifying or maintaining the quality or safety of our products or services; improving our products or services; designing new products and services; developing and improving algorithms, artificial intelligence or machine learning tools and models; evaluating the effectiveness of our advertising or marketing efforts; and debugging and repairing errors with our systems, networks, and equipment.
• For marketing and targeted advertising, such as marketing our products or services or those of our affiliates, business partners, or other third parties.  For example, we may use Personal Data we collect to personalize advertising to you (including by developing product, brand, or services audiences and identifying you across devices/sites); to analyze interactions with us or our Digital Properties; or to send you newsletters, surveys, questionnaires, promotions, or information about events or webinars.  You can unsubscribe from our email marketing via the link in the email, by responding “STOP” to the text message, or by contacting us using the information in Section 9 (Contact Information) below.
• In connection with a corporate transaction, such as if we acquire assets of another business, or sell or transfer all or a portion of our business or assets including through a sale in connection with bankruptcy and other forms of corporate change.
• For legal, safety or security reasons, such as complying with legal, reporting, and similar requirements; investigating and responding to claims against us, our personnel, and our customers; for the establishment, exercise or defense of legal claims; protecting our, your, our customers’, and other third parties’ safety, property or rights; detecting, preventing, and responding to security incidents and health and safety issues and protecting against malicious, deceptive, fraudulent, or illegal activity.
• In connection with a corporate transaction, such as if we acquire assets of another business, or sell or transfer all or a portion of our business or assets including through a sale in connection with bankruptcy and other forms of corporate change.
• To otherwise accomplish our business purposes and objectives
• Any other purposes we inform you of at the time we collect the information

Additionally, we process the following categories of personal information, including sensitive personal information, for the following business and commercial purposes, unless otherwise prohibited by applicable law:

III. To whom do we disclose your personal data?

We may disclose or grant access to your personal information for the abovementioned purposes with the following categories of third parties:

• Service Providers We may disclose your personal information to third parties who work on our behalf to provide certain services, for example, entities that provide us with research services, data storage, data analysis and processing, distribution, patient support, IT and data security, and legal services. 

   

• Business Partners. We also may disclose your data to our business partners or allow our business partners to collect your data, for example: 
  • Researchers with whom we collaborate, companies with whom we co-develop a therapy, and companies with whom we co-promote a product or third-party companies managing our in-countries operations; 
  • Data analytics providers
  • Advertising networks
  • Marketing partners
  • Social media networks
  • Third parties whose Cookies we use as described in the section “What are cookies and how are they used?” below

Where recipients use your personal information for their own purposes independently from us, we are not responsible for their privacy practices or personal information processing policies.  You should consult the privacy notices of those third-party services for details on their practices.

• Affiliates and Subsidiaries. Our affiliates and subsidiaries may receive the information we collect directly from you, other people and organizations, public sources, and automatically for business purposes. We may disclose your personal information to, for example, current and future companies within the AstraZeneca group of companies so we can improve our offerings and share relevant information with you.

   

• Corporate Transactions. We may disclose all the information we collect in connection with a business transfer or sale, for example, as part of a sale, assignment, or transfer of an AZ business or asset, acquisition of or merger with another entity, bankruptcy or other types of corporate transactions.

   

• Government Requests and to Comply with the Law. We also may disclose any of the information we collect in response to requests from government or law enforcement agencies, or where required or permitted by applicable laws, court orders, or government regulations, for example, in response to a subpoena or regulatory inquiry.

   

• Defend Legal Rights and Interests and Other Legal, Safety, or Security Reasons. We may disclose all the information we collect to protect rights and interests, for example, when needed for corporate audits, to investigate or respond to a complaint or threat, or to exercise our legal rights.

   

We may disclose any of the personal information we collect for other purposes we inform you of at the time of collection or disclosure. 

SALES AND SHARING OF PERSONAL INFORMATION

Certain state privacy laws define “sale” broadly as disclosing or making available personal information to a third party in exchange for “monetary or other valuable consideration,” and “sharing” as “disclosing or making available personal information to a third party for purposes of cross-context behavioral advertising” (or similar definitions for “targeted advertising” under such laws). Our activities may involve disclosing or enabling access to certain categories of personal information by third parties which may meet the definition of “sale,” “share,” or “targeted advertising” under such state privacy laws. 

The categories of personal information that we may have “sold” or “shared” or disclosed for “targeted advertising” in the prior twelve (12) months include:

• Identifiers
• Internet or other electronic network activity information
• Geolocation information
• Inferences
• Mental and physical health information or conditions

The categories of third parties to whom we have sold or shared such information for targeted advertising include:

• Data analytics providers
• Advertising networks
• Marketing partners
• Social media networks
• Third parties whose Cookies we use as described in section “What are cookies and how are they used?” below

Subject to applicable law, you may have the right to opt out of such “sale,” “sharing,” and “targeted advertising” as described under the section “What are your data protection rights?” below.

We do not knowingly share or sell the personal information of individuals under 16 years of age or share such information for purposes of targeted advertising.

IV. How long do we keep your personal information?

We retain your personal information for as long as necessary to fulfill the purpose(s) for which it was collected, as well as to meet Company and legal requirements on processing personal information. 

V. What are your data protection rights?

Residents of certain states in the U.S., such as California, Colorado, Oregon, and Delaware, have rights with respect to their personal information, which vary by state. Accordingly, you may be entitled under applicable law (and subject to applicable limitations and exemptions) to request:

• Access to the personal information we have about you and related information about our processing of such information (including in relation to third parties), including the categories of personal information we have collected about you, the categories of sources from which we collected the information, the purposes for collecting, selling, or sharing the information, and to whom we have disclosed your personal information and why.  You may also request the specific pieces of personal information we have about you, in a portable format where applicable. Residents of certain states, such as Oregon, Minnesota, and Maryland, may also request a specific list of third parties to whom we disclose your personal information.
• Deletion of your personal information
• Correction of personal information that is inaccurate, incomplete, or not up to date
• Opt-out of the “sale,” “sharing,” or processing of your personal information for targeted advertising. You can exercise this right by clicking the link called “Your Privacy Choices” in the footer of any AZ US website and following all steps in the webform.  To the extent required by law, we will honor opt-out preference signals sent in a format commonly used and recognized by businesses, such as an HTTP header field or JavaScript object. We will process opt-out preference signals at the browser level. 
• Opt-out for the purposes of profiling: you may have the right to opt-out of processing of personal information for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects.

• Right to Limit Use and Disclosure of Sensitive Personal Information.  You have the right to limit the use and disclosure of your sensitive personal information for targeted advertising by opting out of optional marketing cookies in the webpage cookie banner. Users from certain states may not see the Marketing and Targeted Advertising Cookies toggle because these cookies are always off for patient-facing sites in those jurisdictions.

   

You may exercise the privacy rights applicable to you under state law (if any) by submitting a request to AstraZeneca at www.astrazenecapersonaldataretention.com or by calling us at 1-800-236-9933. In some instances, we may decline your request if an exception applies under applicable law. 
 

Verification of Request: To process rights requests, we may need to obtain information to locate you in our records or verify your identity depending on the nature of the request. 

• For requests to opt-out of sale, sharing, and targeted advertising: We collect your name, email address, and state of residence to locate you in our records.
• For requests to access, deletion, and correction: We collect information necessary to verify your identity and that you are a resident of a state that provides for these rights, including name, email address, country and state of residence, , and details on the nature of your relationship with AstraZeneca. 

Appeals: To appeal our decision on your data subject requests, you may contact us at privacyrequests@astrazeneca.com. Please enclose a copy of, or otherwise specifically reference, the decision you want to appeal. We will respond to your appeal in accordance with applicable law.

Non-Discrimination and Non-Retaliation: We will not discriminate or retaliate against you for exercising your data subject rights, although some of the functionality and features available on our services may change or no longer be available to you.

Use of an Authorized Agent: You may designate an authorized agent to make a request on your behalf by drafting, signing, and authenticating a letter that makes clear (i) the identity of your agent and (ii) the purposes for which you are appointing the agent. Authorized agents can exercise rights on your behalf by submitting a request at www.astrazenecapersonaldataretention.com. 

• If you designate an authorized agent to submit a request to opt out of sale, sharing, and targeted advertising, we may seek additional information directly from the authorized agent to process the request, such as the authorized agent’s first and last name and email address and the letter described above.
• If you designate an authorized agent to submit a request to access, deletion, or correction, we may reach out to you directly to verify your own identity or to confirm that you provided the authorized agent with permission to submit the request.

Disclosure About Direct Marketing for California Residents. California residents may opt out of the disclosure of personal information subject to California Civil Code § 1798.83 to other entities for their direct marketing purposes by clicking the link called “Your Privacy Choices” on any AZ US website and following all instructions for opting out of disclosures that may be a “sale” or “sharing” for targeted advertising.

VI. What are cookies and how are they used? 

Our Digital Properties and authorized third parties use Cookies to collect information about you, your device, and how you interact with our Digital Properties. This section contains additional information about:

• The types of Cookies we use and the purposes for which we use them
• The types of information we collect using these technologies
• How we disclose or make information available to others

• Choices you may have regarding these technologies

   

Types of Cookies

We and the third parties that we authorize may use:

• Cookies, which are a type of technology that install a small amount of information on a user’s computer or other device when they visit our Digital Properties. 
• Pixels, web beacons, and tags, which are types of code or transparent graphics that contain a unique identifier.  In addition to the uses described below, these technologies provide information about interactions with our Digital Properties (including communications such as email we may send to you) and help us customize our marketing activities.  In contrast to cookies, which are stored on a user's device hard drive, pixels, web beacons, and tags are embedded invisibly on our Digital Properties. 
• Session replay tools, which record your interactions with our Digital Properties, such as how you move throughout our Digital Properties and engage with our webforms. In addition to the uses described below, this information helps us improve our Digital Properties and identify and fix technical issues visitors may be having with our Digital Properties.
• Embedded scripts and SDKs, which allow us to build and integrate custom experiences on our Digital Properties. Embedded scripts are temporarily downloaded onto your device from our web server, or from a third party with which we work, and are active only while you are connected to our Digital Properties and are deleted or deactivated thereafter.

We may use both first-party Cookies, which are set by us, and third-party Cookies, which are set by other parties.  Some of the Cookies we use may last solely for your browsing session and are deleted when you close your browser, while others are persistent and stored after you close your browser.

Purposes for Using Cookies

We and authorized third parties use these technologies for purposes including:

• Site Delivery, These cookies are always active and enable website operations, such as page navigation and access to secure areas of the website, and some allow us to deliver website services, such as count visits and traffic sources so we can measure and improve the performance of our sites. Some of these cookies are set in response to the setting of privacy preferences or the completion of forms. Through your browser, you may decline certain cookies, but necessary site functionality may cease to work.
• Functional, These cookies enable the website to provide enhanced functionality, aid site personalisation, maintain user-selected options and site navigation aids. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. 
• Performance and Operational, These cookies allow us to count visits and traffic sources, perform customer surveys and other web analytics, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. The information these cookies collect is aggregated and in some instances limited identifiable data may be collected. 

• Marketing and Targeted Advertising, These cookies are used to track our visitors browsing habits and activity across our websites. They can be used to build up a profile of search and/or browsing history for every visitor. Identifiable or unique data may be collected which enables us to show you relevant/personalized marketing content. We do not store directly personal information, but information that uniquely identify your browser and internet device and use this to display targeted advertising and/or share this data with third parties for the same purpose. If you do not allow these cookies, you will experience less personalized marketing content and targeted advertising.

   

Types of Data Collected

These Cookies collect data about you and your device, which may include IP address, approximate location, cookie ID, device ID, Ad ID, operating system, device type, device settings and other device information, browser used, browser history, search history, pages viewed, search queries, and information entered into webforms, and information about how you interact with our Digital Properties (such as pages on our Digital Properties that you have viewed).

Where cookies provide deidentified or aggregate information, AZ will not attempt to reidentify the information and will implement reasonable measures to ensure that the data cannot be associated with the individual.

Disclosures of Data

We may disclose information to third parties or allow third parties to directly collect information using Cookies on our Digital Properties, such as social media networks, advertising networks, data analytics providers (including providers of ad tracking and reporting services), and others that help us operate our business and Digital Properties

Companies that provide certain third-party apps, tools, widgets, and plug-ins that may appear on the Digital Properties (for example, Facebook “Like” or “Share” buttons), also may use automated means to collect information regarding your interactions with these features. This information collection is subject to the privacy policies or notices of those third parties.

Your Privacy, Targeted Advertising, and Opt-Out Choices

• Blocking cookies. If you want to disable the use of certain specific Cookies or remove them from your device, you can disable or delete them using your browser settings.  Please be aware that not all Cookies can be deleted through browser settings.  Please refer to your browser’s Help instructions to learn more about how to manage Cookies, or use the following links for instructions for commonly used browsers: Apple Safari; Google Chrome; Microsoft Edge; and Mozilla Firefox. Visitors to our websites and services who disable Cookies will be able to browse the site, but some features may not function.
• Disabling local shared objects. We may use other kinds of local storage that function similarly but are stored in different parts of your computer from ordinary browser cookies. Browsers such as Chrome may allow you to disable its local storage or delete information contained in its HTML5 local storage. Chrome provides the ability to block HTML5 Local Storage as part of its cookie-blocking functionality.
• Options concerning third-party ad networks. Some of the third parties we work with participate with the Digital Advertising Alliance (“DAA”).  The DAA provides a mechanism for you to opt out of interest-based advertising performed by participating members at https://youradchoices.com/.  The DAA also offers an application called AppChoices (https://youradchoices.com/appchoices) that helps users to control interest-based advertising on mobile apps. Opting out of interest-based advertising will not opt you out of all advertising, but rather only interest-based advertising from participating companies.  If you are using a mobile device, you can manage interest-based ads on your device by adjusting the settings provided by your device manufacturer or the operating system provider: Manage settings on iOS devices; and Manage settings on Android devices. 
• “Do Not Track” Signals. Your browser settings may allow you to automatically transmit a “do not track” signal to websites and online services you visit. At this time there is no consensus among industry participants as to the meaning of “do not track” in this context. Like many other websites, our Digital Properties are not configured to respond to “do not track” signals from browsers. Click here to learn more about “do not track” signals.
• Social Network and Platform Integration. The Digital Properties may be integrated with social media networks and other platforms whereby information may be shared between us and those platforms. For instance, if you interact with our Digital Properties through a social media feature such as a plug-in, then we may have on-going access to certain information from that social media account. Please review the privacy policy and privacy settings of the applicable social media property before using such features on our Digital Properties.

Using the resources above does not mean you will no longer receive any advertising through our Digital Properties or on other websites. You may continue to receive ads, for example, based on the particular site that you are viewing (i.e., context-based ads).

HOW TO CONTACT US

If you have any questions, comments, requests, or concerns related to this Supplemental Notice, AstraZeneca’s US privacy practices, or how to access this notice in another format, please contact AstraZeneca at:

Global Data Protection Officer
AstraZeneca Middlewood Court, Silk Road
Macclesfield, Cheshire SK10 2NA
United Kingdom
 

privacy@astrazeneca.com

1-800-236-9933

UPDATES TO THIS SUPPLEMENTAL PRIVACY NOTICE

We reserve the right to amend this Supplemental Notice at our discretion and at any time. When we make material changes to this Supplemental Notice, we will notify you by posting an updated Supplemental Notice on our website and listing the effective date of such updates.

VII. Consumer Health Data Privacy Notice

This Consumer Health Data Privacy Notice provides additional disclosures with respect to consumer health data regulated by the Nevada Consumer Health Data Privacy Law, Washington My Health My Data Act, and other similar state laws. This Consumer Health Privacy Notice supplements any underlying privacy notices that link to or refer to this Consumer Health Privacy Notice, and such notices provide further details about the processing of your personal information. 

AstraZeneca and AstraZeneca group companies (“we,” “us,” “our”) is committed to protecting the privacy of Consumer Health Data (i.e., personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status). 

1. Consumer Health Data We Collect, Use, and Share

We may collect, use, or share the following categories of Consumer Health Data:

• Information about mental and physical health status, including:
  • Individual health conditions or diseases
  • Social, psychological, behavioral, and medical interventions
  • Health-related surgeries or procedures
  • Use or purchase of prescribed medication
  • Bodily functions, vital signs, symptoms, or measurements of health information
  • Diagnoses or diagnostic testing, treatment, or medication
  • Genetic data
• Precise location information that could reasonably indicate a Consumer’s attempt to acquire or receive health services or supplies
• Data that identifies a Consumer seeking health care services

• Inferences of the above categories of health data derived or extrapolated from non-health information

   

2. Sources From Which We Collect Consumer Health Data

We may collect Consumer Health Data directly from you and from other sources including:

• Third parties providing services to the healthcare sector, including providers of demographic data, data analytics, marketing and advertising services, market research services, fraud detection and prevention services, payment processors, and so forth
• Healthcare providers, including specialty pharmacies
• Insurance companies and other payors
• Public databases, publications, and professional organizations
• Authorized/legal representatives, family members, and caregivers
• Joint marketing partners
• Social media platforms
• Third parties and Processors who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services
• Third parties and Processors who facilitate, process, and complete transactions for us, such as resellers, sales agents, and program partners
• Consumer reporting agencies and other Third parties who verify the information you provide
• Third parties and processors who provide website and online security services, fraud prevention, dedication, and mitigation services, or help us maintain our data
• Any other sources we inform you of in the underlying privacy notices or where such processing is at your direction with your consent

We also draw inferences from the information we collect from and about you, such as your preferences, characteristics, attributes, and abilities.

3. Uses of Consumer Health Data

We may use Consumer Health Data for business and commercial purposes as reasonably necessary to provide and maintain our products and services that you request from us or as otherwise permitted or required by applicable law, including to:

• Operate, manage, and maintain our business
• Provide, develop, improve, repair, and maintain our products and services
• Consider you for participation in one or more of our clinical trials
• Communicate with you
• Provide patient assistance programs
• Conduct research, analytics, and data analysis
• Undertake quality and safety assurance measures
• Conduct risk and security controls and monitoring
• Detect and prevent fraud
• Perform identity verification
• Perform accounting, audit, and other internal functions, such as internal investigations
• Comply with law, legal process, and internal policies
• Maintain records
• Exercise and defend legal claims
• Otherwise accomplish our business purposes and objectives
• Any other purposes we inform you of in the relevant privacy notice(s) 

We may also use your Consumer Health Data for other purposes where such processing is at your direction with your consent.

We may combine the information that we receive from the various sources described in this Consumer Health Privacy Notice, including third party sources, and use or disclose the combined information for the purposes described in this Consumer Health Privacy Notice.

4. Sharing of Consumer Health Data:

We may share Consumer Health Data described in Section 1 with affiliates, subsidiaries, and third parties as reasonably necessary to provide products or services or as otherwise required or permitted by law. The types of third parties we may share Consumer Health Data with include:

• Third parties and business partners. Third parties and business partners may receive the information we collect directly from you, other people and organizations, public sources, and automatically. We may disclose your Consumer Health Data to third parties who work on our behalf to provide certain services, for example, entities that provide us with research services, data storage, data analysis and processing, distribution, patient support, IT and data security, and legal services. We also may disclose your Consumer Health Data to our business partners, for example, researchers with whom we collaborate, companies with whom we co-develop a therapy, companies with whom we co-promote a product or third-party companies managing our in-countries operations, and so forth.
• Affiliates and Subsidiaries. Our affiliates and subsidiaries, including former and future companies within the AstraZeneca group, may receive Consumer Health Data. Information about affiliates can be found here:https://www.astrazeneca.com/global/en/AstraZeneca-Websites.html.
• Corporate Transactions. We may disclose Consumer Health Data in connection with a business transfer or sale, for example, as part of a sale, assignment, or transfer of an AstraZeneca business or asset, acquisition of or merger with another entity, or other types of corporate transactions.
• Government Requests and to Comply with the Law. We may disclose Consumer Health Data in response to requests from government or law enforcement agencies, or where required or permitted by applicable laws, court orders, or government regulations, for example, in response to a subpoena or regulatory inquiry.
• Defend Legal Rights and Interests. We may disclose Consumer Health Data to protect rights and interests, for example, when needed for corporate audits, to investigate or respond to a complaint or threat, or to exercise our legal rights.
• Any other third party we inform you of in the underlying privacy notices 

We may also share your Consumer Health Data for other purposes where such processing is at your direction with your consent.

5. Individual Rights

Applicable law may give you rights related to your Consumer Health Data, including the right to know what data we collect and use and who that data is shared with, the right to correct or delete your Consumer Health Data, the right to withdraw your consent to the collection or sharing of your Consumer Health Data, and the right to appeal our decision to deny any of these rights. 

To submit a request to exercise such rights with respect to your Consumer Health Data, to appeal a decision, or if you have questions about this Consumer Health Privacy Notice, you may contact us at any time through any of the following methods.

• Online. Our Privacy Request Form at: https://www.astrazenecapersonaldataretention.com/
• Mail. AstraZeneca, c/o US Privacy, 1800 Concord Pike, Wilmington, DE 19850
• Email. privacyrequests@astrazeneca.com
• Telephone. Toll-Free Number 1 800 236 9933

If your appeal is unsuccessful, you may raise a concern or file a complaint with the following:

• For Nevada residents, you can contact the Nevada State Attorney General at https://ag.nv.gov/Complaints/File_Complaint/.

• For Washington residents, you can contact the Washington State Attorney General at http://www.atg.wa.gov/file-complaint.

   

6. Changes to This Consumer Health Privacy Notice

We may update this Consumer Health Privacy Notice from time to time. Any updated Consumer Health Privacy Notice will be effective when posted. Please check this Consumer Health Privacy Notice periodically for updates. If required by law, we will contact you directly to provide you with an updated Consumer Health Privacy Notice.