This State Supplemental Privacy Policy (“Supplement”) applies only to information collected about consumers of US states with comprehensive privacy legislation that requires provision of a privacy notice. It provides information required under the California Consumer Privacy Act of 2018 and California Privacy Rights Act of 2020 (collectively, the “CCPA”) and the Connecticut Data Privacy Act (“CTDPA”) (collectively, “US Privacy Laws”).
This Supplement also includes additional disclosures for compliance with the Washington My Health My Data Act and the Nevada consumer health privacy act. These disclosures are included at the end of this Supplement. The remaining portions of this Supplement do not apply to Washington and Nevada consumers.
This Supplement describes Ipsen Biopharmaceuticals, Inc.’s and its affiliates’ and subsidiaries’ (“Ipsen,” “we,” “us,” “our”) practices regarding the collection, use, and disclosure of Personal Information and provides instructions for submitting data subject requests. This Supplement is broader in scope than our Ipsen US Privacy Policy because our Ipsen US Privacy Policy applies only to information collected through our Websites, as defined therein.
A. Definitions
- “Consumer health data” means any personal data that we use to identify a consumer’s physical or mental health condition or diagnosis.
- “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal Information also includes “Sensitive Personal Information,” as defined below, except where otherwise noted.
- “Sensitive Personal Information” means Personal Information that reveals a consumer’s social security, driver’s license, state identification card, or passport number; account log-in, financial account number, debit card number, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious beliefs, or union membership; contents of email or text messages; and genetic data. Sensitive Personal Information also includes processing of biometric information for the purpose of uniquely identifying a consumer and Personal Information collected and analyzed concerning a consumer’s health, sex life, or sexual orientation.
- “Third Party” has the meaning afforded to it in the CCPA.
- “Vendor” means a service provider or contractor as those terms are defined in the CCPA.
To the extent other terms used in this Supplement are defined terms under a US Privacy Law, they shall have the meanings afforded to them in those statutes, whether or not capitalized herein. As there are some variations between such definitions in each of the US Privacy Laws, the definitions applicable to you are those provided in the statute for the state in which you are a consumer. For example, if you are a California consumer, terms used in this Supplement that are defined terms in the CCPA shall have the meanings afforded to them in the CCPA as this Supplement applies to you.
B. Categories of Personal Information Collected and Disclosed
We may have collected the following categories of Personal Information about you in the preceding 12 months. We also may have disclosed these categories of Personal Information to our Vendors and other Third Parties. This list also reflects the categories of Personal Information that we may collect or disclose in the future:
- Identifiers, such as name, alias, online identifiers, IP address, account name, social security number, driver’s license number, passport number, or similar identifiers;
- Contact and financial information, including phone number, address, email address, bank account number, or credit card or debit card number;
- Characteristics of protected classifications under state or federal law, such as age, gender, race, physical or mental disability, and religion;
- Commercial information, such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
- Biometric information;
- Internet or other electronic network activity information, such as browsing history, search history, and information regarding an individual’s interactions with an Internet website, application, or advertisement;
- Geolocation data, such as device location;
- Audio, electronic, visual, thermal, olfactory, or similar information, such as a recording of a customer service call or employee profile photograph;
- Professional or employment-related information, such as work history and prior employer;
- Inferences drawn from any of the Personal Information listed above to create a profile about an individual reflecting the individual’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. (e.g., predications about an individual’s preferences or tendencies);
- Written signatures; and
- Sensitive personal information, including:
- Personal Information that reveals:
- Social security, driver’s license, state identification card, or passport number;
- Account log-in, financial account number, debit card number, or credit card number in combination with any required security or access code, password, or credentials for allowing access to an account;
- Precise geolocation;
- Racial or ethnic origin, religious or philosophical beliefs, or union membership;
- Contents of a consumer’s email and text messages, unless the business is the intended recipient thereof; or
- Genetic data.
- Biometric data processed for the purpose of uniquely identifying a consumer;
- Personal Information collected and analyzed concerning a consumer’s health, such as information in possession of or derived from a healthcare provider, healthcare service plan, pharmaceutical company, or contractor regarding an individual’s medical history, mental or physical condition, or treatment, health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in the individual’s application and claims history; and
- Personal Information collected and analyzed concerning a consumer’s sex life or sexual orientation.
- Personal Information that reveals:
Retention of Personal Information. We retain each of the categories of Personal Information described above for the period reasonably necessary to provide goods and services to you and for the period reasonably necessary to support our business operational purposes listed under “Purposes for Processing Personal Information (Section E).
C. Sale of Personal Information and Sharing for Cross-Context Behavioral Advertising
- California Consumers. We do not sell or share and have not sold or shared Personal Information about California consumers in the past twelve months. Relatedly, we do not have actual knowledge that we sell or share Personal Information of California consumers who are under 16 years of age. For purposes of the CCPA, a “sale” is the disclosure of Personal Information to a Third Party for monetary or other valuable consideration, and a “share” is the disclosure of Personal Information to a Third Party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.
- Connecticut Consumers. Ipsen does not sell or share Personal Information to Third Parties or process Personal Information for purposes of targeted advertising or profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer, as the terms “sell,” “process,” “targeted advertising,” and “profiling” are defined in the CTDPA.
D. Sources from Which We Collect Personal Information
We collect Personal Information directly from consumers, as well as from:
- Healthcare providers (including specialty pharmacies);
- Health insurance companies (health plans) and other payors;
- Authorized/legal representatives, family members, and caregivers;
- Payment processors and other financial institutions;
- Consumer reporting agencies and other third parties who verify the information you provide;
- Your computer and mobile devices, as well as cookies, web beacons, and similar technologies, (automatically) when you visit our websites or third-party websites;
- Your mobile devices and other internet-connected devices (automatically) when you use these devices and relevant applications, such as sensor readings for steps taken, blood glucose levels, heart rate, and blood pressure;
- Call recordings and CCTV video footage, such as when you contact our customer service representatives or visit one of our facilities;
- Third parties who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services;
- Third parties who help us maintain the accuracy of our data and data aggregators that help us complete and enhance our records;
- Third parties who provide access to information you make publicly available, such as social media platforms;
- Third parties who provide us with supplemental consumer data or data analytics and market research services, such as data aggregators;
- Third parties who assist with fraud prevention, detection, and mitigation, and provide website and online security services;
- Third parties who provide digital marketing and analytics services for us using cookies and similar technologies that contain a unique identifier, such as an advertising ID; and
- Other third parties who facilitate, process, and complete transactions for us, such as resellers, sales agents, and program partners.
E. Purposes for Collection and Disclosure of Personal Information
We collect the categories of Personal Information described above for the following purposes. We also disclose these categories of Personal Information to our Vendors and other Third Parties for these purposes:
- Determine program, product, and service eligibility and coverage.
- Enroll you in our programs and provide our products and services to you.
- Administer, manage, analyze, and improve our programs, products, and services.
- Communicate with you regarding our programs, products, and services.
- Procure vendor/supplier products and services, including to manage and satisfy related vendor/supplier contractual obligations.
- Analyze and better understand your needs, preferences, and interests, as well as those of other consumers.
- Conduct internal business analysis and market research.
- Promote and advertise products, including to contact you regarding programs, products, services, and topics that may be of interest or useful.
- Engage in joint marketing initiatives.
- Administer, provide access to, monitor, and secure our information technology systems, websites, applications, databases, and devices.
- Provide access to, monitor, and secure our facilities, equipment, and other property.
- Monitor, investigate, and enforce compliance with our policies, product/service terms and conditions, and legal and regulatory requirements.
- Comply with legal and regulatory obligations.
- Identify you and your device(s) for any/all purposes identified above, including to monitor your use of and interactions with programs, products, services, and advertisements for such purposes.
We collect and process Sensitive Personal Information only for:
- Performing the services or providing the goods reasonably expected by an average consumer who requests those goods or services;
- Ensuring security and integrity to the extent the use of the consumer’s Personal Information is reasonably necessary and proportionate for these purposes;
- Short-term, transient use, including, but not limited to, non personalized advertising shown as part of a consumer’s current interaction with us; provided that we will not disclose the consumer’s Personal Information to a Third Party and or build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with the business;
- Performing services on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on our behalf;
- Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.
F. Categories of Entities to Whom We Disclose Personal Information
- Affiliates & Vendors. We may disclose your Personal Information to our affiliates and Vendors for the purposes described under “Purposes of Processing Personal Information” (Section E) of this Supplement. Our Vendors provide us with services for our Websites, as well as other products and services, such as web hosting, data analysis, payment processing, order fulfillment, customer service, infrastructure provision, technology services, email delivery services, credit card processing, legal services, and other similar services. We grant our Vendors access to Personal Information only to the extent needed for them to perform their functions, and we require them to protect the confidentiality and security of such information.
- Third Parties. We may disclose your Personal Information to any Third Party with your consent or at your direction. We may also disclose your Personal Information to the following categories of Third Parties:
- Healthcare providers (including specialty pharmacies);
- Health insurance companies (health plans) and other payors;
- Authorized/legal representatives, family members, and caregivers;
- Consumer reporting agencies;
- Our lawyers, auditors, and consultants;
- Payment processors, financial institutions, and others as needed to complete transactions and for authentication, security, and fraud prevention;
- Third parties with whom we have joint marketing and similar arrangements;
- Third parties who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services;
- Third parties who deliver our communications, such as the postal service and couriers;
- Third parties who provide marketing and data analytics services, such as social media platforms used to deliver our ads, website/email optimization providers, email marketing vendors, and data analytics vendors;
- Third parties who assist with our information technology and security programs;
- Third parties who assist with fraud prevention, detection, and mitigation;
- Other third parties as necessary to complete transactions and provide our products/services, including delivery companies, agents, and manufacturers;
- Other third parties as reasonably necessary to facilitate a merger, sale, joint venture or collaboration, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings); and
- Legal and regulatory bodies as reasonably necessary for our business operational purposes, to assert and defend legal claims, and otherwise as permitted or required by law.
G. Data Subject Rights
- Exercising Data Subject Rights. Consumers who reside in states with US Privacy Laws have certain rights with respect to the collection and use of their Personal Information. Those rights vary by state. As required by the CCPA, we provide detailed information below regarding the data subject rights available to California consumers. Connecticut consumers have similar rights and can find more details by referencing the CTDPA. You may exercise the data subject rights applicable to you under the US Privacy Laws by calling 844-975-1739, or by clicking here. You may also authorize an agent to make data subject requests on your behalf.
- Verification of Data Subject Requests. We may ask you to provide information that will enable us to verify your identity in order to comply with your data subject request. In particular, when a consumer authorizes an agent to make a request on their behalf, we may require the agent to provide proof of signed permission from the consumer to submit the request, or we may require the consumer to verify their own identity to us or confirm with us that they provided the agent with permission to submit the request. In some instances, we may decline to honor your request if an exception applies under applicable law. We will respond to your request consistent with applicable law.
- Non-Discrimination. We will not discriminate against you for exercising your data subject rights. For example, we will not deny goods or services to you, or charge you different prices or rates, or provide a different level of quality for products or services as a result of you exercising your data subject rights.
- California Rights: California consumers have the following rights regarding our collection and use of their Personal Information, subject to certain exceptions.
- Right to Receive Information on Privacy Practices: You have the right to receive the following information at or before the point of collection:
- The categories of Personal Information to be collected;
- The purposes for which the categories of Personal Information are collected or used;
- Whether or not that Personal Information is sold or shared;
- If the business collects Sensitive Personal Information, the categories of Sensitive Personal Information to be collected, the purposes for which it is collected or used, and whether that information is sold or shared; and
- The length of time the business intends to retain each category of Personal Information, or if that is not possible, the criteria used to determine that period.
- Right to Receive Information on Privacy Practices: You have the right to receive the following information at or before the point of collection:
We have provided such information in this Supplement, and you may request further information about our privacy practices by contacting us as at the contact information provided above.
- Right to Deletion: You may request that we delete any Personal Information about you we that we collected from you.
- Right to Correction: You may request that we correct any inaccurate Personal Information we maintain about you.
- Right to Know: You may request that we provide you with the following information about how we have handled your Personal Information in the 12 months preceding your request:
- The categories of Personal Information we collected about you;
- The categories of sources from which we collected such Personal Information;
- The business or commercial purpose for collecting Personal Information about you;
- The categories of Personal Information about you that we shared or disclosed and the categories of Third Parties with whom we shared or disclosed such Personal Information; and
- The specific pieces of Personal Information we have collected about you.
- Right to Receive Information About Onward Disclosures: You may request that we disclose to you:
- The categories of Personal Information that we have collected about you;
- The categories of Personal Information that we have sold or shared about you and the categories of Third Parties to whom the Personal Information was sold or shared; and
- The categories of Personal Information we have disclosed about you for a business purpose and the categories of persons to whom it was disclosed for a business purpose.
H. Other Disclosures
- California Residents Under Age 18. If you are a resident of California under the age of 18 and a registered user of our website, you may ask us to remove content or data that you have posted to the website by writing to IpsenUS_Privacy@ipsen.com. Please note that your request does not ensure complete or comprehensive removal of the content or data, as, for example, some of your content or data may have been reposted by another user.
- Disclosure About Direct Marketing for California Residents. California Civil Code § 1798.83 permits California residents to annually request certain information regarding our disclosure of Personal Information to other entities for their direct marketing purposes in the preceding calendar year. To make such a request, please send an email to IpsenUS_Privacy@ipsen.com with the subject “Shine the Light Request.”
- Changes to our Supplement. We reserve the right to amend this Supplement at our discretion and at any time. When we make material changes to this Supplement, we will notify you by posting an updated Supplement on our website and listing the effective date of such updates.
I. Contacting Us
If you have any questions, comments, requests, or concerns related to this Supplement, our information practices, or how to access this policy in another format, please contact us at IpsenUS_Privacy@ipsen.com, or by calling toll-free, 844-975-1739, for assistance.
K. Notice Regarding Personal Information Collected from California Employees, Contractors, and Applicants
The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), give California residents certain rights. As an applicant, employee, or contractor, you have the right to know what categories of Personal Information Ipsen Biopharmaceuticals, Inc. (“Ipsen,” “we,” “our,” or “us”) collects about you and the purposes for which such information is collected.
- Personal Information: As used in this Privacy Notice, “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. Personal information includes, but is not limited to, the categories of personal information identified below if such information identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular individual or household. Personal Information includes Sensitive Personal Information.
- Sensitive Personal Information: As used in this Privacy Notice, “Sensitive Personal Information” includes Personal Information that reveals, among other things, social security number, driver’s license number, state identification card number, or passport number, racial or ethnic origin, union membership, or the contents of an individual’s mail, email and text messages, unless Ipsen is the intended recipient of the communication. Sensitive personal information also includes information concerning the applicant, employee, or contractor’s health, sex life, or sexual orientation.
- Sale & Sharing of Personal Information: We do not sell or share Personal Information, as the terms “sell” and “share” are defined in the CCPA and CPRA.
- Retention of Personal Information: We retain each of the below categories of Personal Information for the duration of your application period or employment with us, as applicable, and as otherwise reasonably necessary for our legitimate business purposes and for compliance with applicable law.
- Contact Us: More information can be found in our US Privacy Policy. If you have any questions regarding this Privacy Notice or Ipsen’s collection and use of your Personal Information, or would like to exercise your privacy rights, please call 844-975-1739 or email us at IpsenUS_Privacy@ipsen.com. California residents who are unable to review or access this notice due to a disability may contact us at IpsenUS_Privacy@ipsen.com to access this notice in an alternative format.
California Employees and Contractors: Please see Employee US Privacy Notice on the Company intranet.
CATEGORIES OF PERSONAL INFORMATION COLLECTED | PURPOSES FOR WHICH WE COLLECT & PROCESS PERSONAL INFORMATION |
Identifiers, such as name, alias, online identifiers, internet protocol (IP) address, account name, social security number, driver’s license number, passport number, or similar identifiers. | – Consider you for the application and recruitment process. – Perform background checks and verify past employment, educational history, and professional standing and qualifications. – Assess your fitness for employment with the company. – Contact you during your candidacy for employment to assess your suitability for a position with Ipsen. – Negotiate with and make offers of employment to you. – Evaluate, determine, and arrange compensation, payroll, and benefits. – Assess your fitness and physical capacity for work. – Communicate with you regarding the status of your application and candidacy. – Consider and assess your suitability for other positions with Ipsen in accordance with Ipsen’s retention policy. – Request additional information in relation to any of the above. |
Contact and financial information, including bank account number, credit or debit card number, or other financial information. | – Perform background checks and verify past employment, educational history, and professional standing and qualifications. |
Medical information, including any information in possession of or derived from a healthcare provider, healthcare service plan, pharmaceutical company, or contractor regarding an individual’s medical history, mental or physical condition, or treatment. | – Assess your fitness and physical capacity for work. – Contact you during your candidacy for employment to assess your suitability for a position with Ipsen. |
Characteristics of protected classifications under California or federal law, such as age, race, gender, physical or mental disability, and religion. | – Provide accessibility facilities, equipment, and services. – Provide this Privacy Notice and other informational forms to you in an accessible format as needed. |
Biometric information, including imagery of the iris, retina, fingerprint, face, hand, palm, or vein patterns, and voice recordings, from which an identifier template (such as a faceprint, a minutiae template, or a voiceprint) can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information. | – Perform background checks related to drug screening. – Assess your fitness for employment with the company. |
Internet or other electronic network activity information, such as browsing history, search history, and information regarding an individual’s interaction with an Internet website, application, or advertisement. | – Assess your fitness for employment with the company. |
Professional or employment-related information, such as work history and prior employer. | – Perform background checks and verify past employment, educational history, and professional standing and qualifications. – Assess your fitness for employment with the company. – Evaluate, determine, and arrange compensation, payroll, and benefits. – Consider and assess your suitability for other positions with Ipsen in accordance with Ipsen’s retention policy. |
Education information or other academic information. | – Perform background checks and verify past employment, educational history, and professional standing and qualifications. – Assess your fitness for employment with the company. – Evaluate, determine, and arrange compensation, payroll, and benefits. – Consider and assess your suitability for other positions with Ipsen in accordance with Ipsen’s retention policy. |
Written signatures. | – Execute written contracts, including offers of employment. |
Inferences drawn from any of the information listed above to create a profile about an individual reflecting the individual’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. (e.g., predications about an individual’s preferences or tendencies). | – Assess your fitness for employment with the company. |
Sensitive Personal Information, including: • Social security, driver’s license, state identification card, or passport number; • Account log-in, financial account number, debit card number, or credit card number in combination with any required security or access code, password, or credentials for allowing access to an account; • Precise geolocation; • Racial or ethnic origin, religious or philosophical beliefs, or union membership; • Contents of a consumer’s email and text messages, unless the business is the intended recipient thereof; or • Genetic data. • Biometric data processed for the purpose of uniquely identifying a consumer; • Personal Information collected and analyzed concerning a consumer’s health, such as information in possession of or derived from a healthcare provider, healthcare service plan, pharmaceutical company, or contractor regarding an individual’s medical history, mental or physical condition, or treatment, health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in the individual’s application and claims history; and • Personal Information collected and analyzed concerning a consumer’s sex life or sexual orientation. | – Consider you for the application and recruitment process. – Perform background checks and verify past employment, educational history, and professional standing and qualifications. – Evaluate, determine, and arrange compensation, payroll, and benefits. – Consider and assess your suitability for other positions with Ipsen in accordance with Ipsen’s retention policy. |
In addition to the purposes identified above, Ipsen may use and disclose any and all personal information that we collect as necessary or appropriate to: • Monitor, investigate, and enforce compliance with and potential breaches of Ipsen policies and procedures and legal and regulatory requirements. • Comply with civil, criminal, judicial, or regulatory inquiries, investigations, subpoenas, or summons. • Comply with legal and regulatory obligations. • Exercise or defend the legal rights of Ipsen and its employees, affiliates, customers, contractors, and agents. |
Last updated January 19th, 2023