Dexcom Privacy Notice
Last Updated July, 2024
Who We Are | Purpose of this Privacy Notice | Personal Data Collected, Purposes, and Recipients | Special Note to Individuals in the United States | Marketing, Cookies, and Analytics | Service Providers and Third Parties | Your Rights Regarding Your Personal Data | Safeguarding Personal Data | How Long Your Personal Data Will Be Kept | Transfer of Personal Data | Changes to This Privacy Notice | Contact Us | Consumer Health Data Privacy Policy
Who We Are
Dexcom, Inc., and its directly or indirectly controlled affiliate(s) or subsidiaries, listed here (Dexcom, we, our, or us) value your privacy and the protection of your Personal Data. This Privacy Notice (Notice) explains how we collect, store, use, share, transfer, delete, and otherwise process information collected from or about you known as Personal Data (defined further below in this Notice). As an international company, Dexcom has multiple legal entities in different countries that may be responsible for the Personal Data they process, and we process Personal Data in accordance with these laws.
Purpose of this Privacy Notice
This Notice describes the types of Personal Data that Dexcom may collect or process, how we may use and disclose that Personal Data, and how you may exercise any rights you may have regarding our processing of your Personal Data.
This Notice applies to Personal Data collected or processed by us:
· Through online activities and services we offer (through this and other of our websites, our online store, web surveys, newsletters, applications, email, online messaging services or channels, including online “chats” with live individuals and artificial intelligence, through social media, through our telephone customer service centers, through email or SMS/text messages, and otherwise) (Online Services);
· Through your account and through our products and services, whether provided directly to you or your patient, or if you are a patient, through your doctor, hospital, medical treatment facility, or other healthcare provider (Healthcare Provider), including the Stelo Glucose Biosensor System, Dexcom G7® CGM System, Dexcom G6® CGM System, Dexcom ONE CGM System, Dexcom G5® CGM System, Dexcom G6 Pro, Clarity Clinic and our mobile apps such as Dexcom Clarity, Dexcom Share, Stelo by Dexcom app, the Dexcom G7 app, the Dexcom G6 app, the Dexcom ONE app, the Dexcom G5 App, and Dexcom Follow (Products), including individuals who act as Dexcom Warriors;
· In other situations where you interact with us, including but not limited to interacting with us by visiting our sites, offices, or our events (such as tradeshows and conferences) (Events) (our Online Services, Products, and Events are collectively called Products and Services in this Notice);
· Related to activities we undertake in recruiting participants for participation in clinical trials or activities related to identifying and contracting with study investigators and their staff;
· In connection with adverse events, complaints, and reports;
· When you interact with us in a professional capacity, for example, if you are a Healthcare Provider or an employee of a company we do business with or provide Products and Services to;
· When we undertake employment recruiting activities; or
· Anywhere this Notice is posted or referenced.
Dexcom may provide you with a different privacy notice in certain specific situations, in which case that privacy notice or policy will apply to the Personal Data collected or processed in that specific situation, rather than this one. If you are a patient in the United States, please refer to our Notice of Privacy Practices for additional information about how we use, share, disclose, and otherwise process your protected health information. For additional information about our processing of consumer health data beyond your protected health information, please refer to our Consumer Health Data Privacy Policy.
If you provide us with Personal Data related to anyone other than yourself (such as a patient or family member), please note that you are responsible for complying with all privacy and data protection laws prior to providing that information to Dexcom (including collecting consent, if required).
The Dexcom company, subsidiary, or affiliate with whom you, your employer, your Healthcare Provider, or your patient is interacting or the Dexcom company, subsidiary, or affiliate who owns and operates the Product or Service is, where applicable, the entity responsible for the collection and use of your Personal Data (known in some jurisdictions as the “data controller”). A list of the data controllers can be found here, and contact details can be found in the Contact Us section at the end of this Notice and in the list of data controllers.
Please review this Notice carefully. To the extent permitted by law, by providing us your Personal Data or otherwise interacting with us, you are agreeing to this Notice. If you do not agree with our policies and practices, it is your choice not to use our Products and Services or otherwise engage with us.
Personal Data Collected, Purposes, and Recipients
What is Personal Data?
Personal Data is any information—as electronically or otherwise recorded—that can be used to identify a person or that we can link to or associate with a specific individual, such as a name, address, email address, or telephone number. Personal Data in some countries can include information that indirectly identifies a person, even absent other identifying information.
Personal Data may include information considered sensitive in some countries, such as biometric information, genetic information, health information, financial account information, specific geolocation, ethnic or racial origin, information concerning your sex life or your sexual orientation, social security number, driver’s license number, state identification card number, passport number, and other similar information. Personal Data that could be considered sensitive Personal Data under any law is indicated with a caret (^) in the chart below.
We will process any Personal Data we collect in accordance with law and as described in this Notice (unless, as explained above, a separate policy or notice governs). In some circumstances, if you do not provide us with certain Personal Data, there may be some Products and Services that are unavailable to you.
We may include third-party features or integrations for your optional use. For example, we may integrate with third party health apps or application programming interfaces (APIs) such as Apple HealthKit or Google Health Connect. Such data may include other nutrition/diet/food diary, hydration logs, sleep, heart rate, heart rate variability, body temperature, activity, exercise, daily calories burned, weight, body mass, and is used to help you understand how activity choices and glucose impact your body. Your use of these optional integrations is voluntary, and you have the ability to change or revoke the authorization of data sharing. Dexcom’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements and we will not sell Health Connect data to third parties. This Notice does not apply to any personal data that you provide directly to a third-party feature or integration.
The below table is a high-level summary of the types of Personal Data we may collect from you. Following that high-level summary is additional detail and information on how we collect, process, and use Personal Data and the potential recipients of your Personal Data, now and in the preceding 12 months. Some countries require us to state the legal bases for processing your Personal Data, which are the legally recognized reasons for processing your Personal Data, but please note that not all countries recognize all legal bases. The types of Personal Data we collect and disclose depends on your relationship with Dexcom. Not all of the categories listed in the following charts may apply to you. If the nature of your relationship with Dexcom changes, additional categories of Personal Data may also apply.
|
Identity and Contact Information |
Demographic Information |
Video, Audio, and Recorded Information |
Technical Information |
Health Information |
Commercial and Financial Information |
Professional and Educational Information |
Anonymized / De-Identified Data |
|
This may include name, email, phone number, etc. |
This may include age, gender, disability, etc. |
This may include photos, video, call, or chat recordings, etc. |
This may include Internet Protocol (IP) address, browser, device type, etc. |
This may include information related to your health condition and treatment, etc. |
This may include financial information, order information, etc. |
This may include job title or position, employer, etc. |
Data that removes individual personal data |
X |
X^ |
X |
X |
X^ |
X |
X |
X |
|
Patients and Users of Our Products |
X^ |
X^ |
X^ |
X^ |
X^ |
X^ |
X^ |
X |
Individuals Who Contact Us |
X |
|
X^ |
X |
X^ |
|
X |
X |
Patients Applying to or Enrolled in Patient Support Programs |
X |
X |
X^ |
X |
X^ |
X^ |
X |
X |
Business Partners and Their Employees, Agents, and Contractors |
X |
X |
|
X |
|
X^ |
X |
X |
Healthcare Providers |
X |
|
X^ |
X |
|
X^ |
X |
X |
Attendees and Participants at Events |
X |
X |
X^ |
X |
X^ |
X^ |
X |
X |
Clinical Investigators and Members of Investigator Teams |
X |
X |
X^ |
X |
|
|
X |
X |
Clinical Study Candidates |
X |
X^ |
X^ |
X |
X^ |
X^ |
X |
X |
Employment and Apprenticeship Candidates |
X |
X^ |
|
X |
|
|
X |
X |
Children* |
X |
X^ |
X^ |
X |
X^ |
|
|
X |
Personal Data that may be considered sensitive is noted with a “^”.
*Dexcom may process Personal Data of minors who are users of a Dexcom Product. In those instances, Dexcom seeks consent from the minor’s parents or legal guardians to process their Personal Data. Dexcom does not knowingly collect, maintain, disclose, or otherwise process Personal Data from minors below the age of 16 in other circumstances, including through Online Services or Interactions.
Patients and Users of Our Products |
Patients Applying to or Enrolled In Patient Support Programs |
Business Partners and Their Employees, Agents, and Contractors |
Healthcare Providers |
Attendees and Participants at Events |
Clinical Investigators and Members of Investigator Teams |
Clinical Study Candidates |
Employment and Apprenticeship Candidates |
Children |
We may process your Personal Data by (1) engaging with online activities and services we offer through this and other of our websites, applications, email, SMS/text messages, online messaging services and channels, including online “chats” with live individuals and artificial intelligence, through social media, and otherwise; (2) interacting with our online store; (3) signing up for our newsletters or other informational or marketing materials; (4) contacting our customer service centers through phone, email, SMS/text messages, chats, or otherwise; and/or (5) completing a survey or other online questionnaire or form. |
|
|
Patients and Users of Medical Products |
|
We may process your Personal Data when you are a patient or user of our Products, including the Stelo Glucose Biosensor System, Dexcom G7® CGM System, Dexcom G6® CGM System, Dexcom G5® CGM System, Dexcom ONE CGM System, Dexcom G6 Pro System, and our mobile apps such as Dexcom Clarity, Dexcom Share, Stelo by Dexcom app, the Dexcom G7 app, the Dexcom G6 app, the Dexcom ONE app, the Dexcom G5 App, and Dexcom Follow, whether provided directly to you or through your Healthcare Provider, including Dexcom Warriors. |
|
Examples of the types of data we process (Personal Data that may be considered sensitive, to the extent associated with a patient or user, is noted with a “^”) |
|
Identity and contact information, such as: |
• first and last name or unique pseudonym^ • honorifics and titles, preferred form of address^ • employer / company^ • email address^ • postal address^ • phone number^ • username or code and password^, security answers^, and user preferences^ • contact information for related persons, such as authorized users of your account |
Demographic information, such as: |
• age^ • gender^ • preferred language^ • marital status^ • disability^ • ethnicity^ • date of birth^ |
Video, audio, and recorded information, such as: |
• still images^ • video (including via CCTV) ^ • recordings of your calls with our customer service representatives^ • voicemails^ • recordings of your interactions with our Online Services, whether through email, SMS/text message, or chat^ • pictures and videos of treatment activities^ |
Technical information, such as: |
• Internet Protocol (IP) addresses (which may identify your general geographic location or company) ^ • browser type and browser language^ • device type^ • date and time you use our Products and Services^ • Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving and after leaving our Products and Services^ • activity and online behavior while on our Products and Services and referring websites or applications, including forms and other information submitted, videos watched, shopping cart contents, your clicks on our site pages, and product descriptions read^ • data collected from cookies or other similar technologies^*** |
• genetic information^ • glucose readings and related date, time, and device identifier related to that reading^ • thresholds entered into our Products and notifications associated with such thresholds^ • identification of pathologies/diseases^ • identification number associated with your Products, including the serial identification numbers associated with any receiver and transmitter provided^ • areas of interest in medical research^ • treatment dates^ • medical history and treatment information^ • patient-reported outcome measures (for example, responses to questionnaires and surveys about your health or treatment)^ • X-rays, magnetic resonance imaging, and medical scans^ • user activity^ • therapy completion and use details^ • communications with your Healthcare Provider, including audio, video, or other recordings from telehealth sessions^ • drug allergies^ • prescriptions and dosing^ • health values taken, such as heart rate and blood pressure^ • adverse event information^ • health insurance information and other information on payment for healthcare services^ • pregnancy status^ • contact information for designated recipients of your health information • location data^ • pictures and videos of treatment activities^ • patient ID number^ |
|
• Products and Services purchased, obtained, or considered^ • bank account number and details^ • request documentation^ • customer service records^ • financial transaction history^ • financial account number^ • other payment information^ |
|
Anonymized / de-identified data: |
• Anonymized and/or de-identified data is data for which your individual personal characteristics and information have been removed such that you are not identified or identifiable and the information is no longer considered Personal Data under data protection laws**** |
Where do we get the data? |
|
• you directly • Healthcare Providers • Clinical investigators and/or members of investigator teams • those authorized to provide Personal Data on your behalf, such as your caregiver or authorized representative • your devices • our security systems (including CCTV) • third parties that provide access to information you make available, such as social media • companies conducting non-clinical research such as market research companies • business partners or other third parties that assist us in providing and improving our Products and Services |
|
Why do we process the data? |
|
• to enroll you in our programs and provide you with our Products and Services • to communicate with you • to administer our relationship with you • to send you updates • to identify and authenticate you • to detect security incidents • to protect against malicious or illegal activity • to ensure the appropriate use of our Products and Services • to improve our Products and Services • for short-term, transient use • for administrative purposes • for quality assurance • for marketing • for internal research and development to evaluate the effectiveness of and improve our Products and Services and to develop new products and services • to determine and verify program and Products and Services eligibility and coverage • in connection with adverse event and complaint tracking and reporting • to procure third party products and services, including to manage and satisfy related third party contractual obligations • advertising and product promotion, including to contact you regarding programs, Products and Services, and topics that may be of interest or useful • to comply with legal and regulatory obligations |
|
What are the Lawful or Legal Bases of Processing? |
|
• for the purposes of our legitimate interests • for medical diagnosis or to provide healthcare or treatment • to comply with legal and regulatory obligations and to establish, exercise, or defend our legal claims and rights • in preparation for or to perform a contract with you • to protect vital interests or in the public interest • for reasons of public health, including ensuring high standards of quality and safety of healthcare, medicinal products, and medical devices • for scientific+ or historical research purposes; note: for Clinical Studies, see the Clinical Study Candidates section of this Notice • in circumstances where we have requested and received consent and for other purposes that may be required or allowed by law* |
|
Who receives the data? |
|
• Dexcom, and our Affiliates • Healthcare Providers • individuals or entities that you designate as “followers” within our Products and Services • individuals or entities that you designate or instruct us to share your Personal Data with • authorized legal representatives, family members, and caregivers • third parties whose products or services that you choose to integrate into our Products and Services, including any connected insulin pens or pumps • third parties whose products or services within which you choose to access or otherwise integrate our Products and Services, or the data generated from our Products and Services, including third party health applications • third parties who assist with fraud prevention, detection, and mitigation • third parties who assist with our information technology and security programs and our loss prevention programs • Dexcom’s lawyers, auditors, and consultants • third parties with your consent • partners that assist us in providing or improving our Products and Services or help us improve our administration** |
|
|
Patients Applying to or Enrolled in Patient Support Programs |
|
We may process your Personal Data when you are applying to or enrolled in patient support programs. |
|
Examples of the types of data we process (Personal Data that may be considered sensitive, to the extent associated with a patient or user, is noted with a “^”) |
|
Identity and contact information, such as: |
• first and last name or unique pseudonym^ • honorifics and titles, preferred form of address^ • employer / company^ • email address^ • postal address^ • phone number^ • username or code and password^, security answers^, and user preferences^ • contact information for related persons, such as authorized users of your account or designated representatives |
Demographic information, such as: |
• age^ • gender^ • preferred language^ • marital status^ • disability^ • ethnicity^ • date of birth^ |
Video, audio, and recorded information, such as: |
• still images^ • video (including via CCTV)^ • recordings of your calls with our customer service representatives^ • voicemails^ • recordings of your interactions with our Online Services, whether through email, SMS/text message, or chat^ • pictures and videos of treatment activities^ |
Technical information, such as: |
• Internet Protocol (IP) addresses (which may identify your general geographic location or company) ^ • browser type and browser language^ • device type^ • advertising IDs associated with your device (such as Apple’s Identifier for Advertising (IDFA) or Android’s Advertising ID (AAID)) ^ • date and time you use our Products and Services^ • Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving and after leaving our Products and Services^ • activity and online behavior while on our Products and Services and referring websites or applications, including forms and other information submitted, videos watched, shopping cart contents, your clicks on our site pages, and product descriptions read^ • data collected from cookies or other similar technologies^*** |
Health information, such as: |
• genetic information^ • glucose readings and related date, time, and device identifier related to that reading^ • thresholds entered into our Products and notifications associated with such thresholds^ • identification of pathologies/diseases^ • identification number associated with your Products, including the serial identification numbers associated with any receiver and transmitter provided^ • areas of interest in medical research^ • treatment dates^ • medical history and treatment information^ • patient-reported outcome measures (for example, responses to questionnaires and surveys about your health or treatment)^ • X-rays, magnetic resonance imaging, and medical scans^ • user activity^ • therapy completion and use details^ • communications with your Healthcare Provider, including audio, video, or other recordings from telehealth sessions^ • drug allergies^ • prescriptions and dosing^ • health values taken, such as heart rate and blood pressure^ • adverse event information^ • health insurance information and other information on payment for healthcare services^ • pregnancy status^ • contact information for designated recipients of your health information • location data^ • pictures and videos of treatment activities^ • patient ID number^ |
Commercial and financial information, such as: |
• Products and Services purchased, obtained, or considered^ • bank account number and details^ • request documentation^ • customer service records^ • financial transaction history^ • financial account number^ • other payment information^ |
Anonymized / de-identified data: |
• Anonymized and/or de-identified data is data for which your individual personal characteristics and information have been removed such that you are not identified or identifiable and the information is no longer considered Personal Data under data protection laws**** |
Where do we get the data? |
|
• you directly • Healthcare Providers • clinical investigators and/or members of investigator teams • those authorized to provide Personal Data on your behalf, such as your caregiver or authorized representative • your devices • our security systems (including CCTV) • third parties that provide access to information you make available, such as social media companies • companies conducting non-clinical research such as market research companies • business partners or other third parties that assist us in providing and improving our Products and Services |
|
Why do we process the data? |
|
• to enroll you in our programs and provide you with our Products and Services • to communicate with you • to send you updates • to identify and authenticate you • to customize content for you and tailor your experience when using our Products and Services • to detect security incidents • to protect against malicious, fraudulent, or illegal activity • to ensure the appropriate use of our Products and Services • to improve our Products and Services • for short-term, transient use • for administrative purposes • for marketing • for internal research and development to evaluate the effectiveness of and improve our Products and Services and to develop new products and services • for quality assurance and to assist in training and development of our representatives • to determine and verify program and Products and Services eligibility and coverage • in connection with adverse event and complaint tracking and reporting • to procure third party products and services, including to manage and satisfy related third party contractual obligations • advertising and promotion, including to contact you regarding programs, Products and Services, and topics that may be of interest or useful to you • to comply with legal and regulatory obligations |
|
What are the Lawful or Legal Bases of Processing? |
|
• for the purposes of our legitimate interests • for medical diagnosis or to provide healthcare or treatment • to comply with legal and regulatory obligations and to establish, exercise, or defend our legal claims and rights • in preparation for or to perform a contract with you • to protect vital interests or in the public interest • for reasons of public health, including ensuring high standards of quality and safety of healthcare, medicinal products, and medical devices • for scientific+ or historical research purposes; note: for Clinical Studies, see the Clinical Study Candidates section of this Notice • in circumstances where we have requested and received consent and for other purposes that may be required or allowed by law* |
|
Who receives the data? |
|
• Dexcom, and our Affiliates • Healthcare Providers • individuals or entities that you designate as “followers” within our Products and Services • individuals or entities that you designate or instruct us to share your Personal Data with • authorized legal representatives, family members, and caregivers • third parties whose products or services that you choose to integrate into our Products and Services, including any connected insulin pens or pumps • third parties whose products or services within which you choose to access or otherwise integrate our Products and Services, or the data generated from our Products and Services, including third party health applications • third parties who assist with fraud prevention, detection, and mitigation • third parties who assist with our information technology and security programs and our loss prevention programs • Dexcom’s lawyers, auditors, and consultants • partners that assist us in providing or improving our Products and Services or help us improve our marketing or administration** |
|
|
Business Partners and Their Employees, Agents, and Contractors |
|
We may process your Personal Data if you are a current Dexcom business partner or an employee, agent, or contractor of a Dexcom business partner, including collaboration partners, key opinion leaders, and vendors or suppliers of Dexcom. |
|
Examples of the types of data we process (Personal Data that may be considered sensitive is noted with a “^”) |
|
Identity and contact information, such as: |
• first and last name or unique pseudonym • honorifics and titles, preferred form of address • employer / company • email address • postal address • phone number • username or code and password^, security answers^, and user preferences • customer number • company ID number such as account number • National Provider Identifier (NPI) |
Demographic information, such as: |
• preferred language • disability^ |
Technical information, such as: |
• Internet Protocol (IP) addresses (which may identify your general geographic location or company) • browser type and browser language • device type • advertising IDs associated with your device (such as Apple’s Identifier for Advertising (IDFA) or Android’s Advertising ID (AAID)) • date and time you use our Products and Services • Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving and after leaving our Products and Services • activity and online behavior while on our Products and Services and referring websites or applications, including forms and other information submitted, videos watched, shopping cart contents, your clicks on our site pages, and product descriptions read • data collected from cookies or other similar technologies*** |
Commercial and financial information, such as: |
• Products and Services purchased, obtained, or considered • request documentation • customer service records • financial transaction history • financial account number^ • bank account number and details^ • other payment information • tax identification number^ |
Professional and educational information, such as: |
• job title or position • your employer, company with which you are associated, or principal • working location • National Provider Identifier number • state medical license number • work skills • employment history • graduate degrees • certifications • specialized training • responses to surveys and questionnaires • enrolment history for our education and training events • records of collaborations with Dexcom, such as participation on an advisory board commissioned by Dexcom • information from references • background checks^ |
Anonymized / de-identified data: |
• Anonymized and/or de-identified data is data for which your individual personal characteristics and information have been removed such that you are not identified or identifiable and the information is no longer considered Personal Data under data protection laws**** |
Where do we get the data? |
|
• you directly • your employer, company with which you are associated, or principal • your references and third parties that assist us in conducting background checks • your devices • our security systems (including CCTV) • third parties that provide access to information you make available, such as social media companies • companies conducting non-clinical research such as market research companies • business partners or other third parties that assist us in providing and improving our Products and Services • Healthcare Providers • clinical investigators and/or members of investigator teams • patients |
|
Why do we process the data? |
|
• to enroll you in our programs and provide you with our Products and Services • to communicate with you • to administer our relationship with your organization • to send you updates • to identify and authenticate you • to customize content for you and tailor your experience when using our Products and Services • to detect security incidents • to protect against malicious, fraudulent, or illegal activity • to ensure the appropriate use of our Products and Services • to improve our Products and Services • for short-term, transient use • for administrative purposes • for marketing • for internal research and development to evaluate the effectiveness of and improve our Products and Services and to develop new products and services • for quality assurance and to assist in training and development of our representatives • in connection with adverse event and complaint tracking and reporting • to procure third party products and services, including to manage and satisfy related third party contractual obligations • to comply with legal and regulatory obligations |
|
What are the Lawful or Legal Bases of Processing? |
|
• for the purposes of our legitimate interests • for medical diagnosis or to provide healthcare or treatment • to comply with legal and regulatory obligations and to establish, exercise, or defend our legal claims and rights • in preparation for or to perform a contract with you • for reasons of public health, including ensuring high standards of quality and safety of healthcare, medicinal products, and medical devices • for scientific+ or historical research purposes; note: for Clinical Studies, see the Clinical Study Candidates section of this Notice • in circumstances where we have requested and received consent and for other purposes that may be required or allowed by law* |
|
Who receives the data? |
|
• Dexcom, and our Affiliates • Healthcare Providers • our customers • your company / employer • your references and third parties that assist us in conducting background checks • third parties that assist us in conducting background checks • authorized legal representatives • third parties who assist with fraud prevention, detection, and mitigation • third parties who assist with our information technology and security programs and our loss prevention programs • Dexcom’s lawyers, auditors, and consultants • partners that assist us in providing or improving our Products and Services or help us improve our marketing or administration** |
Healthcare Providers |
|
We may process your Personal Data when you are a Healthcare Provider who is a current or prospective Dexcom customer, uses Dexcom Products and Services, or treats patients with Dexcom Products and Services, including use of Dexcom’s online portals. |
|
Examples of the types of data we process (Personal Data that may be considered sensitive is noted with a “^”) |
|
Identity and contact information, such as: |
• first and last name or unique pseudonym • honorifics and titles, preferred form of address • employer / company • email address • postal address • phone number • username or code and password^, security answers^, and user preferences • contact information for related persons, such as authorized users of your account or designated representatives • customer number • company ID number such as account number • National Provider Identifier (NPI) |
Demographic information, such as: |
• age • gender • preferred language • marital status • disability^ • date of birth |
Video, audio, and recorded information, such as: |
• still images • video (including via CCTV) • voicemails • recordings of your interactions with our Online Services, including with our customer service, whether through phone, email, SMS/text message, or chat |
Technical information, such as: |
• Internet Protocol (IP) addresses (which may identify your general geographic location or company) • browser type and browser language • device type • advertising IDs associated with your device (such as Apple’s Identifier for Advertising (IDFA) or Android’s Advertising ID (AAID)) • date and time you use our Products and Services • Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving and after leaving our Products and Services • activity and online behavior while on our Products and Services and referring websites or applications, including forms and other information submitted, videos watched, shopping cart contents, your clicks on our site pages, and product descriptions read • data collected from cookies or other similar technologies*** |
Commercial and financial information, such as: |
• Products and Services purchased, obtained, or considered • bank account number and details^ • request documentation • customer service records • financial transaction history • financial account number^ • other payment information • tax identification number^ |
Professional and educational information, such as: |
• job title or position • your employer, company with which you are associated, or principal • working location • National Provider Identifier (NPI) • state medical license number • work skills • employment history • graduate degrees • certifications • specialized training • responses to surveys and questionnaires • enrolment history for our education and training events • records of collaborations with Dexcom, such as participation on an advisory board commissioned by Dexcom • information from references • background checks^ |
Anonymized / de-identified data: |
• Anonymized and/or de-identified data is data for which your individual personal characteristics and information have been removed such that you are not identified or identifiable and the information is no longer considered Personal Data under data protection laws**** |
Where do we get the data? |
|
• you directly • Healthcare Providers • your employer, company with which you are associated, or principal • your devices • your references and third parties that assist us in conducting background checks • our security systems (including CCTV) • third parties that provide access to information you make available, such as social media companies • companies conducting non-clinical research such as market research companies • business partners or other third parties that assist us in providing and improving our Products and Services • your patients • clinical investigators and/or members of investigator teams |
|
Why do we process the data? |
|
• to enroll you in our programs and provide you with our Products and Services • to communicate with you • to administer our relationship with your organization • to send you updates • to identify and authenticate you • to customize content for you and tailor your experience when using our Products and Services • to detect security incidents • to protect against malicious, fraudulent, or illegal activity • to ensure the appropriate use of our Products and Services • to improve our Products and Services • for short-term, transient use • for administrative purposes • for marketing • for internal research and development to evaluate the effectiveness of and improve our Products and Services and to develop new products and services • for quality assurance and to assist in training and development of our representatives • in connection with adverse event and complaint tracking and reporting • to procure third party products and services, including to manage and satisfy related third party contractual obligations • advertising and promotion, including to contact you regarding programs, Products and Services, and topics that may be of interest or useful to you • to comply with legal and regulatory obligations |
|
What are the Lawful or Legal Bases of Processing? |
|
• for the purposes of our legitimate interests • for medical diagnosis or to provide healthcare or treatment • to comply with legal and regulatory obligations and to establish, exercise, or defend our legal claims and rights • in preparation for or to perform a contract with you • to protect vital interests or in the public interest • for reasons of public health, including ensuring high standards of quality and safety of healthcare, medicinal products, and medical devices • for scientific+ or historical research purposes; note: for Clinical Studies, see the Clinical Study Candidates section of this Notice • in circumstances where we have requested and received consent and for other purposes that may be required or allowed by law* |
|
Who receives the data? |
|
• Dexcom, and our Affiliates • Healthcare Providers • our customers • your company / employer • your patients • your references and third parties that assist us in conducting background checks • individuals or entities that you designate or instruct us to share your Personal Data with • authorized legal representatives, family members, and caregivers of your patients • third parties who assist with fraud prevention, detection, and mitigation • third parties who assist with our information technology and security programs and our loss prevention programs • Dexcom’s lawyers, auditors, and consultants • partners that assist us in providing or improving our Products and Services or help us improve our marketing or administration** |
Attendees and Participants at Events |
|
We may process your Personal Data when you attend or participate in professional and educational events or conferences we sponsor or hold. |
|
Examples of the types of data we process (Personal Data that may be considered sensitive is noted with a “^”) |
|
Identity and contact information, such as: |
• first and last name or unique pseudonym • honorifics and titles, preferred form of address • employer / company • email address • postal address • phone number • username or code and password^, security answers^, and user preferences • contact information for related persons, such as authorized users of your account or designated representatives • customer number • company ID number such as account number • National Provider Identifier (NPI) |
Demographic information, such as: |
• preferred language • disability^ • date of birth |
Video, audio, and recorded information, such as: |
• still images • video (including via CCTV) |
Technical information, such as: |
• Internet Protocol (IP) addresses (which may identify your general geographic location or company) • browser type and browser language • device type • advertising IDs associated with your device (such as Apple’s Identifier for Advertising (IDFA) or Android’s Advertising ID (AAID)) • date and time you use our Products and Services • Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving and after leaving our Products and Services • activity and online behavior while on our Products and Services and referring websites or applications, including forms and other information submitted, videos watched, shopping cart contents, your clicks on our site pages, and product descriptions read • data collected from cookies or other similar technologies*** |
Commercial and financial information, such as: |
• Products and Services purchased, obtained, or considered • bank account number and details^ • request documentation • financial transaction history • financial account number^ • other payment information • tax identification number^ |
Professional and educational information, such as:
|
• job title or position • your employer, company with which you are associated, or principal • working location • National Provider Identifier (NPI) • state medical license number • work skills • employment history • graduate degrees • certifications • specialized training • responses to surveys and questionnaires • enrolment history for our education and training events • records of collaborations with Dexcom, such as participation on an advisory board commissioned by Dexcom |
Anonymized / de-identified data: |
• Anonymized and/or de-identified data is data for which your individual personal characteristics and information have been removed such that you are not identified or identifiable and the information is no longer considered Personal Data under data protection laws**** |
Where do we get the data? |
|
• you directly • Healthcare Providers • your employer, company with which you are associated, or principal • those authorized to provide Personal Data on your behalf • your devices • our security systems (including CCTV) • third parties that provide access to information you make available, such as social media companies • companies conducting non-clinical research such as market research companies • business partners or other third parties that assist us in providing and improving our Products and Services |
|
Why do we process the data? |
|
• to register you for the event or conference and other attendance-related purposes • to communicate with you • to administer our relationship with your organization • to send you update • to identify and authenticate you • to detect security incidents • to protect against malicious or illegal activity • for short-term, transient use • for administrative purposes • for marketing • for internal research and development to evaluate the effectiveness of and improve our Products and Services and to develop new products and services • advertising and promotion, including to contact you regarding programs, Products and Services, and topics that may be of interest or useful to you • to comply with legal and regulatory obligations |
|
What are the Lawful or Legal Bases of Processing? |
|
• for the purposes of our legitimate interests • to comply with legal and regulatory obligations and to establish, exercise, or defend our legal claims and rights • in preparation for or to perform a contract with you • for scientific+ or historical research purposes • in circumstances where we have requested and received consent and for other purposes that may be required or allowed by law* |
|
Who receives the data? |
|
• Dexcom, and our Affiliates • Healthcare Providers • your company / employer • other third parties attending the Events • individuals or entities that you designate or instruct us to share your Personal Data with • third parties who assist with fraud prevention, detection, and mitigation • third parties who assist with our information technology and security programs and our loss prevention programs • Dexcom’s lawyers, auditors, and consultants • partners that assist us in providing or improving our Events, Products, and Services or help us improve our marketing or administration** |
|
Clinical Investigators and Members of Investigator Teams |
We may process your Personal Data if you are an existing or prospective clinical investigator or a member of an investigation team for a clinical study that Dexcom sponsors. |
Examples of the types of data we process (Personal Data that may be considered sensitive is noted with a “^”) |
|
Identity and contact information, such as: |
• first and last name or unique pseudonym • honorifics and titles, preferred form of address • employer / company • email address • postal address • phone number • username or code and password^, security answers^, and user preferences • contact information for related persons, such as authorized users of your account or designated representatives • customer number • company ID number such as account number • National Provider Identifier (NPI) |
Demographic information, such as: |
• age • gender • preferred language • disability^ • date of birth |
Video, audio, and recorded information, such as: |
• still images • video (including via CCTV) • voicemails • recordings of your interactions with our Online Services, including with our customer service, whether through phone, email, SMS/text message, or chat • pictures and videos of treatment activities^ |
Technical information, such as: |
• Internet Protocol (IP) addresses (which may identify your general geographic location or company) • browser type and browser language • device type • date and time you use our Products and Services • Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving and after leaving our Products and Services • activity and online behavior while on our Products and Services and referring websites or applications, including forms and other information submitted, videos watched, shopping cart contents, your clicks on our site pages, and product descriptions read • data collected from cookies or other similar technologies*** |
Commercial and financial information, such as: |
• bank account number and details^ • customer service records • financial transaction history • financial account number^ • other payment information |
Professional and educational information, such as: |
• job title or position • your employer, company with which you are associated, or principal • working location • National Provider Identifier (NPI) • state medical license number • work skills • employment history • graduate degrees • certifications • specialized training • responses to surveys and questionnaires • enrolment history for our education and training events • records of collaborations with Dexcom, such as participation on an advisory board commissioned by Dexcom • information from references • background checks^ |
Anonymized / de-identified data: |
• Anonymized and/or de-identified data is data for which your individual personal characteristics and information have been removed such that you are not identified or identifiable and the information is no longer considered Personal Data under data protection laws**** |
Where do we get the data? |
|
• you directly • Healthcare Providers • your employer, company with which you are associated, or principal • those authorized to provide Personal Data on your behalf • your references and third parties that assist us in conducting background checks • our security systems (including CCTV) • third parties that provide access to information you make available, such as social media companies • companies conducting non-clinical research such as market research companies • business partners or other third parties that assist us in providing and improving our Products and Services • patients • other clinical investigators and/or members of investigator teams |
|
Why do we process the data? |
|
• to determine your suitability to the role • to assist us with running the clinical trial • to communicate with you • to administer our relationship with your organization • to send you updates • to identify and authenticate you • to customize content for you and tailor your experience when using our Products and Services • to detect security incidents • to protect against malicious, fraudulent, or illegal activity • to ensure the appropriate use of our Products and Services • to improve our Products and Services • for short-term, transient use • for administrative purposes • for marketing • for internal research and development to evaluate the effectiveness of and improve our Products and Services and to develop new products and services • for quality assurance and to assist in training and development of our representatives • in connection with adverse event and complaint tracking and reporting • to procure third party products and services, including to manage and satisfy related third party contractual obligations • to comply with legal and regulatory obligations |
|
What are the Lawful or Legal Bases of Processing? |
|
• for the purposes of our legitimate interests • for medical diagnosis or to provide healthcare or treatment • to comply with legal and regulatory obligations and to establish, exercise, or defend our legal claims and rights • in preparation for or to perform a contract with you • to protect vital interests or in the public interest • for reasons of public health, including ensuring high standards of quality and safety of healthcare, medicinal products, and medical devices • for scientific+ or historical research purposes • in circumstances where we have requested and received consent and for other purposes that may be required or allowed by law* |
|
Who receives the data? |
|
• Dexcom, and our Affiliates • Healthcare Providers • other clinical investigators and/or members of investigator teams • your company / employer • your references and third parties that assist us in hiring and conducting background checks • individuals or entities that you designate or instruct us to share your Personal Data with • third parties who assist with fraud prevention, detection, and mitigation • third parties who assist with our information technology and security programs and our loss prevention programs • Dexcom’s lawyers, auditors, and consultants • Patients and their authorized legal representatives, family members, and caregivers • third parties that assist us in choosing clinical trial investigators • partners that assist us in providing or improving our Products and Services or help us improve our marketing or administration** |
|
Clinical Study Candidates |
We may process your Personal Data to determine whether you qualify for or would be interested in participating in a clinical trial and when you have been identified as a potential candidate for clinical studies sponsored by us. If you are a participant in a clinical study or clinical trial, you should receive a separate privacy notice regarding the Personal Data we process for those purposes. That privacy notice—and not this Notice—governs our processing of such Personal Data once you are chosen for and participating in a trial. |
Examples of the types of data we process (Personal Data that may be considered sensitive is noted with a “^”) |
|
Identity and contact information, such as: |
• first and last name or unique pseudonym • honorifics and titles, preferred form of address • employer / company • email address • postal address • phone number • username or code and password^, security answers^, and user preferences • contact information for related persons, such as authorized users of your account or designated representatives |
Demographic information, such as: |
• age • gender • preferred language • marital status • disability^ • ethnicity^ • date of birth |
Video, audio, and recorded information, such as: |
• still images • video (including via CCTV) • voicemails • recordings of your interactions with our Online Services, including with our customer service, whether through phone, email, SMS/text message, or chat |
Technical information, such as: |
• Internet Protocol (IP) addresses (which may identify your general geographic location or company) • browser type and browser language • device type • date and time you use our Products and Services • Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving and after leaving our Products and Services • activity and online behavior while on our Products and Services and referring websites or applications, including forms and other information submitted, videos watched, your clicks on our site pages, and product descriptions read • data collected from cookies or other similar technologies*** |
Health information, such as: |
• identification of pathologies/diseases^ • areas of interest in medical research^ • medical history and treatment information^ • drug allergies^ • health values taken, such as heart rate and blood pressure^ • pregnancy status^ • location data^ |
Commercial and financial information, such as: |
• Products and Services purchased, obtained, or considered • bank account number and details^ • request documentation • customer service records • financial transaction history • financial account number^ • other payment information |
Anonymized / de-identified data: |
• Anonymized and/or de-identified data is data for which your individual personal characteristics and information have been removed such that you are not identified or identifiable and the information is no longer considered Personal Data under data protection laws**** |
Where do we get the data? |
|
• you directly • Healthcare Providers • those authorized to provide Personal Data on your behalf, such as your caregiver or authorized representative • your devices • our security systems (including CCTV) • third parties that provide access to information you make available, such as social media companies • companies conducting non-clinical research such as market research companies • business partners or other third parties that assist us in providing and improving our Products and Services • clinical investigators and/or members of investigator teams |
|
Why do we process the data? |
|
• to determine your suitability and eligibility for participating in a clinical trial and to determine your interest in participating in a clinical trial • to communicate with you • to administer our relationship with you • to send you updates • to identify and authenticate you • to customize content for you and tailor your experience when using our Products and Services • to detect security incidents • to protect against malicious, fraudulent, or illegal activity • to ensure the appropriate use of our Products and Services • to improve our Products and Services • for short-term, transient use • for administrative purposes • for marketing • for internal research and development to evaluate the effectiveness of and improve our Products and Services and to develop new products and services • for quality assurance and to assist in training and development of our representatives • in connection with adverse event and complaint tracking and reporting • advertising and product promotion, including to contact you regarding programs, Products and Services, and topics that may be of interest or useful • to comply with legal and regulatory obligations |
|
What are the Lawful or Legal Bases of Processing? |
|
• for the purposes of our legitimate interests • to comply with legal and regulatory obligations and to establish, exercise, or defend our legal claims and rights • in preparation for or to perform a contract with you • to protect vital interests or in the public interest • for reasons of public health, including ensuring high standards of quality and safety of healthcare, medicinal products, and medical devices • for scientific+ or historical research purposes • in circumstances where we have requested and received consent and for other purposes that may be required or allowed by law* |
|
Who receives the data? |
|
• Dexcom, and our Affiliates • Healthcare Providers • clinical investigators and/or members of investigator teams • individuals or entities that you designate or instruct us to share your Personal Data with • authorized legal representatives, family members, and caregivers • third parties who assist with fraud prevention, detection, and mitigation • third parties who assist with our information technology and security programs and our loss prevention programs • Dexcom’s lawyers, auditors, and consultants • partners that assist us in providing or improving our Products and Services or help us improve our marketing or administration** |
Employment and Apprenticeship Candidates |
|
We may process your Personal Data when you apply or are a candidate for employment or apprenticeship at Dexcom. |
|
Examples of the types of data we process (Personal Data that may be considered sensitive is noted with a “^”) |
|
Identity and contact information, such as: |
• first and last name or unique pseudonym • honorifics and titles, preferred form of address • employer / company • email address • postal address • phone number • username or code and password^, security answers^, and user preferences • contact information for related persons, such as authorized users of your account or designated representatives • customer number • company ID number such as account number • National Provider Identifier (NPI) |
Demographic information, such as: |
• age • gender • preferred language • disability^ • date of birth |
Technical information, such as: |
• Internet Protocol (IP) addresses (which may identify your general geographic location or company) • browser type and browser language • device type • advertising IDs associated with your device (such as Apple’s Identifier for Advertising (IDFA) or Android’s Advertising ID (AAID)) • date and time you use our Products and Services • Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving and after leaving our Products and Services • activity and online behavior while on our Products and Services and referring websites or applications, including forms and other information submitted, videos watched, shopping cart contents, your clicks on our site pages, and product descriptions read • data collected from cookies or other similar technologies*** |
Professional and educational information, such as: |
• job title or position • your employer, company with which you are associated, or principal • working location • National Provider Identifier (NPI) • state medical license number • work skills • employment history • graduate degrees • certifications • specialized training • responses to surveys and questionnaires • information from references • background checks^ |
Anonymized / de-identified data: |
• Anonymized and/or de-identified data is data for which your individual personal characteristics and information have been removed such that you are not identified or identifiable and the information is no longer considered Personal Data under data protection laws**** |
Where do we get the data? |
|
• you directly • your employer, company with which you are associated, or principal • your references and third parties that assist us in conducting background checks • those authorized to provide Personal Data on your behalf • your devices • our security systems (including CCTV) • third parties that provide access to information you make available, such as social media companies • companies conducting non-clinical research such as market research companies • business partners or other third parties that assist us in providing and improving our Products and Services and in hiring employees and contractors |
|
Why do we process the data? |
|
• to communicate with you • to administer our relationship • to send you updates, including with respect to updates on new employment opportunities • to identify and authenticate you • to detect security incidents • to protect against malicious or illegal activity • for short-term, transient use • for administrative purposes • for marketing • for internal research and development to evaluate the effectiveness of and improve our Products and Services and to develop new products and services • to procure third party products and services, including to manage and satisfy related third party contractual obligations • advertising and promotion, including to contact you regarding programs, Products and Services, and topics that may be of interest or useful to you • to comply with legal and regulatory obligations |
|
What are the Lawful or Legal Bases of Processing? |
|
• for the purposes of our legitimate interests • to comply with legal and regulatory obligations and to establish, exercise, or defend our legal claims and rights • in preparation for or to perform a contract with you • in circumstances where we have requested and received consent and for other purposes that may be required or allowed by law* |
|
Who receives the data? |
|
• Dexcom, and our Affiliates • your references • individuals or entities that you designate or instruct us to share your Personal Data with • third parties who assist with fraud prevention, detection, and mitigation • third parties who assist with our information technology and security programs and our loss prevention programs • third parties that assist us in hiring and conducting background checks • Dexcom’s lawyers, auditors, and consultants • partners that assist us in providing or improving our Products and Services or help us improve our marketing or administration** |
|
Dexcom may process Personal Data of minors who are users of a Dexcom Product. In those instances, Dexcom seeks consent from the minor’s parents or legal guardians to process their Personal Data. Dexcom does not knowingly collect, maintain, disclose, or otherwise process Personal Data from minors below the age of 18 in other circumstances, including through Online Services or Interactions. The below relates solely to the use of Personal Data of children who are users of a Dexcom Product and whose parents or legal guardians have given consent. Where a minor reaches the age of legal capacity, they may contact us at [email protected] to rectify any account changes, modify or withdraw applicable consents, or remove any legal guardians associated with their account. |
|
Examples of the types of data we process (Personal Data that may be considered sensitive is noted with a “^”) |
|
Identity and contact information, such as: |
• first and last name or unique pseudonym • honorifics and titles, preferred form of address • email address • postal address • phone number • username or code and password^, security answers^, and user preferences • contact information for related persons, such as authorized users of your account |
Demographic information, such as: |
• age • gender • preferred language • disability^ • ethnicity^ • date of birth |
Video, audio, and recorded information, such as: |
• still images • video (including via CCTV) • recordings of your calls with our customer service representatives • voicemails • recordings of your interactions with our Online Services, whether through email, SMS/text message, or chat • pictures and videos of treatment activities^ |
Technical information, such as: |
• Internet Protocol (IP) addresses (which may identify your general geographic location or company) • browser type and browser language • device type • date and time you use our Products and Services^ • Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving and after leaving our Products and Services • activity and online behavior while on our Products and Services and referring websites or applications, including forms and other information submitted, videos watched, shopping cart contents, your clicks on our site pages, and product descriptions read^ • data collected from cookies or other similar technologies*** |
Health information, such as: |
• genetic information^ • glucose readings and related date, time, and device identifier related to that reading^ • thresholds entered into our Products and notifications associated with such thresholds^ • identification of pathologies/diseases^ • identification number associated with your Products, including the serial identification numbers associated with any receiver and transmitter provided^ • areas of interest in medical research^ • treatment dates^ • medical history and treatment information^ • patient-reported outcome measures (for example, responses to questionnaires and surveys about your health or treatment)^ • X-rays, magnetic resonance imaging, and medical scans^ • user activity^ • therapy completion and use details^ • communications with your Healthcare Provider, including audio, video, or other recordings from telehealth sessions^ • drug allergies^ • prescriptions and dosing^ • health values taken, such as heart rate and blood pressure^ • adverse event information^ • health insurance information and other information on payment for healthcare services^ • pregnancy status^ • contact information for designated recipients of your health information • location data^ • pictures and videos of treatment activities^ • patient ID number^ |
Commercial and financial information, such as: |
• Products and Services obtained or considered |
Anonymized / de-identified data: |
• Anonymized and/or de-identified data is data for which your individual personal characteristics and information have been removed such that you are not identified or identifiable and the information is no longer considered Personal Data under data protection laws**** |
Where do we get the data? |
|
• you directly • your legal guardian • Healthcare Providers • Clinical investigators and/or members of investigator teams • those authorized to provide Personal Data on your behalf, such as your caregiver or authorized representative • your devices • our security systems (including CCTV) • third parties that provide access to information you make available, such as social media • companies conducting non-clinical research such as market research companies • business partners or other third parties that assist us in providing and improving our Products and Services |
|
Why do we process the data? |
|
• to enroll you in our programs and provide you with our Products and Services • to communicate with you • to administer our relationship with you • to send you updates • to identify and authenticate you • to detect security incidents • to protect against malicious or illegal activity • to ensure the appropriate use of our Products and Services • to improve our Products and Services • for short-term, transient use • for administrative purposes • for quality assurance • for marketing • for internal research and development to evaluate the effectiveness of and improve our Products and Services and to develop new products and services • to determine and verify program and Products and Services eligibility and coverage • in connection with adverse event and complaint tracking and reporting • to procure third party products and services, including to manage and satisfy related third party contractual obligations • advertising and product promotion, including to contact you regarding programs, Products and Services, and topics that may be of interest or useful • to comply with legal and regulatory obligations |
|
What are the Lawful or Legal Bases of Processing? |
|
• for the purposes of our legitimate interests • for medical diagnosis or to provide healthcare or treatment • to comply with legal and regulatory obligations and to establish, exercise, or defend our legal claims and rights • in preparation for or to perform a contract with you • to protect vital interests or in the public interest • for reasons of public health, including ensuring high standards of quality and safety of healthcare, medicinal products, and medical devices • for scientific+ or historical research purposes; note: for Clinical Studies, see the Clinical Study Candidates section of this Notice • in circumstances where we have requested and received consent and for other purposes that may be required or allowed by law* |
|
Who receives the data? |
|
• Dexcom, and our Affiliates • Healthcare Providers • individuals or entities that you designate as “followers” within our Products and Services • individuals or entities that you designate or instruct us to share your Personal Data with • authorized legal representatives, family members, and caregivers • third parties whose products or services that you choose to integrate into our Products and Services, including any connected insulin pens or pumps • third parties whose products or services within which you choose to access or otherwise integrate our Products and Services, or the data generated from our Products and Services, including third party health applications • third parties who assist with fraud prevention, detection, and mitigation • third parties who assist with our information technology and security programs and our loss prevention programs • Dexcom’s lawyers, auditors, and consultants • partners that assist us in providing or improving our Products and Services or help us improve our marketing or administration** |
*The legal bases relied upon by Dexcom include those enumerated in Articles 6 and 9 of the European Union’s General Data Protection Regulation (GDPR).
**In limited circumstances, recipients may include, (1) in the event of a sale, assignment, merger, consolidation, corporate reorganization, or transfer, to the buyer, assignee, or transferee; and (2) government or regulatory officials, law enforcement, courts, public authorities, or others when permitted by this Notice or required by law. Further information regarding the circumstances under which we may share your Personal Data based on our legal requirements is below under the header “Sharing your Personal Data Based on Legal Requirements.”
***Please see our Cookie Policy for more information on how we use cookies and similar technologies.
****This includes the removal of identifiers from protected health information required under the Health Insurance Portability and Accountability Act (“HIPAA”), 45 CFR § 164.514(b)(2). We will not attempt to reidentify you or anyone else from this de-identified data, and if we disclose it to third parties, we will require that they not attempt to reidentify you or anyone else from the de-identified data.
+ When we discuss scientific research within this Notice, we mean research performed in order to assess quality assurance, case studies, and research to improve our Products and Services, including usability research. This does not refer to clinical studies, the creation of generalizable knowledge, or the development of information for regulatory approval of new medical devices, all of which may be subject to a separate notice.
Sharing Your Personal Data Based on Legal Requirements
Dexcom takes its legal obligations to ensure the ongoing safety of its medical devices seriously. As a result, we may be required from time to time to share Personal Data with regulatory authorities responsible for the quality and safety of medical devices. We only share your Personal Data in connection with such requests when we are legally required to do so, and, when possible, we de-identify, pseudonymize, aggregate, and/or anonymize the Personal Data before it is shared.
In addition, we may be required to disclose your Personal Data to respond to requests from a competent law enforcement body, regulatory or government agency, court, or other third party where we believe the disclosure is necessary or appropriate to:
· comply with a regulatory requirement, judicial proceeding, court order, government request, or legal process served on us;
· protect the safety, rights, or property of our customers, the public, Dexcom, or others;
· exercise, establish, or defend Dexcom’s legal rights;
· investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of this Privacy Notice;
· prepare for or conduct a business transaction or reorganization, such as a merger, acquisition, joint venture, financing or sale of company assets, reorganization or in the unlikely event of our bankruptcy, receivership, or insolvency; or
· produce as evidence in litigation in which we are involved.
Your Personal Data may be subject to U.S. laws, as well as laws of other places and jurisdictions, and may be shared or accessible by the governments, courts, law enforcement, regulatory agencies, and others of each and/or every of those places or jurisdictions as described above.
Special Note to Individuals in the United States
If you are a patient, please note that this Notice is distinct from our, as well as your Health Care Provider’s, HIPAA Notice of Privacy Practices, which describes how we or your Healthcare Provider use and disclose your protected health information, as well as any other privacy practices applied. Please see our Notice of Privacy Practices for more information. For additional information about our processing of consumer health data beyond your HIPAA-covered protected health information, please refer to our Consumer Health Data Privacy Policy.
ADDITIONAL U.S. STATE PRIVACY DISCLOSURES
This section contains additional information relevant to residents of certain US states that have their own laws and regulations regarding data privacy, including the rights that may be available to residents of these states upon the effective dates of the state laws and regulations. This content supplements our Privacy Notice and includes our Notice at Collection under California law.
This section does not address or apply to information or practices that are not subject to the currently effective state privacy laws, such as publicly available information; data that is not considered personal information; certain health information governed by HIPAA (which is governed by our Notice of Privacy Practices found at https://www.dexcom.com/notice-of-privacy-practices) and other state and federal laws; activities covered by the Fair Credit Reporting Act. Separately, information on our processing of Personal Data about job applicants and employees can be found on our careers’ page and on our Company intranet, respectively.
Personal Data Disclosures, Sales and Targeted Advertising
We collect and disclose Personal Data in the ways described in the Personal Data Collected, Purposes, and Recipients section above. Our disclosure of Personal Data to the following categories of third parties qualifies as the “sale” of Personal Data or the sharing or processing of Personal Data for the purpose of displaying advertisements that are selected based on Personal Data obtained or inferred over time from an individual’s activities across businesses or distinctly-branded websites, applications, or other services (otherwise known as “targeted advertising” or “cross-context behavioral advertising”) under certain privacy laws:
- advertising networks
- social networks
Any such sharing or sale will be in accordance with applicable legal requirements. Depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to limit or opt-out of the sale of Personal Data or the processing of Personal Data for purposes of targeted advertising (as described in the Your U.S. Privacy Choices section below).
We do not “sell” the personal information of known minors under 18 years of age or share such information for targeted advertising purposes.
Sensitive Personal Data
The following Personal Data elements we collect may be classified as “sensitive” under certain privacy laws:
- Account log-in, financial account, debit card or credit card number in combination with any required security or access code, password or credentials allowing access to an account.
- Race, ethnicity or national origin
- Genetic data
- Health data, including information regarding an individual’s medical history, physical health condition, or medical treatment or diagnosis
- Personal information collected from a known child under the age of 18
We use this Sensitive Personal Data as set forth in the Personal Data Collected, Purposes, and Recipients section above. Depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to limit, or withdraw your consent for, our processing of Sensitive Personal Data (as described in the Your U.S. Privacy Choices section below).
Deidentified Information
We may at times receive, or process personal data to create, deidentified information that can no longer reasonably be used to infer information about, or otherwise be linked to, a particular individual or household. Where we maintain deidentified information, we will maintain and use the information in deidentified form and not attempt to reidentify the information except as required or permitted by law.
Depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to exercise some or all of the following rights:
· Right to Know/Access: To confirm whether or not we are processing your Personal Data and to access it.
· Right to Correction: To correct inaccuracies in your Personal Data, taking into account the nature of the Personal Data and the purposes of the processing of your Personal Data.
· Right to Deletion: To delete Personal Data provided by, obtained about, or concerning you.
· Right of Portability: To obtain a copy of the Personal Data in a portable and, to the extent technically feasible, readily usable format that allows you to transmit your Personal Data to another controller or business where the processing does not disclose trade secrets.
· Right to Control Over Sensitive Personal Data: The right to exercise control over our collection and processing of certain Sensitive Personal Data.
· Right to Opt-Out of Targeted Advertising: To opt-out of the use and sharing of your Personal Data for certain targeted advertising purposes,
· Right to Opt-Out of Sales: The right to direct us not to sell personal data to third parties. The “sale” of Personal Data is broadly defined under certain laws to encompasses an exchange for valuable consideration. However, we do not "sell" any consumer data in the traditional sense for monetary compensation.
Submitting Privacy Rights Requests
Please submit a request specifying the right you wish to exercise by:
- Completing our online form found here; or
- Calling out toll-free U.S. telephone number: 1-844-832-1810
- Writing to us at:
Dexcom, Inc.,
Attn: Data Privacy Officer
6340 Sequence Drive
San Diego, CA 92121,
United States of America.
To exercise your right to opt-out as it relates to the use of cookies and related technologies that involve the “sale” of Personal Data or the use and sharing of Personal Data for targeted advertising purposes, please click the Your Privacy Choices link in the footer of our website or access our cookie preference manager and select your choices. If you are visiting our site with the Global Privacy Control enabled, any cookies that constitute sales or are used for targeted advertising should already be turned off automatically in our cookie preference manager.
In addition, you can opt-out of cookie-based sales by businesses that participate in the Digital Advertising Alliance (DAA) by visiting: www.aboutads.info/choices and youradchoices.com/appchoices. You can also opt-out of cookie-based sales by businesses that participate in the DAA’s CCPA Opt-Out Tool by visiting https://www.privacyrights.info/.
Please note that these opt-out mechanisms are browser and device specific. If you wish to opt-in and/or opt-out of interest-based advertising across browsers and devices, you need to make your choices in each browser and device you use.
To opt-out of any other potential “sale” of Personal Data or the use and sharing of Personal Data for targeted advertising purposes, please submit a request through our webform or write to us at Dexcom, Inc., Attn: Data Privacy Officer, 6340 Sequence Drive, San Diego, CA 92121, United States of America.
Please be aware that if you opt out of receiving interest-based advertising, you will still be served with advertisements, but they will no longer be targeted to your specific interests gathered across different websites over time.
Before processing your request to exercise certain rights (including the Right to Know, Access & Portability, Correction, and Deletion), we will need to verify your identity and confirm you are a resident of a state that offers the requested right(s). In order to verify your identity, we will generally either require the matching of sufficient information you provide us to the information we maintain about you in our systems. As a result, we recommend including the following information in connection with requests submitted through our online form and toll-free number: first and last name, email address, phone number, state of residency and/or the date of your last transaction with us.
In certain circumstances, we may decline or limit your request, particularly where we are unable to verify your identity or locate your information in our systems, or where you are not a resident of one of the eligible states.
Instructions for Authorized Agents and Parents Making Requests
You may also use an authorized agent to submit requests on your behalf. Authorized agents may submit such requests at https://privacyrequest.dexcom.com/privacy. An authorized agent must have your signed permission to submit a request on your behalf. Before completing requests from authorized agents, we may contact you directly to confirm you’ve given your permission and/or to verify your identity.
If you wish to submit a privacy request on behalf of your minor child in accordance with applicable law, you must provide sufficient information to allow us to reasonably verify your child is the person about whom we collected Personal Data and you are authorized to submit the request on your child’s behalf
Right Against Discrimination: Depending on your state of residency, you may also have the right to not receive retaliatory or discriminatory treatment in connection with a request to exercise the above rights.
Right to Appeal: If we decline or are unable to take action regarding your request, we will notify you by providing our reasons. Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request. All appeal requests should be submitted by emailing us at [email protected] with the subject line, “Privacy Request Appeal.”
In the event that we decline to take action on a request exercising one of your rights set forth above, you may have the right to appeal our decision to your local Attorney General.
- Colorado Residents: If your appeal is denied, you may contact the Colorado Attorney General to address your concerns here.
- Connecticut Residents: If your appeal is denied, you may contact the Connecticut Attorney General to submit a complaint here.
- Virginia Residents: If your appeal is denied, you may contact the Virginia Attorney General to submit a complaint here.
CALIFORNIA RESIDENTS
The following disclosures only apply to residents of the state of California.
Categories of Personal Information We Collect
California law requires we provide disclosures to you about what personal data we collect by reference to the enumerated categories of personal data set forth within California law. We may collect the following categories of personal information via our Services:
· Identifiers such as name, postal address, phone number, email address, online identifiers;
· Internet, network or other electronic activity information relating to your interaction with our websites or advertisements;
· Audio, electronic, visual or similar information (such as CCTV or video information if you visit a physical site or event);
· Sensitive Personal Data, as described above; and
· Inferences drawn from any of the information above to create a profile about a consumer reflecting the consumer’s preferences and characteristics.
NEVADA RESIDENTS
If you are a resident of the state of Nevada in the United States, you have the right to opt out of the sale of your Personal Data. Although we do not currently sell personal data of Nevada residents (as defined under Nevada law), you may submit a request to opt-out of the sale of your personal data by emailing us at [email protected].
Marketing, Cookies, and Analytics
To the extent permitted by law, including with your consent where required, we may engage in the following activities:
· We may use your contact details to contact you to determine whether you would like to initiate a business relationship with us or to send you marketing emails. If you do not wish to receive such marketing emails, you may opt out by declining to receive such emails when registering, in our subsequent communications by following opt-out or unsubscribe instructions included in the email, by contacting us at [email protected], or at other information collection points while using the Online Services.
· We may collect Personal Data automatically through cookies and other technologies to provide functionality to our Products and Services; to recognize you across devices when using our Products and Services; in each case where this is justified under applicable data protection law for our legitimate business purposes or with consent, where required. These legitimate business purposes include evaluating information about the use of our Products and Services and identifying trends; developing or enhancing our Products and Services; providing an experience tailored to you when you use our Products and Services; effecting certain security controls; and identifying the advertisements and offers we think may interest you so that we may display them to you when you use our Products and Services.
· We may display advertisements to you regarding Products and Services that we believe are relevant to you based on your activities while using our Products or Services or on other web or digital properties. Such advertisements may be shown to you while you are using our Products or Services or while you are using the online services of others. We achieve this by using, and allowing third parties (including social media companies) to use certain cookies, eTags, pixels, web beacons, and other tracking technologies to track your activities while using our Products or Services or while using other online services. For more information about these activities and how to manage or opt out of them, please see our Cookie Policy or contact us.
· We may make offers to you based on your activities or interactions with Dexcom that are not through online Products and Services (for example, regional offers based on the location of your office listed on order forms).
· We also perform statistical analyses of the users of our Products and Services to improve the functionality, content, design, and navigation of the Products and Services.
With respect to browser-based identifiers, in order to opt-out of advertising and analytics cookies/pixels on the browser level please navigate to dexcom.com and click on the blue and white shield icon in the lower left-hand corner of the website. Please confirm your choices in the window that appears and click on “Confirm My Choices”.
You may be able to opt out of or revoke your consent to, as applicable, receiving web-based personalized advertisements from companies who are members of the Network Advertising Initiative by going to http://optout.networkadvertising.org/?c=1 or participate in the Digital Advertising Alliance Self-Regulatory Program by going to http://www.aboutads.info/.
In addition, if you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to automatically decline cookies or be given the choice of declining or accepting the transfer to your computer of a particular cookie (or cookies) from a particular site. Visit http://www.allaboutcookies.org/manage-cookies/index.html for more information. If, however, you do not accept these cookies, you may experience some inconvenience in your use of the Products and Services. For example, we may not be able to recognize your computer, and you may need to log in every time you visit.
Processing Using Website Tracking
On certain of our websites, we use Google Analytics to help us understand how users engage with this and other of our websites. Google Analytics may track your activity in connection with our Online Services (specifically, the web pages you have seen and the links you have clicked on) and helps us measure how you interact with the content that we provide. This information is used to compile reports and to help us improve the Online Services. The reports we receive disclose website trends without identifying individual visitors. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/, and you can exercise the opt-out provided by Google by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout or as described in our Cookie Policy. We will not undertake such activities without your consent where such consent is required.
Do-Not-Track Signals and GPC Signals
Certain web browsers and other programs may transmit “opt-out” signals, also called a Global Privacy Control (or GPC) signals or Do-Not-Track signals , to websites with which the browser communicates. Please note that we do not have the ability to recognize or honor browser do-not-track or similar signals at this time.
We will process the GPC signal as a request to opt out of the sale or sharing of personal information and a request to opt out of the use of personal information for targeted advertising where applicable.
Interactive Features of our Websites
To the extent we offer any public or group forums on our Products and Services, such as newsfeeds, blogs, message boards, or similar tools (Interactive Features), the posts or comments you make may be public and viewed by others. You should use care before posting information about yourself, including Personal Data. Because these are public postings, you should have no expectation of privacy or confidentiality in the content you submit to Interactive Features in connection with the Products and Services. Your disclosure of any Personal Data through the Interactive Features is at your own risk.
Service Providers and Third Parties
Service providers or vendors (or processors) acting on our behalf must execute agreements requiring them to maintain confidentiality and to process Personal Data only to provide the services to us and in a way that aligns with this Notice, other applicable privacy notices, and as explicitly permitted or required by applicable laws, rules, and regulations. Our processors and subprocessors can be located in the United States, Canada, UK, Europe, Australia, Japan, South Korea, and the Philippines, among other locations.
Combination of Data with Data Received from Third Parties and Affiliates
We may combine information we collect, including Personal Data, with Personal Data that we may obtain from third parties. Dexcom may jointly use your Personal Data to provide you with the Products and Services requested, including joint use with Dexcom affiliates, as well as third parties who assist or partner with us to provide you with Products and Services. For the specific affiliates or third parties who may jointly use your data, please contact us.
Links to Other Websites
Our Products and Services may contain links to other websites, applications, products, or services that are not owned or operated by Dexcom. Such links do not imply an endorsement with respect to any third party, any website, or the products or services provided thereby. You should carefully review the privacy policies and practices of other websites, products, and services as we cannot control and are not responsible for privacy policies, notices, or practices of third party websites, applications, products, and services.
Your Rights Regarding Your Personal Data
Depending on where you live, you may have the following rights with respect to some or all of your Personal Data:
• To request information about whether, and how, we process your Personal Data
• To request access to and a copy of your Personal Data, including to provide your Personal Data directly to another organization (called, in some locations, a right to data portability)
• To request that we correct or update your Personal Data
• To request that we delete your Personal Data
• To request that we restrict or block or to object to or opt-out of the processing of your Personal Data, including your sensitive Personal Data
• To appeal the denial of a request; and
• To lodge a complaint with the data protection authority in your jurisdiction.
In the event you wish to make a complaint about how we process your Personal Data or to appeal the denial of one of your requests, please contact us. Even if you make a complaint to us, you may always lodge a complaint with the relevant privacy or data protection authority in your location.
We will not discriminate against you for exercising any of the rights described above, although we may not be able to continue to provide you with certain Products and Services or it may otherwise affect the way we are able to interact with you.
We will make reasonable efforts to respond promptly to your requests. We may, after receiving your request, require additional information from you to honor your request and verify your identity. Please be aware that we may be unable to afford these rights to you under certain circumstances, such as if we are legally prevented from doing so.
When we receive your Personal Data from others, including your Healthcare Provider, and process your Personal Data on their behalf, we may do so at their request and subject to their instructions. In that case, we do not have control over their privacy and security practices and processes. If your Personal Data has been submitted to us by a third party, we may need to ask you to contact them directly or we may be able to contact them on your behalf. If we need you to contact them directly, we will let you know.
Safeguarding Personal Data
Consistent with applicable laws and requirements, Dexcom has put in place physical, technical, and administrative safeguards designed to protect Personal Data from loss, misuse, alteration, theft, unauthorized access, and unauthorized disclosure consistent with legal obligations and industry practices. However, as is the case with all websites, applications, products, and services, we unfortunately are not able to guarantee security for data collected through our Products and Services. In addition, it is your responsibility to safeguard any passwords, identification or ID numbers, or similar individual information associated with your use of the Products and Services.
How Long Your Personal Data Will Be Kept
We generally retain Personal Data for as long as needed for the specific purpose or purposes for which it was collected or obtained, and as outlined in this Notice. In some cases, we may be required to retain Personal Data for a longer period of time by law or for other necessary or required purposes. Whenever possible, we aim to de-identify or anonymize your Personal Data or otherwise remove some or all information that may identify you from records that we may need to keep for periods beyond the specified retention period. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject that affects the length of time we need to keep your Personal Data; and (iii) whether retention is determined to be necessary for Dexcom due to limitation periods, litigation, or other legal or regulatory obligations. Dexcom takes reasonable steps to dispose of Personal Data upon the expiration of retention periods, taking into consideration these litigation, legal, or regulatory obligations.
Transfer of Personal Data
We operate in various countries throughout the world, including, but not limited to, the United States, Canada, the United Kingdom, Australia, the European Union, Japan, South Korea, and the Philippines. Please be aware that Personal Data we collect and process may be transferred and maintained outside your state, province, country, or other jurisdiction, country, or location where the privacy laws may not be as protective as those in your location, including the United States. Dexcom has put in place lawful transfer mechanisms and appropriate safeguards, in accordance with its legal requirements, to protect your Personal Data, including but not limited to Standard Contractual Clauses. Where you have given consent for optional services available in our mobile applications, we transfer your Personal Data under standard or model contractual clauses approved or required by the relevant country or jurisdiction that provide certain obligations to protect your Personal Data, along with additional appropriate technical safeguards where necessary.
Changes to This Privacy Notice
We reserve the right to change this Notice from time to time. We will alert you when changes have been made by indicating the date this Notice was last updated as the date the Notice became effective or as otherwise may be required by law. It is recommended that you periodically revisit this Notice to learn of any changes.
Contact Us
If you have questions or comments about this Notice or about how your Personal Data is processed, or to exercise your privacy rights, please contact us by one of the methods below:
Privacy Portal: Linked here.
United States
Email: [email protected]
Mail: Dexcom, Inc.
Attn: Data Privacy Officer
6340 Sequence Drive
San Diego, CA 92121
United States of America
Phone: 1-844-832-1810
Canada
Email: [email protected]
Mail: Dexcom, Inc.
501-4445 Lougheed Highway
Burnaby, BC V5C 0E4
Canada
Europe
Email: [email protected]
Mail: Dexcom Deutschland GmbH
Attention: Data Protection Officer
Dexcom Deutschland GmbH
Haifa-Allee 2
55128 Mainz
Germany
Dexcom Affiliates and List of Dexcom Controllers
Below is the list of companies that are currently affiliated with or owned by Dexcom, Inc., and these companies may be responsible for processing your Personal Data
Dexcom Entity |
Address |
DexCom, Inc. |
6340 Sequence Drive San Diego, CA 92121 |
DexCom International Ltd |
1 Tanfield Suite 6, Edinburgh, Scotland EH3 5DA |
DexCom (UK) Operating Limited |
1 Tanfield Suite 6, Edinburgh, Scotland EH3 5DA |
DexCom (UK) Distribution Ltd. |
1 Tanfield Suite 6, Edinburgh, Scotland EH3 5DA |
DexCom Canada, Co. |
900-1959 Upper Water Street Halifax NS B3J 3N2 Canada |
Dexcom Deutschland GmbH |
Haifa-Allee 2 Mainz, Germany 55128 |
Nintamed Handels GmbH |
Europaring F16 103 2345 Brunn am Gebirge Austria |
DexCom Philippines, Inc. |
Ecoprime Building, 32nd St. Corner 9th St. Bonifacio Global City, Taguig, Metro Manila, Philippines |
DexCom Asia Pacific Operations Pte. Ltd. |
400 Orchard Road, #03-33 Orchard Towers Singapore 238875 |
DexCom (Malaysia) Sdn. Bhd. |
No. 9A, Jalan Medan Tuanku Medan Tuanku, Wilayah Persekutuan Kuala Lumpur, Malaysia 50300 |
Dexcom Lithuania UAB |
Šeimyniškių g. 19-201, LT-09236 Vilnius |
Australasian Medical & Scientific Limited |
2 McCabe Pl Chatswood NSW 2067 Australia |
New Zealand Medical & Scientific Limited |
2A Fisher Crescent, Mount Wellington Auckland 1060 New Zealand |
Liesno Buno, S.L. |
Avda. de Aragon 330, Las Mercedes North Module, Floor 4, Building 6, 28022 Madrid, Spain |
Dexcom France SAS |
9 Rue du Quatre Septembre 75002 Paris 2, France |
Dexcom UK Ltd. |
1 Tanfield Suite 6, Edinburgh, Scotland EH3 5DA |
Dexcom (UK) Intermediate Holdings, Ltd. |
1 Tanfield Suite 6, Edinburgh, Scotland EH3 5DA |
DexCom Japan G.K. |
#910 Ebisu Green Glass Building, 1-1, Ebisuminami 3-Chome, Shibuya-ku, Tokyo |