Updated: 30 October 2020 – Data Privacy Notice WEAR WHITE AGAIN
This Privacy Notice informs you of important information about how Hologic Ltd and our family of companies (together, “Hologic” “we” or “our”) process the personal data that we collect when using the Website WEAR WHITE AGAIN.
Hologic is comprised of Hologic Ltd and its group of subsidiary companies which are different legal entities. These Disclosures are issued on behalf of this group of entities so when we mention ”Hologic”, “we”, “us” or “our” in this Privacy Notice, we are referring to the relevant company in the group responsible for processing your data. The controller for your data will be identified when you purchase a product or service or interact with us.
The data controller responsible for this website is Hologic Ltd. Heron House, Oaks Business Park, Crewe Rroad, Wythenshawe, Manchester, M23 9HZ, UK.
Our General Data Privacy Statement of the Hologic Group you can find here https://www.hologic.com/privacy-policy.
When we use the term “Services” we mean to refer collectively to:
- The provision of medical technology and related services to our customers including technical support (“Customer Services”);
- The websites owned and controlled by us that link to this Privacy Notice (“Sites”); and
- Interactions with prospective customers and marketing and business development activities, including events we host, social media properties we operate, and emails that we send (“Marketing Activities”).
When we use the term “personal data” we mean data that reasonably can be used to identify a person, or that reasonably relates to a person.
How we collect and use personal data
We collect and process personal data about a number of different individuals through the provision of the Services. These individuals include our customers, prospective customers and others who may be interested in our products and services, visitors to our offices, visitors to our Sites, vendors, and other individuals.
Contact possibility via the Site: The Site contains information that enables a quick electronic contact to us, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.
Social media platforms: Social media channels, pages and blogs offered as a service to users of the Services (“Social Media”) are hosted by third-party vendors. Those vendors normally require registrants to provide personal data, including name and email address among other kinds of information. This personal data is not collected by us, but may be shared with us. We use this personal data to manage our online communities and for other purposes set forth in this Privacy Notice.
Use of Facebook
On this Site, the controller has integrated components of the enterprise Facebook. Facebook is a social network.
A social network is a place for social meetings on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences, or enable the Internet community to provide personal or business-related information. Facebook allows social network users to include the creation of private profiles, upload photos, and network through friend requests.
The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a person lives outside of the United States or Canada, the controller is the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
With each call-up to one of the individual pages of this Site, which is operated by the controller and into which a Facebook component (Facebook plug-ins) was integrated, the web browser on the information technology system of the data subject is automatically prompted to download display of the corresponding Facebook component from Facebook through the Facebook component. An overview of all the Facebook Plug-ins may be accessed under https://developers.facebook.com/docs/plugins/. During the course of this technical procedure, Facebook is made aware of what specific sub-site of our Site was visited by the data subject.
If the data subject is logged in at the same time on Facebook, Facebook detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-site of our Internet page was visited by the data subject. This information is collected through the Facebook component and associated with the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our website, e.g. the “Like” button, or if the data subject submits a comment, then Facebook matches this information with the personal Facebook user account of the data subject and stores the personal data.
Facebook always receives, through the Facebook component, information about a visit to our Site by the data subject, whenever the data subject is logged in at the same time on Facebook during the time of the call-up to our Site. This occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of information to Facebook is not desirable for the data subject, then he or she may prevent this by logging off from their Facebook account before a call-up to our website is made.
The data protection guideline published by Facebook, which is available at https://facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. In addition, it is explained there what setting options Facebook offers to protect the privacy of the data subject. In addition, different configuration options are made available to allow the elimination of data transmission to Facebook. These applications may be used by the data subject to eliminate a data transmission to Facebook.
Inclusion of You Tube videos
On our Site we use components (videos) of YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, a company belonging to Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA.
YouTube videos are embedded on the Site in privacy-enhanced mode. When the video is played the following data are transmitted to Google, which operates YouTube:
- the IP address;
- the specific address of the page accessed on our Site;
- the browser identifier transmitted;
- system date/time of the visit and
- pre-existing cookies that can be used to uniquely identify your browser.
Cookies and pixel tags used to customize advertisements and search results are only set by YouTube when the video plays. No information is stored by YouTube about visitors to the website unless they view the video. Please note that Google may receive additional data via cookies that are already stored. We have no control over how these data are used by Google. Google Inc. is responsible for collecting and processing these data.
For further information to YouTube and Data Privacy see https://www.youtube.com/yt/about/policies/#community-guidelines
For further information to Google and Data Privacy see https://policies.google.com/privacy?hl=en&gl=en
Use of Instagram
On this Site, we have integrated components of the service Instagram. Instagram is a service that may be qualified as an audiovisual platform, which allows users to share photos and videos, as well as disseminate such data in other social networks.
The operating company of the services offered by Instagram is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.
With each call-up to one of the individual pages of this Site and on which an Instagram component (Instagram button) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to the download of a display of the corresponding Instagram component of Instagram. During the course of this technical procedure, Instagram becomes aware of what specific sub-page of our website was visited by the data subject.
If the data subject is logged in at the same time on Instagram, Instagram detects with every call-up to our Site by the data subject—and for the entire duration of their stay on our Site—which specific sub-page of our Site was visited by the data subject. This information is collected through the Instagram component and is associated with the respective Instagram account of the data subject. If the data subject clicks on one of the Instagram buttons integrated on our Site, then Instagram matches this information with the personal Instagram user account of the data subject and stores the personal data.
Instagram receives information via the Instagram component that the data subject has visited our website provided that the data subject is logged in at Instagram at the time of the call to our website. This occurs regardless of whether the person clicks on the Instagram button or not. If such a transmission of information to Instagram is not desirable for the data subject, then he or she can prevent this by logging off from their Instagram account before a call-up to our Site is made.
Further information and the applicable data protection provisions of Instagram may be retrieved under https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.
Use of Twitter
On this Site, we have integrated components of Twitter. Twitter is a multilingual, publicly-accessible microblogging service on which users may publish and spread so-called ‘tweets,’ e.g. short messages, which are limited to 280 characters. These short messages are available for everyone, including those who are not logged on to Twitter. The tweets are also displayed to so-called followers of the respective user. Followers are other Twitter users who follow a user’s tweets. Furthermore, Twitter allows you to address a wide audience via hashtags, links or retweets.
The operating company of Twitter is Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07, Ireland.
With each call-up to one of the individual pages of this Site and on which a Twitter component (Twitter button) was integrated, the internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding Twitter component of Twitter. Further information about the Twitter buttons is available under https://about.twitter.com/de/resources/buttons. During the course of this technical procedure, Twitter gains knowledge of what specific sub-page of our Site was visited by the data subject. The purpose of the integration of the Twitter component is a retransmission of the contents of this Site to allow our users to introduce this web page to the digital world and increase our visitor numbers.
If the data subject is logged in at the same time on Twitter, Twitter detects with every call-up to our Site by the data subject and for the entire duration of their stay on our Internet site which specific sub-page of our Internet page was visited by the data subject. This information is collected through the Twitter component and associated with the respective Twitter account of the data subject. If the data subject clicks on one of the Twitter buttons integrated on our Site, then Twitter assigns this information to the personal Twitter user account of the data subject and stores the personal data.
Twitter receives information via the Twitter component that the data subject has visited our Site, provided that the data subject is logged in on Twitter at the time of the call-up to our Site. This occurs regardless of whether the person clicks on the Twitter component or not. If such a transmission of information to Twitter is not desirable for the data subject, then he or she may prevent this by logging off from their Twitter account before a call-up to our website is made.
The applicable data protection provisions of Twitter may be accessed under https://twitter.com/privacy?lang=en.
Use of Hotjar
You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.
Use of Google Analytics
Our Site uses Google Analytics, operated by Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
For further information to Google and Data Privacy see https://policies.google.com/privacy?hl=en&gl=en
Additional uses of personal data
In addition to the uses described above, we may use your personal data for the following purposes. Some of these uses may, under certain circumstances, be based on your consent, may be necessary to fulfill our contractual commitments to you, are necessary to serve our legitimate interests in the following business operations, or to comply with our legal obligations:
- Operating our business, administering the Services and managing your accounts;
- Contacting you to respond to your requests or inquiries;
- Providing you with newsletters, articles, alerts and announcements, event invitations, and other information that we believe may be of interest to you;
- Providing you with marketing information, and other information that is tailored to your interests;
- Conducting research, surveys, and similar inquiries to help us understand trends and customer needs;
- Analyzing your interactions with us, and improving our products, services, programs, and other offerings;
- Preventing, investigating, or providing notice of fraud, unlawful or criminal activity, or unauthorized access to or use of Personal Information, our website or data systems; or to meet legal obligations; and
How we share and disclose personal data
We share personal data with the following categories of recipients.
Service Providers: We may disclose your personal data to third-party service providers to provide us with services such as website hosting, professional services, including information technology services and related infrastructure, customer service, e-mail delivery, auditing and other similar services.
Affiliates: We may disclose personal data to our affiliates for the purposes described in this Privacy Notice, including for their marketing purposes, and to be consistent with our goal of providing our the superior customer service and engagement experience that our customers have come to expect from us around the world.
Authorized Distributors: In some regions, we sell our products through distributors rather than directly to buyers. In these regions, we may disclose personal data in order to provide the Services, complete transactions, address product deliver and warranties.
To Perform Customer Services: We may disclose personal data to third parties in order to perform services you request or functions you initiate, such as when you post information and materials on message boards and forums.
Corporate Transactions or Events: We may disclose your information to a third party in connection with a corporate reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or capital, including in connection with any bankruptcy or similar proceedings.
Other Legal Reasons: In addition, we may use or disclose your personal data as we deem necessary or appropriate: (1) under applicable law, including laws outside your country of residence; (2) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (3) to comply with subpoenas and other legal processes; (4) to pursue available remedies or limit damages we may sustain; (5) to protect our operations or those of any of our affiliates; (6) to protect the rights, privacy, safety or property of Hologic, our affiliates, you and others; and (7) to enforce our terms and conditions.
We retain personal data pursuant to our records retention program, for as long as is necessary for the purposes set out in the Hologic Privacy Notice, unless a longer period is required under applicable law or is needed to resolve disputes or protect our legal rights, in accordance with the principles set forth in Article 5(1) of the GDPR.
The criteria used to determine the period for which personal data about you will be stored varies depending on the legal basis under which we process such personal data:
|For a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of the data subjects.|
|Contractual Necessity||For the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the limitation period for legal claims that could arise from the contractual relationship.
|For the duration of time we are legally obligated to keep the information.|
|Consent||For the period of time necessary to fulfill the underlying agreement with you, subject to your right, under certain circumstances, to have certain personal data about you erased (see Data Subject Rights below).
We may face any threat of legal claim and in that case, we may need to apply a “legal hold” that retains information beyond our typical retention period. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.
Transfers of information across borders
Any information that you provide to us is stored and processed in, and transferred between, any of the countries in which Hologic and its agents, contractors and affiliated organizations have offices, in order to enable Hologic to use that information as set out in this Privacy Notice.
Not all of these countries have data protection laws equivalent to those in force in the EEA. In order to ensure the protection of your personal data outside of the EEA we have put in place or ensured at least one of the following safeguards:
- European Commission approved Standard Contractual Clauses between each of the Hologic entities processing personal data within the scope of the GDPR.
- Transfer of personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use data processors based in the US, we use, when appropriate and applicable, processors that are certified under the Privacy Shield framework, which requires them to provide similar protection to personal data shared between the EEA and the US.
We seek to use reasonable organizational, technical and administrative measures to protect personal data within Hologic. Unfortunately, no data transmission or storage system can be guaranteed to be secure at all times. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contact Us” section below.
Data Subject Rights
Individuals whose personal data we process subject to the GDPR have certain rights as required by law, including the right of access, erasure and data portability, as well as the right to rectification, to restrict processing, to withdraw consent, and to object to processing as follows.
Access: Individuals have the right to know if we are processing personal data about them and, if so, to access and obtain a copy of personal data about them, as well as information relating to the processing of that data.
Rectification: Individuals have the right to have us correct or update any personal data about them that is inaccurate or incomplete without undue delay.
Restriction: Individuals have the right to restrict or limit the ways in which we process personal data about them where the accuracy of the personal data is contested by them, where data has been obtained by us unlawfully, where the individual has objected to our processing of the data (see right of objection below) and we are considering whether to cease processing, or where we no longer need to process the personal data.
Objection: Individuals have the right to object to our processing of their personal data where we are relying on legitimate interests as our legal basis and their rights override our legitimate interests in processing their personal data. Individuals also have the right to object to our processing of their personal data for direct marketing purposes.
Withdrawal of Consent: Where we rely on consent as the basis for processing personal data, individuals have the right to withdraw their consent.
Erasure: Individuals have the right to request deletion or erasure of their personal data in a number of circumstances where required by law. These include where we no longer require the personal data for the purposes for which it was collected, the individual has withdrawn consent, or where we are relying on legitimate interests as a legal basis and the individual’s rights override our legitimate interests.
Portability: Individuals have the right to obtain a copy of the personal data we hold about you in a structured machine-readable format and to have it transmitted to another controller. This right only occurs where we are relying on your consent or performance of a contract as our legal basis and the processing is carried out automatically.
Make a Complaint: Individuals also have the right to make a complaint about our personal data handling practices to their local Supervisory Authority (https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080)
We may periodically send you relevant alerts and newsletters by e-mail. To help improve our marketing activities, we often receive a confirmation when you open an e-mail or click on a link included in one of these emails, if your computer supports such capabilities. Instructions on how to unsubscribe from these alerts and newsletters are included in each e-mail.
Links to Other Sites
Updates to this Privacy Notice
Although most changes are likely to be minor, Hologic may change its Privacy Notice from time to time, and at Hologic’s sole discretion. Hologic encourages visitors to frequently check this page for any changes to its Privacy Notice.
How to contact us
To assert one of your legal rights described in these Disclosures, or if you have questions about these Disclosures or our data handling practices, please email email@example.com or write to:
Hologic Ltd. Heron House, Oaks Business Park, Crewe Road, Wythenshawe, Manchester, M23 9HZ, UK.