Privacy Notice
Last Revised: October 2023
This Privacy Notice informs you of important information about how Hologic, Inc. and our family of companies (together, “Hologic,” “we, “us” or “our”) to process the personal data that we collect in online and offline formats through the Services. The entity collecting and holding your personal data will be identified when you purchase a product or service or interact with us.
When we use the term “Services” we mean to refer collectively to:
- The provision of medical technology and related services to our customers including technical support (“Customer Services”);
- The websites owned and controlled by us that link to this Privacy Notice (“Sites”); and
- Interactions with prospective customers and marketing and business development activities, including events we host, social media properties we operate, and emails that we send (“Marketing Activities”).
When we use the term “personal data” we mean data that reasonably can be used to identify a person, or that reasonably relates to a person and which falls within the meaning of ‘personal information’ under Applicable Privacy Laws.
This Privacy Notice applies only to our processing of personal data within the scope of the New Zealand Privacy Act 2020, the Australian Privacy Act 1988 (Cth), the Australian Spam Act 2003 (Cth), and/or the General Data Protection Regulation, if applicable (together referred to in this Privacy Notice as “Applicable Privacy Laws”).
How We Collect and Use Personal Data
We collect and process personal data about a number of different individuals through the provision of the Services. These individuals include our customers, prospective customers and others who may be interested in our products and services, visitors to our offices, visitors to our Sites, vendors, and other individuals.
If you do not provide the personal data we have requested, we may not be able to provide the Services to you, or your use of some of the Services may be restricted.
The majority of our customers and prospects are corporate entities and data about entities is not personal data. But we do process personal data of their employees, representatives and other personal data customers and prospects provide to us or allow us to collect on their behalf. We collect this information lawfully either from the corporate entity or their employees directly.
We collect the following personal data in the context of providing Customer Services and Marketing Activities:
- Names
- Job titles
- Email address
- Physical address
- Phone number
- Diagnostic solutions device log data (but not patient data)
We also obtain personal data about individuals who may be interested in our products or services from third-party sources such a lead generation list providers and conference organizers when they provide us personal data about conference attendees.
The purposes for which we process personal data in connection with Customer Services and Marketing Activities include:
- To comply with legal obligations and professional responsibilities;
- To perform contracts;
- To pursue our legitimate interests of:
- ensuring that we deliver the best possible service to our customers,
- keeping individuals informed of developments in our technology, products, and services,
- business development and general marketing, and
- ensuring we build and maintain a good working relationship with you;
- For any other purpose where you have given us your consent (for example, when you sign up to our mailing list).
We often interact with the health care professionals in the conduct of our business. In connection with our Marketing Activities, we may contract with them to perform consulting or speaking engagements. We collect the following personal data about health care professionals:
- Names
- Job titles
- Email address
- Professional address
- Phone number
- Resume and work history details
- Financial and tax information (when we need to pay consultants and for speaking engagements)
We collect this personal data from healthcare professionals directly when we interact with them, for example from our discussions, when they complete a form, emails, and their interaction with our Sites.
The purposes for which we process this personal data are:
- To comply with legal obligations and professional responsibilities (for example, codes of practice governing the health care industry);
- To perform contracts;
- To pursue our legitimate interests of:
- ensuring that we deliver the best possible service to our customers,
- keeping individuals informed of developments in our technology, products, and services,
- business development and general marketing, and
- ensuring we build and maintain a good working relationship with health care professionals in the industry;
- For any other purpose where you have given us your consent (for example, when you sign up to our mailing list).
We collect certain personal data from visitors to our Sites. We generally collect this information directly from you when you fill out form fields, interact with our iStore, download product documentation, apply for a job, or register for and participate in our medical education services. Depending on the circumstances of your interaction with the Sites, we may collect:
- Name
- Customer account number
- Company name
- Your photo, if you provide it to us
- Email address
- Physical address
- Phone number
- Time zone
- Resume and work history details, if you apply for a job with us
- The products and medical education services you are interested in
The purposes for which we process this personal data are:
- To pursue our legitimate interests of operating and growing our business, operating and improving the Sites, delivering the Customer Services and engaging in Marketing Activities; and
- Any other purpose where you have given us your consent (for example, when you sign up to our mailing list).
For visitors to our offices we take a record of name and contact information. This information is recorded for legitimate business purposes and for health and safety purposes so that we know who is in the building in event of an emergency. If you attend one of our events and we serve food, we may collect and hold information about your dietary requirements.
We may process personal data of vendors and business partners in the conduct of our business operations, including name, contact information, financial information, tax information, and information to verify identity. For vendors, we do this so that we can liaise about the services the vendors are providing to us now and in the future. For business partners, we do this to support, grow and maintain the relationship. For individual vendors and business partners, we hold financial information in order to pay invoices. We generally collect this information from you or your employer directly, and sometimes we receive this information from a third party who is recommending the service to us.
Social media channels, pages and blogs offered as a service to users of the Services (“Social Media”) are hosted by third-party vendors. Those vendors normally require registrants to provide personal data, including name and email address among other kinds of information. This personal data is not collected by us but may be shared with us. We use this personal data to manage our online communities and for other purposes set forth in this Privacy Notice.
Additional Uses of Personal Data
In addition to the uses described above, we may use your personal data for the following purposes. Some of these uses may, under certain circumstances, be based on your consent, may be necessary to fulfill our contractual commitments to you, are necessary to serve our legitimate interests in the following business operations, or to comply with our legal obligations:
- Operating our business, administering the Services and managing your accounts;
- Contacting you to respond to your requests or inquiries;
- Processing and completing your transactions including, as applicable, order confirmation and delivering products or services;
- Providing you with newsletters, articles, alerts and announcements, event invitations, and other information that we believe may be of interest to you;
- Providing you with marketing information, and other information that is tailored to your interests;
- Conducting research, surveys, and similar inquiries to help us understand trends and customer needs;
- Analysing your interactions with us, and improving our products, services, programs, and other offerings;
- Preventing, investigating, or providing notice of fraud, unlawful or criminal activity, or unauthorized access to or use of personal data, our website or data systems; or to meet legal obligations; and
- Enforcing our Terms of Use and other agreements.
How We Share and Disclose Personal Data
We share personal data with the following categories of recipients.
We may disclose your personal data to third-party service providers to provide us with services such as website hosting, professional services, including information technology services and related infrastructure, customer service, e-mail delivery, auditing and other similar services.
We may disclose personal data to our affiliates for the purposes described in this Privacy Notice, including for their marketing purposes, and to be consistent with our goal of providing our the superior customer service and engagement experience that our customers have come to expect from us around the world.
In some regions, we sell our products through distributors rather than directly to buyers. In these regions, we may disclose personal data in order to provide the Services, complete transactions, address product deliver and warranties.
We may disclose personal data to third parties in order to perform services you request or functions you initiate, such as when you post information and materials on message boards and forums.
We may disclose your personal data to a third party in connection with a corporate reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or capital, including in connection with any bankruptcy or similar proceedings.
In addition, we may use or disclose your personal data: (1) where permitted or required under applicable law, including laws outside your country of residence; (2) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (3) to comply with subpoenas and other legal processes; (4) to pursue available remedies or limit damages we may sustain; (5) to protect our operations or those of any of our affiliates; (6) to protect the rights, privacy, safety or property of Hologic, our affiliates, you and others; and (7) to enforce our terms and conditions.
E-mail Marketing
Subject to your consent, we may periodically send you relevant alerts and newsletters by e-mail. To help improve our marketing activities, we often receive a confirmation when you open an e-mail or click on a link included in one of these emails, if your computer supports such capabilities. Instructions on how to unsubscribe from these alerts and newsletters are included in each e-mail.
Data Retention
We retain personal data pursuant to our records retention program, for as long as is necessary for the purposes set out in this Privacy Notice, unless a longer period is required under applicable law or is needed to resolve disputes or protect our legal rights, in accordance with the requirements of Applicable Privacy Laws.
When deciding how long to retain personal data we take into account our legal and regulatory obligations, the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of personal data, the purposes for which we process personal data and whether we can achieve those purposes through other means. The specific criteria used to determine the period for which personal data about you will be stored varies depending on the purposes under which we process such personal data:
Legitimate Interests
For a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of the data subjects.
Contractual Necessity
For the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the limitation period for legal claims that could arise from the contractual relationship.
Legal Obligation
For the duration of time we are legally obligated to keep the personal data.
Consent
For the period of time necessary to fulfill the underlying agreement with you.
We may face any threat of legal claim and in that case, we may need to apply a “legal hold” that retains personal data beyond our typical retention period. In that case, we will retain the personal data until the hold is removed, which typically means the claim or threat of claim has been resolved.
Transfers of personal data across borders
Any personal data that you provide to us is stored and processed in, and transferred between, any of the countries in which Hologic and its agents, contractors and affiliated organizations have offices, in order to enable Hologic to use that personal data as set out in this Privacy Notice. For example, Hologic has offices in the European Union, the United Kingdom, Switzerland, the Republic of China, Canada, and Japan.
Not all of these countries have data protection laws equivalent to those in force in New Zealand and/or Australia. In order to ensure the protection of your personal data outside of New Zealand and/or Australia we will comply with the offshore transfer provisions under Applicable Privacy Laws relying on appropriate or suitable safeguards, including:
- Using standard contractual clauses approved by relevant authorities as ensuring adequate safeguards;
- Transferring personal data to countries that have privacy laws which we reasonably believe provide comparable safeguards to those under Applicable Privacy Laws, and individuals have a mechanism to enforce their rights in those countries;
- Entering into an agreement with the foreign entity requiring them to protect the information in a way that, overall, provides comparable safeguards to those under Applicable Privacy Laws; or
- Obtaining your consent to transfer personal data after first expressly informing you about the potential risks of the transfer.
Data Security
We store your personal data electronically, and information is held by a third party storage provider. We seek to use reasonable organizational, technical and administrative measures to protect personal data within Hologic. Unfortunately, no data transmission or storage system can be guaranteed to be secure at all times. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contact Us” section below.
Data Subject Rights
Individuals whose personal data we process have certain rights under Applicable Privacy Law, including the right of access and correction of personal data.
Individuals have the right to know if we are processing personal data about them and, if so, to access and obtain a copy of personal data about them, as well as information relating to the processing of that data.
Individuals have the right to have us correct or update any personal data about them that is inaccurate or incomplete without undue delay. If we are not willing to correct errors that you have identified in your personal data, you may request that we take reasonable steps to attach a statement to the personal data noting the correction sought.
Cookie Notice
We use cookies and related technologies (“Cookies”) to provide Services, gather information when users navigate through the Sites to enhance and personalise the experience, to understand usage patterns, and to improve our Sites, products, and Services.
Cookies on our Sites are generally divided into the following categories:
- Required Cookies: These cookies are necessary to enable basic features of the Sites to function, such as providing secure log-in or remembering how far you are through an order.
- Functional Cookies: These cookies allow us to analyse your use of the Sites to evaluate and improve our performance. They may also be used to provide a better customer experience on the Sites, for example, by remembering your log-in details, saving what is in your shopping cart, or providing us information about how the Sites are used.
- Advertising Cookies: These cookies are used to show you ads that are more relevant to you. We may share this information with advertisers or use it to better understand your interests. For example, advertising cookies may be used to share data with advertisers so that the ads you see are more relevant to you, allow you to share certain pages with social networks, or allow you to post comments on our site.
You can review your Internet browser settings, typically under the sections “Help” or “Internet Options,” to exercise choices you have for certain Cookies. If you disable or delete certain Cookies in your settings, you may not be able to use features of the Sites.
The opt-outs described above are device- and browser-specific and may not work on all devices. If you choose to opt-out through any of these opt-out tools, this does not mean you will cease to see advertising. Rather, the ads you see will just not be based on your interests.
Links to Other Sites
Occasionally we provide links to other websites for your convenience and information. These sites operate independently from our Sites and are not under our control. These sites may have their own privacy notices or terms of use, which you should review if you visit any sites linked through our Sites. We are not responsible for the content or use of these unrelated sites.
Updates to this Privacy Notice
Although most changes are likely to be minor, Hologic may change its Privacy Notice from time to time, and at Hologic’s sole discretion. Hologic encourages visitors to frequently check this page for any changes to this Privacy Notice. We will give you reasonable notice of any substantial changes by posting a notice on our Sites or via other means such as email. By using the Services after such notice period, you will be deemed to have accepted the changes to this Privacy Notice.
Contact Us
You may exercise your rights to review, know, correct, or update your personal data at any time by completing Data Subject Access Request here.
You may exercise your rights to submit a complaint regarding the processing of your personal data at any time by completing a form here.
If you have any queries, questions or concerns about this Privacy Notice or our personal data handling practices, please email data.privacy@hologic.com or write to:
For Australia:
Hologic (Australia & New Zealand) Pty Ltd
International Legal Department
Suite 302, Level 3, 2 Lyonpark Rd, Macquarie Park, NSW, 2113, Australia
For New Zealand:
Hologic (Australia & New Zealand) Pty Ltd
International Legal Department
Suite 302, Level 3, 2 Lyonpark Rd, Macquarie Park, NSW, 2113, Australia
If you are not satisfied with our response, you also have the right to make a complaint about our personal data handling practices to your local privacy regulator.
Office of the Australian Privacy Commissioner
GPO Box 5218, Sydney, NSW 2001
OAIC website: https://www.oaic.gov.au/
Helpline number: 1300 363 992
New Zealand Office of the Privacy Commissioner
PO Box 10 094, Wellington, New Zealand 6143
OPC website: https://www.privacy.org.nz/
Helpline number: 0800 803 909