- Detailed information regarding what personal data and other information we collect from you, how we collect it, and how it is used;
- Further descriptions of the parties with whom and for what purposes your data is shared; and
- What rights you have regarding your personal data.
2. What personal data do we collect about you?
- Your first and last name;
- Residential and billing address;
- Company name;
- Occupational role;
- Social medial name and profile;
- Internet Protocol (IP) address;
- Contact details (e.g., telephone number, fax number, e-mail address);
- Date of birth;
- Purchase and ordering history ; or
- Other information you voluntarily provide.
3. When do we collect personal data about you?
Cardinal Health does not collect any Personal Data from you through the Site unless you voluntarily choose to disclose such information. We may ask you to provide certain Personal Data at various times and places on the Site. In some cases, if you choose not to provide us with the requested Personal Data, you may not be able to access all of the Site or participate in all of its features.
For example, we may collect Personal Data from you when you:
- Register, subscribe, or create an account with us;
- Purchase products from Cardinal Health through our Site;
- Open or respond to our e-mail offers;
- When you voluntarily provide us with information through our customer surveys which we may then link to Personal Data that we previously collected about you;
- Contact customer service, use our “Connect” feature to converse with a Cardinal Health representative, or make use of our customer support tools;
- Sign-up for our e-mail updates and newsletters, such as our “Essential Insights” newsletter;
- Connect, link or “share” our Site via social networking sites;
- Provide ratings or reviews of our products and services; or
- Apply for a job at Cardinal Health. More information on our data protection practices with respect to applicant personal data can be found at https://jobs.cardinalhealth.com.
4. How do we use personal data?
Cardinal Health uses the Personal Data we collect to render services to you or in order to fulfill a contractual agreement with you when you visit our Site. This includes:
- Establishing an online Cardinal Health account for you at your request;
- Processing online purchase orders, tracking and keeping you informed about the status of your order;
- Determining whether you are a suitable candidate for any open jobs at Cardinal Health;
- Providing customer service (for example, answering your questions or responding to a request);
- Sending you reminders, updates, support, administrative messages, service bulletins, and requested information; and
- Communicating and providing additional information that may be of interest to you about Cardinal Health and our third party business partners at your request;
We use the Personal Data we collect when we have legitimate business reasons to do so, pursued by a third party or us, so long as it is compatible with your rights and expectations of privacy. This includes to:
- Operate, maintain and improve the Site, our services, and our products;
- Perform analytics and conduct customer research;
- Validate your ability to access and/or use certain products or services that may only be intended for individuals meeting certain eligibility requirements or criteria, such as health care professionals;
- Allow you to interact with certain third-party content service providers (for example, to enable you to link to, or view content from, third-party sites within our Site, or view our content on a third party site);
- Allow you to participate in interactive features of our Site when you choose to do so;
- Administer online surveys or special offers from us or through our third party business partners;
- Improve our Site, customer service, products and services and overall user experience;
- Enhance other information we have about you to help us better understand you and determine your interests;
- Identify your preferences so can we notify you of new or additional products, services, and promotions that might be of interest to you;
Cardinal Health also has legal grounds to use your Personal Data:
- For fraud prevention, public safety, and enforcement of our corporate reporting obligations and Terms and Conditions,
- To comply with the law, regulation, court order, subpoena or other legal process.
5. What about sensitive personal data?
Cardinal Health only collects Sensitive Personal Data in the following limited circumstances:
- With your explicit consent;
- To protect the vital interests of you or another person, in cases where you are physically or legally incapable of giving consent;
- Where the processing is necessary for purposes of preventive or occupational medicine, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional; or
- For the establishment, exercise or defense of legal claims, or to the extent permitted and required by applicable law.
Unless otherwise required by applicable law, you are not required to provide us with any of your Sensitive Personal Data when using our Site. Should you choose not to, your decision would not prevent you from using our Site.
6. What other information do we collect?
As with many other websites, as you navigate through and interact with our Site, we may use automatic collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
- Details of your visits to our Site, including the resources that you access and use on our Site, traffic data, location data, logs, language;
- Date and time of access, frequency, and other communication data;
- Information about your computer and internet connection, including your operating system, host domain, and browser type (for example Internet Explorer); or
- Details of referring websites (URL).
- Determine Site traffic patterns;
- Count the number of Site visits;
- Determine traffic sources so we can measure and improve the performance of our Site;
- Share or sell such information to third parties;
- Help us to know which pages and content are the most and least popular; and
- Determine the frequency and last date of your visit to our Site.
7. Cookies and other technologies
Social Media Plug-In. Our Site uses what are called social plugins (“plugins”) from social networks Facebook, Twitter and LinkedIn. These plugins are indicated by the social networks’ respective logos. When you access the Site, your browser establishes a direct connection with the servers of these social networks. The plugin content is transferred by the social network directly to your browser, which then integrates it into the Site.
Integration of the plugin allows the social media networks to receive the information that you have loaded onto the corresponding page of Site. If you are logged in with Facebook, for example, it will be able to assign your visit to your account. An exchange of this information already takes place when you visit our Site, regardless of whether you interact with the plugin or not. If you interact with the plugins, the corresponding information is sent directly to Facebook by your browser and saved there. You can find information how the data is used by the social networks, together with your rights and optional settings to protect your privacy on the social networks websites.
8. How do we share information?
We may share your Personal Data as required or permitted by law as follows:
- With our contractors, suppliers and vendors who provide services for us on our behalf, such as processing and fulfilling orders; data analytics and storage; assistance with direct marketing and distribution of e-mails and other communications; fraud prevention services; delivery and logistics; and to accomplish the other purposes for collection described above;
- In the event we or any of our affiliates file for bankruptcy, or where there is a transfer of ownership (or assets) in connection with proposed or consummated corporate reorganizations of Cardinal Health or any of our affiliates, such as actual or potential mergers, acquisitions, or sales of business units;
- To comply with legal orders and government requests, or as needed to support auditing, compliance, and corporate governance functions;
- To combat fraud or criminal activity, and to protect our rights or those of our affiliates, users, and business partners, or as part of legal proceedings affecting Cardinal Health, include to enforce our Terms and Conditions;
- In response to a subpoena, court order, or similar legal process, including to law enforcement agencies, regulators, and courts in the United States and other countries where we operate;
- With your consent.
We also may disclose information we collect automatically:
- For the same reasons we might share Personal Data;
- With third party business partners for their own research and analysis; or
- With third-party advertisers or other vendors to place our advertisements on our Site and on third-party sites, to facilitate targeted content, and to analyze the effectiveness of our advertisements.
Access to your Personal Data is limited by need. Only a restricted number of Cardinal Health employees, and individuals and entities with whom Cardinal Health contracts to carry out business will have access to your Personal Data for the purposes described above.
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
9. Your choices about how we use and disclose your information
Commercial Emails: You may choose to opt out of receiving commercial e-mails and other educational materials from us about our products and services by following the instructions contained in any of the e-mails we send or by signing into your account and adjusting your e-mail preferences. Please note that even if you unsubscribe from commercial e-mail messages, we may still e-mail you non-commercial e-mails for lawful purposes including, for example, to manage your any account you have with us, respond to your requests, execute agreements with you and manage your transactions on the Site. Please allow us five (5) business days from when the request was received to complete the removal. You may update your account preferences at any time.
If you wish to opt out of receiving offers directly from our third-party business partners, you can follow the instructions in the e-mails that they send you.
EU Users and Commercial Emails: If you are a user based in the EU, we only send you commercial e-mails or other educational materials when we have obtained your explicit prior consent (i.e., opt in), except where we have obtained your e-mail address in the course of a sale or negotiations for a sale of a product or service and where the commercial e-mails are only marketing similar products or services.
Cookies and Tracking: You can disable cookies at any time by adjusting your browser settings. Browsers are different, so refer to instructions related to your browser to learn about cookie-related and other privacy and security settings that may be available.
Do Not Track: Currently, we do not alter our data collection and use practices in response to DO NOT TRACK signals.
10. Your rights regarding your personal data
Under applicable data protection law, you may have certain rights with respect to your Personal Data, including the following:
- Access: The right to request access to your Personal Data, which includes the right to obtain confirmation from us as to whether or not Personal Data concerning you is being processed, and where that is the case, access to the Personal Data and information related to how it is processed;
- Rectify or Erase: The right to rectification or erasure of your Personal Data, which includes the right to have incomplete Personal Data completed;
- Restrict: The right to restrict obtain a restriction of processing concerning your Personal Data, which includes restricting us from continuing to process your Personal Data under certain circumstances (e.g., where you contest the accuracy of your Personal Data, for a period enabling us to verify the accuracy of the Personal Data);
- Object: The right to object to the processing of your Personal Data under certain circumstances, including objecting to processing your Personal Data for direct marketing purposes, or objecting to processing your Personal Data when it is done based upon legitimate interests;
- Data Portability: The right to data portability, which includes certain rights to have your Personal Data transmitted from us to another controller; and
- Consent: Where data processing is based on your consent, the right to withdraw consent at any time.
Any requests related to the above rights may be made by sending an e-mail to email@example.com. We will respond to your request within a reasonable period of time and in accordance with applicable law.
In certain jurisdictions, you also have the right to lodge a complaint with a supervisory authority.
California Residents. Under California Civil Code section 1798.83, California residents who have an established business relationship with us are entitled to ask us for a notice describing the types of personal customer information we have shared with third parties for those parties’ direct marketing purposes during the preceding calendar year. That notice will identify the categories of information shared with third parties, the names and addresses of those third parties, and examples of the types of services or products marketed by those third parties. If you are a California resident and would like to request a copy of this notice, please submit a written request to firstname.lastname@example.org.
11. What about the privacy on third-party sites?
We strongly suggest you review such third party’s privacy policies before providing any data to them. These other sites may send their own cookies or clear GIFs to users, collect data or solicit Personal Data. We cannot control this collection of information. You should contact these entities directly if you have any questions about their privacy practices.
12. What about site security?
Cardinal Health takes appropriate steps to manage the privacy of your Personal Data and the security of the Site. We have implemented commercially reasonable administrative, technical, and physical security controls that are designed to safeguard Personal Data. Still, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, Cardinal Health cannot guarantee that your Personal Data is under absolute security with the existing security technology. If you have any questions about the security of our Site, you can contact us at email@example.com.
13. How long do we retain personal data?
14. What about children’s privacy?
Cardinal Health does not intend that any portion of its Site will be accessed or used by children under the age of 16, and such use is prohibited. Our Site is designed and intended for adults. By using the Site, you represent that you are at least 18 years old and understand that you must be at least 18 years old.
If you are a parent or guardian of a child under the age of 16 and believe he or she has disclosed Personal Data to us, please contact us at firstname.lastname@example.org. A parent or guardian of a child under the age of 16 may review and request deletion of such child’s Personal Data as well as prohibit the use thereof.
15. Is personal data transferred internationally?
Cardinal Health is a global company. In certain cases, your Personal Data will be collected and stored in the United States, and subject to the laws of the United States. If you reside in a country outside the United States, please note that the data protection and privacy laws of the United States may not be as protective as the laws in your country.
In Australia, Cardinal Health is bound by the Privacy Act 1988 (Cth) (Privacy Act) and Australian Privacy Principles (APPs) (collectively “Australian Privacy Laws”). If you are in Australia, you acknowledge and consent to us not being required to take any steps to ensure that overseas recipients (outside of Cardinal Health) of your Personal Data comply with the Australian Privacy Laws. If the overseas recipient handles your Personal Data in breach of the Australian Privacy Laws, we will not be liable, and you will not be able to seek redress under the Act.
16. How to contact us
Cardinal Health, Inc.
Ethics and Compliance Department
7000 Cardinal Place, Dublin, Ohio 43017 USA.