Last Revised: August 2022
This Privacy Notice informs you of important information about how Hologic, Inc. and our family of companies (together, “Hologic,” “we, “us” or “our”) to process the personal data that we collect in online and offline formats through the Services. The controller for your personal data will be identified when you purchase a product or service or interact with us.
When we use the term “Services” we mean to refer collectively to:
- The provision of medical technology and related services to our customers including technical support (“Customer Services”);
- The websites owned and controlled by us that link to this Privacy Notice (“Sites”); and
- Interactions with prospective customers and marketing and business development activities, including events we host, social media properties we operate, and emails that we send (“Marketing Activities”).
When we use the term “personal data” we mean data that reasonably can be used to identify a person, or that reasonably relates to a person.
This Privacy Notice applies only to our processing of personal data within the scope of the General Data Protection Regulation (“GDPR”) and/or the GDPR as it is incorporated into the laws of England and Wales, Scotland and Northern Ireland (“UK GDPR”) as follows:
- Processing of personal data by a Hologic company located in one or more of the European Union Member States plus Iceland, Lichtenstein and Norway (together known as the “European Economic Area” or “EEA”) and/or the United Kingdom (“UK”) and
- Processing of personal data by a Hologic company located outside of the EEA and/or the UK, but that is offering goods or services into the EEA and/or the UK or monitoring the behavior of individuals in the EEA and/or the UK, in which case this Privacy Notice applies only to the processing of personal data of individuals located in the EEA and/or the UK.
We collect and process personal data about a number of different individuals through the provision of the Services. These individuals include our customers, prospective customers and others who may be interested in our products and services, visitors to our offices, visitors to our Sites, vendors, and other individuals.
In addition to the uses described above, we may use your personal data for the following purposes. Some of these uses may, under certain circumstances, be based on your consent, may be necessary to fulfill our contractual commitments to you, are necessary to serve our legitimate interests in the following business operations, or to comply with our legal obligations:
- Operating our business, administering the Services and managing your accounts;
- Contacting you to respond to your requests or inquiries;
- Processing and completing your transactions including, as applicable, order confirmation and delivering products or services;
- Providing you with newsletters, articles, alerts and announcements, event invitations, and other information that we believe may be of interest to you;
- Providing you with marketing information, and other information that is tailored to your interests;
- Conducting research, surveys, and similar inquiries to help us understand trends and customer needs;
- Analysing your interactions with us, and improving our products, services, programs, and other offerings;
- Preventing, investigating, or providing notice of fraud, unlawful or criminal activity, or unauthorised access to or use of Personal Information, our website or data systems; or to meet legal obligations; and
We share personal data with the following categories of recipients.
We may periodically send you relevant alerts and newsletters by e-mail. To help improve our marketing activities, we often receive a confirmation when you open an e-mail or click on a link included in one of these emails, if your computer supports such capabilities. Instructions on how to unsubscribe from these alerts and newsletters are included in each e-mail.
We retain personal data pursuant to our records retention program, for as long as is necessary for the purposes set out in this Privacy Notice, unless a longer period is required under applicable law or is needed to resolve disputes or protect our legal rights, in accordance with the principles set forth in Articles 5(1) of the GDPR and the UK GDPR, as applicable.
When deciding how long to retain personal data we take into account our legal and regulatory obligations, the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of personal data, the purposes for which we process personal data and whether we can achieve those purposes through other means. The specific criteria used to determine the period for which personal data about you will be stored varies depending on the legal basis under which we process such personal data:
For a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of the data subjects.
For the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the limitation period for legal claims that could arise from the contractual relationship.
For the duration of time we are legally obligated to keep the personal data.
For the period of time necessary to fulfill the underlying agreement with you, subject to your right, under certain circumstances, to have certain personal data about you erased (see Data Subject Rights below).
We may face any threat of legal claim and in that case, we may need to apply a “legal hold” that retains personal data beyond our typical retention period. In that case, we will retain the personal data until the hold is removed, which typically means the claim or threat of claim has been resolved.
Any personal data that you provide to us is stored and processed in, and transferred between, any of the countries in which Hologic and its agents, contractors and affiliated organisations have offices, in order to enable Hologic to use that personal data as set out in this Privacy Notice.
Not all of these countries have data protection laws equivalent to those in force in the EEA and/or the UK. In order to ensure the protection of your personal data outside of the EEA and/or the UK we rely on appropriate or suitable safeguards, including:
- Using standard contractual clauses approved by relevant authorities as ensuring adequate safeguards.
- Transferring personal data to countries that have been deemed to provide an adequate level of protection for personal data by relevant authorities.
- Obtaining your consent to transfer personal data after first informing you about the potential risks of the transfer.
- Transferring personal data when it is necessary for the performance of a contract between you and us, or if the transfer is necessary for the performance of a contract between us and a third party and the contract was entered into in your interest.
- Transferring personal data when it is necessary to establish, exercise or defend legal claims.
We seek to use reasonable organisational, technical and administrative measures to protect personal data within Hologic. Unfortunately, no data transmission or storage system can be guaranteed to be secure at all times. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contact Us” section below.
Individuals whose personal data we process subject to the GDPR and/or the UK GDPR have certain rights as required by law, including the right of access, erasure and data portability, as well as the right to rectification, to restrict processing, to withdraw consent, and to object to processing as follows.
Although most changes are likely to be minor, Hologic may change its Privacy Notice from time to time, and at Hologic’s sole discretion. Hologic encourages visitors to frequently check this page for any changes to this Privacy Notice.