In the regular course of business, Gilead interacts and communicates directly with health care professionals, customers, clinical trial participants, consumers, business partners, regulatory authorities, and others. Through these interactions and communications, Personal Data may be provided to Gilead and processed electronically and/or manually. Gilead respects individual privacy and values the confidence of such individuals. This Privacy Statement sets forth Gilead's privacy principles with respect to Personal Data, including the implementation of privacy procedures and technical security measures to keep Personal Data private and secure, which Gilead follows in its normal course of business.
Gilead participates in both the EU – U.S. Privacy Shield and U.S. – Swiss Privacy Shield Frameworks. Gilead acknowledges its commitment to comply with the EU – U.S. Privacy Shield and U.S. – Swiss Privacy Shield Principles (“Principles”) for all Personal Data received from the EU or Switzerland in reliance on the Privacy Shield. Gilead will collect, use and disclose Personal Data received from the EU or Switzerland only in accordance with the principles outlined in this Privacy Statement, the Principles, and as required by law. For purposes of Privacy Shield compliance enforcement, Gilead acknowledges that it is subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC).
This Privacy Statement applies to Personal Data received by Gilead (including Personal Data received by third-party organizations or individuals acting as Agents of Gilead) from health care professionals, customers, clinical trial participants, consumers, business partners, regulatory authorities, and others, in any format, including electronic or paper, as part of Gilead's business operations. Types of third-party organizations include Gilead subsidiaries and business partners, a current list of which is available upon request. This Privacy Statement does not apply to Personal Data collected by Gilead Websites, which is governed by the Gilead Website Privacy Policy.
For the purposes of this Privacy Statement, the following definitions shall apply:
“Affiliate” means any third party which is under common control with Gilead.
“Service Provider” means any third party that collects and/or uses Personal Data under the instruction of, and solely for, Gilead or to which Gilead discloses Personal Data for use on Gilead’s behalf.
"Gilead" means Gilead Sciences, Inc., its successors and wholly owned subsidiaries.
“Gilead Website(s)” means websites controlled by Gilead and subject to the Gilead Website Privacy Policy.
“Personal Data” means any information, or set of information, that identifies or is used by or on behalf of Gilead to identify an individual. Examples of Personal Data include an individual’s name, postal address, e-mail address, and telephone number. Personal Data does not include any information that is anonymized, or non-personal information that has not been combined with Personal Data to allow identification of an individual.
“Sensitive Personal Data” is Personal Data which includes information such as government unique identifier or financial information, race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information that concerns health, sexual orientation, or criminal allegations (convictions or otherwise); or is otherwise defined by the Principles as “sensitive information” (See, e.g., Commission Implementing Decision (EU) 2016/1250, Annex II § II.2.c).
Notice:
The collection, processing, storage, use, and disclosure of Personal Data in the business context is essential to the conduct of many of Gilead’s business functions. Gilead may collect, process, store, use, and disclose Personal Data from individuals directly and/or from third parties, subject to applicable law.
PURPOSE FOR COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA
Gilead collects, uses and discloses your Personal Data in its normal course of business for the following purposes:
WHAT DATA WE COLLECT
When interacting with Gilead, you may choose to provide us with information to help us serve your needs. The Personal Data that we collect will depend on how you choose to interact with Gilead.
Where you participate in Clinical Trials
If you participate in a clinical trial with Gilead, or one of our partners, we will collect personal data about you as is necessary to fulfill the purpose of the clinical trial. This can include sensitive biological and medical information about you. However, as required by the Principles, Personal Data will be anonymized, as appropriate, to both protect your privacy as well as maintain the integrity of the clinical trial.
Where you request information about our services
If you request further information about our services, we require you to submit your name, e-mail address, the name of your organization, and the country in which you are based so we may send you the material you have requested, and to enable us to identify whether you have an existing relationship with Gilead.
Where you register with us and/or request services
If you register with the Site, or request a service available on the Site, we may ask you for your name, e-mail address, country, telephone number and the reason for your communication; as well as information about your position, organization, and such other information as is reasonably necessary so that we can provide you with the service. On the data submission form, we shall indicate by way of an asterisk, which information is optional and which information is mandatory. This information can include information you provide on applications or other forms, which may include your name, address, email address, and payment information.
Individuals should not provide Gilead with any Personal Data that is not specifically requested. Where Gilead receives Personal Data from its subsidiaries, affiliates, or other entities, it will use or disclose such Personal Data in accordance with the above procedures.
Gilead may consolidate or aggregate Personal Data in a non-identifiable form (anonymized/pseudonymized data) to help Gilead improve product design and services, to enhance Gilead’s research activities, and to facilitate other business functions.
DISCLOSURE OF INFORMATION TO OTHERS
We do not disclose any Personal Data about you collected by this Site to any third parties except as stated in this Privacy Policy, as otherwise permitted by law, or authorized by you.
Generally
Third parties to whom we disclose information are required by law and contractual undertakings to keep your Personal Data confidential and secure; and to use and disclose it for purposes that a reasonable person would consider appropriate in the circumstances, in compliance with all applicable legislation, which purposes are as follows:
If these third parties wish to use your Personal Data for any other purpose, they will have a legal obligation to notify you of this and, where required, to obtain your consent. Contact us at privacy@gilead.com for more information on these third parties.
Affiliate Sharing
In the normal course of performing services for our clients, Personal Data may be shared within Gilead and its affiliates for research and statistical purposes, drug safety and efficacy purposes, disease management, system administration and crime prevention or detection, or any purpose otherwise identified in this Privacy Statement.
Service Providers
Because a number of the service providers we use are located in the United States, including certain Gilead affiliates, your Personal Data will be processed and stored inside the United States, and the U.S. government, courts, or law enforcement or regulatory agencies may be able to obtain disclosure of your Personal Data under U.S. laws.
Business Transactions
As we continue to develop our business, we might sell or buy assets. In such transactions, user information, including Personal Data, generally is one of the transferred business assets. Also, if either Gilead itself or substantially all of Gilead assets were acquired, your Personal Data may be one of the transferred assets. Therefore, we may disclose and/or transfer your Personal Data to a third-party in these circumstances.
Other Legally Required Disclosures
Gilead reserves the right to disclose without your prior permission any Personal Data about you or your use of this Site if Gilead has a good faith belief that such action is necessary to: (a) protect and defend the rights, property or safety of Gilead, employees, other users of this Site, or the public; (b) enforce the terms and conditions that apply to use of this Site; (c) as required by a legally valid request from a competent governmental authority; or (d) respond to claims that any content violates the rights of third parties. We may also disclose Personal Data as we deem necessary to satisfy any applicable law, regulation, legal process, or governmental request.
Choice:
Your knowledge of and consent to Gilead’s collection, use, and disclosure of your Personal Data is important. We rely on the following actions by you as indications of your consent to our existing and future Personal Data practices:
Where Gilead relies on consent for the fair and lawful processing of Personal Data, the opportunity to consent will be provided when the Personal Data in question is collected. Your consent may be given through your authorized representative such as a legal guardian, agent, or holder of a power of attorney.
Gilead maintains servers and other storage facilities in the United States. As a consequence of your use of the site, your Personal Data may be used or stored in the United States. By using the Site you hereby affirmatively consent to the processing of your Personal Data in a country which may not have the same level of privacy protection as your country of residence. Should you withdraw this consent, you agree that you will not use or visit the Site subsequent to your withdrawal of such consent.
Subject to certain legal or contractual restrictions and reasonable notice, you may withdraw this consent at any time. Gilead will inform you of the consequences of withdrawing your consent. In some cases, refusing to provide certain Personal Data or withdrawing consent for Gilead to collect, use, or disclose your Personal Data could mean that you cannot participate in the clinical trial, or we cannot provide the requested services or information to you.
If you wish to withdraw your consent please refer to the contact information section below.
However, there are a number of instances where Gilead does not require your consent to engage in the processing or disclosure of Personal Data. Gilead may not solicit your consent for the processing or transfer of Personal information for those purposes which have a statutory basis, such as:
For Sensitive Personal Data, Gilead will provide individuals the opportunity to affirmatively and explicitly authorize or consent to the collection, processing, transfer, or disclosure of their Sensitive Personal Data to a non-Agent third party or the use of their Sensitive Personal Data for a purpose other than the one for which the individual originally consented.
Gilead will not disclose your Personal Data to third parties except as otherwise stated in this Privacy Statement.
Accountability for Onward Transfers: Gilead will obtain assurances from its Service Providers and Affiliates that they will safeguard Personal Data consistent with this Privacy Statement. An example of appropriate assurances that may be provided by Service Providers and Affiliates includes a contractual obligation that the Agents provide at least the same level of protection as is required by Gilead’s privacy principles set out in this Statement. Where Gilead has knowledge that a Service Provider or Affiliate is using or disclosing Personal Data in a manner contrary to this Privacy Statement, Gilead will take appropriate steps to prevent or stop the use or disclosure. Gilead also complies with the Privacy Shield Principle regarding liability for onward transfers.
In addition, Gilead may transfer Personal Data outside of its country of origin for the purposes, and in the manner, set out above; including for processing and storage by Service Providers and Affiliates in connection with such purposes. In all situations, Gilead takes reasonable steps to ensure that your privacy is protected. Such steps include, but are not limited to: implementing privacy, security, and contractual controls; as well as steps noted above, as required by applicable law. To the extent that any Personal Data is sent out of an individual’s country, it is subject to the laws of the country in which it is held, and may be subject to disclosure to the governments, courts, or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country, consistent with the Principles.
Security: Gilead has implemented reasonable physical, technical and managerial controls and safeguards to keep your Personal Data protected from unauthorized access, disclosure, alteration, and destruction. Such measures may include, but are not limited to: the encryption of communications via SSL, encryption of information while it is in storage, firewalls, access controls, separation of duties, and similar security protocols.
Data Integrity and Purpose Limitation: Gilead will use Personal Data only in ways that are compatible with the purposes for which it was collected, or consented to by the individual. Gilead will have appropriate steps in place to ensure that Personal Data is relevant to its intended use, accurate, complete, and current. Gilead will only store Personal Data for as long as it is needed to fulfill the purposes for which it was collected, subject to applicable data retention periods imposed upon Gilead by applicable law.
Access and Correction: Access to Personal Data is limited to a restricted number of Gilead employees whose duties reasonably require such information, Agents with whom Gilead contracts to carry out business activities for Gilead, and, with an individual’s consent, certain companies with which Gilead may conduct joint programs. Gilead trains its employees on the importance of privacy and how to handle and manage Personal Data appropriately and securely. Personal Data handled by Gilead Agents, or companies with which Gilead may conduct joint programs, is governed by this Privacy Statement and the Principles.
Upon written request, Gilead will grant individuals access to Personal Data that it holds about them, subject to any legal restrictions. In addition, Gilead will permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete, subject to certain exceptions provided by law. In some instances, applicable law or regulatory requirements allow or require Gilead to refuse to provide some or all of an individual’s Personal Data. In addition, Personal Data may have been destroyed, erased or made anonymous in accordance with Gilead’s record retention obligations and practices. In the event that Gilead cannot provide an individual with access to his/her Personal Data, Gilead will endeavor to provide the individual with an explanation, subject to any legal or regulatory restrictions.
Recourse, Enforcement and Liability
Individual Complaint
Individuals may contact Gilead regarding any question or complaint regarding the collection, processing, and transfer of their Personal Data under the Privacy Shield by completing the Gilead Privacy Inquiry Form and by emailing it to privacy@gilead.com. Gilead will promptly investigate and respond to complaints within 45 calendar days of their receipt. Gilead will attempt to resolve complaints, disputes and requests to revoke consent regarding collection, processing, transfer, and disclosure of Personal Data in accordance with the principles contained in this Privacy Statement, and the Principles.
Gilead will conduct periodic compliance audits of its relevant privacy practices to verify adherence to this Privacy Statement.
Independent Recourse Mechanism
Privacy Shield-related complaints or disputes that cannot be resolved between Gilead and the complainant will be handled through the TRUSTe dispute resolution process. Gilead has engaged TRUSTe as an independent recourse mechanism. TRUSTe is an independent organization, whose mission is to build user trust and confidence by promoting the use of fair information practices. In the event that Gilead is unable to resolve a complaint or dispute to the satisfaction of the complainant, the complainant may make an online request for dispute resolution assistance by TRUSTe at https://feedback-form.truste.com/watchdog/request or by mail at the following address:
Watchdog Complaints TRUSTe 835 Market St., Suite 800 San Francisco, CA 94103 USA
Such online or regular mail request to TRUSTe must include the following information: (i) the name of the company; (ii) the alleged privacy violation: (iii) contact information of the complainant; and (iv) whether the complainant would like the particulars of the complaint shared with Gilead. The use of this independent recourse mechanism is at no cost to you.
Binding Arbitration
In the event that you cannot fully resolve your complaint through the Department of Commerce, it is possible that you may use binding arbitration as a final resort. In order to invoke this arbitration option you must take the following steps prior to initiating an arbitration claim: (1) raise the claimed violation directly with Gilead and afford us an opportunity to respond to the issue within 45 days; (2) make use of the independent recourse mechanism, in this case TRUSTe, which is at no cost to you; and (3) raise the issue through your Data Protection Authority to the Department of Commerce and afford the Department of Commerce an opportunity to use best efforts to resolve the issue.
This arbitration option may not be invoked if your same claimed violation (1) has previously been subject to binding arbitration; (2) was the subject of a final judgment entered in a court action to which you were a party; or (3) was previously settled by you and us. In addition, you may not invoke this option where the Data Protection Authority of the country of your residence already has jurisdiction to resolve your complaint.
You may initiate binding arbitration, subject to the pre-arbitration requirements provision above, by delivering a “Notice” to the organization. The Notice shall contain a summary of steps taken to resolve the claim, a description of the alleged violation, and, at the choice of the individual, any supporting documents and materials and/or a discussion of law relating to the alleged claim. For more information on how to invoke arbitration under the Privacy Shield Framework, please visit https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Finally, you may only use binding arbitration to ensure Gilead follows the data handling practices set out in this Policy. No other form of remedy is available by any arbitration under this section.
Contact Information
Any questions or concerns regarding handling of Personal Data under the Privacy Shield, or related to revocation of consent to collect, process, transfer, or disclose their Personal Data should be directed by email to privacy@gilead.com.
Any requests to opt-out of future communications from Gilead, or to opt-out of a particular Gilead program should be directed to Gilead by e-mail at privacy@gilead.com, or by phone at by telephone at +1 (800) GILEAD5 or +1 (650) 522-5775.
Alternatively, letters may be sent to the following address:
Gilead Sciences, Inc. Attn: Privacy 333 Lakeside Drive Foster City, CA 94404 USA
All communications to Gilead should include the individual’s name and contact information (such as e-mail address, phone number, or mailing address), and a detailed explanation of the request. E-mail requests to delete, amend, or correct Personal Data should include “Deletion Request” or “Amendment/Correction Request,” as applicable, in the subject line of the e-mail. Gilead will endeavor to respond to all reasonable requests in a timely manner, and in any case, within any time limits prescribed by applicable local law.
Changes To Gilead Privacy Statements
Gilead reserves the right to amend this Privacy Statement from time to time to reflect technological advancements, legal and regulatory changes, and Gilead’s business practices, subject to applicable laws. If Gilead changes its privacy practices, an updated version of this Privacy Statement will reflect those changes. Gilead will provide notice of such changes by updating the effective date listed on this Privacy Statement. It is your responsibility to check this Privacy Statement frequently to view any amendments. Your continued interaction with Gilead, in the activities covered above, will be subject to the then-current Privacy Statement.
Last Updated: 30 June 2017