WASHINGTON’S CONSUMER HEALTH DATA PRIVACY NOTICE

Effective Date: March 31, 2024

AstraZeneca PLC, together with its subsidiaries and affiliates (collectively, "Company" "us," "we," or "our") is committed to protecting the privacy of Consumer Health Data (i.e., health information relating to a reasonably identifiable consumer). This Consumer Health Privacy Notice describes how we process Consumer Health Data collected through our websites, social media accounts, mobile applications, and other online interactions and communications such as email (collectively, our “Digital Properties”); in-person interactions, events, and purchases; and other online and offline interactions. This Consumer Health Data Privacy Notice applies to Consumer Health Data, as that term has been defined by applicable laws. Terms used herein that are defined terms under applicable Consumer Health Data laws shall have the meanings afforded to them therein.

Contents:

Section 1. The Categories of Consumer Health Data We Collect and How We Use Them

A. We Collect the below categories of Consumer Health Data from Consumers.

  • Individual health conditions, treatment, diseases, or diagnosis;
  • Social, psychological, behavioral, and medical interventions;
  • Health-related surgeries or procedures;
  • Use or purchase of prescribed medication;
  • Bodily functions, vital signs, symptoms, or measurements of health information;
  • Diagnoses or diagnostic testing, treatment, or medication;
  • Genetic data;
  • Precise location information that could reasonably indicate a resident's attempt to acquire or receive health services or supplies;
  • Data that identifies a resident seeking health care services; and
  • Any inferences of the above categories of health data derived or extrapolated from non-health information.

We may combine information that we receive from the various sources described in this Consumer Health Privacy Notice, including third party sources, and use or disclose the combined information for the purposes identified below.

B. We use the above-mentioned categories of Consumer Health Data for the following purposes:

  • Perform the services or providing the goods reasonably expected by an average consumer who requests those goods or services;
  • Ensure security and integrity to the extent the use of the Consumer Health Data is reasonably necessary and proportionate for these purposes;
  • Prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted Consumer Health Data;
  • Resist malicious, deceptive, fraudulent, or illegal actions directed at us and prosecute those responsible for those actions;
  • Ensure the physical safety of natural persons;
  • Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a Consumer's current interaction with us; provided that we will not disclose Consumer Health Data to a Third Party and or build a profile about the Consumer or otherwise alter the consumer's experience outside the current interaction with us;
  • Perform services on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on our behalf; and
  • Undertake activities to verify or maintain the quality or safety of a product, service, or device that is owned, manufactured by, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.
  • Collect or process Consumer Health Data where such Collection or Processing is not for the purpose of inferring characteristics about a Consumer.

Section 2. The Categories of Sources from Which We Collect Consumer Health Data

We Collect Consumer Health Data directly from you, as well as from the following sources:

  • Healthcare providers (including specialty pharmacies);
  • Health insurance companies (health plans) and other payors;
  • Authorized/legal representatives, family members, and caregivers;
  • Data Brokers;
  • Payment processors and other financial institutions;
  • Consumer reporting agencies and other Third Parties who verify the information you provide;
  • Your mobile devices with your permission upon downloading and when you visit or interact with our websites, applications, and online platforms;
  • Your mobile devices and other internet-connected devices with your permission when you use these devices and relevant applications;
  • When you contact or visit us (automatically), such as when we record calls to our call centers or use CCTV cameras in our facilities;
  • Your computer and mobile devices (automatically) when you visit or interact with our Digital Properties, websites, applications, and online platforms;
  • Cookies, web beacons, and similar technologies (automatically) when you visit our Digital Properties, websites or Third Party websites;
  • When you contact us directly, we may collect Consumer Health Data you provide to us, such as when you contact us through our Digital Properties, interact with us in person, sign up for offers or newsletters, communicate with us, place or customize orders, or sign up for an account or other services.
  • We may automatically collect information or inferences about you, such as through other tracking technologies, when you interact with our Digital Properties. This may include information about how you use and interact with our Digital Properties.
  • Advertising partners who provide digital marketing services;
  • Third Parties and Processors who provide website and online security services;
  • Third Parties and Processors who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services;
  • Third Parties and Processors who help us maintain the accuracy of our data and data aggregators that help us complete and enhance our records;
  • Third Parties and Processors who provide digital marketing and analytics services for us using cookies and similar technologies that contain a unique identifier, such as an advertising ID;
  • Third Parties and Vendors that provide access to information you make publicly available, such as social media platforms;
  • Third Parties and Processors who provide us with supplemental consumer data or data analytics and market research services, such as data aggregators;
  • Third Parties and Processors who assist with fraud prevention, detection, and mitigation; and,
  • Third Parties and Processors who facilitate, process, and complete transactions for us, such as resellers, sales agents, and program partners.
  • We also draw inferences from the information we collect from and about you, such as your preferences, characteristics, attributes, and abilities.

Section 3. The Categories of Consumer Health Data that We Share

We Share all of the categories of Consumer Health Data that we Collect, as disclosed above in Section 1

Section 4. Third Parties and Subsidiaries/Affiliates with Whom We Share Consumer Health Data

A. We Share Consumer Health Data with the following Third Parties:

  • Healthcare providers (including specialty pharmacies);
  • Health insurance companies (health plans) and other payors;
  • Authorized/legal representatives, family members, and caregivers;
  • Third Parties that help administer, manage, and analyze our programs and services;
  • Third Parties with whom we have joint marketing and similar arrangements;
  • Third Parties who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services;
  • Payment processors, financial institutions, and others as needed to complete transactions and for authentication, security, and fraud prevention;
  • Third Parties who deliver our communications, such as the postal service and couriers;
  • Third Parties who provide marketing and data analytics services, such as social media platforms used to deliver our ads, website/email optimization providers, email marketing vendors, and data analytics vendors;
  • Third Party network advertising partners;
  • Third Parties who assist with our information technology and security programs;
  • Third Parties who assist with fraud prevention, detection, and mitigation;
  • Third Parties as reasonably necessary to facilitate a merger, sale, joint venture or collaboration, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings, and other forms of corporate change) or if we acquire assets of another entity;
  • Third Parties as necessary to complete transactions and provide our products/services, including delivery companies, agents, and manufacturers;
  • Consumer reporting agencies;
  • Our lawyers, auditors, and consultants; and
  • Legal and regulatory bodies and other Third Parties as required by law.

B. We Share your Consumer Health Data with the following Affiliates and Subsidiaries, including parent entities, corporate affiliates, subsidiaries, business units, and other companies that share common ownership:

Section 5. How to Exercise Your Rights with Respect to your Consumer Health Data

To exercise your rights with respect to your Consumer Health Data, depending on your state of residence, you may contact us at any time through any of the following methods.

Section 6. Updates to this Consumer Health Privacy Notice

We may update this Consumer Health Privacy Notice from time to time. Any updated Consumer Health Privacy Notice will be effective when posted. Please check this Consumer Health Privacy Notice periodically for updates. If required by law, we will contact you directly to provide you with an updated Consumer Health Privacy Notice.