United States | 
California Privacy Policy
1. Purpose
This California Privacy Policy (“California Notice”) supplements the US Privacy Policy located here and applies solely to visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopted this California Notice to comply with California privacy laws, including the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”). Any terms defined in the CCPA or the US Privacy Policy and not defined here have the same meaning when used in this California Notice.
2. Notice of Collection and Use of Personal Information
We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“Personal Information”). In addition, we may collect data that is not identifiable to you or otherwise associated with you, such as de-identified or aggregated data, and is not Personal Information. To the extent this data is stored or associated with Personal Information, it will be treated as Personal Information; otherwise, the data is not subject to this California Notice.
A. Categories of Personal Information
2.1 Within the last twelve (12) months, we may have collected the following categories of Personal Information:
2.1.1. Name, Contact Information and Identifiers: Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name or other similar identifiers.
2.1.2. Customer and Other Records: Paper and electronic customer records containing personal data, such as name, signature, address, telephone number, insurance policy number, employment, bank account or any other financial information.
2.1.3. Protected Classifications: Characteristics of protected classifications under applicable state or federal law, such as sex, gender or age.
2.1.4. Purchase History and Tendencies: Commercial information, including records of products or services purchased and purchase history.
2.1.5. Internet Usage Data: Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and device information regarding a user’s interaction with an internet website or application.
2.1.6. Geolocation Data: Geographic location information about a particular individual or device.
2.1.7. Audio/Visual Data: Audio, electronic, visual or similar information.
2.1.8. Employment History: Professional or employment-related information.
2.2. We will not collect additional categories of Personal Information other than those categories listed above. If we intend to collect additional categories of Personal Information, we will provide you with a new notice at or before the time of collection.
B. Use of Personal Information
2.3. We collect and process your Personal Information for the following business and commercial purposes:
2.3.1. To operate, manage and maintain our business and operations; to provide our products and services; to develop new or improve existing products and services; to provide customer service, process or fulfill orders and transactions, validate your licensure, eligibility and verify your information, and process payments.
2.3.2. To market our products and services to you, including sending you newsletters or promotional materials about the products and services we offer.
2.3.3. To communicate with you by email, mail or telephone about products, services, order status, and respond to your requests or inquiries.
2.3.4. In connection with a corporate transaction, sale, or assignment of assets, merger, divestiture, or other changes of control or financial status of Apotex or any of its affiliates.
2.3.5. To detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity.
2.3.6. Debugging to identify and repair errors that impair existing intended functionality.
2.3.7. To undertake internal research for technological development and demonstration.
2.3.8. To undertake activities to verify or maintain the quality or safety of the services or devices owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the services or devices owned, manufactured, manufactured for, or controlled by us.
2.3.9. To comply with applicable laws, regulations, regulatory reporting requirements (including those related to product complaints and patient safety) and to respond to requests, subpoenas, and orders from relevant law enforcement and/or government agencies and authorities, and any other purpose, as permitted or required by law.
2.3.10. As necessary or appropriate to protect the rights, property, and safety of us, and our patients and consumers.
2.4. We will not use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you with notice and obtaining your consent.
C. Sources of Personal Information
2.5. We may collect Personal Information from the following categories of sources:
2.5.1. Directly from you. When you provide it to us directly, whether online, by email, telephone or in-person, or otherwise interact with you in the course of our business, such as through our contact forms, during office or site visits, or sign-up or register to receive emails or other marketing communications from us.
2.5.2. Automatically or Indirectly from you. We and our third-party business partners providers (such as Google Analytics) may automatically collect information on the device used to access our Services through cookies, pixel tags or similar technologies, such as operating systems, IP address, device identifiers and browser information. We may also collect information from you automatically for security and systems monitoring (e.g. through video (CCTV) recording) and building access control logs or in other contexts made apparent to you at the time when you visit our facilities.
2.5.3. Third Party Service Providers. For example, we may use third party service providers when necessary to verify your credentials, professional information (such as by accessing publicly accessible information, national registries or third-party databases), your identity for compliance, security or ID verification purposes or social media networks, including if you contact us through our social media pages.
D. Retention of Personal Information
2.6. We may retain your Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine retention periods include: (i) the length of time we have on an ongoing relationship with you and provide the Services to you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of compliance with laws (such as, in regard to applicable statutes of limitations, litigation or regulatory investigations).
E. Disclosing of Personal Information
2.7. We may disclose the following categories of Personal Information for a business purpose with the following categories of third parties for our business and commercial purposes:
2.7.1. Our Affiliates. Apotex and its affiliated companies may disclose Personal Information amongst and between each other to meet our legal and compliance requirements and operational needs.
2.7.2. Third Party Service Providers. We may disclose Personal Information to third party service providers that provide us and/or our affiliates with services, such as legal counsel, auditors, organizations that help us administer programs, services and compliance requirements, organizations that assist us with data storage and information processing.
2.7.3. Business Partners. We may disclose Personal Information to our business partners in order to allow us to enter into new business relationships or business transactions, including a corporate re-organization, bankruptcy, merger, acquisition, or the sale of all or some of our assets, provided that the personal information disclosed continues to be used for the purposes permitted by this policy by the entity acquiring this information.
2.7.4. Government Authorities. We may disclose Personal Information to law enforcement or government agencies, regulators or regulatory authorities when appropriate or required by law to comply with a regulatory requirement, judicial proceeding, court order, government request or legal process served on us; and/or to protect our interests, rights, property, health and safety, and/or that of our customers, visitors and others.
2.8. In the past twelve (12) months, we may have disclosed the following categories of Personal Information for a business or commercial purpose:
2.8.1. Category 1 (Name, Contact Information and Identifiers): Affiliates, Service Providers, Business Partners and Government Authorities.
2.8.2. Category 2 (Customer and Other Records): Affiliates, Service Providers, Business Partners and Government Authorities.
2.8.3. Category 3 (Protected Classifications): Affiliates, Service Providers, Business Partners and Government Authorities.
2.8.4. Category 4 (Purchase History and Tendencies): Affiliates, Service Providers, Business Partners and Government Authorities.
2.8.5. Category 5 (Internet Usage Data): Affiliates, Service Providers and Business Partners.
2.8.6. Category 6 (Geolocation Data): Affiliates, Service Providers and Business Partners.
2.8.7. Category 7 (Audio/Visual Data): Affiliates, Service Providers and Business Partners.
2.8.8. Category 8 (Employment History): Affiliates, Service Providers and Business Partners.
3. Sale or Sharing of Personal Information
3.1. The CCPA defines “Sell” and “Share” broadly. We do not “Sell” or “Share” for cross-context behavioral advertising the categories of Personal Information as described above.
4. Your California Privacy Rights
4.1. California’s “Shine the Light” law, permits our users who are California residents to request and obtain from us a list of what personal information (if any) we disclosed to third parties for their own direct marketing purposes in the previous calendar year and the names and addresses of those third parties. Requests may be made only once per year per person, must be sent to privacy@apotex.com, and are free of charge. However, we do not disclose Personal Information protected under the “Shine the Light” law to third parties for their own direct marketing purposes.
4.1.1. Right to Know: You have the right to request that we disclose certain information to you about the Personal Information we collected, used or disclosed about you in the past 12 months. This includes a request to know any or all of the following:
4.1.1.1. The categories of Personal Information collected about you;
4.1.1.2. The categories of sources from which we collected your Personal Information;
4.1.1.3. The categories of Personal Information that we have disclosed about you for a business purpose;
4.1.1.4. The categories of third parties to whom your Personal Information was disclosed for a business purpose and the categories of persons to whom it was disclosed for a business purpose;
4.1.1.5. Our business or commercial purpose for collecting your Personal Information; and
4.1.1.6. The specific pieces of Personal Information we have collected about you.
4.1.2. Data Portability: You have the right to request a copy of Personal Information we have collected and maintained about you in the past 12 months.
4.1.3. Right to Correct: You have the right to correct inaccurate Personal Information about you. Once we receive and verify your request, we will use commercially reasonable efforts to correct the inaccurate Personal Information about you.
4.1.4. Right to Deletion: You have the right to request that we delete the Personal Information we collected about you and maintained, subject to certain exceptions.
4.2. You have the right to be free from unlawful discrimination for exercising your rights under applicable state law.
4.3. Some of our Services, however, may require your Personal Information. If you choose not to provide your Personal Information that is necessary to provide any aspect of our products or services, you may not be able to use those products or services.
5. Submitting a Verified Consumer Request
5.1. To exercise your rights, you must provide us with sufficient information to allow us to verify your identity, and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. Once we receive the information you provide to us, we will review it and determine if more information is necessary to verify your identity as required by law, and we may request additional information in order to do so.
5.2. To exercise your California privacy rights described above, please submit a verifiable request to us by:
5.2.1. Calling us at 1-844-427-6839
5.2.2. Emailing us at privacy@apotex.com.
5.3. Only you, or a person authorized by you to act on your behalf, may make a verifiable consumer request related to your Personal Information. The verifiable consumer request must:
5.3.1. Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative. We will need to verify your identity with at least two (2) pieces of information, such as name and email address.
5.3.2. Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
5.4. We may deny your request if we are unable to verify your identity or have reason to believe that the request is fraudulent.
F. Country Request by an Authorized Agent
5.5. If any authorized agent submits a consumer request on your behalf, in order to confirm that person or entity’s authority to act on your behalf and verify the authorized agent’s identity, we require an email be sent to privacy@apotex.com, along with all of the below items:
5.5.1. To verify your authorization to request on behalf of a California resident, provide one or more of the following: (1) California Secretary of State authorization, (2) written permission from the California resident, or (3) power of attorney.
5.5.2. Sufficient information to verify the authorized agent’s identity, depending on the nature of the request.
5.5.3. To verify the identity of the California resident for whom the request is being made, provide the information set forth above for verification of the consumer request.
5.6. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. We will only use Personal Information provided in a verifiable consumer request to verify the request’s identity or authority to make the request.
5.7. We will acknowledge receipt of the request within ten (10) business days of our receipt. We will respond to a verifiable consumer request within forty-five (45) days of receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the receipt of the verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For Data Portability requests, we will provide the responsive information in a portable and, to the extent technically feasible, in a readily useable format that allows you to transmit the information to another entity without hindrance.
5.8. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
G. Do Not Track
5.9. We do not track our customers over time and across third party websites to provide targeted advertising. Accordingly, we do not recognize or respond to “Do Not Track” signals.
5.10. Your web browser can be set to allow you to control whether you will accept cookies, reject cookies, or to notify you each time a cookie is sent to your browser. If your browser is set to reject cookies, websites that are cookie-enabled will not recognize you when you return to the website, and some website functionality may be lost. To find out more about cookies, visit https://www.aboutcookies.org.
5.11. Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), operating system name and version, device manufacturer and model, language and Internet browser type and version. We use this information to ensure that the Services function properly.
5.12. Your IP address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses the Services. Collecting IP addresses is standard practice and is done automatically by many websites, applications, and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems, and administering the Site.
5.13. We may use Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of the Services and report on activities and trends. You can learn about Google’s practices by going to https://www.google.com/policies/privacy/partners/ and opt-out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
6. Modifications and Updates to this California Notice
6.1. This California Notice replaces all previous disclosures we may have provided to you about our information practices with respect to the Services. We reserve the right, at any time, to modify, alter, and/or update this California Notice, and any such modifications, alterations, or updates will be effective upon our posting of the revised California Notice. We will use reasonable efforts to notify you in the event material changes are made to our processing activities and/or this California Notice, such as by posting a notice on the Services or sending you an email. Your continued use of the Services following our posting of any revised California Notice will constitute your acknowledgement of the amended California Notice.
6.2. If you have any questions about this California Notice, please contact Apotex’s Privacy Officer via telephone at 1-844-427-6839 or via e-mail at privacy@apotex.com
6.3. We strive to accommodate all customers regardless of disabilities. If you need to receive the information contained in this California Notice in a different format, please contact us using the contact information listed above.
