This Privacy Statement explains how Gilead Sciences, Inc., including its wholly owned subsidiaries and successors (together referred to as "Gilead"), handles Personal Information (information that can identify you) that you provide to Gilead, or that is otherwise collected, online and offline by Gilead (together referred to as the "Services"). This Privacy Statement applies to all Personal Information received and processed by Gilead. “Personal Information” means any information or set of information that relates to an individual, which can be either direct or indirect, and can be collected by or on behalf of Gilead.
Please read this Privacy Statement before using Gilead Services or submitting Personal Information to Gilead. By accessing and using the “Services”, you agree and consent to the collection, use and disclosure of your Personal Information as outlined in this Privacy Statement.
Gilead and certain of its US affiliates (covered entities) participate in the EU-US and Swiss-US Privacy Shield Framework. Gilead acknowledges its commitment to comply with the EU-US and Swiss-US Privacy Shield Principles (“Principles”) for all Personal Information received from the EU, United Kingdom, or Switzerland which was provided in reliance on Privacy Shield. Gilead will collect, use and disclose Personal Information received from the EU, United Kingdom, or Switzerland only in accordance with the principles outlined in this Privacy Statement, the above-noted Privacy Shield Principles, and legal requirements. For purposes of Privacy Shield compliance enforcement, Gilead acknowledges that it is subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC).
- Directly from individuals
- Through our websites and mobile apps
- From healthcare professionals
- From contract research organizations and clinical trial investigators
- From individuals enrolled in clinical trials
- From government agencies or public records
- From third party service providers, data brokers or business partners
- From industry and patient groups and associations
- From time to time, we may use or augment the Personal Information we have about you with information obtained from other sources, such as public databases, social media platforms and other third parties. For example, we may use such third party information to confirm or verify licensure of healthcare professionals or to better understand your interests by associating demographic information with the information you have provided.
- Contact information and contact preferences (such as name, email address, mailing address, phone number, and emergency contact information)
- Biographical and demographic information (such as date of birth, age, gender, ethnicity, marital status, and sexual orientation)
- Health and medical information (such as information about physical and mental health conditions and diagnoses, treatments for medical conditions, genetic information, family medical history, and medications an individual may take, including the dosage, timing, and frequency) we collect in connection with managing clinical trials, conducting research, providing patient support programs, distributing and marketing our products, managing compassionate use and expanded access programs, and tracking adverse event reports
- Information regarding any parents or legal guardians
- Financial information to complete a transaction or determine eligibility for patient assistance programs
- Username and password that you may select in connection with establishing an account on our websites or mobile apps
- Your photograph, social media handle or digital or electronic signature
- Publicly available information
- Internet activity, such as your browsing history, your search history, and information on your interaction with our Services and advertisements
- Inferences drawn from other Personal Information listed above, to create a profile reflecting your preferences, characteristics, behavior, attitudes and abilities
- Adverse event information
- We may use the Personal Information we collect about you with information obtained from other sources, such as public databases, social media platforms and other third parties.
If you are a healthcare professional, we may also collect:
- Professional credentials, educational and professional history, institutional and government affiliations, and information included on a resume or curriculum vitae (such as work experience, education, and languages spoken)
- Information about the Gilead programs, products and activities with which you have engaged
- Details about our interactions with you, your prescribing of our products and the agreements you have executed with us
- Publicly-available information related to your practice, such as license information, disciplinary history, prior litigation and regulatory proceedings, and other due diligence related information.
Gilead processes your Personal Information in its normal course of business for its own internal purposes, such as:
- Establishing and maintaining communications with you
- Where you have requested participation in a clinical trial with Gilead or one of Gilead’s partners
- Disease management, education, or decision support systems related to the use of Gilead products or Services
- Where you have requested a service from Gilead, assisting you in the completion of your application, the assessment of your eligibility for any such requested service, the processing and maintenance of the service, as well as any applicable renewal of such service
- Responding to your inquiries about applications, trials and other Services
- Making proposals for future service needs
- Allowing our affiliated companies to notify you of certain products or services offered by our affiliated companies
- Processing transactions through service providers
- Meeting legal, security, processing, and regulatory requirements
- Protecting against fraud, suspicious or other illegal activities
- Compiling statistics for analysis of our sites and our business
Gilead processes Personal Information where it has a legal basis for doing so. Legal bases include:
- The transfer or processing is in Gilead’s legitimate interest in providing you with access to our Services and programs
- The transfer or processing is necessary for the performance of a contract between you and Gilead (or one of its affiliates)
- The transfer or processing is necessary for the performance of a contract, concluded in your interest, between Gilead (or one of its affiliates) and a third party
- The transfer or processing is necessary, or legally required, on important public interest grounds, for the establishment, exercise, or defense of legal claims, or to protect your vital interests
- The transfer or processing is required by applicable law
Within our family of companies
In the normal course of performing Services for our clients, Personal Information may be shared within Gilead and its affiliates for research and statistical purposes, drug safety and efficacy purposes, disease management, system administration and crime prevention or detection, or any purpose otherwise identified in this Privacy Statement.
With our Service Providers
We may retain other companies and individuals to perform Services on our behalf and we may collaborate with other companies and individuals with respect to particular products or Services. Examples of service providers include data analysis firms, credit card processing companies, customer service and support providers, email and SMS vendors, web hosting and development companies and fulfillment companies. Providers also include our co-promote partners for products that we jointly develop and/or market with other companies. Some providers may collect Personal Information on our behalf.
In connection with Business Transactions
As we continue to develop our business, we might sell or buy assets. In such transactions, user information, including Personal Information, generally is one of the transferred business assets. Also, if either Gilead itself or substantially all of Gilead assets were acquired, your Personal Information may be one of the transferred assets. Therefore, we may disclose and/or transfer your Personal Information to a third-party in these circumstances.
To comply with our legal obligations
Gilead reserves the right to disclose without your prior permission any Personal Information about you or your use of the Services if Gilead has a good faith belief that such action is necessary to: (a) protect and defend the rights, property or safety of Gilead, our employees, other users of the Services, or the public; (b) enforce the terms and conditions that apply to use of the Services; (c) as required by a legally valid request from a competent governmental authority and/or to comply with a judicial proceeding, court order, or legal process; or (d) respond to claims that any content violates the rights of third parties. We may also disclose Personal Information as we deem necessary to satisfy any applicable law, regulation, legal process, or governmental request.
We may also disclose aggregate or de-identified data that is not personally identifiable to third parties for any purpose.
Please note, Gilead does not sell Personal Information to third parties.
Gilead websites and apps may collect information that could be potentially personally identifiable about your visits without you actively submitting such information. Unidentified information may be collected using various technologies, such as cookies and web beacons. Cookies are small text files that are transferred to your computer's hard disk by a website. Web beacons (also referred to as GIF files, pixels, or internet tags) help Gilead understand how you navigate around the Gilead websites. As part of your use of the site, your internet browser automatically transmits to Gilead websites some of this information, such as the URL of the website you just visited and the browser version your computer is operating. Passive information collection technologies can make your use of Gilead websites easier by allowing Gilead to provide better service, customize Gilead websites based on consumer preferences, compile statistics, analyze trends, and otherwise administer and improve Gilead websites. You can prevent the storage of cookies by adjusting the settings on your browser, though certain features of Gilead websites may not work without use of passive information collection technologies. Information collected by these technologies cannot be used to identify you without additional information.
Some internet browsers allow you to limit or disable the use of tracking technologies that collect unidentified information, such as a “Do Not Track” (“DNT”) setting. Currently, we do not respond to DNT signals.
Gilead may offer apps, special programs, clinical trials, activities, events or promotions (“Programs”) that have unique or additional specific terms, privacy notices and/or consent forms that explain how any information you provide will be processed in connection with the Programs. Certain Programs may include options to help you afford your medications. Where required, we may provide additional terms. You should review the terms applicable to the Programs before interacting or participating in the Program.
Where Gilead relies on consent for the fair and lawful processing of Personal Information, the opportunity to consent will be provided prior to when the Personal Information in question is collected. Your consent may be given through your authorized representative such as a legal guardian, agent, or holder of a power of attorney. Where Gilead relies on consent, you will be entitled to withdraw that consent at any time.
Gilead maintains servers and other storage facilities in the United States, EU, and Asia. Gilead may transfer Personal Information outside of its country of origin for the purposes, and in the manner, set out in this Privacy Statement, including for processing and storage by service providers and affiliates in connection with such purposes. In all situations, Gilead takes reasonable steps to ensure that your privacy is protected. Such steps include, but are not limited to, implementing privacy, security, and contractual controls, as well as steps noted in this Privacy Statement, as required by applicable law.
To the extent that any Personal Information is sent outside of an individual’s country, it is subject to the laws of the country in which it is held, and may be subject to disclosure to the governments, courts, or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country, consistent with the Principles.
Gilead endeavors to obtain assurances from its service providers and affiliates that they will safeguard Personal Information consistent with this Privacy Statement. An example of appropriate assurances that may be provided by service providers and affiliates includes a contractual obligation that they provide at least the same level of protection as is required by Gilead’s privacy principles set out in this Privacy Statement. Where Gilead has knowledge that a service provider or affiliate is using or disclosing Personal Information in a manner contrary to this Privacy Statement, Gilead will take appropriate steps to prevent or stop the use or disclosure.
Gilead complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (Privacy Shield) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom and/or Switzerland, as applicable to the United States in reliance on Privacy Shield. Gilead has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
Gilead has implemented reasonable physical, technical and managerial controls and safeguards to keep your Personal Information protected from unauthorized access, disclosure, alteration, and destruction. Such measures may include, but are not limited to: the encryption of communications via SSL, encryption of information while it is in storage, firewalls, access controls, separation of duties, and similar security protocols.
Gilead trains its employees on the importance of privacy and how to handle and manage Personal Information appropriately and securely. Personal Information handled by agents, or companies with which Gilead may conduct joint programs, is governed by this Privacy Statement and the Principles.
Please note, the confidentiality of Personal Information transmitted over the Internet cannot be guaranteed. Gilead urges you to exercise caution when transmitting Personal Information over the Internet. Gilead cannot absolutely guarantee that unauthorized third parties will not gain access to your Personal Information; therefore, when submitting Personal Information to Gilead online, you must weigh both the benefits and the risks.
Gilead will use Personal Information only in ways that are compatible with the purposes for which it was collected, or consented to by the individual. Gilead will have appropriate steps in place to ensure that Personal Information is relevant to its intended use, accurate, complete, and current. Gilead will only store Personal Information for as long as it is needed to fulfill the purposes for which it was collected, subject to applicable data retention periods imposed upon Gilead by applicable law. This may mean that your Personal Information is stored by Gilead for a number of years, depending on the purpose and need for that data to be processed. For more information about Gilead’s retention periods for Personal Information, please refer to the contact information section below.
You may have certain rights and choices regarding our processing of your Personal Information. Depending on your jurisdiction, applicable law may entitle you to additional consumer rights, including the right to:
- Know the categories and/or specific pieces of Personal Information collected about you, including whether your Personal Information is sold or disclosed, and with whom your Personal Information was shared
- Access a copy of the Personal Information we retain about you
- Request deletion of your Personal Information
- Correct or amend your Personal Information
- Object to certain uses of your Personal Information.
We reserve the right to verify your identity in connection with any requests regarding Personal Information to help ensure that we provide the information we maintain to the individuals to whom it pertains, and allow only those individuals or their authorized representatives to exercise rights with respect to that information. If you are an authorized agent making a request on behalf of a consumer, we may require additional information to verify that you are authorized to make that request. This may include obtaining a written authorization and proof that you are authorized to make the request.
Gilead may not be able to comply with a request where Personal Information has been destroyed, erased or made anonymous in accordance with Gilead’s record retention obligations and practices. In the event that Gilead cannot provide an individual with access to his/her Personal Information, Gilead will endeavor to provide the individual with an explanation, subject to any legal or regulatory restrictions.
To submit a request, please contact us:
Through our web portal for:
By email to firstname.lastname@example.org.
By mail to the following address:
Gilead Sciences, Inc.
333 Lakeside Drive
Foster City, CA 94404
To help us respond to your request, all communications to Gilead should include the sender’s name and contact information (such as e-mail address, phone number or mailing address), and a detailed explanation of the request. In addition, communications related to Gilead websites should include, as applicable, the e-mail address used for registration and the Gilead website address on which Personal Information was provided (e.g., www.gilead.com). E-mail requests to delete, amend, or correct Personal Information should include "Deletion Request" or "Amendment/Correction Request", as applicable, in the subject line of the e-mail. Gilead will endeavor to respond to all reasonable requests in a timely manner, and in any case, within any time limits prescribed by applicable local law. If you have questions or complaints regarding our Privacy Statement or practices, please contact us at email@example.com or at the mailing address provided above.
We will not restrict or deny you access to our Services because of choices and requests you make in connection with your Personal Information. Please note, certain choices may affect our ability to deliver the Services.
You may unsubscribe from our marketing emails at any time by following the instructions included in those emails. Any requests to opt-out of future communications from Gilead, or to opt-out of a particular Gilead program should be directed to Gilead using the contact methods above.
No Gilead websites are intended to collect or use any Personal Information from children on Gilead websites ("children" are individuals who have not reached the age of majority in their residential jurisdictions). Gilead does not knowingly allow children to order Gilead's products, communicate with Gilead, or use any of Gilead's online Services. Should you suspect that a child of whom you are the parent or legal guardian has provided us with Personal Information, please contact Gilead using one of the methods specified herein and Gilead will work with you to address this issue.
Individuals may contact Gilead regarding a complaint regarding the collection, processing, and transfer of their Personal Information by completing the Gilead Privacy Inquiry Form and by emailing it to firstname.lastname@example.org. Gilead will promptly investigate and respond to complaints within 45 calendar days of their receipt. Gilead will attempt to resolve complaints in accordance with the principles contained in this Privacy Statement and the Principles.
Gilead will conduct periodic compliance audits of its relevant privacy practices to verify adherence to this Privacy Statement.
Independent Recourse Mechanism
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge), TRUSTe, at https://feedback-form.truste.com/watchdog/request.
In the event that you cannot fully resolve your complaint through the above mechanisms, it is possible that you may use binding arbitration as a final resort. In order to invoke this arbitration option you must take the following steps prior to initiating an arbitration claim: (1) raise the claimed violation directly with Gilead and afford us an opportunity to respond to the issue within 45 days; (2) make use of the independent recourse mechanism, in this case TRUSTe, which is at no cost to you; and (3) raise the issue through your Data Protection Authority to the Department of Commerce and afford the Department of Commerce an opportunity to use best efforts to resolve the issue.
This arbitration option may not be invoked if your same claimed violation (1) has previously been subject to binding arbitration; (2) was the subject of a final judgment entered in a court action to which you were a party; or (3) was previously settled by you and us. In addition, you may not invoke this option where the Data Protection Authority of the country of your residence already has jurisdiction to resolve your complaint.
You may initiate binding arbitration, subject to the pre-arbitration requirements provision above, by delivering a “Notice” to the organization. The Notice shall contain a summary of steps taken to resolve the claim, a description of the alleged violation, and, at the choice of the individual, any supporting documents and materials and/or a discussion of law relating to the alleged claim. For more information on how to invoke arbitration under the Privacy Shield Framework, please visit https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Finally, you may only use binding arbitration to ensure Gilead follows the data handling practices set out in this Privacy Statement. No other form of remedy is available by any arbitration under this section.
Any questions or concerns regarding handling of Personal Information by Gilead, or related to revocation of consent to collect, process, transfer, or disclose your Personal Information should be directed by email to email@example.com.
Any requests to opt-out of future communications from Gilead, or to opt-out of a particular Gilead program should be directed to Gilead through our web portals, by email to firstname.lastname@example.org, or by telephone at +1 (833) GILEAD2+1 (833) GILEAD2 or (+1 (833) 445-3232+1 (833) 445-3232).
Alternatively, letters may be sent to the following address:
Gilead Sciences, Inc.
333 Lakeside Drive
Foster City, CA 94404
Gilead reserves the right to amend this Privacy Statement from time to time to reflect technological advancements, legal and regulatory changes, and Gilead’s business practices, subject to applicable laws. If Gilead changes its privacy practices, an updated version of this Privacy Statement will reflect those changes. Gilead will provide notice of such changes by updating the effective date listed on this Privacy Statement. It is your responsibility to check this Privacy Statement frequently to view any amendments. Your continued interaction with Gilead, in the activities covered above, will be subject to the then-current Privacy Statement.
If you are an EU citizen and/or accessing Gilead websites in the European Economic Area, then this Supplement may apply in addition to the above.
Transfers of your Personal Information may be made to entities located outside the European Economic Area, including entities located in the United States, for processing consistent with the purposes above. Gilead will implement appropriate contractual measures (including our Privacy Shield certification and standard data protection clauses, a copy of which you can obtain by contacting email@example.com) to ensure that the relevant Gilead companies and third parties outside the European Economic Area provide an adequate level of protection to your Personal Information as set out in this Privacy Statement and as required by applicable law.
For the processing of Personal Information relating to the European Economic Area, Gilead has assigned a data protection officer responsible for overseeing our compliance with EU data protection law, whom you may contact at firstname.lastname@example.org in case of any questions or concerns regarding the processing of your Personal Information.
If Gilead’s processing of your Personal Information is covered by EU law you may also lodge a complaint with the corresponding data protection supervisory authority in your country of residence. You can find the relevant supervisory authority name and contact details under http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Last Updated: 23rd December 2019