Hologic logo, dark blue
Hologic logo, dark blue

Privacy Notice

Last Revised: 1st October, 2024

This Privacy Notice informs you of important information about how Hologic, Inc. and our family of companies (together, “Hologic,” “we,” “us” or “our”) process the personal data that we collect in online and offline formats through the Services.

When we use the term “Services” we mean to refer collectively to:

  • The provision of medical technology and related services to our customers including technical support (“Customer Services”);
  • The websites owned and controlled by us that link to this Privacy Notice (“Sites”); and
  • Interactions with prospective customers and marketing and business development activities, including events we host, social media properties we operate, and emails that we send (“Marketing Activities”).

When we use the term “personal data” we mean data that can be used to identify a person, or that relates to an identifiable person.

This notice applies only to our processing of personal data within the scope of federal, provincial and territorial laws and regulations that apply to Hologic’s processing of personal data in Canada.

This Privacy Notice does not apply to the extent we process personal data in the role of a processor or service provider on behalf of our customers. It is that customer’s privacy notice that applies; we conduct such activities in accordance with our customer’s instructions and pursuant to our contractual arrangements with the customer. If you are an end user or consumer with an existing relationship with one of our customers, you should refer to the customer’s website to understand their privacy practices and policies.

How We Collect and Use Personal Data

We may collect and process personal data about a number of different individuals through the provision of the Services. These individuals include our customers, prospective customers and others who may be interested in our products and services, visitors to our offices, visitors to our Sites, vendors, and other individuals.

    Customers and prospective customers

    The majority of our customers and prospects are corporate entities. Corporate data is not personal data. But their employee and representative data is personal data.

    We may collect the following personal data in the context of providing Customer Services and Marketing Activities:

    • Names
    • Job titles
    • Email address
    • Physical address
    • Phone number

    We also obtain personal data about individuals who may be interested in our products or services from third-party sources such a lead generation list providers and conference organizers when they provide us with personal data about conference attendees.

    Our legal bases for processing personal data in connection with Customer Services and Marketing Activities are:

    • To comply with legal obligations and professional responsibilities;
    • To perform contracts;
    • To pursue our legitimate interests of:
      • ensuring that we deliver the best possible service to our customers,
      • keeping individuals informed of developments in our technology, products, and services,
      • business development and general marketing, and
      • ensuring we build and maintain a good working relationship with you;
    • Your consent, but where we make it clear to you in advance that we are relying on you consent (for example, when you sign up to our mailing list).
    Health Care Professionals:

    We often interact with the health care professionals in the conduct of our business. In connection with our Marketing Activities, we may contract with them to perform consulting or speaking engagements. We may collect the following personal data about health care professionals:

    • Names
    • Job titles
    • Email address
    • Professional address
    • Phone number
    • Resume and work history details
    • Financial and tax information (when we need to pay consultants and for speaking engagements)

    Our legal bases for processing this personal data are:

    • To comply with legal obligations and professional responsibilities (for example, transparency laws and codes governing the health care industry);
    • To perform contracts;
    • To pursue our legitimate interests of:
    • ensuring that we deliver the best possible service to our customers,
    • keeping individuals informed of developments in our technology, products, and services,
    • business development and general marketing, and
    • ensuring we build and maintain a good working relationship with health care professionals in the industry;
    • Your consent, but where we make it clear to you in advance that we are relying on you consent (for example, when you sign up to our mailing list).

     

    Visitors to our Sites:

    We may collect certain personal data from visitors to our Sites. We generally collect this information directly from you when you fill out form fields, interact with our iStore, download product documentation, or register for and participate in our medical education services. In this variety of different circumstances on the Sites we collect:

    • Name
    • Customer account number
    • Company name
    • Your photo, if you provide it to us
    • Email address
    • Physical address
    • Phone number
    • Time zone
    • The products and medical education services you are interested in

    The legal bases we rely on to process this personal data are:

    • To pursue our legitimate interests of operating and growing our business, operating and improving the Sites, delivering the Customer Services and engaging in Marketing Activities; and
    • Your consent, where we make it clear to you in advance that we are relying on your consent (for example, when you sign up to our mailing list).
    Visitors to our offices:

    For visitors to our offices we take a record of name and contact information. This information is recorded for legitimate business purposes and for health and safety purposes so that we know who is in the building in event of an emergency. If you attend one of our events and we serve food, we may have information about your dietary requirements.

    The legal bases we rely on to process this personal data are:

    • To comply with our legal obligations; and
    • To pursue our legitimate interests in ensuring the safety and security or our employees and visitors.
    Vendors and business partners:

    We process personal data of vendors and business partners in the conduct of our business operations, including name, contact information, financial information, tax information, and information to verify identity. For vendors, we do this so that we can liaise about the services the vendors are providing to us now and in the future. For business partners, we do this to support, grow and maintain the relationship. For individual vendors and business partners, we hold financial information in order to pay invoices. Sometimes we receive this information from a third party who is recommending the service to us.

    The legal bases we rely on to process this personal data are:

    • To perform contracts;
    • To comply with our legal obligations; and
    • To pursue our legitimate interests of managing and operating our business, including through use of vendors and business partners.
    Social media platforms:

    Social media channels, pages and blogs offered as a service to users are hosted by third-party vendors (see third party categories below). Those vendors normally require registrants to provide personal data, including name and email address among other kinds of information. This personal data is not collected by us but may be shared with us. We use this personal data to manage our online communities and for other purposes set forth in this Privacy Notice.

    If you reside in or are using the Services in a jurisdiction governed by privacy laws under which consent is the only or most appropriate legal basis for the processing of personal data, we will only collect, use and disclose your personal data with your consent or as otherwise permitted or required by law.

    How we obtain your consent, including whether it is express or implied, will depend on the circumstances and the sensitivity of the personal data in question. Generally, we will seek your consent at the time we collect your personal data. If you wish to withdraw your consent, please contact us using the contact information below. We will accommodate your request to withdraw consent, subject to legal or contractual restrictions. Withdrawal of your consent may mean that we will no longer be able to provide you with certain products or Services.

    Additional Uses of Personal Data

    In addition to the uses described above, we may use your personal data for the following purposes. Some of these uses may, under certain circumstances, be based on your implied or express consent, or to comply with our legal obligations:

    • Operating our business, administering the Services and managing your accounts;
    • Contacting you to respond to your requests or inquiries;
    • Processing and completing your transactions including, as applicable, order confirmation and delivering products or services;
    • Providing you with newsletters, articles, alerts and announcements, event invitations, and other information that we believe may be of interest to you;
    • Providing you with marketing information, and other information that is tailored to your interests;
    • Conducting research, surveys, and similar inquiries to help us understand trends and customer needs;
    • Analyzing your interactions with us, and improving our products, services, programs, and other offerings;
    • Preventing, investigating, or providing notice of fraud, unlawful or criminal activity, or unauthorized access to or use of personal data, our website or data systems; or to meet legal obligations; and
    • Enforcing our Terms of Use and other agreements.

    How We Share and Disclose Personal Data

    We share personal data with the following categories of recipients.

      Service Providers:

      We may transfer your personal data to third-party service providers to provide us with services such as website hosting, professional services, including information technology services and related infrastructure, customer service, e-mail delivery, auditing and other similar services. If we transfer your personal data to a third-party service provider, we require that they maintain the confidentiality of your personal data and keep it secure. We also require that our service providers comply with applicable privacy laws and only use your personal data for the limited purposes for which it is provided.

      Affiliates:

      We may disclose personal data to our affiliates for the purposes described in this Privacy Notice, including for their marketing purposes, and to be consistent with our goal of providing our the superior customer service and engagement experience that our customers have come to expect from us around the world.

      Authorized Distributors:

      In some regions, we sell our products through distributors rather than directly to buyers. In these regions, we may disclose personal data in order to provide the Services, complete transactions, address product deliver and warranties

      To Perform Customer Services:

      We may disclose personal data to third parties in order to perform services you request or functions you initiate, such as when you post information and materials on message boards and forums.

      Corporate Transactions or Events:

      We may disclose your information to a third party in connection with a corporate reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or capital, including in connection with any bankruptcy or similar proceedings.

      Other Legal Reasons:

      In addition, we may disclose your personal data as we deem necessary or appropriate: (1) under applicable law, including laws outside your country of residence; (2) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (3) to comply with subpoenas and other legal processes; (4) to pursue available remedies or limit damages we may sustain; (5) to protect our operations or those of any of our affiliates; (6) to protect the rights, privacy, safety or property of Hologic, our affiliates, you and others; and (7) to enforce our terms and conditions.

      Security

      Hologic takes reasonable measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction. However, please be advised that when information is transmitted over the internet, it cannot be guaranteed to be completely secure.

      Region-Specific Disclosures

      European Economic Area and UK: For individuals in the European Economic Area, please click here for additional detailed disclosures.

      State of California, United States: We may disclose personal data to affiliates of Hologic, Inc., which may use this information for all purposes outlined in this Privacy Notice. Under California Civil Code Section 1798.83, separate legal entities are considered “third parties” and certain communications with our affiliates might be viewed as promoting our services. Therefore, we are providing the following information for California residents who established and engagement that is primarily for personal, family, or household purposes (“California Residents”).

      Individual California Residents may request information about our disclosures of certain categories of personal data to third parties (i.e., our affiliates) for such third parties’ direct marketing purpose, consistent with California Civil Code Section 1798.83.

      Individual California Residents must submit requests to us either by email at data.privacy@hologic.com or by mail at the following address:
      Hologic, Inc.
      Information Security, Privacy Office
      250 Campus Dr, Marlborough, MA 01752, USA

      In response, we will provide a list of the categories of “Personal Information”, as that term is defined by California Civil Code Section 1798.83, disclosed to third parties for direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties.

      This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the email or mailing addresses specified in this section.

      E-mail Marketing

      We may periodically send you relevant alerts and newsletters by e-mail. To help improve our marketing activities, we often receive a confirmation when you open an e-mail or click on a link included in one of these emails, if your computer supports such capabilities. Instructions on how to unsubscribe from these alerts and newsletters are included in each e-mail.

      Cookie Notice

        How we use Cookies:

        We use cookies and related tracking technologies (“Cookies”) to provide Services, gather information when users navigate through the Sites to enhance and personalize the experience, to understand usage patterns, and to improve our Sites, products, and Services.

        Cookies on our Sites are generally divided into the following categories:

        • Required Cookies:These technologies are necessary for core features of this site to operate properly and as such cannot be disabled.

        • Functional Cookies:These technologies make the site run more efficiently but the site will still function without them and as such these technologies can be disabled.

        • Analytics Cookies:These technologies are used to collect information about who visits our web site and how they interact with it.

        • Advertising Cookies:These technologies are used by advertising and marketing teams. They are used for multiple purposes including delivery of adverts, measuring the effectiveness of marketing campaigns and tracking the behaviour of individuals across different web sites for the purpose of profiling. These technologies may create a risk to your privacy and as such, can be disabled.

         

        How to control Cookies:

        You can review your Cookie choices by clicking on the “Cookie Preferences” button at the bottom of our Sites.

        You can also review your Internet browser settings, typically under the sections “Help” or “Internet Options,” to exercise choices you have for certain Cookies.

        We support the Self-Regulatory Principles for Online Behavioral Advertising of the Digital Advertising Alliance (“DAA”). To learn more about certain third-party Cookies used for interest-based advertising, including through cross-device tracking, and to exercise certain choices regarding such cookies, please visit the Digital Advertising Alliance, Network Advertising Initiative, Digital Advertising Alliance-Canada, European Interactive Digital Advertising Alliance or your device settings if you have the DAA or other mobile app.

        The opt-outs described above are device- and browser-specific and may not work on all devices. If you choose to opt-out through any of these opt-out tools, this does not mean you will cease to see advertising. Rather, the ads you see will just not be based on your interests.

        Links to Other Sites

        Occasionally we provide links to other websites for your convenience and information. These sites operate independently from our Sites and are not under our control. These sites may have their own privacy notices or terms of use, which you should review if you visit any sites linked through our Sites. We are not responsible for the content or use or personal data processing of these independent sites.

        Updates to this Privacy Notice

        Hologic may change this and other Privacy Notices from time to time, at Hologic’s sole discretion. Hologic encourages visitors to frequently check any changes to its Privacy Notices.

        How to Contact Us

          Privacy Rights Request

          Subject to applicable privacy laws in your jurisdiction of residence, you may exercise your rights to review, know, correct, update, delete, restrict or object to the processing of your personal data at any time by completing our Individual Privacy Right Request Form here.

          Complaints:

          You may exercise your rights to submit a complaint regarding the processing of your personal data at any time by completing a form here.

          If you have any queries, questions or concerns about this Privacy Notice or our personal data handling practices, please contact us at data.privacy@hologic.com.

          Data Retention

          We retain personal data pursuant to our records retention program, for as long as is necessary to fulfill the purposes for which it was collected, unless a longer period is required under applicable law or is needed to resolve disputes or protect our legal rights.

          Transfers of information across borders

          If you are a resident of Canada and you use the Services, your personal data may be stored or accessed outside of Canada, including by our affiliated companies or by third party service providers. This means that your personal data will be subject to the laws of the jurisdiction in which it is stored or accessed including the access rights of the government of that jurisdiction. If you do not wish for your personal data to be stored or accessed outside of Canada you have the option of not using the Services. If you have questions about storage of your personal data outside of Canada please contact us as set forth below in the “Contact Us” section.

          Data Subject Rights

          Under PIPEDA and related provincial legislation, you have the right, under certain circumstances, to access information we hold about you. Any such access request must be writing and provided to us at the email or postal addresses described in the “Contact Us” section below. 

          We expect you to supply us with updates to your personal data, when required. We will not routinely update your personal data unless such a process is necessary. 

          You may exercise your rights to access and correct any personal data that we have collected about you by completing Data Subject Access Request here

          We may need to verify your identity before responding to your request. Any such identifying information will be used only for this purpose. We will not charge you any fees to access your personal data in our records without first providing you with an estimate of the approximate fees, if any. In some circumstances, we may not provide you with access to your personal data, for example, if it contains the personal data of other persons, if it constitutes confidential commercial information, or if it is otherwise not properly the subject of an access request. 

          If you object to how we handle your request, you may have the right to make a complaint to the Privacy Commissioner of Canada or the applicable provincial privacy commissioner.

          Contact Us

          If you have any questions, requests or complaints about our information practices, please contact our Privacy Officer:

          Privacy Officer
          data.privacy@hologic.com 


          Hologic Canada ULC
          2400 Skymark Avenue, Unit 7A
          Mississauga, ON L4W 5K5

          Subprocessors

          For more information on parties that may process our Client personal data ("Subprocessors"), see below. You may find this list of Subprocessors as part of our Data Protection Agreement (DPA), if applicable to you. Note that these Subprocessors may not apply to our website visitors or general public: https://www.hologic.com/subprocessors.