This Privacy Notice describes how Tandem Diabetes Care, Inc. (“Tandem,” “us,” “we,” or “our”) collects, uses, and discloses your personal information through products and services that include a link to this Privacy Notice (collectively, our “Services”), which includes, but is not limited to:
- Our website at www.tandemdiabetes.com (“Website”)
- Our mobile apps, such as t:connect and t:simulator (“Apps”)
- Our online portals such as t:simulator, t:connect and t:connect HCP, Tandem Source, and our online customer portal
- Our downloadable computer software such as Tandem Device Updater
- Our connected devices, such as insulin pumps
- Offline activities, such as in-person or virtual tradeshows, customer interactions, conferences, seminars, focus groups, and surveys or questionnaires
We may also collect personal information through other online services you use to interact with us such as online webinars and social media platforms, where we may be unable to or have not linked to this Privacy Notice because the online service is owned by another party.
If you are in the United States of America, please note this Privacy Notice does not cover our use, collection, or disclosure of your Protected Health Information (“PHI”) under the Health Insurance Portability and Accountability Act (“HIPAA”). For more information about these practices, see our HIPAA Notice of Privacy Practices. If you are a California resident, please see the Notice for California Consumers and Your California Rights section below, which sets forth additional information and rights you may have under California law relating to your information that is not HIPAA-covered PHI.
If you are in the European Union, Iceland, Liechtenstein and Norway (i.e., the "European Economic Area" or "EEA"), the United Kingdom ("UK"), or Canada, please see Section 12 (Additional Information for Users Outside the United States) below for additional information which is specific to you.
This Privacy Notice does not cover personal information that may be collected about you as an applicant for a job at Tandem or workforce personnel of Tandem. Please visit our Privacy Notice for California Applicants and Privacy Notice for California Workforce Members.
If you have any questions or concerns about our use of your personal information, please contact us using the contact details provided at the bottom of this Privacy Notice.
Contents
Collection of Personal Information
Personal information generally means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly with you. Personal information does not include information that is publicly available, de-identified, or aggregated. We may combine your personal information with data we obtain from our Services, other users, or other parties. We reserve the right to convert, or permit others to convert, your personal information into deidentified, anonymized, aggregated, or pseudonymized data, as permitted by law.
What personal information we collect may differ depending on how you interact with us. For example, we collect personal information when you use our Services, such as when you use our Apps which track your insulin. This personal information may differ from personal information we collect from health care providers or a clinic administrators appointed by a health care provider (collectively referred to as “HCPs”).
Personal information we collect about you may include:
- Contact information: Name, email address, phone number, billing and mailing address, and zip code.
- Unique identifiers: This may include your username, IP address, online identifiers, online advertising identifiers, and device identifiers or serial numbers.
- Customer records: This may include your birth date, signature, and history of training with our Services.
- Personal characteristics or traits: This includes demographic data, including those regarding characteristics protected by law, gender, and physical characteristics or description.
- Commercial Information: Records of personal property, Services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Internet/Network Information: This includes browsing history, search history, usage information, information regarding a consumer’s interaction with our website, application, or advertisement.
- Geolocation Data: This may include your approximate geolocation.
- Audio, electronic, visual, or similar information: This includes audio recordings of customer service calls and in-office interaction data such as security camera footage.
- Health-related data: This includes medical history, pregnancy status, current diabetes therapy information, lab charts, diagnosis and prescription history, and glucose and insulin data, and device data. For example, data collected from devices you use to access our Services, including data sent to us through App permissions, as well as device operating system, Bluetooth address, UPC, or purchase or device related information of that connected device, Services identification information such as a serial number, log of pump operations, and device interactions connected to our Services (such as interactions between the connected device and Services or any partner products, including continuous glucose monitoring devices and glycemic controllers). We may also collect information from our partner services when you connect our connected devices or our Services to them. For example, this may include information from manufacturers or suppliers of your previous or future pumps, manufacturers or suppliers of glucose monitors you use or have used, which could include glucose readings, existence of a health condition that may impact your therapy (such as pregnancy status, retinopathy, or neuropathy), eligibility for insurance coverage and payment amounts, evidence you received Services training, your HCP’s name and contact information, and/or details of your use of medical devices for diabetes therapy/medical treatment.
- User generated content: This includes any content or material you publish, post, or submit to us, such as photos and videos.
- Inferences derived from personal information: This may include information about your characteristics, behavior, attitudes, aptitudes, interests or preferences, which may include inferences derived from your use of connected devices, or from combining multiple sources or categories of information. We may also supplement certain information we collect from you with outside records. External parties may provide us with information about you in connection with a co-marketing agreement or in connection with a tracking technology.
- HCP Information: If you use our Services as an HCP, we may collect your assigned HCP account ID number, Clinic ID number, and other information in relation to our interactions with you in your role as an HCP.
Sources of Personal Information
We may collect your personal information directly from you, from other parties, or from you indirectly through cookies and other technologies, including through the following sources.
Directly from You, When You
- Communicate with us over the phone or via electronic or paper forms and communications, ask a question, request information, submit a complaint, or seek customer support from us.
- Post on our social media channels.
- Order Services, including submitting payment, and registering our Services.
- Register for an online account.
- Provide us your purchased items or Services for evaluation/troubleshooting or participating in Services training (which may be one-on-one or in group settings).
- Visit our physical offices.
- Use location-based services.
- Interact with our online Services, which may have tracking technologies, such as cookies, that we or our vendors place on our online Services, or which may have external party features or Services, such as social media network tools.
- Participate in our contests, events, or other promotions.
- Participate in a survey, participate in a focus group, test our devices, or provide your thoughts on our Services or marketing (e.g., Services ratings and reviews).
- Interact with or sign up for our advertising or marketing, including targeted ads or marketing communications, such as emails, where applicable.
- Use connected devices, including our devices and those made by other companies, to interact with us or our Services.
- Depending on your mobile device or App permission settings, our Apps may collect geolocation information (approximate location) and other information (for example, pair and access Bluetooth devices, view Wi-Fi and network connections, or receive data from the internet). If you do not consent to our collection of App permissions then this may impact on our ability to provide our Services, or features to you and the functionality of the App.
Additional Sources
We may also receive your personal information from a variety of sources, including external parties such as advertising networks, internet service providers or ISPs, contractors, data analytics providers, government entities, and social networks, as defined by applicable law.
We may also receive personal information from partner services when you connect our connected devices or our Services to them, or where you choose to use a Services feature provided by an external party. For example, we may also receive personal information about you from partners when you integrate a partner’s product with our connected devices or Services or otherwise authorize a partner service to provide personal information about you to us. Any use of an external online service may be subject to that service’s terms and privacy policies.
Indirectly Through Cookies and Other Technologies
We may receive your personal information through the use of cookies and other technologies.
Use of Personal Information
We collect, use, disclose, or otherwise process your personal information for various purposes, including the following:
- Providing Services: To provide you our Services, including creating and activating your account, linking you to others across platforms (such as your HCP or health journey followers), enabling your activity within our Services (including connecting with your HCP, other users, or health journey followers), enabling external party features (e.g., social media connections) or other external-party products (e.g., connected devices), facilitating and managing purchases (including working with applicable insurance entities), shipping and tracking, verifying customer information, and Services training.
- Health Journey: To provide tailored information to support your health journey such as providing insulin tracking, Services training, instructional feedback, and Services recommendations.
- Geographic-Based Features: We may use location information, including geolocation, to provide geographic-based features such geographically relevant services, offers, or ads, and to conduct analytics to improve our Services.
- Research and Development: We may develop new Services features and create new Services or improve existing Services, including using personal information for internal purposes related to certain research, analytics, development, demonstration, innovation, testing, monitoring, customer communication, risk management, and administrative purposes. This may include when you participate in surveys or research activities such as academic, commercial, and research study purposes. This may also include surveys regarding your preferences, or data derived from your use of our Services for internal analytics.
- Advertising: We may personalize your experience with us and our Services by conducting advertising, such as contextual, targeted, or behavioral advertising. For example, this allows us to recommend Services you might like or find useful. It also allows us to assess user interactions, including ad impressions to unique visitors, and quality of ad impressions. We may also use social media services such as matched ads to deliver ads to you on those social media platforms. If you disclose personal information using a social network, that disclosure will be governed by the social network’s privacy policy and preferences or settings.
- Marketing Messages: We may use your personal information to communicate with you about the Services you have purchased or used; provide you with promotional messages and personalized advertising; to notify you of other Services; to notify you of contests, challenges, sweepstakes, and other promotions; to notify you of Services we think may be of interest to you; and, for other marketing purposes, where permissible by law.
- Customer Service: We may use your personal information to respond to your requests for technical support, online Services, Services information or to any other communication you initiate, including requests, inquiries, and complaints.
- Promotions: If you enter a promotion, such as a sweepstakes or contest, we may use your personal information to conduct the promotion, including publishing winners’ lists, pursuant to your consent to the terms of such promotion.
- We may use personal information for security purposes to protect against unauthorized disclosure of personal information, as well as detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity. We may also use personal information for debugging to identify and repair errors that impair existing intended functionality of the Services.
- Legal and Safety: We may use personal information to verify or maintain the quality or safety of a Service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the Service or device that is owned, manufactured, manufactured for, or controlled by us. We also use personal information to meet our legal obligations, work with law enforcement, and for public safety purposes. We may use personal information in order to comply with laws, regulations, court orders, or other legal obligations or to assist in an investigation, to protect and defend our rights and property, or the rights or safety of other parties, to enforce our Terms of Use, this Privacy Notice, or agreements with other parties, or for crime-prevention purposes.
Disclosing Your Information
With your consent, or as allowed by applicable law, we may disclose your personal information, as described above, to:
- Affiliates, Subsidiaries, and Partners: We may disclose personal information to companies or ventures that are owned or controlled by us in order to provide and improve our Services, for marketing purposes, and for advertising.
- Vendors: We may disclose personal information to contractors, business partners, marketing partners, and vendors to provide, improve, and personalize Services. Our vendors may engage subcontractors to perform Services for us.
- We may disclose personal information to social network providers at your direction.
- Other Services Users: Where your personal information is disclosed publicly on our Services, such as when you post in community forums or connect with others, it may be viewed by other visitors and users.
- Your Insurance Providers: Depending on your location, we may assist you by providing personal information to your insurance providers to facilitate insurance coverage and payments for our Services.
- Healthcare Providers (HCPs): We may disclose personal information to your healthcare providers to facilitate care. Note if you are in the United States of America, this Privacy Notice does not cover PHI under HIPAA. For more information, see our HIPAA Notice of Privacy Practices.
- We may disclose personal information for legal compliance, law enforcement, and public safety purposes, as allowed by law. For example, to law enforcement, government or regulatory bodies, lawful authorities, or other authorized external parties in order to comply with laws, regulations, court orders, or other legal obligations or to assist in an investigation, to protect and defend our rights and property, or the rights or safety of other parties, to enforce our Terms of Use, this Privacy Notice, or agreements with other parties, or for crime-prevention purposes. This may include working with a medical examiner or funeral director.
- Others: We disclose your personal information when you consent or direct us to disclose it, such as where you connect our connected devices to a compatible service not provided by us. We may also disclose your personal information to an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed sale or transfer of all or a portion of our business assets (e.g., further to an actual or proposed merger, reorganization, liquidation, bankruptcy, or any other business transaction), including negotiations of such transactions.
Personal Information Provided to External Businesses
This Privacy Notice does not apply to the practices of companies we do not own or control. Our Services may provide a link or otherwise provide access to external services. We provide these links merely for your convenience. We have no control over, do not review, and are not responsible for external services. External services and other businesses may have their own privacy policies which are applicable.
Tracking Technologies
We may use tracking technologies, such as cookies, including tracking technologies managed by vendors or external parties. Tracking technologies can generally be categorized as follows:
- Necessary or Essential: These tracking technologies are used for core functionality, for example for security and to enforce your privacy preferences. Without these cookies, some functionality on our Services will fail.
- Functional or Analytics: These tracking technologies help to improve the Services by allowing us to understand how the Services are used and how the Services perform. We may also use location-aware technologies to locate you, including as determined by your IP address, for purposes such as verifying your location and delivering or restricting content based on your location.
- Advertising: These tracking technologies help personalize ads that are shown to you on our Services, as well as on other parties’ online services. If enabled, these tracking technologies will allow other parties to engage in advertising based on your use of online services across platforms and over time.
We may combine tracking technology information with other personal information about you. We or external parties, on our behalf and pursuant to contract, may collect personal information about your online activities over time and across different online services when you use our Services.
We may use Google Analytics or other providers for analytics services. We may also implement Google Analytics Advertising Features such as remarketing with analytics and interest-based ads. We may use first-party cookies or other first-party identifiers as well as third-party cookies or other third-party identifiers to, e.g., deliver advertisements, measure your interests, and/or personalize content. For more information on how Google Analytics uses data collected through our Services, visit www.google.com/policies/privacy/partners. To opt out of Google Analytics cookies, visit https://tools.google.com/dlpage/gaoptout or download the Google Analytics Opt-Out Browser Add-On.
You may also opt out of certain tracking technologies by visiting the opt out services by the Digital Advertising Alliance in the US, the Canadian Digital Advertising Alliance in Canada, and the European Digital Advertising Alliance in the EU. You can visit Ad Choices (US), Your Ad Choices (Canada), or Your Online Choices (EU). Opting out through these services out does not mean you will no longer receive advertising from us, or when you use the Internet.
Depending on your device settings, you may also opt out of certain interest-based advertising through the device’s "Limit Ad Tracking" or equivalent feature. Refer to your device for more information on what this opt out affects. For instance, you can adjust or reset the advertising identifiers on your mobile device in the device settings. iOS users can visit Settings > Privacy > Advertising > Reset Advertising Identifier. Android users can visit Google settings > Ads > Reset advertising ID.
You can set your browser to refuse cookies from websites, but if you do so, you may not be able to access or use portions of our Services, and certain offerings on our Services may not function as intended or as well.
We are not responsible for opt out processes provided by external parties.
Security
We use appropriate administrative, technical, physical, and organizational measures to protect the personal information we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. This includes managerial measures, including establishment and implementation of internal management plan and periodic training for employees; technical measures, including controlling access rights to personal information processing systems and encryption of important data; and physical measures, including external security and management of system servers. While we implement security measures designed to be appropriate to the relevant risks, please note no data transmission over the Internet or any wireless network can be guaranteed as being 100% secure.
Data Retention
We will store your personal information for no longer than is necessary for the performance of our obligations or to achieve the purposes for which the information was collected, or as may be required or permitted under applicable law. To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure of the data; the purposes for which we process the data and whether we can achieve those purposes through other means; and the applicable legal requirements. Unless otherwise required by applicable law, at the end of the retention period we will remove personal information from our systems and records or take appropriate steps to properly anonymize, deidentify, or aggregate it, where legally applicable.
Your Choices
Our Services may have settings available to you, depending on the Service, to allow you to set preferences. Information collected through our various Services, such as between our online portals and Apps, may not be synchronized (especially when you are not logged into one Service, and you are logged into another). Where information is not synchronized and you would like to have consistent settings, you may contact customer service if you have any issues or to make sure your settings across Services are consistent by accessing each Service independently.
If you receive marketing emails from us, you may opt out through the email’s instructions, as provided. Please note that regardless of your email preferences, we may send you notifications pertaining to the performance of our Services, such as revision of our Terms of Use or this Privacy Notice or other formal communications relating to Services you have purchased or use. If you receive texts from us, you may opt out by texting “STOP” to the number contacting you.
Children’s Personal Information
Parts of our Services may be directed to children. Where required by law, we seek to obtain the verifiable parental consent from the child’s parent or guardian. Where the law requires us to obtain verifiable parental consent and we learn that a child, as defined under that legal requirement, has provided us personal information, we delete that information.
Notice for California Consumers and Your California Rights
This California Privacy Notice is provided pursuant to the California Consumer Privacy Act, as amended (the “CCPA”) and describes how Tandem may collect, use, and disclose personal information of consumers that reside in California. Please note certain information we collect, use, and disclose is considered PHI, as described above, and is therefore covered by our HIPAA Notice of Privacy Practices. For more information, please visit HIPAA Notice of Privacy Practices page.
Unless otherwise noted, the disclosures in Section 11 cover our activities in the twelve (12) months preceding the Effective Date, as well as our current practices.
How and Why We Collect, Use, and Disclose Your Personal Information
Tandem may collect, use, and disclose personal information for business purposes consistent with applicable laws as identified below. Where Tandem transfers applicable personal information to recipients, such as our service providers, it does so for the same business purposes described below. These examples may vary depending on the nature of your interactions with us.
Category of Consumer Personal Information | Categories of Sources from which Collected | Business Purposes for Collection, Use, or Disclosure | Categories of Recipients to Whom Consumer Personal Information May be Disclosed for a Business Purpose |
---|---|---|---|
Identifiers (such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, or other similar identifiers). | Directly from you Automatically when you use our electronic systems From service providers that help us to run our business ; | Comply with applicable state and federal law Communicate with you Maintain business records Provide personalized advertising and marketing | Examples include service providers, data analytics providers, security providers, background check vendors, and information technology vendors. |
Internet or other electronic network activity information, (including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement). | Directly from you Automatically when you use our electronic systems From service providers that help us to run our business | Comply with applicable state and federal law Communicate with you Maintain business records Provide personalized advertising and marketing | Examples include data analytics providers, security providers, and information technology vendors. |
Any personal information described in subdivision (e) of Section 1798.80 of the California Civil Code. | Directly from you Automatically when you use our electronic systems From service providers that help us to run our business | Comply with applicable state and federal law Communicate with you Maintain business records Provide personalized advertising and marketing | Examples include service providers, data analytics providers, security providers, and information technology vendors. |
Geolocation data. | Automatically when you use our electronic systems From service providers that help us to run our business | Comply with applicable state and federal law Communicate with you Maintain business records Provide personalized advertising and marketing | Examples include data analytics providers, security providers, and information technology vendors. |
Commercial information, including records of personal property, Services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Directly from you Automatically when you use our electronic systems From service providers that help us to run our business | Comply with applicable state and federal law Communicate with you Maintain business records Provide personalized advertising and marketing | Examples include service providers, data analytics providers. |
Professional or employment-related information. | Directly from you From service providers that help us to run our business | Comply with applicable state and federal law Communicate with you Maintain business records | Examples include background check vendors.. |
We may also disclose each of the categories of personal information identified above to the respectively identified categories of recipients for operational or business purposes consistent with the purposes for collection or use designated, as is reasonably necessary and proportionate to achieve those purposes, or for another purpose that is compatible with the context in which the personal information was collected, including, but not limited to:
- Auditing our ads;
- Helping to ensure security and integrity of your personal information;
- Debugging, repairing, and improving functionality;
- Short-term, transient use;
- Performing services on our behalf;
- Internal research for technological development; and
- Verifying the quality and/or safety of our devices.
In addition to the other purposes for collection, use, and disclosure of personal information described in this Notice, we may collect, use, and disclose personal information as required by law, regulation or court order; to respond to governmental and/or law enforcement requests; to identify, contact or bring legal action against someone who may be causing injury to or interfering with our or others’ rights or property; to support any actual or threatened claim, defense or declaration in a case or before any jurisdictional and/or administrative authority, arbitration or mediation panel; or in connection with disciplinary actions/investigations. Likewise, we may use and disclose personal information to other parties in connection with the sale, assignment, merger, reorganization, or other transfer.
Selling and Sharing of Personal Information
We may sell or share the following categories of personal information with third parties for the purposes of cross-context behavioral advertising:
- Identifiers
- Internet or other electronic network activity
- Geolocation data
We sell and/or share this personal information with third parties for advertising purposes. The third parties to whom this personal information was sold and/or shared are advertisers and analytics vendors. When we use the terms sell, sold, or sale, we mean for valuable consideration and not monetary value.
We offer you the ability to opt out of sales and sharing of your personal information as set forth in the “Right to Opt Out of Sales and Sharing of Personal Information” section below.
We do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age.
Data Retention
To learn more about our data retention practices, please see Section 8.
California privacy rights
If you are a resident of California, you have the right to submit certain requests relating to your personal information as described below. If you would like to submit a request pursuant to your rights under HIPAA instead of CCPA, please contact us at [email protected] and indicate that you are making a HIPAA request. To exercise your CCPA rights, please submit a request by email to [email protected], or by calling us at 1-877-283-8720. Please note that, depending on the nature of your request, you may be asked to provide information to verify your identity before your request can be processed.
We will confirm receipt of your request and respond to your request as soon as we reasonably can and no later than legally required. You may designate an authorized agent to make a request on your behalf; however, you will still need to verify your identity directly with us before your request can be processed.
Right to Know
You have the right to know what personal information we have collected about you, which includes:
- The categories of personal information we have collected about you, including:
- The categories of sources from which the personal information was collected.
- Our business or commercial purposes for collecting, selling, or sharing personal information.
- The categories of recipients to which we disclose personal information.
- The categories of personal information that we sold, and for each category identified, the categories of third parties to which we sold that particular category of personal information.
- The categories of personal information that we disclosed for a business purpose, and for each category identified, the categories of recipients to which we disclosed that particular category of personal information.
- The specific pieces of personal information we have collected about you.
Right to Delete Your Personal Information
You have the right to request that we delete personal information we collected from you, subject to certain exceptions.
Right to Correct Inaccurate Information
If you believe personal information we maintain about you is inaccurate, you have the right to request we correct that personal information.
Right to Opt Out of Sales and Sharing of Personal Information
You have the right to opt out of the sale of your personal information and to request that we do not share your personal information for cross-context behavioral advertising in the context of cookies and other tracking technologies. To opt out of the sale or sharing of your personal information via cookies and other tracking technologies, please click on the “Do Not Sell or Share my Personal Information” link in the footer of our website. You may also opt out of the sale or sharing of your personal information through an opt-out preference signal. In order to process your request through an opt-out preference signal, you must use a browser supporting the preference signal.
Right to Limit Use and Disclosure of Sensitive Personal Information
We do not use or disclose sensitive personal information for purposes to which the right to limit use and disclosure applies under the CCPA.
Right to Non-Discrimination for the Exercise of Your Privacy Rights
If you choose to exercise any of the privacy rights described above, we will not discriminate against you.
California Shine the Light
We do not share personal information with third parties or affiliates for those third parties’ or affiliates’ own direct marketing purposes. Californians may request information about our compliance with this law by contacting us at [email protected].
Additional Information for Users Outside of the United States
Canadian Residents
If You are Located in Canada
You are a Canadian resident, you have the right to request how we use your personal information and the recipients to which it has been disclosed. If you live in Canada and would like to receive written information about our policies and practices regarding service providers outside of Canada, please refer to our contact information below.
International Data Transfers
Our servers, which provide your Service content and store the personal information you provide to us, are located in the U.S. and the Netherlands. If you are accessing the Service from another country, please be aware you are transmitting information collected through the Service, including your personal information, to the countries where our servers are located, depending on where you access the Service from, and the data will be processed on one of those servers. These countries may not afford the same privacy protections as the country where you are using the Service. For users outside of the EEA and the UK, your use of the Service, including your provision of any personal information to us via the Service, demonstrates your acknowledgement of and agreement to this personal information processing.
Subject to applicable data transfer protection laws, we may transfer your personal info to external parties located in other countries. We implement appropriate transfer mechanisms and safeguards, including implementing Standard Contractual Clauses with parties we transfer data to (including Standard Contractual Clauses published by the European Commission for transfer outside of the EEA and Standard Contractual Clauses published by ICO for transfers outside of the UK).
If You are Located in the EEA and UK
Where we transfer your personal information to countries and territories outside of the EEA and the UK, which have been formally recognised as providing an adequate level of protection for personal information, we rely on the relevant “adequacy decisions” from the European Commission and “adequacy regulations” from the Secretary of State in the UK (together referred to as "EEA/UK adequacy decisions").
Where the transfer is not subject to an adequacy decision or regulations, we take appropriate safeguards to require your personal information will remain protected in accordance with this Privacy Notice. The safeguards we use for personal information protected under GDPR, include the European Commission’s Standard Contractual Clauses as issued on 4 June 2021, in the form of modules 1 (controller to controller), module 2 (controller to processor), module 3 (processor to processor) and/or module 4 (processor to controller), as appropriate depending on our relationship with the recipient(s). We incorporate the UK's International Data Transfer Addendum to the EU Commission Standard Contractual Clauses as permitted under Article 46 of the UK GDPR, when transferring personal information protected under UK GDPR.
Our Standard Contractual Clauses can be provided on request. Please note some sensitive commercial information may be redacted from the Standard Contractual Clauses. For details of what personal information may be transferred to group entities or third parties, please see the Disclosing Your Information section of this Notice above.
Legal Bases Relevant for Those in the EEA and UK
For users located in the European Economic Area and the United Kingdom, the following information specifically applies to you. Our processing of your personal information is carried out under the following legal bases:
- The processing is necessary for us to provide you with the Services you request, or to respond to your inquiries, such as to comply with our contractual obligation to fulfill transactional services.
- We have a legal obligation to process your personal information, such as compliance with applicable tax and other government regulations or compliance with a court order or binding law enforcement request.
- To protect your vital interests, or those of others.
- We have a legitimate interest in carrying out the processing activity. In particular, we have a legitimate interest in the following cases:
- To analyze and improve the safety and security of the Service. This includes implementing and enhancing security measures and safeguards and protecting against fraud, spam, and abuse.
- To maintain and improve the Service.
- To operate the Service and provide you with certain information and communications tailored to, and in accordance with, your preferences.
- You have consented to the processing of your personal information. When you consent, you may change your mind at any time.
Given the nature of our business, we may process special categories of your personal information in the form of health information. This information includes diabetes therapy data, such as your glucose levels, and lab charts. We will obtain your explicit consent prior to processing such information.
Data Subject Rights Relevant for Those in the EEA and UK
Please note, we do not currently use your personal information for automated decision making which produces legal effects concerning you or similarly significantly affects you.
The GDPR and UK GDPR provide EEA and UK residents with certain rights regarding their personal information. If you are a resident of the EEA or the UK, subject to certain conditions, you may ask us to take the following actions in relation to your personal information:
- Provide you with information about our processing of your personal information and give you access to your personal information.
- Update or correct inaccuracies in your personal information.
- Delete your personal information.
- Transfer a machine-readable copy of your personal information to you or an external party of your choice.
- Restrict the processing of your personal information.
- Object to our processing of your personal information for direct marketing purposes.
- Obtain information about and object to our reliance on legitimate interests as the basis for processing of your personal information.
- Withdraw your consent for processing personal information where applicable.
If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us at [email protected] or you have the right to submit a complaint to a data protection regulator. EEA residents can find information about your data protection regulator here. The data protection regulator for residents of the UK is the Information Commissioner’s Office.
Additionally, if you reside in Italy and are an individual with a direct interest in a deceased user’s personal information, or are a representative of a deceased user acting to protect the deceased user or his/her family interests, then you have the right to exercise the rights described above except for the right to delete.
If you reside in France, you may designate a person to carry out specific or general instructions on how to store, delete or communicate the personal information relating to you after your death. If the instructions relate only to the personal information we hold about you, you may choose to directly notify us such instructions.
If you reside in Portugal, you may appoint who can exercise your rights or to give instructions not to exercise them at all after your death regarding special categories of personal information (such as health data) or data related with private life, images or communications.
You may exercise some of these rights and choices through Service features, such as editing your account settings or profile details when you are logged in. Additionally, you can submit requests by email to [email protected]. We may request specific information from you to help us confirm your identity prior to processing your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us at [email protected] or submit a complaint to a data protection regulator. EEA residents can find information about your data protection regulator here. The data protection regulator for residents of the United Kingdom is the Information Commissioner’s Office.
Updates to this Privacy Notice
We may update this Privacy Notice from time to time. You can see when this Privacy Notice was last updated by checking the “Last Updated” date displayed at the top of this Privacy Notice. Any changes to this Privacy Notice take effect immediately after being posted or otherwise provided by Tandem.
How to Contact Us
If you reside in the United States
Tandem Diabetes Care
Attn: Legal Department
11075 Roselle Street
San Diego, CA 92121
Email: [email protected]
If you reside in the European Economic Area or the UK
Please either contact Tandem Diabetes Care directly at [email protected] or Tandem’s EEA and UK Data Protection Officer (DPO) at [email protected] or by mail at:
Fieldfisher LLP
Attn: Data Privacy Riverbank House
2 Swan Lane
London, EC4R 3TT
The data controller of your personal information is Tandem Diabetes Care, Inc.