November 3, 2022
[Owens & Minor] (“Owens & Minor”) is committed across all operations and regions to honor individuals’ rights in their personal information and to comply with local personal data laws. Owens & Minor is not only a global leader in healthcare services and medical logistics but also a leader in data protection. Our top priority is to ensure globally applicable and worldwide standards for handling personal data.
- Personal Data must be collected for a specified, explicit, and legitimate purpose.
- Ensure the processing of Personal Data is adequate, relevant, and limited.
- Personal Data is accurate and up to date.
- Personal Data will be kept no longer than is appropriate or necessary for the purposes for which it is being processed or local legal requirements.
- Personal Data is kept safe and secure including protection against unauthorized access.
- Implement appropriate technical and organizational measures ensuring the integrity of our systems and the protection of personal data.
SCOPE AND CONSENT
WHEN THIS POLICY APPLIES TO YOU
This policy applies to you when
- You visit our website (Website user)
- You visit one of our locations (Location visitor)
- We supply products and/or services to you as a customer (Customer)
- You, as a supplier, deliver products and/or services to us (Supplier)
- You apply for a vacant position within Owens & Minor (Applicant)
This Privacy Statement does not apply to personal data that we collect in the context of your employment or other working relationship with us.
INFORMATION WE COLLECT
We collect and store the following personal information when you interact with us or our services, including when making use of our products, visit our website, or make a purchase from us. Personal information we collect can include the following, depending on the nature of our interaction.
- Your first and last name
- Residential and billing address
- Company name
- Occupational role
- Payment information
- Social media name and profile
- Internet Protocol (IP) address
- Contact details (e.g., telephone number, fax number, e-mail address)
- Date of birth
- Purchase and ordering history
- Publication or newsletter interest, related mail address and download activity
- Health Information
- Job applicant related information or
- Human Resource information related to employment
- Patient medical record number
- Information obtained through a background checks (when legally permitted to process)
- US medical license details
- Pension & benefit specifics
- Employment or contractor remuneration and taxation details
- Voice recordings/transcripts, particularly in connection with our hotline
- And any other information you provide to us.
HOW DO WE PROCCESS YOUR PERSONAL INFORMATION
We use individual’s personal information for the following purposes:
- To provide our services to you and to administer their account with us
- To authorize, process, and track payments through our service providers’ secure credit card and payment processing gateways
- To communicate with a customer or user
- For our own internal business purposes, such as analyzing the use of our services, market research, and website and mobile application optimization
- To record and store health information on users on behalf of our customers
- To track health outcomes of users on behalf of customers
- To ship orders and provide customer service
- To communicate with you about things we think will be of interest to you such as our products and services, and location-based entertainment-related activities
- To verify an identity
- To provide customer service and review issues
- To improve our products and services
- To provide you with requested information such as whitepapers or newsletters
- To provide renumeration for your services
- To administer employee benefits and the employment or contractor relationship
- To address concerns brought to our attention via our employee hotline
- To communicate investment information to our investors and the investment community at large
The basis for processing is either; our legitimate business interest, to fulfill a contract or request, or based upon consent.
WITH WHOM DO WE SHARE PERSONAL INFORMATION?
If we are involved in a bankruptcy, merger, acquisition, reorganization or sale of assets, your information may be sold or transferred as part of that transaction. We may transfer and disclose your information to third parties to comply with a legal obligation; when we believe in good faith that the law or a governmental authority requires it; to verify or enforce our terms and conditions or other applicable policies; to address fraud, security or technical issues; to respond to an emergency; or otherwise to protect our rights or property or security of third parties, visitors to our sites or the public.
Here is a general list of the types of third parties with whom we share personal information for the purposes listed above:
- Shipping and logistics companies
- Cloud storage and service providers
- Customer management software providers
- Invoice and billing services
- Help desk and support providers
- Accounting and payroll system providers
- Employment or staffing agencies or portals
- Investment portals
- Doctors or other healthcare, insurance providers
- Pension and benefit providers
- Mailing and communication services
- Telecommunications providers
- Other service providers or processors who are obligated under law and contract to protect your information and only use your information in accordance with our instructions.
- Auditors for compliance, or corporate governance functions.
- Judicial or public authorities when legally obligated to do so by law or in response to a subpoena or court order in the United States or a member state of the European Union or other countries where we operate.
- Business partners or potential purchasers if disclosure is necessary to effectuate the sale or transfer of business assets.
HOW DO WE SECURE PERSONAL INFORMATION?
Our global Cybersecurity program is guided by the principles and guidelines outlined in the NIST 800 Cybersecurity framework. Our program leverages skilled, experienced, and CISSP certified Cybersecurity employees augmented with world class third-–party Cybersecurity managed services. We practice a comprehensive, defense-in-depth/layered approach to Cybersecurity.
As a general matter, personal information is secured in transit and during storage by encryption.
HOW LONG DO WE KEEP YOUR INFORMATION?
As a general rule, we keep personal information for only so long as it is necessary for our legitimate business interest or so long as required by law or regulation.
WHAT RIGHTS AND CHOICES DO YOU HAVE REGARDING YOUR INFORMATION?
We oﬀer certain choices about what information we collect from you, how we use and disclose the information, and how we communicate with you.
You control the personal information that you provide to us on our sites, but some personal information is required by us for you to obtain services from us or for you to use our sites. If you choose not to provide us with your personal information on our sites, you may not be able to take advantage of some of the services we offer or use some functionality on our sites. Except as provided above, we will not share personal information collected on our sites with third parties without your consent.
LINKS TO THIRD-PARTY SITES
Owens & Minor Sites contain certain links to third-party sites, such as partners and news organizations. Owens & Minor is not responsible or liable for the privacy practices or content found on these sites. We suggest that you check the privacy notice of each site you visit.
OUR COMMITMENT TO CHILDREN’S PRIVACY
This website is not intended for use by children under thirteen years of age. We do not knowingly collect personal information from children under thirteen. If you are under thirteen, do not use or provide any information on this website. Any personal information inadvertently collected from children will be promptly erased. If we learn we have collected or received personal information from a child under thirteen without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under thirteen, please email GMemail@example.com.
DATA RIGHTS FOR THOSE IN THE EUROPEAN ECONOMIC AREA (EEA), UNITED KINGDOM (UK) AND SWITZERLAND
If an individual resides in the EEA, the United Kingdom, or Switzerland, our use of your personal information is governed by the European Union’s General Data Protection Regulation, or “GDPR” or applicable EEA, UK, or Swiss national laws. These grant you rights in an individual’s personal information, including the right to alter, correct, receive, or delete personal information processed by Owens and Minor subject to our business interests and any legal requirements we may face.
Those in the EEA, UK, or Switzerland have the right to complain to a data protection authority about our collection and use of an individual’s personal information. For more information, an individual should contact the local data protection authority. Contact details for data protection authorities are available below under “Data Protection Authorities in Various Countries.”
DATA REQUEST AND RIGHTS
We respond to all requests we receive from individuals wishing to exercise their data protection rights under applicable data protection laws. To protect your privacy and security, we may need to take reasonable steps to verify their identity before responding to their request.
To exercise any of these rights, you may contact us at firstname.lastname@example.org. If we are unable to resolve their complaint, you may contact their country’s data protection authority.
You may also contact a representative in the EU and the UK with any questions about our processing of personal information. Please send inquiries to the Legal Director, O&M Halyard Ireland Limited who can be reached at email@example.com
You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
If you need further assistance regarding their rights, please contact us at firstname.lastname@example.org and we will consider their request in accordance with applicable law. In some cases, our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to their request.
CROSS-BORDER TRANSFERS OF PERSONAL INFORMATION
Owens & Minor is headquartered in the United States. Some personal information is processed and stored in the U.S. The U.S. may not provide equivalent levels of data protection as enjoyed in your home jurisdiction.
Owens & Minor has taken measures to protect your privacy and fundamental rights when your personal data is transferred outside the EEA and other countries where no adequacy decisions of the European Commission apply. This means that Owens & Minor uses appropriate safeguards such as standard contractual clauses and safe transfer protocols to ensure adequate protection. Therefore, whenever your personal data is transferred to countries outside of the EAA, UK or Switzerland, we will ensure that at least one of the following safeguards is in place:
- The country is one that the European Commission have approved as providing an adequate level of protection for personal data
- The transfer is subject to a specific derogation in the GDPR or national laws
- Through the use the standard contractual clauses as the transfer mechanism when a case-by-case analysis has been performed or
- Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data substantially similar protection as in the UE, EEA or UK.
If you reside in Nevada, our use of your information is governed by Nevada law.
Personal Information Collected and Purposes of Use
- We collect certain personal information of Nevada consumers as identified in the section above called: “Information We Collect.”
- We collect this personal information for the purposes identified in the section above called “How We Use the Information We Collect.”
Your Privacy Rights
You have the right to access and correct your personal information or opt-out of the sale of personal information. If you would like to review, correct, or update your personal information, you or your authorized representative may submit your request to email@example.com. We will respond to your verified request as soon as reasonably practicable, but no later than sixty (60) days after receipt.
If circumstances cause any delay in our response, you will be promptly notified and provided a date for our response.
We generally do not disclose or share personal information for profit. Under Nevada law, you have the right to direct us to not sell or license your personal information to third parties. To exercise this right, if applicable, you or your authorized representative may submit a request to firstname.lastname@example.org. We will respond to your verified request as soon as reasonably practicable, but no later than sixty (60) days after receipt. If circumstances cause any delay in our response, you will be promptly notified and provided a date for our response.
Access and Correction
You may contact us at email@example.com and we will provide you with reasonable access to the personal information we maintain about you. We will also provide you a reasonable opportunity to correct, amend or delete that information where it is inaccurate. We will respond to your request within a reasonable period of time. We may limit or deny access to personal information where providing such access is unreasonably burdensome or expensive under the circumstances, or as we otherwise deem appropriate. In addition, please note that (i) we may not be able to edit or delete your personal information stored with our third-party service providers, and (ii) we may be required (by law or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements).
If you reside in California, our use of your information is governed by California law, including the California Privacy Protection Act (CCPA).
Personal Information Collected and Purposes of Use
We collect and use information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, to you or your devices when you visit our websites, provide us your personal information, or have a contractual or business relationship with us or any of our customers, (“Personal Information”).
We collect Personal Information for the purposes identified in the section above called: “Information We Collect.” We may have shared your Personal Information with the categories of third parties identified in the section above called: “With Whom Do We Share Personal Information.”
Unless specifically stated, we do not share, disclose, or sell personal information to third parties for their use, but we do share your personal information with our trusted partners to support our business. In these arrangements, the use of the information we share is limited by policies, contracts, or similar restrictions.
Your Privacy Rights under California Law
Californians have the following rights regarding our collection and use of your personal information. We may ask you to provide additional information to verify your request. Californians have the right to request the information regarding the personal information we have collected, sold, or disclosed about you. This policy explains the categories of personal information collected about you, and sources from which collected.
- Our purpose for collecting personal information
- Categories of third parties with which the personal information was shared and
- Specific pieces of personal information collected about consumers
- Categories of your personal information sold in the preceding 12 months
- Categories of third parties to whom your personal information has been disclosed
- Categories of personal information that we disclosed about consumers for a business purpose.
If this Policy does not answer your questions, then you have the right to contact us and request further information on each of these topics.
Right to Opt-out
Californians have the right to opt-out of sharing, disclosure, or sale of your Personal Information. We do not sell your Personal Information to third parties. However, if you wish to contact us you may do so by contacting us at firstname.lastname@example.org.
Right to Request Deletion
Californians have the right to request that we delete the personal information we have about you. However, we are not required to delete information if it is necessary to retain your information to:
- Complete the transaction for which the personal information was collected, provide a good or service requested by you, or a transaction reasonably anticipated within the context of our or one of our affiliate’s ongoing business relationships with you, or to otherwise perform a contract we have with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity or prosecute those responsible for that activity
- Debug to identify and repair errors that impair existing intended functionality
- Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law
- Facilitate solely internal uses that are reasonably aligned with your expectations based on your relationship with us or one of our affiliates
- Comply with a legal obligation
- Otherwise use the personal information, internally, in a lawful manner that is compatible with the context in which it was provided
Telephone number: (804) 723-7962 or toll-free at (866) 293-2599.
Email: email@example.com with “Request for California Privacy Information” in the body and subject line of the email
DATA PROTECTION AUTHORITIES IN VARIOUS COUNTRIES.
This is a partial list of data protection authorities (DPA) in various countries.
Owens & Minor is not responsible or liable for the list’s completeness or accuracy.
If the laws of your country are not mentioned above, you may also have rights under your home jurisdiction’s laws to access, erase, correct, and move your personal data. For more information, please contact us at firstname.lastname@example.org if you wish to exercise your rights.
You may have rights to file a complaint with a regulator in your jurisdiction if we do not adequately address your requests or concerns. Here is a list of various data protection authorities who you may contact about enforcing your data rights. Some countries do not yet have an authority to enforce personal data rights.
As of November 2022.
Australia Information on how to file a complaint is available here https://www.oaic.gov.au/privacy/privacy-complaints/
Belgium Information on how to file a complaint is available here https://www.dataprotectionauthority.be/citizen/actions/lodge-a-complaint
Brazil As of the effective date of this list, Brazil has yet to establish a complaint procedure.
Canada Information on how to file a complaint is available here: https://www.priv.gc.ca/en/report-a-concern/file-a-formal-privacy-complaint/
France Information on how to file a complaint is available here: https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en
Germany A data privacy compliant must be filed through the data protection authority in the jurisdiction in which you are resident.
Ireland (Northern) Information on how to file a complaint is available here: https://ico.org.uk/global/privacy-notice/making-a-complaint/
Ireland (Republic) Information on how to file a complaint is available here: https://www.dataprotection.ie/en/individuals/complaints-handling-investigations-and-enforcement-individuals
Italy Information on how to file a complaint is available here: https://www.garanteprivacy.it/home
Japan Information on how to file a complaint is available here: https://www.ppc.go.jp/en/contactus/piinquiry/
Mexico Information on how to file a complaint is available here: http://inicio.inai.org.mx/SitePages/Como-ejercer-tu-derecho-a-proteccion-de-datos.aspx?a=m3
Netherlands Information on how to file a complaint is available here: https://autoriteitpersoonsgegevens.nl/
Singapore Information on how to file a complaint is available here: https://www.pdpc.gov.sg/Complaints-and-Reviews
South Africa information on how to file a complaint is available here: https://inforegulator.org.za/contact-us/#:~:text=POPIACompliance%40inforegulator.org.za,Applications%20for%20Exemption
United Kingdom Information on how to file a complaint is available here: https://ico.org.uk/global/privacy-notice/making-a-complaint/
SCOPE AND CONSENT
By visiting our Sites, you agree to accept the practices described in this Notice and consent to the collection, use, disclosure, and retention of the personal information you provide.
INFORMATION WE COLLECT
Owens & Minor respects the privacy of visitors to our website and as such, you may browse our website without providing any personal information. Should you choose to contact us or communicate with one of our departments through our website, such as customer service, sales or technical services, you will be asked to provide certain personal information. Examples of the type of information that may be requested include your name, age, company name, address, telephone number, and e-mail address.
Job applicants who apply online for a position with Owens & Minor will have personal information collected. This information will be used solely for the purpose of evaluating them for the position to which they applied. The information you provide as a job applicant may also be retained by Owens & Minor for a period of time equal to the applicable retention period required by law, but only for the purpose of considering the applicant for current or future positions.
AUTOMATIC INFORMATION COLLECTED BY OWENS & MINOR
CALIFORNIA “DO NOT TRACK” DISCLOSURES
Most browsers are programmed to accept cookies or other similar technologies to collect non-personal information. You may set your browser to notify you when you receive a cookie, providing you the opportunity to accept or decline it. Declining a cookie, or similar technology, may affect your ability to use certain features on our services. You may stop accepting cookies from a particular website, or by changing your browser’s settings, which are usually found in the ‘options’ or ‘preferences’ menu. You may also visit AboutCookies.org for instructions, by browser type, regarding how to control your cookies’ settings within your browser.
DISCLOSURE OF PERSONAL INFORMATION BY OWENS & MINOR
Owens & Minor is the sole owner of the information collected on our Sites and will use the information internally for marketing and administration purposes, in the fulfillment of our service commitment to you, as legally required under the law, and for any other purpose for which you submitted personal information to us. Owens & Minor may share your information with affiliates, subsidiaries and related companies as necessary to fulfill transactions that you initiate, or as otherwise described in this Notice. We will never sell or share your personal information with any unrelated third party except as described in this Notice.
Owens & Minor may employ other companies or individuals to provide certain services to us such as analyzing customer lists and data, providing marketing assistance, or consulting services. These third parties will have access to the information needed to perform their functions but cannot use that information for any other purpose.
Owens & Minor provides aggregate information to some of our business partners. This information does not allow them to identify you individually in any way.
LAW ENFORCEMENT AND PROTECTION OF USERS
Owens & Minor will release personally identifiable information to third parties and organizations when we believe it is appropriate for us to do so to comply with the law. We will also do so to cooperate with law enforcement investigations, comply with court orders or subpoenas, and protect our legal rights and the legal rights of our users, or when we believe it is needed for fraud protection and/or credit risk reduction.
LINKS TO THIRD PARTY SITES
Owens & Minor Sites contain certain links to third party sites, such as partners and news organizations. Owens & Minor is not responsible or liable for the privacy practices or content found on these sites. We suggest that you check the privacy notice of each site you visit.
Owens & Minor takes precautions, including administrative, technical and physical measures to safeguard your personal information against theft, loss and misuse, as well as unauthorized access, disclosure, alteration, and destruction.
Your personal information is safely stored in our proprietary systems behind our firewall and in our Customer Relationship Management System which is operated by a third party. All transfer of personal information between our systems and any third party system employs a minimum of 128-bit encryption technology.
OUR COMMITMENT TO CHILDREN’S PRIVACY
This website is not intended for use by children under 13 years of age. No one under age 13 may provide any information to our website. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this website. Any personal information inadvertently collected from children will be promptly erased. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please email GMemail@example.com.
Owens & Minor gives you the opportunity to opt-out of receiving marketing communications from us. If you no longer wish to receive communications from us you may opt-out by emailing GMfirstname.lastname@example.org from the email address that you no longer want to receive these communications at, or by writing to: Owens & Minor, Attn: Privacy Officer, 9120 Lockwood Boulevard, Mechanicsville, VA 23116. Please indicate which types of communications you no longer wish to receive (email, phone, etc.).
CHANGES TO THIS PRIVACY NOTICE
Owens & Minor
Attn: Privacy Officer
9120 Lockwood Boulevard
Mechanicsville, VA 23116-2015