Privacy Policy

November 3, 2022

INTRODUCTION

[Owens & Minor] (“Owens & Minor”) is committed across all operations and regions to honor individuals’ rights in their personal information and to comply with local personal data laws. Owens & Minor is not only a global leader in healthcare services and medical logistics but also a leader in data protection. Our top priority is to ensure globally applicable and worldwide standards for handling personal data.

This Privacy Policy governs Owens & Minor’s collection, protection, and privacy of individuals’ Personal Data (defined below).  This policy does not govern the data protection practices of the following Owens & Minor’s subsidiaries Byram Healthcare and Apria Healthcare Group, Inc.

As a global company, Owens & Minor adheres to applicable national laws.  This Privacy Policy deals with privacy rights in various global locations (to include the US, Latin America, Europe, Middle East, and Asia-Pacific).  It has standardized, generally, on the principles found in the European Union’s General Data Protection Regulation (“GDPR”).  These are:

  1. Personal Data must be collected for a specified, explicit, and legitimate purpose.
  2. Ensure the processing of Personal Data is adequate, relevant, and limited.
  3. Personal Data is accurate and up to date.
  4. Personal Data will be kept no longer than is appropriate or necessary for the purposes for which it is being processed or local legal requirements.
  5. Personal Data is kept safe and secure including protection against unauthorized access.
  6. Implement appropriate technical and organizational measures ensuring the integrity of our systems and the protection of personal data.

SCOPE AND CONSENT

By visiting our Sites, you agree to accept the practices described in this Privacy Policy and consent to the collection, use, disclosure, and retention of the personal information you provide.

WHEN THIS POLICY APPLIES TO YOU

This policy applies to you when

  • You visit our website (Website user)
  • You visit one of our locations (Location visitor)
  • We supply products and/or services to you as a customer (Customer)
  • You, as a supplier, deliver products and/or services to us (Supplier)
  • You apply for a vacant position within Owens & Minor (Applicant)

This Privacy Statement does not apply to personal data that we collect in the context of your employment or other working relationship with us.

 

INFORMATION WE COLLECT

We collect and store the following personal information when you interact with us or our services, including when making use of our products, visit our website, or make a purchase from us.  Personal information we collect can include the following, depending on the nature of our interaction.

  • Your first and last name
  • Residential and billing address
  • Location
  • Company name
  • Occupational role
  • Payment information
  • Social media name and profile
  • Internet Protocol (IP) address
  • Contact details (e.g., telephone number, fax number, e-mail address)
  • Date of birth
  • Purchase and ordering history
  • Publication or newsletter interest, related mail address and download activity
  • Health Information
  • Age
  • Gender
  • Ethnicity
  • Job applicant related information or
  • Human Resource information related to employment
  • Patient medical record number
  • E-Signatures
  • Information obtained through a background checks (when legally permitted to process)
  • US medical license details
  • Pension & benefit specifics
  • Employment or contractor remuneration and taxation details
  • Voice recordings/transcripts, particularly in connection with our hotline
  • And any other information you provide to us.

HOW DO WE PROCCESS YOUR PERSONAL INFORMATION

We use individual’s personal information for the following purposes:

  • To provide our services to you and to administer their account with us
  • To authorize, process, and track payments through our service providers’ secure credit card and payment processing gateways
  • To communicate with a customer or user
  • For our own internal business purposes, such as analyzing the use of our services, market research, and website and mobile application optimization
  • To record and store health information on users on behalf of our customers
  • To track health outcomes of users on behalf of customers
  • To ship orders and provide customer service
  • To communicate with you about things we think will be of interest to you such as our products and services, and location-based entertainment-related activities
  • To verify an identity
  • To provide customer service and review issues
  • To update you on changes to our services, this Privacy Policy, or our Terms of Use and other administrative communications
  • To improve our products and services
  • To provide you with requested information such as whitepapers or newsletters
  • To provide renumeration for your services
  • To administer employee benefits and the employment or contractor relationship
  • To address concerns brought to our attention via our employee hotline
  • To communicate investment information to our investors and the investment community at large

The basis for processing is either; our legitimate business interest, to fulfill a contract or request, or based upon consent.

WITH WHOM DO WE SHARE PERSONAL INFORMATION?

Except as provided below, we do not share or sell information that identifies our users personally or makes it possible for other parties to contact them directly. We may share non-personal information, such as aggregate data and usage information with third parties. We may share the information we collect with our affiliated companies, business partners, ad network vendors and their participants, and other third parties for the purposes described in this Privacy Policy, including to communicate with you about products and services, offers, events and promotions that we believe may be of interest to you. We may also share the information with our service providers that perform services on our behalf. We do not authorize these service providers to use or disclose the information except as necessary to perform certain services on our behalf or comply with legal requirements. We also may share information about you with other third parties when we have given you an opportunity to opt out of such sharing and you do not opt out.

While on our sites, you may have the opportunity to sign up to receive information and/or marketing offers from someone else or to otherwise consent to the sharing of your information with a third party, including social networking sites. If you agree to have your personal information shared, your personal information will be disclosed to the third party and the personal information you disclose will be subject to the privacy policy and business practices of that third party. We may share your personal information with other entities and our affiliates primarily for business and operational purposes.

If we are involved in a bankruptcy, merger, acquisition, reorganization or sale of assets, your information may be sold or transferred as part of that transaction. We may transfer and disclose your information to third parties to comply with a legal obligation; when we believe in good faith that the law or a governmental authority requires it; to verify or enforce our terms and conditions or other applicable policies; to address fraud, security or technical issues; to respond to an emergency; or otherwise to protect our rights or property or security of third parties, visitors to our sites or the public.

Here is a general list of the types of third parties with whom we share personal information for the purposes listed above:

  • Shipping and logistics companies
  • Cloud storage and service providers
  • Customer management software providers
  • Invoice and billing services
  • Help desk and support providers
  • Accounting and payroll system providers
  • Employment or staffing agencies or portals
  • Investment portals
  • Doctors or other healthcare, insurance providers
  • Pension and benefit providers
  • Mailing and communication services
  • Telecommunications providers
  • Outsourced information technology and enterprise system providers to its subsidiaries and business partners who have similar privacy standards and only for the purposes addressed in this Privacy Policy.
  • Other service providers or processors who are obligated under law and contract to protect your information and only use your information in accordance with our instructions.
  • Auditors for compliance, or corporate governance functions.
  • Judicial or public authorities when legally obligated to do so by law or in response to a subpoena or court order in the United States or a member state of the European Union or other countries where we operate.
  • Business partners or potential purchasers if disclosure is necessary to effectuate the sale or transfer of business assets.

HOW DO WE SECURE PERSONAL INFORMATION?

Our global Cybersecurity program is guided by the principles and guidelines outlined in the NIST 800 Cybersecurity framework.  Our program leverages skilled, experienced, and CISSP certified Cybersecurity employees augmented with world class third-party Cybersecurity managed services.    We practice a comprehensive, defense-in-depth/layered approach to Cybersecurity.

As a general matter, personal information is secured in transit and during storage by encryption.

HOW LONG DO WE KEEP YOUR INFORMATION?

As a general rule, we keep personal information for only so long as it is necessary for our legitimate business interest or so long as required by law or regulation.

WHAT RIGHTS AND CHOICES DO YOU HAVE REGARDING YOUR INFORMATION?

We offer certain choices about what information we collect from you, how we use and disclose the information, and how we communicate with you.

You control the personal information that you provide to us on our sites, but some personal information is required by us for you to obtain services from us or for you to use our sites. If you choose not to provide us with your personal information on our sites, you may not be able to take advantage of some of the services we offer or use some functionality on our sites. Except as provided above, we will not share personal information collected on our sites with third parties without your consent.

LINKS TO THIRD-PARTY SITES

Owens & Minor Sites contain certain links to third-party sites, such as partners and news organizations. Owens & Minor is not responsible or liable for the privacy practices or content found on these sites. We suggest that you check the privacy notice of each site you visit.

OUR COMMITMENT TO CHILDREN’S PRIVACY

This website is not intended for use by children under thirteen years of age. We do not knowingly collect personal information from children under thirteen. If you are under thirteen, do not use or provide any information on this website. Any personal information inadvertently collected from children will be promptly erased. If we learn we have collected or received personal information from a child under thirteen without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under thirteen, please email GM-privacy@owens-minor.com.

DATA RIGHTS FOR THOSE IN THE EUROPEAN ECONOMIC AREA (EEA), UNITED KINGDOM (UK) AND SWITZERLAND

If an individual resides in the EEA, the United Kingdom, or Switzerland, our use of your personal information is governed by the European Union’s General Data Protection Regulation, or “GDPR” or applicable EEA, UK, or Swiss national laws. These grant you rights in an individual’s personal information, including the right to alter, correct, receive, or delete personal information processed by Owens and Minor subject to our business interests and any legal requirements we may face.

Those in the EEA, UK, or Switzerland have the right to complain to a data protection authority about our collection and use of an individual’s personal information. For more information, an individual should contact the local data protection authority. Contact details for data protection authorities are available below under “Data Protection Authorities in Various Countries.”

DATA REQUEST AND RIGHTS

We respond to all requests we receive from individuals wishing to exercise their data protection rights under applicable data protection laws. To protect your privacy and security, we may need to take reasonable steps to verify their identity before responding to their request.

To exercise any of these rights, you may contact us at gm-privacy@owens-minor.com. If we are unable to resolve their complaint, you may contact their country’s data protection authority.

You may also contact a representative in the EU and the UK with any questions about our processing of personal information.  Please send inquiries to the Legal Director, O&M Halyard Ireland Limited who can be reached at gm-privacy@owens-minor.com

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

 

If you need further assistance regarding their rights, please contact us at gm-privacy@owens-minor.com and we will consider their request in accordance with applicable law. In some cases, our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to their request.

CROSS-BORDER TRANSFERS OF PERSONAL INFORMATION

Owens & Minor is headquartered in the United States.  Some personal information is processed and stored in the U.S. The U.S. may not provide equivalent levels of data protection as enjoyed in your home jurisdiction.

Owens & Minor has taken measures to protect your privacy and fundamental rights when your personal data is transferred outside the EEA and other countries where no adequacy decisions of the European Commission apply. This means that Owens & Minor uses appropriate safeguards such as standard contractual clauses and safe transfer protocols to ensure adequate protection. Therefore, whenever your personal data is transferred to countries outside of the EAA, UK or Switzerland, we will ensure that at least one of the following safeguards is in place:

  • The country is one that the European Commission have approved as providing an adequate level of protection for personal data
  • The transfer is subject to a specific derogation in the GDPR or national laws
  • Through the use the standard contractual clauses as the transfer mechanism when a case-by-case analysis has been performed or
  • Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data substantially similar protection as in the UE, EEA or UK.

NEVADA RESIDENTS

If you reside in Nevada, our use of your information is governed by Nevada law.

Personal Information Collected and Purposes of Use

  • We collect certain personal information of Nevada consumers as identified in the section above called: “Information We Collect.”
  • We collect this personal information for the purposes identified in the section above called “How We Use the Information We Collect.”

Your Privacy Rights

You have the right to access and correct your personal information or opt-out of the sale of personal information. If you would like to review, correct, or update your personal information, you or your authorized representative may submit your request to gm-privacy@owens-minor.com. We will respond to your verified request as soon as reasonably practicable, but no later than sixty (60) days after receipt.

If circumstances cause any delay in our response, you will be promptly notified and provided a date for our response.

We generally do not disclose or share personal information for profit. Under Nevada law, you have the right to direct us to not sell or license your personal information to third parties. To exercise this right, if applicable, you or your authorized representative may submit a request to gm-privacy@owens-minor.com. We will respond to your verified request as soon as reasonably practicable, but no later than sixty (60) days after receipt. If circumstances cause any delay in our response, you will be promptly notified and provided a date for our response.

Access and Correction

You may contact us at gm-privacy@owens-minor.com and we will provide you with reasonable access to the personal information we maintain about you. We will also provide you a reasonable opportunity to correct, amend or delete that information where it is inaccurate. We will respond to your request within a reasonable period of time. We may limit or deny access to personal information where providing such access is unreasonably burdensome or expensive under the circumstances, or as we otherwise deem appropriate. In addition, please note that (i) we may not be able to edit or delete your personal information stored with our third-party service providers, and (ii) we may be required (by law or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements).

CALIFORNIA RESIDENTS

If you reside in California, our use of your information is governed by California law, including the California Privacy Protection Act (CCPA).

Personal Information Collected and Purposes of Use

We collect and use information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, to you or your devices when you visit our websites, provide us your personal information, or have a contractual or business relationship with us or any of our customers, (“Personal Information”).

We collect Personal Information for the purposes identified in the section above called: “Information We Collect.” We may have shared your Personal Information with the categories of third parties identified in the section above called: “With Whom Do We Share Personal Information.”

Unless specifically stated, we do not share, disclose, or sell personal information to third parties for their use, but we do share your personal information with our trusted partners to support our business. In these arrangements, the use of the information we share is limited by policies, contracts, or similar restrictions.

Your Privacy Rights under California Law

Californians have the following rights regarding our collection and use of your personal information. We may ask you to provide additional information to verify your request.  Californians have the right to request the information regarding the personal information we have collected, sold, or disclosed about you.  This policy explains the categories of personal information collected about you, and sources from which collected.

  • Our purpose for collecting personal information
  • Categories of third parties with which the personal information was shared and
  • Specific pieces of personal information collected about consumers
  • Categories of your personal information sold in the preceding 12 months
  • Categories of third parties to whom your personal information has been disclosed
  • Categories of personal information that we disclosed about consumers for a business purpose.

If this Policy does not answer your questions, then you have the right to contact us and request further information on each of these topics.

Right to Opt-out

Californians have the right to opt-out of sharing, disclosure, or sale of your Personal Information.  We do not sell your Personal Information to third parties.  However, if you wish to contact us you may do so by contacting us at gm-privacy@owens-minor.com.

Right to Request Deletion

Californians have the right to request that we delete the personal information we have about you. However, we are not required to delete information if it is necessary to retain your information to:

  • Complete the transaction for which the personal information was collected, provide a good or service requested by you, or a transaction reasonably anticipated within the context of our or one of our affiliate’s ongoing business relationships with you, or to otherwise perform a contract we have with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity or prosecute those responsible for that activity
  • Debug to identify and repair errors that impair existing intended functionality
  • Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law
  • Facilitate solely internal uses that are reasonably aligned with your expectations based on your relationship with us or one of our affiliates
  • Comply with a legal obligation
  • Otherwise use the personal information, internally, in a lawful manner that is compatible with the context in which it was provided

Contact Us

You can contact us with questions about this Privacy Policy for California Residents or to exercise your rights as described in this Privacy Policy.

Telephone number: (804) 723-7962 or toll-free at (866) 293-2599.

Email: gm-privacy@owens-minor.com with “Request for California Privacy Information” in the body and subject line of the email

DATA PROTECTION AUTHORITIES IN VARIOUS COUNTRIES.

This is a partial list of data protection authorities (DPA) in various countries.

Owens & Minor is not responsible or liable for the list’s completeness or accuracy.

If the laws of your country are not mentioned above, you may also have rights under your home jurisdiction’s laws to access, erase, correct, and move your personal data. For more information, please contact us at gm-privacy@owens-minor.com if you wish to exercise your rights.

You may have rights to file a complaint with a regulator in your jurisdiction if we do not adequately address your requests or concerns. Here is a list of various data protection authorities who you may contact about enforcing your data rights.  Some countries do not yet have an authority to enforce personal data rights.

As of November 2022. 

Australia Information on how to file a complaint is available here https://www.oaic.gov.au/privacy/privacy-complaints/  

Belgium   Information on how to file a complaint is available here https://www.dataprotectionauthority.be/citizen/actions/lodge-a-complaint  

Brazil   As of the effective date of this list, Brazil has yet to establish a complaint procedure.    

Canada Information on how to file a complaint is available here: https://www.priv.gc.ca/en/report-a-concern/file-a-formal-privacy-complaint/  

France Information on how to file a complaint is available here: https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en  

Germany A data privacy compliant must be filed through the data protection authority in the jurisdiction in which you are resident.   

Ireland (Northern)  Information on how to file a complaint is available here: https://ico.org.uk/global/privacy-notice/making-a-complaint/  

Ireland (Republic) Information on how to file a complaint is available here: https://www.dataprotection.ie/en/individuals/complaints-handling-investigations-and-enforcement-individuals  

Italy Information on how to file a complaint is available here: https://www.garanteprivacy.it/home  

Japan Information on how to file a complaint is available here: https://www.ppc.go.jp/en/contactus/piinquiry/   

Malaysia  To lodge your personal data complaint, call 03-8911 5000 / 7901 or email jpdp@kpkk.gov.myhttps://www.mcmc.gov.my/en/home  

Mexico   Information on how to file a complaint is available here: http://inicio.inai.org.mx/SitePages/Como-ejercer-tu-derecho-a-proteccion-de-datos.aspx?a=m3  

Netherlands Information on how to file a complaint is available here: https://autoriteitpersoonsgegevens.nl/  

Singapore Information on how to file a complaint is available here: https://www.pdpc.gov.sg/Complaints-and-Reviews  

South Africa information on how to file a complaint is available here: https://inforegulator.org.za/contact-us/#:~:text=POPIACompliance%40inforegulator.org.za,Applications%20for%20Exemption

United Kingdom Information on how to file a complaint is available here: https://ico.org.uk/global/privacy-notice/making-a-complaint/  

 

SCOPE AND CONSENT

By visiting our Sites, you agree to accept the practices described in this Notice and consent to the collection, use, disclosure, and retention of the personal information you provide.

INFORMATION WE COLLECT

Owens & Minor respects the privacy of visitors to our website and as such, you may browse our website without providing any personal information. Should you choose to contact us or communicate with one of our departments through our website, such as customer service, sales or technical services, you will be asked to provide certain personal information. Examples of the type of information that may be requested include your name, age, company name, address, telephone number, and e-mail address.

Job applicants who apply online for a position with Owens & Minor will have personal information collected. This information will be used solely for the purpose of evaluating them for the position to which they applied. The information you provide as a job applicant may also be retained by Owens & Minor for a period of time equal to the applicable retention period required by law, but only for the purpose of considering the applicant for current or future positions.

AUTOMATIC INFORMATION COLLECTED BY OWENS & MINOR

Owens & Minor (or agents on our behalf) may collect anonymous information from visits to our sites through the use of “web beacons” or “cookies”. Web beacons are objects embedded in a web page allowing a party on the server side to identify whether a user has viewed a specific web page. We may use this data to analyze trends and statistics to improve your online experience or customer service. A cookie is a small file that the website places on your computer for future identification purposes. Through the use of cookies, we may also collect and analyze the IP address used to connect your computer to the internet; computer and connection information such as your browser type and version; operating system and platform; and purchase history web beacons and cookies do not contain or transmit any personally identifiable information from your computer to our website. Please note that if you provide personal information on our website, our systems may retroactively link your past activity on the site to the personal information provided.

CALIFORNIA “DO NOT TRACK” DISCLOSURES

Most browsers are programmed to accept cookies or other similar technologies to collect non-personal information. You may set your browser to notify you when you receive a cookie, providing you the opportunity to accept or decline it. Declining a cookie, or similar technology, may affect your ability to use certain features on our services. You may stop accepting cookies from a particular website, or by changing your browser’s settings, which are usually found in the ‘options’ or ‘preferences’ menu. You may also visit AboutCookies.org for instructions, by browser type, regarding how to control your cookies’ settings within your browser.

DISCLOSURE OF PERSONAL INFORMATION BY OWENS & MINOR

Owens & Minor is the sole owner of the information collected on our Sites and will use the information internally for marketing and administration purposes, in the fulfillment of our service commitment to you, as legally required under the law, and for any other purpose for which you submitted personal information to us. Owens & Minor may share your information with affiliates, subsidiaries and related companies as necessary to fulfill transactions that you initiate, or as otherwise described in this Notice. We will never sell or share your personal information with any unrelated third party except as described in this Notice.

CONTRACTORS

Owens & Minor may employ other companies or individuals to provide certain services to us such as analyzing customer lists and data, providing marketing assistance, or consulting services. These third parties will have access to the information needed to perform their functions but cannot use that information for any other purpose.

AGGREGATE INFORMATION

Owens & Minor provides aggregate information to some of our business partners. This information does not allow them to identify you individually in any way.

LAW ENFORCEMENT AND PROTECTION OF USERS

Owens & Minor will release personally identifiable information to third parties and organizations when we believe it is appropriate for us to do so to comply with the law. We will also do so to cooperate with law enforcement investigations, comply with court orders or subpoenas, and protect our legal rights and the legal rights of our users, or when we believe it is needed for fraud protection and/or credit risk reduction.

LINKS TO THIRD PARTY SITES

Owens & Minor Sites contain certain links to third party sites, such as partners and news organizations. Owens & Minor is not responsible or liable for the privacy practices or content found on these sites. We suggest that you check the privacy notice of each site you visit.

SECURITY

Owens & Minor takes precautions, including administrative, technical and physical measures to safeguard your personal information against theft, loss and misuse, as well as unauthorized access, disclosure, alteration, and destruction.

Your personal information is safely stored in our proprietary systems behind our firewall and in our Customer Relationship Management System which is operated by a third party. All transfer of personal information between our systems and any third party system employs a minimum of 128-bit encryption technology.

OUR COMMITMENT TO CHILDREN’S PRIVACY

This website is not intended for use by children under 13 years of age. No one under age 13 may provide any information to our website. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this website. Any personal information inadvertently collected from children will be promptly erased. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please email GM-privacy@owens-minor.com.

OPT-OUT

Owens & Minor gives you the opportunity to opt-out of receiving marketing communications from us. If you no longer wish to receive communications from us you may opt-out by emailing GM-privacy@owens-minor.com from the email address that you no longer want to receive these communications at, or by writing to: Owens & Minor, Attn: Privacy Officer, 9120 Lockwood Boulevard, Mechanicsville, VA 23116. Please indicate which types of communications you no longer wish to receive (email, phone, etc.).

CHANGES TO THIS PRIVACY NOTICE

This Privacy Notice may change from time to time and the use of information which we gather now is subject to this Notice as modified. Please check this page periodically as you continue to use our website to see if any changes have been made. If you visit our website your visit and any dispute over privacy is subject to this Notice and our Terms of Use Agreement.

PRIVACY QUESTIONS

If you have questions or concerns about Owens & Minor’s Privacy Policy or data processing, please use the email address below to contact us. The Owens & Minor Privacy Officer will respond to your inquiry within 10 business days.

CONTACT INFORMATION

Owens & Minor

Attn: Privacy Officer

9120 Lockwood Boulevard
Mechanicsville, VA 23116-2015

Email: GM-privacy@owens-minor.com