The personal data we receive about you (which we refer to collectively as your ) includes Registration and Ordering Information, Feedback Information, Data Services Information, Use Information and Derived Information:
· is information you are required to provide in order to register with us when you register with Dexcom in connection with your use of a Dexcom Product or Service, or when you submit information to Dexcom to order Dexcom Products or Services from Dexcom. This information may include your name, address, telephone number, email and other contact information, information regarding payment including your health insurance provider, if any, as well as information regarding your use of Dexcom Products and Services, including the serial number for your User Device.
· is information you submit to us in connection with your use of Dexcom Products and Services, whether through our Website, through our Data Services, or otherwise, regarding Dexcom Products and Services, or other matters relating to us and our business, including the metadata relating to that information.
· is information we receive and transmit through our Products and Services, including:
· Glucose readings;
· Information associated with each glucose reading, including date, time, and device identifier;
· Thresholds input into Data Services or Software Apps and notifications arising from those thresholds;
· Any of the data generated or used by your Dexcom Products to produce other Data Services Information or otherwise available to us through your Dexcom Products, such as data used for technical support;
· Information provided by you or about you by another person you have designated to receive any of your Personal Information through functionality of a Dexcom Product or Service (we call each such person a “”).
· Information from a third party data service that you authorize to be provided to us, either through that third party data service or through an option we make available to you through our Data Services (we call each such third party data service which you authorize to provide information to us, or to which you authorize us to provide your information a “Designated Third Party Service”).
· Information we receive from the computer, mobile phone or other device you use in connection with Dexcom Products and Services, and information we receive from those Products and Services regarding your use, which may include your IP address and other information regarding your computer, your internet service, the browser you use, and your activities while using Dexcom Products and Services, such as how often you open Software Apps, your settings and other activity regarding your use of the components of Dexcom Products and Services;
· Information we receive from you in connection with our request for comments or feedback on third parties;
· Information we may receive from advertisers and other third parties when you click on advertisements or links to third party websites while using Dexcom Products and Services, including the pages you visit, your activity on those pages and your purchases or other transactions with those third parties.
· is information that we create by combining and/or analyzing some or all of your Personal Information.
If any of the Personal Information described above does not reveal your specific identity or relate directly to an individual, we may use such “Other Information” for any purpose, except where we are required to do otherwise under applicable law. If we are required to treat Other Information as Personal Information under applicable law, then we may use it for all the purposes for which we use and disclose Personal Information.
· You may update your Registration and Ordering Information at any time by logging into your account on our Website, and you agree to keep your Registration and Ordering Information current at all times while your account is active.
· Through your User Account, you can review, update and delete certain Personal Information, and by terminating your User Account you can terminate your use of certain Dexcom Services. Through the features of certain Data Services, you may be able to review, update and delete certain sharing or use of Personal Information, and you can terminate your use of certain Data Services through the Data Service. You can also terminate your use of a Software App or a Data Service that requires a Software App by removing the Software App from your computer, phone or other device on which it is installed. You may also review, correct, update, suppress, or delete your Personal Information or withdraw your consent previously provided to us by contacting us at . In your request, please make clear what Personal Information you would like to have changed, whether you would like to have your Personal Information suppressed from our database, or otherwise let us know what limitations you would like to put on our use of your Personal Information. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable. Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.
· We use Registration and Ordering Information to manage your account and Dexcom Products and Services applicable to you, and as otherwise described below. We also use your email address to contact you regarding your account. We do not make any Registration and Ordering Information public. We will use your User Account and Registration and Ordering Information to link your use of Dexcom Services and Software Apps with your use of Dexcom Products, and it may be accessible by our personnel providing Dexcom Services.
· You are not required to give us any Feedback Information, but if you choose to do so, you are providing it to us for our use as we determine, so long as we do not identify you or include any information that could be used to identify you. Feedback Information may be used by us and provided by us to our customers and third parties, in the form you provide as well as in excerpted, aggregated and anonymized forms, with or without attribution to you as the source. We may also use Feedback Information in our advertising, marketing and other communications with the public and in our business relationships, as well as in our internal communications, in each case without attribution to you as the source. In addition, we may identify you as the source of Feedback Information to the extent you consent to that identification.
· We collect Data Services Information and store it on our servers, process it using Data Services, and transmit it to the User and each Designated Recipient and Designated Third Party Service, where applicable for Dexcom Products and Services that are requested by you. We may use Data Services Information in connection with our provision of Data Services and for our operations, administration and product development, maintenance and support in line with applicable data protection laws.
· As permitted by applicable law, we may use Personal Information of you and your Designated Recipients, if applicable, to determine which emails and notices we send to you and your Designated Recipients, if applicable, including emails and notices regarding opportunities relating to our Products and Services (we refer to these emails as ). You may opt out of Solicitations by contacting us by email at or by mail at the address listed in the “Contact Us” section below, and you may opt in again through one of those contacts. Please keep in mind that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages, from which you cannot opt-out. As permitted by applicable law, we may share your email address or other Registration and Ordering Information with third party service providers acting on our behalf with which we contract for the purpose of providing you with Solicitations we think may be of interest to you. You may opt out of our sharing of your information with third parties for these purposes by contacting us by email at or by mail at the address listed in the “Contact Us” section below. We will not share your Personal Information with third parties for them to contact you on their behalf without your consent.
· We may use Personal Information belonging to you and your Designated Recipients, if applicable, to tailor to you and your Designated Recipients, if applicable, the experience when using Dexcom Products or Services and the content viewed when using Dexcom Products or Services. We may use Personal Information in accordance with applicable data privacy laws to manage our Products and Services, including the Website, to improve our business and provide new website and product and service features, and to otherwise manage our business.
· In the ordinary course of our business, we will use providers to perform services or functions on our behalf. We will not authorize those third parties to keep, use or disclose your Personal Information except for providing the services we have asked them to provide. We may provide your Personal Information to another company in conjunction with a corporate sale, merger, acquisition or dissolution involving Dexcom.
· We may “de-identify” your Personal Information by removing information that could identify you, and we may use such de-identified information for any purpose, except where we are required to do otherwise under applicable law.
· We have no control over Designated Recipients, and once a Designated Recipient receives your Data Services Information, use by the Designated Recipient is between you and the Designated Recipient. We do not verify the contact information you provide for each Designated Recipient. Once you provide such contact information, until you terminate the designation, we will send Data Services Information to the contact information you have provided, and you are responsible for the accuracy of that information.
Our Products and Services do not currently have the ability to recognize or honor browser do-not-track signals.
· : Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some of our Products and Services to, among other things, track the actions of users (including email recipients), measure the success of our marketing campaigns, and compile statistics about use and response rates.
· : We may use Flash LSOs and other technologies to, among other things, collect and store information about your use of the Products and Services. If you do not want Flash LSOs stored on your computer, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel. You can also control Flash LSOs by going to the Global Storage Settings Panel and following the instructions (which may include instructions that explain, for example, how to delete existing Flash LSOs (referred to “information” on the Macromedia site), how to prevent Flash LSOs from being placed on your computer without your being asked, and (for Flash Player 8 and later) how to block Flash LSOs that are not being delivered by the operator of the page you are on at the time). Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications.
: We may use third-party advertising companies to serve advertisements regarding goods and services that may be of interest to you when you access and use the Products and Services and other websites or online services, based on information relating to your access to and use of the Products and Services and other websites and services. To do so, these companies may place or recognize a unique cookie on your browser (including through use of pixel tags). If you would like more information about this practice and to learn about your choices in connection with it, please visit the and the .
· We may receive certain health information of yours that is “protected health information” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). When we receive protected health information, such information will be subject to the requirements under HIPAA and the HITECH Act, and the regulations effective under each of those Acts.
· When you elect to share your protected health information with a Designated Third Party Service, such as through the Apple Health app, you are electing to provide your data to a third party that may not be subject to the requirements of HIPAA, the HITECH Act and the regulations effective under each of those Acts. You control the information that is provided, and your authorization continues until you revoke it through the app, Dexcom Service or other component where you made the election. What the Designated Third Party Service may do with your protected health information is determined by the terms applicable to the Designated Third Party Service, and we do not control that use. You understand that your revocation will not affect information previously provided to the Designated Third Party Service, but will terminate further provision of information. Whether or not you elect to share your protected health information with a Designated Third Party Service will not have any effect on the Dexcom Products and Services you may have the right to use.
· Dexcom does not permit any person under 18 to subscribe directly to Dexcom Services or Software Apps or to directly purchase Dexcom Products. A parent or legal guardian may subscribe for a User who is under 18, but no person under 18 is permitted to use Dexcom Products or Services without the express agreement of a parent or legal guardian to the terms of the Agreement which require, among other things, that the parent or legal guardian is responsible for designating Designated Recipients, connecting the User Device to Dexcom Services or Software Apps, interacting in all ways with Dexcom Services and Software Apps, and ensuring that all communications with us come from the parent or legal guardian and not from the person under 18.
· Dexcom does not permit any person to subscribe directly to Dexcom Services, or Software Apps or to directly purchase Dexcom Products if that person lacks the legal competence to enter into a contract and be bound to the terms of the Agreement. A legal guardian, conservator or other person with the legal right to do so may subscribe for a User who lacks the legal competence to enter into a contract and be bound to the terms of the Agreement, but no such User is permitted to use Dexcom Services or Software Apps without the express agreement of a legal guardian, conservator or other person with the legal right to provide such agreement to the terms of the Agreement, which require, among other things, that such legal guardian or other person is responsible for designating Designated Recipients, connecting the User Device to Dexcom Services and Software Apps, interacting in all ways with Dexcom Services and Software Apps, and ensuring that all communications with us come from the such legal guardian or other person and not from the User who lacks legal competence.
· We do not and will not, at any time, request Registration and Ordering Information in a non-secure or unsolicited email or telephone communication. Identity theft and the practice currently known as "phishing" are of great concern to us. Safeguarding information to help protect you from identity theft is a priority for us. For more information about phishing, visit .
· Dexcom uses commercially reasonable standards of technology and operational security to protect Personal Information within our organization. Personal Information transmitted through Dexcom Products and Services is transmitted in encrypted form. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you feel that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contact Us” section, below.
· In accordance with the Do-Not-Track amendments to the California Online Privacy Protection Act, we inform you that we do not currently respond to “do not track” signals or similar messages from your browser.
· You may terminate your Dexcom account by following the instructions at the appropriate page at our Website. Followers may terminate their Follower status by canceling the User in the applicable Dexcom Service or by deleting the applicable Software App.
Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Dexcom Products and Services, you consent to the transfer of information to countries outside of your country of residence, including the United States, which may have different data protection rules than those of your country. For personal information of customers that DexCom, Inc. receives from Affiliates and companies in the European Union, the European Economic Area, and Switzerland, DexCom, Inc. has committed to handling such personal information in accordance with the European law principles for international transfers such as EU Standard Contractual Clauses or Privacy Shield, further described below.
Dexcom may receive Personal Information of residents of the countries of the European Economic Area (“EEA”), which includes the 28 European Union Member States plus Norway, Iceland and Liechtenstein from third parties or directly from those residents, including name, address, email and telephone number, ordering information and information regarding medical or health conditions that is considered sensitive information. We refer to such Personal Information as “European Personal Information.” We recognize that the laws of the European Community restrict companies in the EEA from transferring European Personal Information to the United States unless there is “adequate protection” for such European Personal Information. To provide such adequate protection where we do not have in place other protections for European Personal Information meeting the requirements of applicable data privacy laws, as we are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission, we will adhere to the E.U.-U.S. Privacy Shield Framework (the “Privacy Shield”) published by the U.S. Department of Commerce (www.privacyshield.gov) with respect to European Personal Information that we receive. For example, we may agree in a specific circumstance to a model contract approved by the European Commission (http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm), and the terms of that model contract would apply in that circumstance.
Privacy Shield Principles
We participate in the Privacy Shield as does our subsidiary SweetSpot Diabetes, Inc. The Privacy Shield List is available at the website maintained by the U.S. Department of Commerce: https://www.privacyshield.gov/list.
Dexcom manufactures, distributes and supports Dexcom Products that are continuous glucose monitors (“Dexcom CGMs”). Dexcom CGMs measure the User’s glucose levels on a regular basis. We also distribute and support Software Apps that receive, store, process and transmit the User’s glucose levels measured by Dexcom CGMs and other information to assist Users of Dexcom CGMs and their health care providers and others they designate to manage their glucose levels. We collect and use European Personal Information in connection with the use of such Software Apps, to communicate with Users about their use of Dexcom Products and Software Apps, to provide information about new Dexcom Products and Software Apps, and for conducting related task for legitimate business purposes. We will also disclose European Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We may also collect and process human resources European Personal Information in reliance on the Privacy Shield.
In accordance with the requirements of the Privacy Shield, we will offer to persons whose European Personal Information is in our possession the opportunity to choose (opt out) whether the person’s European Personal Information is to be disclosed to a third party or to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the person.
For sensitive information, we will obtain affirmative express consent (opt in) from persons if their European Personal Information is to be disclosed to a third party or used for a purpose other than those for which it was originally collected or subsequently authorized by the individuals through the exercise of opt-in choice. We will treat as sensitive any European Personal Information we receive from a third party where the third party identifies and treats it as sensitive.
Accountabilty For Onward Transfer
To transfer personal information to a third party acting as a controller, we will comply with the Notice and Choice Principles. We will also enter into a contract with the third-party controller that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide at least the same level of protection as the Privacy Shield and will notify us if it makes a determination that it can no longer meet this obligation. The contract shall provide that when such a determination is made the third party controller ceases processing or takes other reasonable and appropriate steps to remediate.
To transfer personal data to a third party acting as an agent, we will: (i) transfer such data only for limited and specified purposes; (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Privacy Shield; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with our obligations under the Privacy Shield; (iv) require the agent to notify us if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the U.S. Department of Commerce upon request.
With regard to the Principle of Accountability for Onward Transfer, we remain liable if our agent processes such personal information in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
We will take reasonable and appropriate measures to protect European Personal Information from loss, misuse, and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and nature of the European Personal Information.
Data Integrity and Purpose Limitation
Consistent with the Privacy Shield, European Personal Information will be limited to the information that is relevant for the purposes of processing. We will not process European Personal Information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the person. To the extent necessary for those purposes, we will take reasonable steps to ensure that European Personal Information is reliable for its intended use, accurate, complete, and current. We will adhere to the Privacy Shield Principles for as long as we retain European Personal information.
European Personal Information will be retained in a form identifying or making identifiable the person only for as long as it serves a purpose of processing or other purpose permitted by the Privacy Shield. We will take reasonable and appropriate measures in complying with this provision.
A person whose European Personal Information is in our possession will have the right to access, to correct, amend or delete that European Personal Information where it is inaccurate or has been processed in violation of the Privacy Shield Principles, except where the Privacy Shield permits otherwise.
Recourse, Enforcement and Liability
We will maintain robust mechanisms for assuring compliance with the Privacy Shield in accordance with the requirement of the Privacy Shield.
Dexcom has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
We are obligated to arbitrate claims and follow the terms set forth in Annex I to the Privacy Shield located at: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
ATTN.: Privacy Officer
6340 Sequence Drive
San Diego, CA 92121, USA
Because email communications are not always secure, please do not include credit card information or sensitive information in your emails to us.