error fb Gplus IN twitter down-arrow Email Phone Check-Mark padlock circle_arrow minus plus play_btn close Clipboard_Icon Shopping-Cart_Icon Speech_Bubble_Icon Stethoscope_Icon pharmacists menu left-arrow right-arrow facebook search cart

DEXCOM PRIVACY POLICY

EFFECTIVE DECEMBER 2019

To obtain a prior version of our privacy policy, please contact us at privacy@dexcom.com.

INTRODUCTION

At Dexcom, Inc. and its Affiliates, we value your privacy and are committed to protecting your information in compliance with all applicable privacy and data protection laws globally, including without limitation the General Data Protection Regulation (EU) 2016/679 ("GDPR"). This privacy policy describes the personal information protected under applicable privacy and data protection law, which we collect or process about you or that could identify you when you use our products, services or websites, and how and why we collect or process it. "Personal Information" includes Site Information, Account Information, Order Information, Health Data and Other Use Information, Communications Information, Third Party Information, Third-Party Site Information, Derived Information, and Other Identifiable Information (as defined below).

When referring to "Dexcom", "we", "our" and "us", we mean the Dexcom entity which is providing the Products and Services (as defined below) to you under the terms of the respective Products and Services and thus acting as controller with respect to your Personal Information collected or processed in connection with such Products and Services; or the Affiliate with which your Personal Information was lawfully shared in accordance with this privacy policy. This privacy policy also describes your rights, how to exercise those rights, and how to contact us.

Our products and services include our websites (including our online store), our software applications (including our mobile apps such as the G6 APP, G5 APP, and CLARITY app), the Dexcom G6® CGM System, the Dexcom G5® CGM System, CLARITY, and STUDIO (collectively, "Products and Services").

We define various terms throughout this privacy policy to make it easier for you to read. These defined terms include:

  • Affiliates means companies that are owned by DexCom, Inc., and currently include the following:
    DexCom International Ltd.
    DexCom Philippines, Inc.
    DexCom Canada, Inc.
    DexCom (UK) Ltd.
    DexCom (UK) Intermediate Holdings Ltd.
    DexCom (UK) Operating Ltd.
    DexCom (UK) Distribution Ltd.
    DexCom Sweden AB
    DexCom Deutschland GmbH
    DexCom Suisse GmbH
    Nintamed Handels GmbH

Please note that any third-party sites, applications or other items linked on our websites or within our Products or Services are governed by those third-parties' terms of use and privacy policy, which we encourage you to review. We are not responsible for the information practices of any of those websites, applications or other items.

WHAT, WHEN AND WHY WE COLLECT AND PROCESS PERSONAL INFORMATION ABOUT YOU

We may collect and process your Personal Information as described below. If you are in the United States, refer to our Notice of Privacy Practices https://www.dexcom.com/notice-of-privacy-practices.

We may collect and process:

  • Site Information, which means information you input into, or is otherwise associated with your access and which may constitute Personal Information, to any of our websites. Site Information includes without limitation information about the devices, apps, internet service, IP address, and browsers that you use to access our website; your online browsing behavior such as the sites you visit before and after visiting our websites, your activities on our site including the pages you view, how long you view them, product descriptions read, forms submitted, videos watched, shopping cart contents, and your clicks on our site pages; and, the passwords, security answers, and your user preferences that you provide to us. Site information does not include Account Information, Communications Information, or Order Information (described below).
    WHEN We may collect Site Information when you access any of our websites (including our online store).
    WHY We collect and otherwise process Site Information to:
    • Tailor your experience when accessing or using our websites;
    • Operate and manage our business (including developing, maintaining and supporting our Products and Services);
    • Provide you marketing and information about our Products and Services that we think may interest you (if you have not opted out of receiving marketing or, where an affirmative opt-in is required under applicable to law, you have affirmatively opted in to receive marketing);
    • Comply with applicable law;
    • Establish, exercise or defend our legal claims and rights; and,
    • For any other purpose(s) set forth in any consent you provide.
  • Account Information, which means Personal Information associated with your Dexcom account. Account Information may include your contact information such as your name, billing and shipping address(es), phone number and email address; your Dexcom username and password; birth date and place; gender; pregnancy status; employment information, and your health information. Account Information also includes the contact information, username and health information of any person whose account is created at your request.
    WHEN We may collect and process Account Information when you create a Dexcom account or we create an account for you at your request.
    WHY We collect and otherwise process Account Information to:
    • Establish and manage your Dexcom account and Dexcom Products and Services;
    • Establish, perform, and maintain a contract with you;
    • Provide you marketing and information about our Products and Services that we think may interest you (if you have not opted out to receive marketing or, where an affirmative opt-in is required under applicable to law, you have affirmatively opted in to receive marketing);
    • Send you surveys when permitted under applicable law;
    • Process and address any Communications Information (defined below) if needed based on the communication you provide;
    • Comply with applicable law;
    • Establish, exercise or defend our legal claims and rights; and,
    • For any other purpose(s) set forth in any consent you provide.
  • Order Information, which means Personal Information associated with your order from or payment to us for any Dexcom Products or Services. Order Information includes your contact information such as your name, shipping and billing address(es), phone number and email address; Dexcom username and password; birth date and place; gender; pregnancy status; employment information; financial information; health insurance information; and, identification numbers associated with your Dexcom Products or Services (including the serial identification numbers associated with any receiver and transmitter that is provided to you or your dependent). Order Information also includes the username and health information of any person for whom you order or pay for our Products and Services.
    WHEN We may collect and process Order Information when you order or pay for our Products or Services.
    WHY We collect and otherwise process Order Information to:
    • Receive and process your orders (including any shipment of the order) and the payment for such orders;
    • To establish, perform, and maintain a contract with you;
    • Provide you marketing and information about our Products and Services that we think may interest you (if you have not opted out to receive marketing or, where an affirmative opt-in is required under applicable to law, you have affirmatively opted in to receive marketing);
    • Send you surveys when permitted under applicable law;
    • Address any Communications Information (defined below) if needed based on the communication you provide;
    • Comply with applicable law;
    • Establish, exercise or defend our legal claims and rights; and,
    • For any other purpose(s) set forth in any consent you provide.
  • Health Data and Other Use Information, which means Personal Information associated with your use of our Products or Services, including those Products and Services accessible through our websites such as a Clarity account accessed through a browser, and which may constitute Personal Information. Use Information includes your health information generated from your use of our Products or Services such as your glucose readings; the date, time and device identifier associated with the glucose reading; thresholds that you input into Dexcom services or software apps and notifications triggered by such thresholds. It also includes contact information of any person that you designate to receive your health information through functionality of a Dexcom Product or Service (see below how we share information with your Designated Recipients; contact information; information about the devices, internet service, IP address, and browsers that you use to access and use our Products and Services; information about your settings and your activities associated with your use of our Products and Services (e.g. how frequently you use our services and your user preferences); usernames, passwords, security answers, and location data you input into our Products and Services; and, information associated with your viewing of any video available within our services; forms that you submit electronically through our services, including the any Dexcom Warriors application you submit. Use Information also includes the username and health information of any person for whom you order or pay for our Products and Services.
    WHEN We may collect and process Use Information when you access or use our Products or Services, including those you access through our websites.
    WHY We collect and otherwise process Use Information to:
    • Provide you Dexcom Products and Services that you have ordered or otherwise requested;
    • Establish, perform, and maintain a contract with you;
    • Provide technical support that you request for your Dexcom Products and Services;
    • Provide you marketing and information about our Products and Services that we think may interest you (if you have not opted out to receive marketing or, where an affirmative opt-in is required under applicable law, you have affirmatively opted in to receive marketing);
    • Send you surveys when permitted under applicable law;
    • Process and address any Communications Information (defined below) if needed based on the communication you provide;
    • Comply with applicable law;
    • Establish, exercise or defend our legal claims and rights; and,
    • For any other purpose(s) set forth in any consent you provide.
  • Communications Information, which means any information that you communicate to us through any means, directly or indirectly, and that may be Personal Information. Communications Information includes the content of your communications to us along with any associated metadata. Communications Information may include contact information, financial information, and health information.
    WHEN We may collect and process Communications Information when you ask us a question, request information about our Products and Services, submit a complaint to us, seek customer or technical support from us or otherwise communicate with us through any means.
    WHY We collect and otherwise process Communications Information to:
    • Provide a response to your communication, including taking any responsive action;
    • Provide you marketing and information about our Products and Services that we think may interest you (if you have not opted out to receive marketing or, where an affirmative opt-in is required under applicable law, you have affirmatively opted in to receive marketing);
    • Send you surveys when permitted under applicable law;
    • Comply with applicable law;
    • Establish, exercise or defend our legal claims and rights; and,
    • For any other purpose(s) set forth in any consent you provide.
  • Third-Party Information, which means any Personal Information about you that is provided to us by a third-party that you have authorized. Third-Party Information may include contact information and health information.
    WHEN We may collect and process Third-Party Information when you designate individuals or entities to share your Personal Information with, integrate a third-party's product into our software, integrate our products into a third-party's software, or otherwise authorize a third-party data service to provide information about you to us.
    WHY We collect and otherwise process Third-Party Information to:
    • To establish, perform, and maintain a contract with you;
    • To provide you Dexcom Products or Services that integrate third-party Products and Services supported by Dexcom and designated by you;
    • Provide you marketing and information about our Products and Services that we think may interest you (if you have not opted out to receive marketing or, where an affirmative opt-in is required under applicable to law, you have affirmatively opted in to receive marketing);
    • Send you surveys when permitted under applicable law;
    • To operate and manage our business (including developing, maintaining and supporting our Products and Services);
    • Comply with applicable law;
    • Establish, exercise or defend our legal claims and rights; and,
    • For any other purpose(s) set forth in any consent you provide.
  • Third-Party Site Information, which means any Personal Information associated with your activity on third-party websites that are accessed through our websites or software.
    WHEN We may collect and process information about your activity on a third-party website (including the pages you visit, your activity on those pages and your purchases or other transactions with those third-parties) when you access a third-party website by clicking on a link or advertisement located on any Dexcom site or software.
    WHY We collect and otherwise process Third-Party Site Information to:
    • Provide you marketing and information about our Products and Services that we think may interest you (if you have not opted out to receive marketing or, where an affirmative opt-in is required under applicable to law, you have affirmatively opted in to receive marketing);
    • Manage our business (including product development) as far as the use of Personal Information is permitted for this purpose under applicable data protection law, including obtaining your consent where required under law;
    • Comply with applicable law;
    • Establish, exercise or defend our legal claims and rights; and,
    • For any other purpose(s) set forth in any consent you provide.
  • Derived Information, which means information that we create by combining and/or analyzing some or all of the information described above and which may constitute Personal Information.
    WHEN We may collect and process Derived Information when you have performed any of the activities described above.
    WHY We collect and otherwise process Derived Information to:
    • To establish, perform, and maintain a contract with you;
    • Provide you marketing and information about our Products and Services that we think may interest you (if you have not opted out to receive marketing or, where an affirmative opt-in is required under applicable to law, you have affirmatively opted in to receive marketing);
    • Send you surveys when permitted under applicable law;
    • To operate and manage our business (including developing, maintaining and supporting our Products and Services) as far as the use of Personal Information is permitted for this purpose under applicable data protection law, including obtaining your consent where required under law;
    • Comply with applicable law;
    • Establish, exercise or defend our legal claims and rights; and,
    • For any other purpose(s) set forth in any consent you provide.
  • Nonidentifiable Information, which means information that does not reveal your identity, could not be used to identify or track you, and, therefore, is not protected as Personal Information under applicable law.
    WHEN We may collect and use Nonidentifiable Information for any purpose to the extent permitted by applicable law when you interact with us in any way. If we are required to treat Nonidentifiable Information as personal information under applicable law, then we may use it for all the purposes for which we use and disclose Personal Information.
    WHY We collect and otherwise process Nonidentifiable Information to pursue our legitimate business purposes, operate, manage, and promote our business (including developing, maintaining and supporting our Products and Services).
  • Other Identifiable Information. Other Identifiable Information means information that identifies you or could be used to identify your; that is not listed above; and, is collected pursuant to your consent or otherwise in accordance with applicable law.
    WHEN We may collect and process Otherwise Identifiable Information in other, in particular future contexts.
    WHY We collect and otherwise process Other Identifiable Information for the purposes identified in the disclosures and information that we will provide to you before obtaining your consent or otherwise process such other information in accordance with applicable law.

    Other identifiable Information that you provide after you have provided your consent will be processed for the purposes set forth in the consent. Additionally, we will process such Other Identifiable Information as may be required to comply with applicable law and to establish, exercise or defend legal claims and rights.

HOW WE COLLECT PERSONAL INFORMATION ABOUT YOU

FROM YOU DIRECTLY.

We, and Service Providers acting on our behalf, collect Personal Information about you when you provide it to us directly. For example, you may provide Personal Information to us when you communicate with us using any means, order our Products or Services, pay for our Products or Services, create an account with us, use our Products or Services (including Clarity), complete forms on our websites, seek technical or customer support from us with respect to our Products or Services, submit questions or complaints to us, and otherwise provide us Personal Information about you.

FROM THIRD PARTIES YOU AUTHORIZE.

We collect Personal Information about you from third-parties when you have authorized such third-parties to provide it to us. For example, we collect information about you from third-parties when you integrate a third-party's product into our software, integrate our products into a third-party's software, or otherwise authorize a third-party data service to provide information about you to us. We also collect Personal Information about you from third parties who host social media webpages that we manage, as far as this is done based upon your consent or otherwise in line with applicable data protection law.

FROM YOU INDIRECTLY THROUGH COOKIES AND OTHER TECHNOLOGIES.

We also collect Personal lnformation about you when you use our Products or Services to provide functionality to our Products and Services; to recognize you across devices when using our Products and Services; in each case this is justified under applicable data protection law for our legitimate business purposes. These legitimate business purposes include evaluating information about the use of our Products and Services and identifying trends; developing or enhancing our Products and Services; providing an experience tailored to you when you use our Products and Services; effecting certain security controls; and, identifying the advertisements and offers we think may interest you so that we may display them to you when you use our Products and Services.

The tracking technologies that we use include cookies, web beacons, device identifiers, and pixels. Our third party partners, such as analytics and advertising partners, may use these technologies to collect information about your online activities over time and across different services to the extent permitted by applicable data protection law. To the extent permitted by applicable data protection law, we may also combine this information with other information we collect about you. If you are based in the European Economic Area or another country which requires express consent for the use of certain kinds of cookies and of similar technologies and/or of information obtained by the use of cookies or similar technologies, we will comply with such consent requirements.

We may use the following technologies. If you are a resident of the European Economic Area (EEA), please also refer to our Cookie Policy https://www.dexcom.com/en-IE/cookie-policy for further details on how we use cookies and other technologies.

  • Cookies: Cookies are files that we or our Service Providers (including advertising and analytics Service Providers) store directly on the memory (for temporary cookies) or hard drive (for persistent cookies) of the device you use to access or use our websites and services. Temporary cookies will be automatically deleted when you close your session while a persistent cookie will remain after you close your session. We may use cookies to collect information such as IP addresses, passwords, browser type and activity, your activity on our websites or services and relative time and duration of such activity, security answers provided to us, shopping cart data, your user preferences, and location data. Cookies also collect anonymized data with respect to the traffic on our websites or services.

    If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to automatically decline cookies or be given the choice of declining or accepting the transfer to your computer of a particular cookie (or cookies) from a particular site. You may also visit http://www.allaboutcookies.org/manage-cookies/index.html for more information. If, however, you do not accept these cookies, you may experience some inconvenience in your use of the Products and Services. For example, we may not be able to recognize your computer, and you may need to log in every time you visit. For the avoidance of doubt, the option to decline the acceptance of cookies in your browser setting does not mean that we use cookies without your consent where such consent is required under applicable law.

    Please note that, though some browsers have incorporated "Do Not Track" (DNT) features that send a signal to the websites you visit to indicate that you do not wish to be tracked, we do not have the ability to recognize or honor browser DNT or similar signals at this time.
  • Analytics: We may use third-party analytics, such as Google Analytics, in connection with our Products and Services. Such third-party services may use cookies and similar technologies to collect and analyze information about use of the Products and Services and to report on activities and trends. Such services may also collect information regarding the use of other websites, apps and online services. For more information on Google Analytics, please visit https://policies.google.com/technologies/partner-sites. You can download the Google Analytics opt-out browser add-on by visiting https://tools.google.com/dlpage/gaoptout. We will not undertake such activities without your consent where such consent is required under applicable law.
  • Web beacons, pixel tags or clear GIFs track and otherwise process your activities on our services, websites and emails you send, receive or read through our services or websites. Furthermore they can be used to measure the success of our marketing campaigns, and compile statistics about use and response rates. We will not undertake such activities without your consent where such consent is required under applicable law.
  • Device and connection information is information that we or our Service Providers (defined below) collect about your computer, phone, tablet or other devices you use to access our services and websites. This information includes your connection and your settings when you interact with our services and websites along with information about your operating system, browser type, IP address, URLs of websites that you visited before you visiting our websites, URLs of websites that you visit after visiting our websites, device identifiers, and crash data. We may use your IP address to, among other things, approximate your location. We will not undertake such activities without your consent where such consent is required under applicable law.

WHAT IS THE LEGAL BASIS FOR PROCESSING

We may need to hold, process, and transfer your Personal Information but will do so solely for legitimate business purposes in accordance with applicable laws, regulations, and guidelines. We will only disclose your Personal Information on a need-to-know basis to those who are authorized to use it for these purposes.

We process the Personal Information listed above for purposes including:

  • As required to establish, perform, maintain, or terminate a contractual relationship with you and to enable us to manage your account and Dexcom Products and Services applicable to you.
  • As required to enable our business and pursue our legitimate business interests where our interests are not overridden by your data protection rights, as applicable. If you require further information on our legitimate business interests, please contact us at the information below.
  • Compliance with applicable laws and protection of our legitimate business interests, legal rights and obligations.
  • Where you have given consent.

HOW WE SHARE PERSONAL INFORMATION WE COLLECT

Most Personal Information will remain with us, but we may share your Personal Information for the purposes explained above with the following recipients, and in each case always in accordance with applicable privacy and data protection laws. If you are in the United States, refer to our Notice of Privacy Practices https://www.dexcom.com/notice-of-privacy-practices for additional information about how we share your protected health information.

We share information we collect and process with:

  • Designated Recipients. Individuals or entities that you designate or instruct us to share your Personal Information with. Designated Recipients are not Service Providers (defined above), and include:
  • Followers. Individuals or entities that you designate as "Followers" within our Products and Services.
  • Third-Party Integrations. Third-parties whose products or services that you choose to integrate into our Products and Services, including any connected insulin pens or pumps.
  • Other Third-Party Products or Services. Third-parties whose products or services within which you choose to access or otherwise integrate our Products and Services, or the data generated from our Products and Services, including third-party health applications.
  • Other Third-Parties You Designate. Third-parties, including health care providers, that you otherwise designate.

    You are responsible for determining your Designated Recipients and providing us accurate information for your Designated Recipients. We do not verify the accuracy of any information you provide with respect to your Designated Recipients.

    Once you establish a Designated Recipient, we share your Personal Information with that Designated Recipient until you terminate the designation. We have no control over what the Designated Recipient does with your Personal Information. If your Designated Recipient is an entity, you should consult that Designated Recipient's terms of service, privacy policy and other provisions of the Designated Recipient's website and services as they apply to your Personal Information that is transferred to such Designated Recipient before you elect to share any of your Personal Information with a Designated Recipient. If your Designated Recipient shares your Personal Information with us, this privacy policy applies with respect to our practices.

    Please note that when you add a "Follower" as a Designated Recipient, that person could forward your invitation to another who can accept the invitation and start to receive your Personal Information. Please do not add any person or entity as a "Follower" unless you trust that person or entity, as we have no responsibility or control with respect to what that Follower does with your Personal Information or invitation.

    WHY If you have Designated Recipients, we will share your Personal Information with those Designated Recipients using any information you have provided for those Designated Recipients, respectively to:
    • Deliver our Products and Services to you that you request, including any functionality that integrates third-party products and services;
    • To establish, perform, and maintain a contract with you;
    • Fulfill your request to share your Personal Information;
    • Fulfill the purpose(s) specifically identified in any consent that you provide to us;
    • Respond to your Communications Information (defined above) that you transmit to us through Distributors
    • Comply with applicable law;
    • Establish, exercise or defend legal claims and rights; and,
    • For any other purpose(s) set forth in any consent you provide.
  • Affiliates, as defined in Section "Introduction" above. These entities are bound, as required by law, to ensure that Personal Information is protected consistent with EU standards as explained below as well as applicable laws, ordinances and guidelines in other jurisdictions.
    WHY We share Personal information with Affiliates to the extent required for one of the following purposes and in each case only in compliance with applicable data protection law, including the obtaining of your consent where required:
    • To operate and manage our business (including developing, maintaining and supporting our Products and Services);
    • Deliver our Products and Services to you;
    • To establish, perform, and maintain a contract with you;
    • Where you have given consent in particular with respect to marketing communications;
    • Send you surveys when permitted under applicable law;
    • Comply with applicable laws;
    • Establish, exercise or defend legal claims and rights.

    If you are in South Korea or Japan, DexCom Inc.'s Affiliate with whom your Personal Information is shared is Dexcom UK Limited to:
    • Store and analyze data with respect to complaints related to our devices;
    • Provide reporting to the US Food and Drug Administration (FDA); and
    • Retain business records in accordance with prudent business practices and applicable law.
  • Service Providers, which means third-party entities, business partners or others that provide services or perform functions on our behalf so that we may operate and manage our business, including but not limited to providing our Services and Products to you. Our Service Providers include entities that perform the following on our behalf:
    • Marketing and surveys;
    • Data hosting, storage, retrieval and analytics services;
    • Administrative functions and processes, including but not limited to email services and shipping services;
    • Legal functions and processes;
    • Control and compliance processes; and
    • Staff augmentation.

    WHY We share Personal Information with our Service Providers to the extent required for one of the following purposes and in each case only in compliance with applicable data protection law, including the obtaining of your consent where required:
    • To operate and manage our business (including developing, maintaining and supporting our Products and Services);
    • Deliver our Products and Services to you;
    • To establish, perform, and maintain a contract with you;
    • Where you have given consent in particular with respect to marketing communications;
    • Send you surveys when permitted under applicable law;
    • Comply with applicable law; and
    • Establish, exercise or defend legal claims and rights.

    If you are in South Korea or Japan, our services providers are:
    • Google (Germany) to store data in the cloud and perform analytics;
    • SendGrid, Inc. (United Kingdom) to route emails and communications that you initiate through Clarity.

    If you are in Australia, you consent to us using your Personal Information (including sensitive information) or that of a third party (such as a Designated Recipient), for the purpose of sending Solicitations by us, our Affiliates or any third party service providers acting on our behalf. To opt out of (or, if you are in a jurisdiction requiring affirmative consent and would like to revoke the consent that you provided with respect to) Solicitations or our sharing of your Personal Information with third parties for these purposes, you may opt-out of receiving these Solicitations through the unsubscribe function that will be made available to you with each Solicitation communication.
  • Government Authorities and Law Enforcement Officials, which means any applicable governmental, regulatory or law enforcement agency. These include but are not limited to the US Food and Drug Administration (FDA), US Department of Health and Human Services (HHS), and health, medical devices and data protection supervisory authorities throughout all jurisdictions where we operate.
    WHY We may be required to disclose your Personal Information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements and as required by government agencies that regulate medical devices in the country where you are located.
  • Courts and Administrative Tribunals, which means any court of law or other tribunal where we may establish, exercise or defend our legal claims and rights.
    WHY We may be required to disclose your Personal Information in a court or administrative proceeding to comply with applicable law and to establish, exercise or defend our legal claims or rights.
  • BBB National Programs, Inc., which is a non-profit organization based in the United States that operates the independent dispute resolution mechanism referred to as the BBB EU Privacy Shield.
    WHY We may share Personal information related to active Privacy Shield complaints from EEA or Swiss individuals with the BBB National Programs, Inc. to:
    • Respond to your Communications Information (defined above)
    • Comply with applicable law; and,
    • Establish, exercise or defend legal claims and rights.
  • Distributors, which means any entity with whom we have established a relationship for the purpose of their distribution of our Products and Services to you, and who administer, manage and service the customer relationship that such entity has with you.
    WHY We share Personal Information with the Distributors to:
    • Deliver our Products and Services to you through Distributors;
    • To establish, perform, and maintain a contract with you;
    • Fulfill the purpose(s) specifically identified in any consent that you provide to us;
    • Respond to your Communications Information (defined above) that you transmit to us through Distributors;
    • Comply with applicable law;
    • Establish, exercise or defend legal claims and rights; and,
    • For any other purpose(s) set forth in any consent you provide.

    If you are in South Korea, these Distributors include:
    • Huons Co., Ltd. to enable it to administer, manage and service the customer relationship it has with you; and,
    • Synex Consulting Ltd. to enable it to perform its regulatory reporting.

    If you are in Japan, these Distributors include:
    • Terumo Corporation to enable it to administer, manage and service the customer relationship it has with you; and,
    • Cobridge Co., Ltd. to enable it to perform its regulatory reporting.

    If you provide us any communication for sharing with the Distributors, we will share this information with the distributors, and their respective terms of service and privacy policies apply to the information that is transferred to them.
  • Reorganization Parties, which means any company with whom a transaction between that company and us would result in a merger, acquisition, dissolution, or sale of DexCom Inc.'s and/or one or more of its Affiliates. Reorganization Parties also includes such company's advisors and our advisors related to the merger, acquisition, dissolution or sale.
    WHY We may (subject to the applicable laws) provide your Personal Information to Reorganization Parties in connection with a potential or actual corporate sale, merger, acquisition or dissolution involving DexCom, Inc. and/or one or more of its Affiliates to the extent permitted by applicable law.

A list of the third parties, or categories of third parties, who process Personal Information can be obtained on request by contacting us at the information below.

HOW WE TRANSFER PERSONAL INFORMATION INTERNATIONALLY

We operate in various countries throughout the world, including, but not limited to, the US, Canada, countries located in the EU and EEA, Australia, Japan, South Korea, and the Philippines, so your Personal Information may be stored or processed in any country where we have facilities or in countries where our Service Providers are located. For example, your Personal Information may be processed in the Philippines for customer service and/or technical support purposes. These countries may not have data privacy and protection laws that are equivalent to the laws of your country.

In such case, we may rely on mechanisms permitted under the laws of your country where you are located to affect the transfer with appropriate safeguards.

Please note that if you use our Products or Services in the EU, EEA, or Switzerland, we store and process your Personal Information generated by such use solely in the EU unless you have expressly consented to the transfer of Personal Information outside of the EU or such transfer is required by applicable law. In case of such transfer, we have committed to handling such Personal Information in accordance with the European law principles for international transfers such as EU Standard Contractual Clauses or Privacy Shield which is further described below in Privacy Shield Notice). When we transfer your Personal Information, we take steps to protect your Personal Information as required under applicable law.

Privacy Shield Notice - For EEA and Swiss Individuals

DexCom, Inc. is an entity established in the United States of America and, for purposes of this section regarding the Privacy Shield, is referred to as Dexcom-US. Dexcom-US complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Information from European Union member countries and Switzerland transferred to the United States pursuant to the Privacy Shield. Dexcom-US has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/. The Federal Trade Commission (FTC) has jurisdiction over Dexcom-US's compliance with the Privacy Shield.

Pursuant to the Privacy Shield Frameworks, EEA and Swiss individuals have the right to obtain our confirmation of whether we maintain Personal Information relating to you in the United States. Upon request, we will provide you with access to the Personal Information that we hold about you. You may also be able to correct, amend, or delete the Personal Information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete data transferred to the United States under Privacy Shield, should direct their query to Dexcom's Privacy Portal at https://onetrustapp.dexcom.com/dsarwebform/75f39504-0b24-4647-b3b2-7260802503a1/8ee37a30-29db-4cbd-9cae-70aa744e4432.html or by emailing us at privacy@dexcom.com. For additional information, refer to Your Rights and How to Exercise Your Rights.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your Personal Information, please submit a written request at https://onetrustapp.dexcom.com/dsarwebform/75f39504-0b24-4647-b3b2-7260802503a1/8ee37a30-29db-4cbd-9cae-70aa744e4432.html. For additional information, refer to Your Rights and How to Exercise Your Rights.

In the context of an onward transfer under the Privacy Shield, Dexcom-US has the responsibility of processing Personal Information it receives and subsequently transfers to a third party acting as an agent on its behalf (such as its Service Providers). Dexcom-US remains liable under the Principles if its agents process such Personal Information in a manner inconsistent with the Privacy Shield Principles, unless Dexcom-US proves that it is not responsible for the event giving rise to the damage.

In compliance with the Privacy Shield Principles, Dexcom-US commits to resolve complaints about your privacy and our collection or use of your Personal Information transferred to the United States pursuant to the Privacy Shield. European Union (or EEA) and Swiss individuals with the Privacy Shield inquiries or complaints should first contact us using the contact details located at the end of this policy.

Dexcom-US further commits to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU/CH PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

HOW WE SECURE PERSONAL INFORMATION WE COLLECT

We use appropriate administrative, organizational and technical safeguards to protect information from loss, misuse, and unauthorized access, disclosure, alteration and destruction in light of the nature of the information processed. Personal Information transmitted through our Products and Services is encrypted when transmitted. Please note that no data transmission or storage system is guaranteed to be entirely secure. If you feel that your interaction with us is no longer secure, please contact us immediately. Please note that we do not request information (including financial or other sensitive information) to create an account or process orders for our Products or Services through phone communication or unsolicited email. If you receive a phone communication or unsolicited email that purports to be from us and seeks such information, do not respond and contact us immediately. For more information on how you may safeguard your Personal Information and protect yourself against identity theft, visit https://www.consumer.ftc.gov/topics/privacy-identity-online-security.

HOW LONG WE STORE PERSONAL INFORMATION WE COLLECT

We will retain your Personal Information only for limited period of time needed to fulfil purposes of processing mentioned above. After that time your Personal Information will be erased.

Where we enter into a contract with you, we will keep your Personal Information for the duration of the contractual relationship you have with us, and, to the extent permitted, after the end of that relationship for as long as necessary to perform the purposes set out in this privacy policy. The criteria to determine the storage period are statutory and contractual requirements, the nature of our relationship with you, the nature of the data concerned, and technical necessities.

Where we process Personal Information with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests), if there is no other legal ground for further processing (e.g., a statutory obligation to retain your Personal Information). We also keep a record of the fact that you have asked us not to process your data so that we can respect your request in future. We will further delete your Personal Information when you object to the processing in accordance with "YOUR RIGHTS AND HOW TO EXERCISE YOUR RIGHTS" (see below) or when we are obligated to delete it in accordance with an obligation under applicable law.

In other cases, we may retain data for an appropriate period after any relationship with you ends to protect ourselves from legal claims, to administer our business, or to the extent permitted by applicable law, which may require us to hold your Personal Information for specific periods.

YOUR RIGHTS AND HOW TO EXERCISE YOUR RIGHTS

Your rights with respect to your Personal Information that Dexcom collects, uses or otherwise processes are described below. If you are in the United States of America, refer to our Notice of Privacy Practices (NOPP) https://www.dexcom.com/notice-of-privacy-practices for additional information about your protected health information rights under the US Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations.

You may exercise your rights by visiting our Privacy Portal at https://onetrustapp.dexcom.com/dsarwebform/75f39504-0b24-4647-b3b2-7260802503a1/8ee37a30-29db-4cbd-9cae-70aa744e4432.html or otherwise contacting us via email at privacy@dexcom.com. For certain information, you may exercise you rights through the functionality that we provide on our site or software as further described below.

When you submit a request to us to exercise your rights, we will respond as appropriate and within the timeframe permitted under applicable law. We will retain your request and our response (including any supporting documentation) in compliance with applicable law. Also, we will continue to retain and otherwise process your Personal Information to the extent required to comply with applicable law; or, to establish, exercise or defend our legal claims and rights.

  • Access. You have a right to access your Personal Information that we, or our third-parties acting on our behalf, process to the extent the information does not contain Personal Information of another individual.
  • Correction. You have a right to correct or rectify your Personal Information unless you are located in the US. If you are located in the US, you have a right to correct or rectify your Personal Information as specified in our Notice of Privacy Practices pursuant to HIPAA https://www.dexcom.com/notice-of-privacy-practices.
  • Erasure. You have a right to have your Personal Information erased with limited exception. Specifically, you have a right to have your Personal Information erased if an exception does not apply and your Personal Information is no longer required for the purpose(s) it was collected or otherwise processed; our processing is based on your consent and you withdraw your consent; you have objected to our processing and there are no overriding legitimate grounds for processing (including but not limited to completing a transaction with you, fulfilling a contract with you, protecting against security incidents, fraud, malicious or illegal activity); we have not lawfully processed your Personal Information; or erasure is required under applicable law.

    Your right to have your Personal Information erased does not apply when: applicable law requires otherwise; processing is required to exercise the right of freedom of expression and information; processing is required to comply with a legal obligation; processing is required for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes to the extent permitted by applicable law and erasure will seriously impair or prevent the achievement of such processing objectives; or, processing is required to establish, exercise, or defend legal claims and rights. With respect to your Personal Information that is contained in our backups and is not subject to one of the preceding exceptions, we will delete your Personal Information permanently and securely in accordance with our schedule for the disposition of backups.
  • Restrict Processing. You have a right to limit the use or otherwise temporarily restrict Dexcom's processing of your Personal Information for a defined period of time.
  • Object to Processing. With limited exceptions, you have a right to object to Dexcom's processing of your Personal Information where the processing is based on legitimate interests pursued by us; the processing is for the purpose of direct marketing; or the processing is for scientific, historical research or statistical purposes. However, you do not have a right to object to processing where we can demonstrate legitimate grounds that override this right; the processing is required to comply with applicable law; the processing is required to establish, exercise or defend legal claims or rights; or, you are in the US, our Notice of Privacy Practices https://www.dexcom.com/notice-of-privacy-practices pursuant to HIPAA applies and limiting our use or sharing will affect your care.
  • Withdraw Consent. You may opt out or revoke your consent to, as applicable, receive promotional communications from us by selecting the "unsubscribe" link in the promotional email we send you, by phoning us at our phone number communicated to you in the promotional email or by contacting us at the information below. Please note that, even after you opt-out or revoke your consent to receive promotional materials from us, you will continue to receive transactional messages if you have an account with us or otherwise use our Products or Services. We may also need to retain certain information for recordkeeping purposes.

    You may also be able to opt out of or revoke your consent to, as applicable, receiving web-based personalized advertisements from companies who are members of the Network Advertising Initiative http://optout.networkadvertising.org/?c=1 or participate in the Digital Advertising Alliance Self-Regulatory Program http://www.aboutads.info/. You can access any settings offered by your mobile operating system to limit ad tracking on mobile devices, and you can install the Aphonics mobile app to learn more about how you may opt out of personalized ads in mobile apps.
  • Sharing with Designated Recipients. For Designated Recipients that are Followers or third-party integrations, you may revoke your sharing with these Designated Recipients through the relevant Dexcom or Clarity app within which you have added the Designated Recipients. For all other Designated Recipients, you may stop sharing by contacting us.
  • Portability. You have a right to request the transfer of your Personal Information in certain circumstances. This includes data we process in an automated way based on your consent, to perform a contract with you, or to take steps you request before entering into a contract with you.
  • Right to Lodge a Complaint. If you have unresolved concerns, you also have the right to complain to data protection authorities. The relevant data protection authority will be the supervisory authority located in the EU Member State that you reside in.

Please note that where we require your Personal Information to comply with legal or contractual obligations, provision of such data is mandatory: If such data is not provided, then we will not be able to manage the relationship, or to meet obligations placed on us. In all other cases, provision of requested Personal Information is optional.

OTHER IMPORTANT PRIVACY INFORMATION

Personal Information of Children

Our Products and Services are not directed to children who are under the age of 13 years (or, if in the EEA, 16 years), and we do not knowingly collect Personal Information from them without the consent of their respective parent or legal guardian. If we learn that a child under 13 years old (or, if in the EEA, 16 years old) has provided us his/her Personal Information without the consent of his/her parent or legal guardian, we will delete that information. If you believe a child under the age of 13 (or, if in the EEA, 16) has provided us his/her Personal Information without the consent of his/her parent or legal guardian, please contact us.

Organizational End-Users

We make certain websites, products and services available to organizations. If your use of our websites or services is within the scope of your employment or other association with an organization, your account is managed by your organization's administrator and your use (and the related processing of your Personal Information) is subject to your organization's privacy policy and information practices. your organization's account administrator may create your account; require you to create or reset your password; restrict, suspend or terminate your access to our websites and services (including your account on those websites and services); access information in or about your account; change the information associated with your account profile; and, provision your account. Any questions about your organization's privacy policy and information practices should be directed to your organization.

Please note that the domain owner of any email address used to create an account or otherwise interact with our Products and Services may assert administrative control over your account and the information provided to you at the email address it owns.

Changes to our Privacy Policy

From time-to-time, we may change our privacy policy. We will post any changes on this page. If we change our privacy policy significantly, we will notify you by adding a prominent notice on our websites and services or by sending you an email notification as required by applicable law. To the maximum extent permitted by applicable law, any changes will become effective when we post the updated privacy policy on our website, and your use of our Products and Services following these changes means that you accept the updated privacy policy. We encourage you to review our privacy policy when you use our Products and Services to stay abreast on our information practices.

If we make a change to our privacy policy and you disagree with the change, you will need to stop providing us your information; stop accessing and otherwise using our Products and Services; and, if you have an account, terminate your account and may choose not to submit any further Personal Information.

CONTACT US

For privacy inquires or complaints, or to exercise any of your privacy rights, we may be contacted:

If you are in Canada and would like to no longer receive marketing from us, email us at privacy@dexcom.com; write us at 501-4445 Lougheed Highway, Burnaby, BC V5C 0E4; or, phone us at 1-844-832-1810.

If you are in the EEA, we may be contacted:

Because email communications are not always secure, please do not include credit card or other sensitive information in any unencrypted email to us given that email communications are not always secure.