California consumer privacy notice

Privacy Statement – California Consumer Privacy Act

  1. Information Novocure Collects

Novocure may collect certain information related to the Company’s interactions with prospective patients, commercial patients, clinical patients, Health Care Professionals (”HCPs”), third party vendor/suppliers and Novocure employees.

Depending on the type of interaction, as listed above Novocure may have collected the following categories of information over the past 12 months:

Category Data Elements Examples/Definition
Identifiers Name First and last name
Address Home address
Phone Number Phone Number
Unique Government identifier National identification number, passport number, tax ID number, driving license number, unique government identifiers
Customer Identification (Patient Identifier) Internal Novocure Patient ID
Physical Identity Photographs, date of birth, weight, height, gender
Data concerning family and relatives Name of spouse, names of children, names of partners, birth name, date of birth of family members, place of birth of family members, date of marriage, date of contract of cohabitation, number of children
Image recording Films, photographs, video recordings, digital photos
Personal information categories listed in California Customer Records statute (Cal. Civ. Code Sec. 1798.80(e))

 

Personal health insurance information Previous and current health insurance information for individuals, regulatory reporting for employees for health insurance, employee personal insurance benefits information
Health data (Novocure created) Array map
Health data (not created by Novocure) Blood pressure, diagnoses, examination results, assessments by treating physicians, treatment and/ or interventions, bio-medical state, prescription information, MRI used to create array map
Disability Information Mental health state, physical health state
Income Information Salary data, salary statements, data on total income situation, payment overview, family income, income tax declaration
Protected classification characteristics under California or federal law

 

Cultural Identity Nationality
Racial or Ethnic Origin Ethnicity, race, skin color, family information
Commercial information Customer goods and services Order details, invoice number, details of goods and services provided, reminder / debt collection
Bank Information Information in order to pay for services
Transaction details Orders, contracts, complaints, error analysis
Bank Account Account number, bank details, card security code, expiry
Credit/Debit Card Numbers Account/ Card number, bank details, card security code, expiry
Biometric information Biometric Data Fingerprints, retina/ iris scan, voice recognition, facial images
Internet or other similar network activity Online Identifier Internet protocol address, cookie identifier,  browsing history
Professional or employment-related information

 

Education Academic title, education path, training courses, certifications
Professional/Career Career history, employer and position, occupation code / type of activity, periods of unemployment, military service
Recruitment data Hiring date, hiring method, hiring source, trial period, Date of departure, reasons for leaving, termination granted, conditions for the termination of the contract, applications (CV, application letter, date of application), employment history
Employment contract data Personnel number, employee status, contract components
Operational classification (job function) Employee group, post, organization unit, cost center, function, degree, specialization, working modalities and conditions, previous functions
Account Data Payroll, commissions, bonus, employee participation, collective agreement, wage tax data (Procedure, exemption, deduction amounts, commuter allowance), social insurance data (social insurance number, social insurance benefits)
Criminal Information (background checks) Criminal offences and conviction data (confirmed and suspected)
Presence Data Working time regulation, time recording (overview of presence), motives for absence, projects, working hours, hours worked, holiday, absence data
Personnel administration Other personal data: e.g. disciplinary measures, incidents and complaints (bullying)

 

Novocure does not currently collect information from any of the following categories:

  • Geolocation data
  • Sensory data
  • Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g. 34 C.F.R. Part 99))
  • Inferences drawn from other personal information

 

  1. Sources of Information

Novocure obtains the categories of personal information lists above from the following sources:

  • Patient (or prospective patient) – directly from patients or their representatives (e.g., from documents that our patients provide to Novocure related to the use and payment of our product); indirectly from a patient’s HCP (e.g., prescription to start treatment for a patient sent directly from HCP office); indirectly from clinical research site and personnel (e.g., patient safety information related to adverse event)
  • Healthcare Professional – directly from the HCP or HCP representative (e.g., administrative assistant)
  • Employee – directly from the Employee, or other designated resource provided by the Employee (e.g., professional reference, educational institution)
  • Vendor – directly from the Vendor

 

  1. Use of Personal Information

Novocure may use the personal information it collects for one or more of the following business purposes:

  • Care Center patient support
  • Clinical Research and Development facilitation of clinical trials
  • DSS support of commercial and clinical patients
  • Internal Radiologist review of patient MRIs
  • Global Revenue reimbursement and collection
  • Patient Safety
  • Product supply chain/Global Tech Ops product supply
  • Sales on-label HCP education and interactions
  • Service Arrangements with HCPs
  • Medical Affairs presentations to HCPs and institutions
  • Health Policy interactions with patients, HCPs, the government and insurance companies
  • HR support of employees and employment candidates
  • Public relations and social media
  • Support for Business Operations – Finance and Accounting, IT and Legal

Novocure does not use personal information it collects for materially different purposes without providing prior notice.

 

  1. Sharing Personal Information

Novocure only shares personal information for business purposes consistent with those listed in this notice. Novocure ensures that any external parties comply with applicable policies, written agreements and data protection laws when receiving or otherwise accessing personal information on Novocure’s behalf.  Novocure may share any of the personal information identified above externally with the following with a legitimate business purpose to the personal information:

  • Healthcare Professionals
  • Patient family members
  • Contract Research Organizations
  • Insurance companies
  • Government regulators
  • Externally to regulators using anonymized data
  • Third party product suppliers
  • Vendors

Novocure enters into data process agreements and/or business associate agreements (as applicable) with external parties and only permits personal information to be shared if reasonable and if appropriate steps have been taken to maintain the privacy and security of the information.  Personal information is only shared for reasons consistent with the purposes for which the personal information was originally collected or other purposes authorized by law.

Novocure does not sell any personal information.

 

  1. Your Rights and Choices

NOTE: The following rights and choices may not apply to all information listed here in this notice, for example Protected Health information. In addition, some rights may not apply to employees of Novocure.

 

  • Access to Specific Information and Data Portability Rights

You have the right to request that Novocure disclose certain information to you about its collection and use of your personal information over the past 12 months, including:

  • The categories of personal information Novocure collected about you
  • The categories of sources for the personal information Novocure collected about you
  • Our business or commercial purpose for collecting that personal information
  • The categories of third parties with whom Novocure shares that personal information
  • The specific pieces of personal information Novocure collected about you (i.e., data portability request)
  • If Novocure sold or disclosed your personal information for a business purpose, two separate lists disclosing:
    • Sales, identifying the personal information categories that each category of recipient purchased and
    • Disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained
  • Deletion Request Rights

You have the right to request that Novocure delete any of your personal information that it collected from you and retained.  Novocure may deny your deletion request if retaining the information is necessary for Novocure, its affiliates, or representatives to:

    • Complete the transaction for which Novocure collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you or otherwise perform our contract with you
    • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity or prosecute those responsible for such activities
    • Debug to identify and repair errors that impair existing intended functionality
    • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law
    • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code Sec. 1546 seq.)
    • Engage in public or peer-reviewed scientific, historical or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent
    • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with Novocure
    • Comply with a legal obligation
    • Otherwise use your information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information
  • Opt Out of the Sale of Information

California Consumers have the right to opt-out of the sale of Personal Information by a business that sells Personal Information. Novocure does not sell any Personal Information of California Consumers.

  • Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability and deletion rights described above, you may submit a verifiable consumer request to us by either:

Your request must provide sufficient information that allows us to reasonably verify you are the person about whom Novocure collected personal information or an authorized representative. You must describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it.

  • Authorized Agents

Consumers may use an authorized agent to submit their request. The authorized agent must be registered with the California Secretary of State and be authorized to submit requests on behalf of a consumer. If you are an authorized agent and a consumer has given you signed permission to submit a request on his or her behalf, please send a copy of your signed permission by the consumer to Novocure. Failure to submit proof of signed permission may result in Novocure denying the consumer’s request. Novocure will require the consumer to verify his or her identity and directly confirm with Novocure that the consumer has provided you with permission to submit the request.

 

  1. Non-discrimination

Novocure will not discriminate against you for exercising any of your CCPA rights. You will not be:

  • Denied goods or services
  • Charged different prices or rates for goods or services, including though granting discounts or other benefits, or imposing penalties
  • Provided a different level or quality of goods or services
  • Given a different price or rate of goods or services or a different level or quality of goods or services

 

  1. Changes to our Privacy Notice

Novocure reserves the right to amend this privacy notice at its Discretion and at any time. When changes are made to this notice, it will be updated and available on the Novocure website homepage.