NOTICE OF FAIR PROCESSING OF COMMERCIAL PATIENT DATA

Now that you have been prescribed Optune, Novocure Limited and its affiliates and subsidiaries (“Novocure” or “we” or “us”), will require information from you (or your healthcare provider) relevant to your use of Optune (“Personal Data”). This Privacy Notice explains how we use your Personal Data, and what your rights are associated with your Personal Data.

  1. Personal Data We Collect

When you complete the Order Form and sign the Service Agreement to start your Optune therapy, and at times throughout your therapy, you may provide us with the following Personal Data:

Identifying and contact information: You provide us with your first and last name, email address, home address and telephone number, mobile telephone number, gender, date of birth,  government-issued identification information, nationality, and your emergency and/or caregiver contacts.

Information about your health condition: You provide (or via your healthcare provider) us with information relating to your medical condition and diagnosis. This includes medical records prepared by your doctor (for example blood tests, diagnostic reports, treatment history, blood pressure, examination results, assessments by treating physicians, treatment and/ or interventions, prescription information) or biometric information (for example, copies of MRI or other scans relevant to your therapy).

Health insurance information: You provide us with information about your health insurance coverage.

Health care provider information: You provide us with the contact information for your health care provider.

  1. How We Use Your Personal Data and the Legal Basis to Process It

We may use your Personal Data in order to: deliver the Optune device to you, provide you with ongoing support for your Optune therapy, communicate with you and your healthcare provider in connection with your Optune therapy, and to assist you with insurance reimbursement related to Optune. If you do not provide this Personal Data, we would not be able to provide this support to you. We also use your Personal Data to improve the Optune device and as may otherwise be necessary to protect our legal rights or comply with our legal obligations. This is described in more detail below. We apply appropriate safeguards to protect your information (see Section 6 below).

  • Delivery, use, and support of Optune: We use your Personal Data to deliver the Optune device to your home or to your healthcare provider’s office. We use your Personal Data (for example medical records and MRIs) in order to customize and adapt the Optune device to your specific medical condition and diagnosis (for example create an array map). We use your Personal Data to provide you with initial and ongoing support in your home or healthcare provider’s office via our Device Support Specialists (for example technical device support, device compliance monitoring). We use your Personal Data to provide you and your healthcare provider initial and ongoing support related to your Optune therapy via our internal Care Coordinators. We use your Personal Data to assist you with submitting reimbursement claims to your insurance company for the payment of Optune via our reimbursement specialists.
  • Detect and prevent fraud: We use your Personal Data to verify your identity and insurance information in order to detect and prevent fraud, identity theft, or abuse of our services.
  • To optimize and improve our services: We use your Personal Data, together with that of other patients, to gain insights into how Optune is used and how to improve both the device and our services and support.

The legal basis for the processing: We may process your Personal Data as described above in order to perform obligations under our Service Agreement with you.

The condition for processing data concerning your health: We may process your Personal Data comprising of health information as described above for reasons of public interest in the area of public health, such as to ensure high standards of safety of our Optune medical device.

With your explicit consent: We may seek your consent to process your Personal Data for other specific purposes. Where we are processing Personal Data based on your consent, you have the right to withdraw that consent at any time.

  1. How We Share Your Personal Data and the Legal Basis to Share It

We may share your Personal Data with other Novocure entities, with third party service providers that help us in providing and supporting Optune, with your healthcare providers, and as may be required by law and for protecting our rights.

  • With other Novocure entities: We share your information between and among Novocure and its affiliates and subsidiaries for the management of the patient relationship, accounting, and related purposes and in the ordinary operation of our business. In addition, we would share your Personal Data, if we are involved in a merger, acquisition, consolidation, change of control, or sale of all or a portion of our assets, or if we undergo bankruptcy or liquidation.
  • With your healthcare provider: We share your information with your healthcare provider as may be necessary in connection with your Optune therapy. Novocure Device Support Specialists (including contracted third parties) and Care Coordinators work closely with your healthcare provider throughout your Optune therapy to provide information related to Optune device compliance and other information related to your use of the Optune device.
  • With our service providers: We share your information with service providers to help us deliver the Optune device to you and to support you throughout your Optune therapy, consistent with this Privacy Notice. These may include our contracted Device Support Specialties who work with you in your home or healthcare provider’s office, your healthcare providers, contracted radiologists who may review your MRI and other scans to customize your Optune therapy, or information technology vendors who provide hosting services for our patient database. Any Personal Data we provide to third party service providers will be protected by an appropriate agreement ensuring that it is only used for the purposes for which it was provided.

Additionally, we may share your Personal Data in order to prevent fraud or abuse to our services, in accordance with any applicable law, regulation, legal process, or enforceable governmental request, or when directed to by state authorities, or if we are of the opinion that this disclosure is to protect our rights and our property, and/or the rights, property or security of third parties, including consultants, prosecution authorities, legal and regulatory authorities, as well as healthcare authorities such as the European Medicines Agency (“EMA”).

The legal basis for the sharing: We share your Personal Data as described above in order to perform obligations under our Service Agreement with you.

The condition for sharing data concerning your health: We share your Personal Data comprising of health information as described above for reasons of public interest in the area of public health, such as to ensure high standards of safety of our Optune medical device.

  1. Your Rights and Your Personal Data

If our processing of your Personal Data is subject to the data protection laws of the European Union, you are entitled to:

  • receive copies of your Personal Data under certain circumstances;
  • to have the processing of your Personal Data restricted where you dispute its accuracy, if you think its processing is unlawful, or if you otherwise object to its processing, or when Novocure no longer needs your Personal Data and you need it in relation to a legal claim; and
  • request the correction or deletion of erroneous or incomplete Personal Data to the fullest legally permissible extent.

Requests to delete your Personal Data will be subject to any applicable legal and ethical reporting or document filing or retention obligations imposed on us.

If you would like to exercise the above-mentioned rights, please direct your written concerns to the following address:

Novocure GmbH
Park 6
CH-6039 Root D4
Switzerland

Attn: EU Data Protection Officer Anastasios Papadopoulos c/o Todd Longworth, General Counsel and Chief Privacy Officer dataprotection@novocure.com                                                                                            +41414553600

Please do not send us any unencrypted Personal Data via e-mail. We would also like to inform you that in order to determine its authenticity, we must review and investigate any correspondence that we receive via e-mail that makes an application for access to, or amendment of your Personal Data.

You also have the right to complain to a data protection supervisory authority in the EU if you feel that any of your Personal Data is not being processed in accordance with applicable data protection laws.

  1. Retention of Your Personal Data

We will retain your Personal Data for as long as is necessary for the purpose for which you provided it and in accordance with our Records Retention Schedule developed in compliance with applicable data protection laws. We may retain your Personal Data for a longer time to the extent that we are obliged to retain your Personal Data, in accordance with applicable laws and regulations, and/or as necessary to protect our legal rights or for certain business requirements.

Please note that even if you request that we delete your Personal Data, deletion by our third party service providers may not be immediate and the deleted information may persist in backup copies for a reasonable period of time.

  1. Safeguards Protecting Your Personal Data

The safety of your Personal Data is an important concern for us. We take appropriate steps, including technical, administrative, and physical security measures to protect the Personal Data provided to us against loss, misuse, and unauthorized access, disclosure, amendment, and deletion.

  1. Transfer of Your Personal Data Outside the European Economic Area (“EEA”)

When sharing your information with other Novocure entities or with our third party service providers, your information may be transferred to, and stored or otherwise processed at, a destination outside the EEA, including destinations, like the United States, that are not subject to data protection provisions equivalent to those in your country of residence. By entering into a Service Agreement with Novocure for your Optune therapy, you agree to this transfer, storing, or processing.

We will take all steps reasonably necessary to ensure that your information is processed safely and in accordance with this Privacy Policy. Novocure is in the process of entering into an Intercompany Data Transfer Agreement amongst affiliates which includes a system of principles, rules and tools, provided by European law, in an effort to ensure effective levels of data protection, in particular relating to transfers of personal information outside the EEA and Switzerland.

  1. Where to Address Your Questions or Complaints

If you have any concerns as to how your Personal Data is processed you can contact:

Novocure GmbH
Park 6
CH-6039 Root D4
Switzerland
Attn: EU Data Protection Officer Anastasios Papadopoulos c/o Todd Longworth, General Counsel and Chief Privacy Officer
dataprotection@novocure.com
+41414553600

 

Effective as of 25 May 2018