Genentech, Inc. (“Genentech,” “we,” “our,” or “us”) values your privacy and the protection of your Personal Data. This policy supplements Genentech’s Privacy Notice and applies to collection of “consumer health data” subject to the Washington State My Health My Data Act (the “MHMDA”).
In this policy, we use the term “consumer” to mean (1) residents of the Washington State and (2) other individuals whose consumer health data we collect in Washington State, consistent with the definition of “consumer” in the MHMDA. Also consistent with the MHMDA, we use the term “consumer health data” in this policy to mean personal information that is linked to, or reasonably linkable to, a consumer and that identifies the consumer’s past, present, or future physical or mental health status.
This policy does not apply to any other Personal Data we collect.
Collection, Sources, Uses, and Sharing of Consumer Health Data:
We collect, use, and share the following categories of consumer health data (as further described below):
Individual health conditions, treatment, diseases, or diagnosis;
Social, psychological, behavioral, and medical interventions;
Health-related surgeries or procedures;
Use or purchase of prescribed medication;
Bodily functions, vital signs, symptoms, or measurements of the information described in this subsection;
Diagnoses or diagnostic testing, treatment, or medication;
Reproductive or sexual health information;
Genetic data;
Data that identifies a consumer seeking health care services; and
Any information that we, or one of our processors, processes to associate or identify a consumer with the data described above that is derived or extrapolated from non-health information (such as proxy, derivative, inferred, or emergent data by any means, including algorithms or machine learning).
The types of consumer health data we collect and disclose depends on your relationship with Genentech. Not all of the consumer health data listed in the following charts may apply to you. If the nature of your relationship with Genentech changes, additional categories of consumer health data may also apply.
Users of Online Services, Visitors to Our Websites and Physical Locations, and Senders of Inquiries
We may process your consumer health data when you: (1) visit our websites and our physical locations; (2) submit inquiries to us both online (e.g., via email) or offline (e.g., by written letters); (3) sign up for our newsletters or other informational or marketing materials; and/or (4) register for, visit, or use our online Products and Services.
Examples of consumer health data collected, used, and shared
areas of interest in medical research
user activity
Sources of consumer health data
you directly
those authorized to provide on your behalf such as your caregiver or authorized representative
your devices
third parties that provide access to information you make publicly available, such as social media
companies conducting non-clinical research such as market research companies
Why do we use the consumer health data?
to enroll you in our programs and provide you with our Products and Services
to administer our relationship with your organization
to send you updates
to customize content for you
to improve our Products and Services
for short-term, transient use
for administrative purposes
for marketing, internal research, and development
for quality assurance and to assist in training and development of our representatives
to improve our Online Services
advertising and product promotion, including to contact you regarding programs, products, services, and topics that may be of interest or useful
to comply with legal and regulatory obligations
Who is the consumer health data shared with?
Genentech, our affiliates, and related companies
third parties who assist with fraud prevention, detection and mitigation
third parties who assist with our information technology and security programs and our loss prevention programs
partners that assist us in providing the Products and Services or help us improve our marketing or administration
Genentech’s lawyers, auditors and consultants
Patients Applying to or Enrolled in Patient Support Programs
We may process your consumer health data when you are applying to or enrolled in patient support programs.
Examples of consumer health data collected, used, and shared
genetic information
identification of pathologies/diseases
areas of interest in medical research
treatment dates
medical history and treatment information
patient-reported outcome measures (e.g., responses to questionnaires and surveys)
X-rays, magnetic resonance imaging, and medical scans
user activity
therapy completion and use details
drug allergies
prescriptions and dosing
health values and sensor readings data, such as steps taken, blood glucose levels, heart rate, and blood pressure
health insurance company
insurance account number
information on payment for health care services
Sources of consumer health data
you directly
your Healthcare Provider
your devices
our business partners and other third parties
those authorized to provide on your behalf such as your caregiver or authorized representative
Why do we use the consumer health data?
to enroll you in our programs and provide you with our Services
to administer our relationship with you
to send you updates
to improve our Services
for short-term, transient use
for administrative purposes
for quality assurance
for marketing, internal research, and development
to determine and verify program, product, and service eligibility and coverage
to procure vendor/supplier products and services, including to manage and satisfy related vendor/supplier contractual obligations
advertising and product promotion, including to contact you regarding programs, products, services, and topics that may be of interest or useful
to comply with legal and regulatory obligations
Who is the consumer health data shared with?
Genentech, our affiliates, and related companies
Healthcare Providers
partners that assist us in providing the Services or help us improve our marketing or administration
third parties who assist with fraud prevention, detection and mitigation
third parties who assist with our information technology and security programs
Genentech’s lawyers, auditors, and consultants
authorized legal representatives, family members, and caregivers
Patients and Users of Medical Products
We may process your consumer health data when you are the existing or prospective patient of a Healthcare Provider who is a Genentech customer and/or when you receive or use Genentech medical products (including, where applicable, mobile apps).
Examples of consumer health data collected, used, and shared
genetic information
blood and tissue samples
identification of pathologies/diseases
areas of interest in medical research
treatment dates
medical history and treatment information
patient-reported outcome measures (e.g., responses to questionnaires and surveys)
X-rays, magnetic resonance imaging, and medical scans
user activity
therapy completion and use details
communications with your Healthcare Provider, including audio and/or video from telehealth sessions
drug allergies
prescriptions and dosing
health values and sensor readings data, such as steps taken, blood glucose levels, heart rate, and blood pressure
health insurance company
insurance account number
information on payment for health care services
Sources of consumer health data
you directly
your Healthcare Provider
your devices
our business partners and other third parties
those authorized to provide on your behalf such as your caregiver or authorized representative
Why do we use the consumer health data?
to enroll you in our programs and provide you with our Products and Services
to administer our relationship with you
to send you updates
to improve our Products and Services
for short-term, transient use
for administrative purposes
for quality assurance
for marketing, internal research, and development
to determine and verify program, product, and service eligibility and coverage
to procure vendor/supplier products and services, including to manage and satisfy related vendor/supplier contractual obligations
advertising and product promotion, including to contact you regarding programs, products, services, and topics that may be of interest or useful
to comply with legal and regulatory obligations
Who is the consumer health data shared with?
Genentech, our affiliates, and related companies
Healthcare Providers
partners that assist us in providing the Products and Services or help us improve our marketing or administration
third parties who assist with fraud prevention, detection and mitigation
third parties who assist with our information technology and security programs
Genentech’s lawyers, auditors, and consultants
authorized legal representatives, family members, and caregivers
Clinical Study Candidates
Clinical Study Candidates: We may process your consumer health data when you have been identified as a potential candidate for clinical studies sponsored by us or conducted by us on behalf of a third party.
If you are a participant in a clinical study, clinical trial, or other health-related research, you should receive a separate privacy notice regarding the Personal Data we process for those purposes. That privacy notice—and not this Notice— governs our processing of such Personal Data.
Examples of consumer health data collected, used, and shared
identification of pathologies/diseases
areas of interest in medical research
treatment dates
medical history and treatment information
user activity
therapy completion and use details
drug allergies
prescriptions and dosing
health values and sensor readings data, such as steps taken, blood glucose levels, heart rate, and blood pressure
Sources of consumer health data
you directly
your Healthcare Provider
your devices
our business partners and other third parties
your friends or family
those authorized to provide on your behalf such as your caregiver or authorized representative
Why do we use the consumer health data?
to administer our relationship with you
to send you updates
to determine your eligibility in one or more clinical studies
to improve our Products and Services
for short-term, transient use
for administrative purposes
for quality assurance
to comply with legal and regulatory obligations
Who is the consumer health data shared with?
Genentech, our affiliates, and related companies
our customers
Healthcare Providers
clinical investigators and/or members of investigator teams
Genentech’s lawyers, auditors, and consultants
third parties who assist with fraud prevention, detection and mitigation
third parties who assist with our information technology and security programs
authorized legal representatives, family members, and caregivers
partners that assist us in providing the Products and Services or help us improve our marketing or administration
Exercising your rights
Subject to certain legal limitations and exceptions, you have the following rights with respect to any consumer health data
we may collect about you:
The right to confirm whether we are collecting, sharing, or selling your consumer health data and to access such
data, including a list of all third parties and affiliates with whom we have shared or sold the consumer health data
and an active email address or other online mechanism that you may use to contact these third parties;
The right to withdraw consent from our collection and sharing of your consumer health data; and
The right to have your consumer health data deleted.
If you would like to exercise your rights pursuant to the MHMDA, please submit a consumer request to us by completing
the form located here or, if you prefer, you may submit your request by calling us at 800-975-7105 (toll-free).
You may make a request on your own behalf, and if you are the parent or guardian of a minor child, you also may make a
request related to your child’s consumer health data. If you wish to designate an authorized agent to make a request on
your behalf, please provide us with a signed declaration stating that your intent is to permit that individual to act on your
behalf and include such individual’s full name, address, email address, and phone number. That way we will be sure you
have fully authorized us to act in accordance with the requests of that individual.
As indicated above, in order to protect your consumer health data from unauthorized disclosure or deletion at the request
of someone other than you or your legal representative, we require identification verification before granting any request
to access, withdraw consent, or delete your consumer health data. We take special precautions to help ensure this. We
cannot respond to your request or provide you with consumer health data if we cannot verify your identity or authority to
make the request and confirm that the consumer health data relates to you. We will only use consumer health data
collected in connection with a verifiable consumer request to verify the requestor's identity or authority to make the
request.
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time
(up to 45 additional days), we will inform you of the reason and extension period in writing.
If your request to exercise a right under the MHMDA is denied, you may appeal that decision by contacting our privacy
support team via our web form. If your appeal is unsuccessful, you may raise a concern or lodge a complaint with the
Washington State Attorney General at www.atg.wa.gov/file-complaint.