You may have certain rights regarding our processing of your personal data under applicable local state law, including, for example, if you are a consumer in California or Virginia. If our processing of your personal data is governed by such laws, the following provisions apply to our processing of your personal data, whether collected online or offline. These provisions supplement the other sections of the Privacy Policy. If you are a resident of Washington, please refer to our Washington Health Data Privacy Policy regarding our processing of your health data (defined below).
We do not “sell” or “share” for cross-contextual behavioral advertising (as those terms are defined under applicable local law) the categories of personal data described below. Instead, where we may use cookies for marketing purposes, for example, we do so at your instruction based on your permission to use cookies associated with this processing. Where you direct us to do so, we and certain third-party business partners, such as our advertising partners, may collect health data (defined below) using cookies and other Tools (defined below) when you visit or interact with our Site. These partners also may use cookies and other Tools to collect your health data over time across different websites depending on the associated permissions you set. For more information, refer to the Cookies and Other Tools Section below. We do not use or disclose sensitive personal data for purposes other than permitted under applicable local law.
CATEGORIES OF PERSONAL DATA THAT WE COLLECT AND DISCLOSE
As may be required under applicable local law, the chart below provides the categories of personal data that we: (1) collect and have collected in the preceding 12 months; and (2) disclose for a business purpose and have disclosed for a business purpose in the preceding 12 months. For more information about how we disclose your personal data, refer to the How We Disclose Your Personal Data Section above.
CATEGORIES OF PERSONAL DATA WE COLLECT AND DISCLOSE | DISCLOSED TO WHICH CATEGORIES OF THIRD PARTIES |
---|
A. NAME, CONTACT INFORMATION AND IDENTIFIERS: Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, user name, social security number, tax ID, driver’s license number, passport number, or other similar identifiers. | Pfizer Inc.’s subsidiary companies; Providers; professional advisors; public and government entities |
B. CUSTOMER AND OTHER RECORDS: Paper and electronic customer records containing personal data, such as name, signature, physical characteristics or description, address, telephone number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information | Pfizer Inc.’s subsidiary companies; Providers; professional advisors; public and government entities |
C. PROTECTED CLASSIFICATIONS: Characteristics of protected classifications under applicable state or federal law such as race, color, sex, gender, age, national origin, disability, and citizenship status. | Pfizer Inc.’s subsidiary companies; Providers; professional advisors; public and government entities |
D. PURCHASE HISTORY AND TENDENCIES: Commercial information, including records of products or services considered, purchased or owned. | Pfizer Inc.’s subsidiary companies; Providers; professional advisors; public and government entities |
E. BIOMETRIC INFORMATION: Physiological, biological or behavioral characteristics that can be used alone or in combination with each other to establish individual identity, including DNA, fingerprint, diagnostic or lab results, imagery of the face from which an identifier template can be extracted, and sleep, health, or exercise data that contain identifying information. | Pfizer Inc.’s subsidiary companies; Providers; professional advisors; public and government entities |
F. USAGE DATA: Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a resident’s interaction with an internet website, application, or advertisement. | Pfizer Inc.’s subsidiary companies; Providers; professional advisors; public and government entities |
G. GEOLOCATION DATA: Precise geographic location information about a particular individual or device. | Pfizer Inc.’s subsidiary companies; Providers; professional advisors; public and government entities |
H. AUDIO/VISUAL: Audio, electronic, or visual recordings, or similar information. | Pfizer Inc.’s subsidiary companies; Providers; professional advisors; public and government entities |
I. EMPLOYMENT HISTORY: Professional or employment-related information. | Pfizer Inc.’s subsidiary companies; Providers; professional advisors; public and government entities |
J. EDUCATION INFORMATION: Information that is not publicly available personally identifiable information as defined in the federal Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99). | Pfizer Inc.’s subsidiary companies; Providers; professional advisors; public and government entities |
K. SENSITIVE INFORMATION: as defined under applicable local law, such as certain characteristics of protected classifications, precise geolocation, account login credential and passwords, health information (including health data, as defined below), and financial information. | Pfizer Inc.’s subsidiary companies; Providers; professional advisors; public and government entities |
L. PROFILES AND INFERENCES: Inferences drawn from any of the information identified above to create a profile about a resident reflecting the resident’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | Pfizer Inc.’s subsidiary companies; Providers; professional advisors; public and government entities |
Depending on the specific service or product offering that you use or receive and your interaction with us, we may use certain personal information about you to identify your past, present, or future physical or mental health status (“health data”). Examples of health data we might collect include:
- Information about your health conditions, symptoms, status, diseases, diagnoses, testing, or treatments (including surgeries, procedures, use or purchase of medications, or other social, psychological, behavioral, and medical interventions);
- Measurements of bodily functions, vital signs, symptoms, or other health characteristics;
- Information regarding gender-affirming care or reproductive or sexual health;
- Data that could identify you as an individual seeking health care services; and
- Any inferences of the above categories of health data that we may infer or derive from non-health related information.
As described in the Data We Collect And Use Section above, we may collect this personal data, including health data, directly from you, automatically through your use of our Site, and from other categories of sources: public databases; social media platforms; and other third parties, when they share the information with us. For example, we may use such third party information to confirm contact or financial information, to verify licensure of healthcare professionals, or to better understand your interests by associating demographic information with the information you have provided.
Also as described above in the How We Use Personal Data Section, we may use this personal data to serve you; to connect you with third parties; to validate your ability to access and/or use certain products, services and information; to provide and improve products and services; to protect patients and consumers; in accordance with special program terms; to operate, manage, and maintain our business; to respond to your inquiries and fulfill your requests; to send administrative information to you; to send you certain marketing communications; to personalize certain experiences; and to facilitate social sharing or messages services when available. We may also this personal data for our business purposes and objectives, including, data analysis; audits; developing new products; improving existing products; identifying usage trends; determining the effectiveness of promotional campaigns; preventing fraud; and expanding our business activities. Additionally, we may use this personal data to comply with applicable law, legal process, respond to requests from public and government authorities, and to protect our rights, operations, and enforce our terms of service.
As described in the Retention Period Section below, we may retain your personal data for as long as needed or permitted in light of the purpose(s) for which it was obtained and as outlined in this Privacy Policy, depending on the length of our relationship with you, whether there is a legal obligation to which we are subject; or whether retention is advisable in light of our legal position.
INDIVIDUAL RIGHTS
Subject to certain exceptions and depending on where you live, you may have the right to make the following requests, at no charge:
- Copy: You may request, up to twice every 12 months, a copy of the specific pieces of personal data that we have collected, used or disclosed about you in the prior 12 months and to have this delivered, free of charge, either (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows you to transmit this information to another entity without hindrance.
- Correct: You may request correction of your personal data that we have collected about you if it is inaccurate or incomplete.
- Delete: You may request deletion of your personal data that we have collected about you.
- Know: You may request that we provide you certain information about how we have handled your personal data, including the:
- categories of personal data collected;
- categories of sources of personal data;
- business and/or commercial purposes for collecting your personal data;
- information about third parties/with whom we have disclosed or shared your personal data; and
- categories of personal data that we have disclosed or shared with a third party for a business purpose.
You have the right to be free from unlawful discrimination for exercising your rights under applicable state law.
Submitting Requests. You may submit requests to delete, correct, access a copy and/or know personal data we have collected about you by accessing our webform at www.pfizer.com/individualrights, or by contacting us at 833-991-1933 (toll free). You will be asked to provide certain personal information when submitting your request including your relationship with Pfizer, first and last name, email address, telephone number and postal address in order for us to determine if your information is in our systems.
We will further verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the personal information subject to the request. We may need to request additional personal information from you, such as your date of birth or government identifier, in order to protect against fraudulent or spoofed requests. If you want to make a request as an authorized agent on behalf of an individual under applicable local law, you may use the submission methods noted above. As part of our verification process, we may request that you provide us with proof that you have been authorized by the individual on whose behalf you are making the request under applicable local law, which may include signed permission provided by such individual.
Appeals. You may have a right to appeal a decision we make relating to requests to exercise your rights under applicable local law. To appeal a decision, please access our webform at www.pfizer.com/individualrights.
Please contact us according to the Contact Us Section below, if you have any questions regarding this Section.