Privacy Notice Effective Date: November 2023
Baxter is the Data Controller
This Privacy Notice (“Notice”) will provide you with information on the data processing activities of Baxter Healthcare Corporation located at One Baxter Parkway, Deerfield, Illinois 60015, together with its affiliates and subsidiaries (collectively “Baxter,” “we,”, “us”). This Notice applies to registered healthcare professional and other authorized users (“users,” “you”) of Baxter’s iCare Portal, and describes what personal data is collected about you when you use and/or interact with the iCare Portal.
The iCare Portal allows users to search and download available content and submit medical information queries (collectively, “Requests”) to Baxter. This Privacy Notice provides you with information on how Baxter will process your Personal Data and how you can exercise your rights regarding your personal data.
What Personal Data we Collect
We may obtain the following categories of personal data about you:
- Contact information, including name, address, phone number, and email address
- Information regarding your title and your profession, including your place of employment and/or affiliation
- Username and password used to access the iCare Portal
- Information regarding a user’s session, including user ID, date registered, last login date and time, language selection, and any downloaded content and a corresponding time stamp
- Other information derived from cookies and other similar technologies. The iCare Portal currently uses only cookies necessary for the function of the iCare Portal.
- Other information you may submit via the iCare Portal in connection with your Requests
How we Process Your Personal Data
We will process your personal data for the following purposes:
- To provide you with the iCare Portal and related services
- To support your user account and assist with registration
- To respond to your Requests
- To enable you to search our database about the products available in the country you are located in
- To track your usage of the iCare Portal
Baxter will process your personal data because it is necessary for our legitimate interests in order to effectively validate and provide you with access to your user account, to respond to your Requests, and provide you with the services.
Who at Baxter may Receive your Personal Data
Your personal data may be accessed by Baxter employees around the globe who support the iCare Portal. For example, Baxter employees belonging to the Medical Information and Medical Affairs teams may access to your personal data in connection with responding to Requests. Other Baxter employees serving as iCare Portal administrators may also access your personal data in connection with your user account.
Sharing your Personal Data with our Service Providers
Baxter uses service providers and other business partners to help us process your personal data. Specifically, Baxter utilizes a service provider named Anju Software, located in the United States, to support the administration, hosting and functionality of the iCare Portal. Baxter also utilizes service providers to authenticate your user account, and to host the iCare Portal. Baxter has data processing agreements in place with its service providers to ensure they provide an adequate level of protection for your personal data. Service providers are only authorized to use your personal data only as necessary to provide these services to us.
How Long we Keep your Personal Data
We will keep your personal data as long as your user account exists. Please note that you may delete your user account at any time by accessing your user profile in the “My Profile” tab and then selecting the “Personal Data” tab.
We have reasonable and appropriate security measures in place to protect against the loss, misuse, and alteration of any personal data we receive. We maintain reasonable security standards to protect personal data that we maintain. If you have any questions about the security of your personal data, you can contact us by using the other contact details in the “How to contact us” section below.
Do Not Track
Certain laws require Baxter to indicate whether we honor “Do Not Track” settings in your browser concerning targeted advertising. As of the effective date of this Privacy Statement, an industry standard has not yet been established on how to respond to these signals, and therefore Baxter does not currently respond to such signals. Instead, we adhere to the standards set out in this Privacy Statement. If you have any questions, please contact us using the information provided below.
International Data Transfers
Some of the individuals and entities who will receive your personal data may be located both within and outside of the European Union, including in countries that have less adequate protections, safeguards and rules to protect personal data and where you may not have the same rights to your data that you do in your own country. Baxter is a global company and therefore uses global vendors and subcontractors as well as global IT systems and applications. As a result, your personal data may be transferred to our global affiliates and to our employees and contractors who work for us and are located outside the EU/EEA, such as in the United States (the list of Baxter Group entities and the places of their establishment is set out at https://www.baxter.com/location-selector), for the purposes described in this Notice. These countries may have less strict data protection laws compared to your country. If this is the case, we will take legally required steps under the General Data Protection Regulation (“GDPR”) to ensure that adequate safeguards are in place (e.g., standard contractual clauses) to protect your personal data. You may contact us for a copy of the safeguards which we have put in place to protect your personal data and privacy rights when your personal data is transferred outside the EU/EEA.
Depending on where you are located, you may have the following rights with respect to your personal data:
- Check whether we hold personal data about you, and, if so, what kind and for what purposes. You also have the right to know the identities or categories of recipients of your personal data and to request access to or copies of your personal data.
- Request rectification (correction) of your personal data if it is inaccurate or incomplete.
- Request the erasure of your data, unless we have a legal obligation to process your data or another exception applies. If you want to delete your user account, you may do that anytime by can accessing your user profile in the “My Profile” tab and then selecting the “Personal Data” tab.
- Request us to restrict the processing of your personal data and not delete it under certain circumstances.
- If we process your data electronically through automated means, and we do so based on your consent or a contract, you have the right to request a machine-readable copy of your data from us, and to have us transmit that data directly to another controller, where technically feasible.
- Lodge a complaint with a supervisory authority.
You also have the right to object to the processing of your personal data for certain purposes, including our legitimate interests. You can object at any time to the processing of your personal data by sending an e-mail to the contact information below.
Please address your requests to exercise your rights described above, or questions concerning this Notice or the processing of your personal data, to the Data Protection Officer using the contact information below.
Email us with any privacy questions or concerns at: firstname.lastname@example.org
Email us with questions about the iCare Portal and medical information Requests: Medinfo@baxter.com
Privacy telephone: Ethics and Compliance Hotline at 1-844-294-5418
Privacy mail: Baxter Healthcare Corporation
Baxter International Inc.
ATTN: Data Protection Officer
Global Privacy Office 1 Baxter Parkway
Deerfield, IL USA 60015
U.S. STATE LAW SUPPLEMENT:
SUPPLEMENTAL PRIVACY STATEMENT FOR U.S. RESIDENTS AS APPLICABLE
Last Revised: November 2, 2023
Baxter Healthcare Corporation, together with its affiliates and subsidiaries ("Baxter," "we," "our" or "us") provides this supplemental privacy statement (“Supplement”) to the Privacy Notice for U.S. Residents As Applicable (“Consumers,” “you”) to provide you with additional information, as required by applicable state law, on how we use and disclose your information that we collect from you.
If you would like to receive a copy of this Supplement in an alternate format (e.g., printable) or language, please contact us using the information provided below.
We may periodically update this Supplement to describe new features, products or services we offer and how it may affect our use of information about you. If we make material changes to this Supplement, we will post a notice on our site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
- Personal Information Collected and Disclosed
“Personal Information” as used in this Supplement means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or household. The Personal Information Baxter collects from you is listed in the Privacy Notice. In particular, Baxter will collect and disclose the below listed statutory categories of Personal Information from Consumers for the following purposes.
Categories of Personal Information Collected & Disclosed
Identifiers - A real name, address, email address.
Personal information categories - A name, address, telephone number, email address, title and employment, iCare Portal account username and password. Some personal information included in this category may overlap with other categories.
Internet or other similar network activity - Browsing history, search history, information on your interaction with a website, or application.
Please see of the section entitled, “What Personal Data we Collect” in our Privacy Notice above for a description of how Baxter collects this Personal Information.
The above listed categories of Personal Information are disclosed to the categories of third parties discussed in the section entitled, “Sharing your Personal Data with our Service Providers and International Data Transfers” in our Privacy Notice above.
The above listed categories of Personal Information are collected and disclosed for the business purposes stated in the Privacy Notice (section entitled, “How we Process Your Personal Data”) and retained as stated in the Privacy Notice above (section entitled, “How Long We Keep Your Personal Data”).
Sale, Cross-Context Behavioral Advertising, Targeted Advertising
Certain state laws regulate the “sale” of Personal Information, which may include not only the traditional selling of data, but also many sharing arrangements where the recipient can use the personal information that they receive for the recipient’s own commercial purposes. State laws may also regulate the disclosure of Personal Information to third parties for cross-context behavioral advertising (referred to as “sharing” under the California Consumer Privacy Act of 2018 or “targeted advertising,” as such practice is more commonly referred to). Please note, that for purposes of this Supplement, “sale” may be broadly defined to include exchanges of Personal Information for monetary or other valuable consideration.
We do not “sell” “share,” or use your Personal Information for purposes of targeted advertising. We also do not knowingly “sell” or “share” the Personal Information of individuals under the age of 16.
- Your Privacy Rights
Depending on your location, you may be afforded certain privacy rights. In general, you may exercise your privacy rights with respect to your Personal Information as set forth in the table below by following the instructions set forth below in this Supplement. Please note that applicable law sets forth a process to follow when evaluating your request, and there are also some exceptions to these rights.
You may have the right to be notified of what categories of Personal Information will be collected at or before the point of collection and the purposes for which they will be used and shared.
Right to Know/Access
You may have the right to confirm whether your Personal Information is being processed. You may have the right to request that we disclose to you what Personal Information of yours has been collected, used, disclosed, and sold or shared, including, depending on your location:
You may have the right to receive copies of your Personal Information that we have collected in a commonly used and machine-readable format
Right to Delete
You may have the right to request deletion of the Personal Information collected about you.
Right to Correct
You may have the right to request the correction of inaccurate personal information that is maintained about you.
Right to Opt-Out of Sale, Cross-Context Behavioral Advertising, Targeted Advertising
Certain laws may provide you the right to opt-out of the sale of your Personal Information and the use or disclosure of your Personal Information for cross-context behavioral advertising (i.e., “sharing” under the California Consumer Privacy Act) or targeted advertising. We do not use or disclose your Personal Information in these ways.
Profiling through Automated Decision-Making
We do not apply automated processing to your Personal Information for purposes of profiling. However, if we did, you may have the right to request information about the logic involved in certain types of automated practices and a description of the likely outcome of such processes, and the right to opt out.
Right to Limit the Use of Sensitive Personal Information
We do not collect your Sensitive Personal Information, except for your iCare Portal account log-in information. We do not use or disclose your Sensitive Personal Information for purposes other than those specified in Section 7027(m) of the California Consumer Privacy Act regulations. If we did, you may have the right to limit certain uses of your Sensitive Personal Information.
Right to Non-Discrimination
You have the right to not receive discriminatory treatment if you exercise any of the rights conferred to you by law.
- How to Exercise Your Rights
If you would like to exercise any of your rights listed above, please contact us using the information below. You may also designate an authorized agent to make a request to exercise your rights on your behalf. In order to do so, you must contact us using the information below.
When contacting us to exercise your rights, please adhere to the following guidelines:
- Tell Us Which Right You Are Exercising: Specify which right you want to exercise and the Personal Information to which your request relates (if it does not relate to you). If you are acting as an authorized agent on behalf of someone else, please clearly indicate this fact and indicate your authority to act on their behalf.
- Help Us Verify Your Identity: Contact us using the information below and provide us with enough information to verify your identity. Please note that if we cannot initially verify your identity, we may request additional information to complete the verification process. Any Personal Information you disclose to us for purposes of verifying your identity will solely be used for the purpose of verification.
- Direct Response Delivery: Inform us of the delivery mechanism with which you prefer to receive our response. You may specify, for example, email, mail, or through your account (if you have one with us).
Please note that you do not need to create an account with us in order to make a request to exercise your rights hereunder.
Please contact us to appeal any decision made on your request.
- Responses to Your Requests
Receipt of your request will be confirmed consistent with applicable law. You will generally receive a response to your request within forty-five (45) days. However, where reasonably necessary and where permitted by law, the response time may be extended by an additional forty-five (45) days, provided you are given notice of such extension first. If the information is provided to you electronically, it will be in a portable format and, to the extent technically feasible, in a machine readable, readily useable format that allows you to freely transmit this information without hindrance.
Please note that you will not be charged for making a request, provided that you make no more than two (2) requests per year. Where permitted by law, your request may be denied, for example, if your requests are determined to be unfounded or excessive (e.g., repetitive in nature), or a reasonable fee may be charged. In these circumstances, you will receive a notice regarding this denial and the reason for such denial.
- Other Privacy Rights for California Residents
Under California Civil Code Section 1798.83, individuals who visit the iCare Portal, who reside in California and who have an existing business relationship with us may request information about the disclosure of certain categories of personal information to third parties for the third parties’ direct marketing purposes, if any. To make such a request, please use the information in the Contact Information section below. Please be aware that not all information sharing is covered by these California privacy rights requirements and only information on covered sharing will be included in the response. This request may be made no more than once per calendar year.
- Contact Information
Baxter International Inc.
ATTN: Global Privacy Office
1 Baxter Parkway, Deerfield, IL USA 60015
Ethics and Compliance Hotline: 1-844-294-5418