US Privacy Notice

From time to time, just like many other companies, we collect or process personal information about you. In this privacy notice, we explain:

  • what kind of information we process,
  • how we’re collecting it, and
  • what we’re using it for.

Importantly, we also tell you what your rights are in relation to the personal data we hold and what you can do to enforce them.

If you’d like, you can scroll down and read the whole policy. But you can also jump to the section you are interested in by clicking on one of the headings below.

If this privacy notice doesn’t answer your questions, then get in touch with us by phone, email or post and we’ll be happy to help.

US Toll Free Phone: (833)704-0018
Email: privacy@cslbehring.com
Address: Privacy and Data Protection Office, 1020 First Avenue, King of Prussia, PA 19406

1. INTRODUCTION

At CSL Plasma LLC (“we”, “us”, “CSL Plasma”) we are committed to protecting your privacy. When you engage with us we may collect certain information that can be used to identify you (your “personal data”).

We are responsible for deciding how we hold, use and secure your personal data. We are responsible for responding to requests you make in relation to how your personal data is used.

This privacy notice explains what personal data we collect about you and how we use that personal data when you use our websites, mobile sites, mobile applications and other services and products controlled by CSL Plasma that link to this privacy notice. It also explains the rights you may have in relation to that personal data.

2. CATEGORIES OF PERSONAL DATA WE COLLECT

We may collect the following types of personal data from you when you interact with CSL Plasma:

  • Contact details: this is information that allows us to contact you, such as your name, address, telephone numbers, email addresses and social media handles/user names.
  • Demographic information: this is information about your background and which can help us identify you more precisely such as gender, citizenship, date of birth.
  • Payment information, purchase and account history: we may collect financial information when you do business with us. This may include information such as credit/debit card details, bank account details, billing addresses and customer numbers, as well as records relating to the products and services which you have purchased from us or provided to us.
  • Personal data in reports and notifications you submit to us: if you submit information to us about our products and services through our website, for example, through a suspected adverse event reporting form, we will collect any personal data you include within your report.
  • Health data: if you submit healthcare data, like medical conditions, prescriptions treatment and care management to us in relation to our products or services, we will collect any personal data you include.
  • Health insurance information:  this information may include health insurance coverage and claims and may be collected in relation to our products or services.
  • Employment information: if you apply for a job vacancy with us, we will collect information such as your employment history, references and anything else you may include in the job application form or in any attachments such as a resume/CV.
  • Records of your discussions with us: when you contact us using the contact options on the website (whether by email, phone, an online form) or through social media (such as through Twitter or on Facebook), we may keep a record of the information you provide when doing this.
  • Online and technical information: we collect information about the pages you look at and how you use them.
  • Location information: your smartphone or computer's IP address may tell us your approximate location when you connect to our website (this will usually be no more precise than a country or city location).
  • Mobile Device Contact List: The CSL Plasma app requests contact list access to enable referral sharing between app users and contact list. The referral program enables referrer and referee to get rewards upon donation. This is the contacts list stored on your device, including contact name, phone number, and email address. CSL Plasma will store the referred phone number or email to allow to track referrals in order to provision correctly for donation rewards. Allowing this access is optional. This data is not shared with any third parties.
  • Photos from your Mobile device: The CSL Plasma app allows you to provide profile photos in your Donor profile when you sign up on our website or mobile applications. Allowing this access is optional. This data is not shared with any third parties.

3. HOW DO WE COLLECT PERSONAL DATA

We will collect personal data from a number of sources. These include:

  • Directly from you: when you set up an account with us, purchase products or services from us, complete forms we provide to you, make a report or notification about our products or services, contact us by phone, email, or communicate with us directly in some other way (such as social media).
  • Our website: We also collect information about how you use our website.
  • Third parties: we may collect personal data about you from third parties. This includes: credit reference agencies (if we believe this is necessary to facilitate your purchase of products or services from us), references (if you are applying for a job vacancy with us) or healthcare professional/providers, health plans, other healthcare providers or pharmacy providers (in relation to your use of our products).

4. PURPOSES YOUR PERSONAL DATA IS COLLECTED FOR

Purpose of processing Categories of data typically processed for the purpose
Contact and communicate with you in relation to our business, products and services All the personal data listed above
If you are a healthcare professional/provider or distributor of our products, we will use your personal data to manage your account with us, perform credit checks where this is necessary, take payment for our products and services and arrange delivery
  • Contact details
  • Payment information, purchase and account history
  • Records of your discussions with us
If you contact us with any queries or complaints, we will use your personal data to help us respond to you All the personal data listed above
Contact and communicate with you in relation to our business, products and services All the personal data listed above
If you are a healthcare professional/provider or distributor of our products, we will use your personal data to manage your account with us, perform credit checks where this is necessary, take payment for our products and services and arrange delivery
  • Contact details
  • Payment information, purchase and account history
  • Records of your discussions with us
If you contact us with any queries or complaints, we will use your personal data to help us respond to you All the personal data listed above

5. WHO HAS ACCESS TO YOUR PERSONAL DATA?

CSL Plasma does not sell your personal data, however we may share it with the following third parties for a business purpose:

  • Our staff – your personal data will be accessed by our staff but only where this is necessary for their job role.
  • Companies in the same group of companies as us - for the purpose of providing a service to you.
  • Delivery companies - to deliver products that you have ordered from us.
  • Credit reference agencies - so that we can verify your identity, and to provide information on missed or late payments or other activity which may affect your credit score.
  • Government agencies or our regulators - where we are required to do so by law or to assist with their investigations or initiatives.
  • Police and law enforcement - to assist with the investigation and prevention of crime.
  • Healthcare providers, health insurance companies  - to provide the contemplated services or transactions.
  • Other service providers and advisors - such as companies that:
    • support our information technology and security
    • help us analyze the data we hold
    • process payments
    • send communications and advertisement to our current and potential customers
    • provide us with legal, auditing or financial advice
    • help us deliver our services to you 
    • assist with fraud, prevention, detection and mitigation
    • we have joint marketing or similar arrangements
    • text messaging originator - sharing excludes opt-in data and consent, this information will not be shared with any third parties. 

We do not disclose personal information except as set out above or with other prior notice. We may provide other third parties with statistical information and analytics but we will make sure that the information is aggregated and no one can be identified from this information before we disclose it.

6. HOW WE WILL KEEP YOUR DATA SECURE

We have put in place appropriate security measures to prevent your personal data from being accidentally lost or used, accessed, altered or disclosed in an unauthorized way.

In addition, we limit access to your personal data by our employees and service providers, to individuals who need access to perform their job or provide a service to us. They will only use your personal data on our instructions and are required to keep your personal data confidential.

We have put in place procedures to deal with suspected data security breaches and will notify you and any applicable regulators of breaches in accordance with relevant legal requirements.

7. WHAT RIGHTS DO YOU HAVE?

Under certain circumstances you may have the right to:

  • Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive information about the personal data we hold about you.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request deletion of your personal data. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. 
  • Request that we transfer personal data that you have provided to us to you or another party.
  • To know third parties CSL has shared your information with. If you exercise this right, we will inform you of the categories of third parties we have shared your data with.

You can exercise your rights by using the ‘CSL rights portal’ by following this link: https://privacyinfo.csl.com/

Alternatively, you can exercise your rights by contacting us using the contact details at the end of this notice.

We will always aim to help you when you wish to exercise your rights but in some instances we may have lawful grounds to reject your request.

When you make a request we will need to verify your identity. To do this we may ask you for a copy of your photo identification or ask you questions to match the personal data we have on file. 

We will investigate any request you make without undue delay and in any event within 45 days of receipt of your request. That period may be extended by an additional 45 days where necessary, taking into account the complexity and number of the requests. We shall inform you of any such extension within 45 days of receipt of the request, together with the reasons for the delay.

In the event that we decide to not take action on the request, we will inform you of the reasons for not taking action.

8. DIRECT MARKETING

If you are a healthcare professional or provider and, depending on the marketing preferences that you indicate to us at the time we collect your personal data, we may contact you via post, telephone or electronic methods with information about our products and services. You can opt-out by the options provided to you within our communications or by contacting us using the contact details at the end of this notice.

9. PERSONAL DATA RETENTION

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, whether we can achieve those purposes through other means and the applicable legal requirements.

In some circumstances we may anonymize your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

10. BIOMETRICS

We may use biometric equipment for identity verification, time keeping, door entry, access or other similar purposes. The biometric equipment may scan an individual’s finger, hand, face, retina, iris or voice (“Biometric Information”). 

When Biometric Information is collected and when required by law, we will provide the required informational notice and obtain appropriate consent.

Biometric Information will be only be used for the purposes for which it was collected and will be retained in accordance with applicable law. CSL Plasma and our biometric equipment vendors will use a reasonable standard of care to store or transmit Biometric Information, as we do with other confidential information, and Biometric Information may be disclosed to, and may be accessible by, CSL Plasma and our biometric equipment vendors only. We will not sell, lease, trade or otherwise profit from Biometric Information and will not disclose it to other third parties unless:

  • The disclosure completes a financial transaction requested and authorized by you or your legally authorized representative;
  • The disclosure is required by state or federal law, or municipal ordinance;
  • The disclosure is required pursuant to a valid warrant or subpoena, issued by a court of competent jurisdiction; or
  • We have received consent to the disclosure.

11. CONTACT US

If you have any questions about how we process your personal data, you can contact us using the details below.

US Toll Free Phone: (833) 704-0018
Email: privacy@cslbehring.com
Address: Privacy and Data Protection Office, 1020 First Avenue, King of Prussia, PA 19406

12. UPDATES TO THIS NOTICE

This privacy notice is effective as of February 17, 2023.

We may update this notice from time to time to reflect changes in the way we process personal data (e.g., if we implement new systems or processes that involve the new uses of personal data) or to clarify information we have provided in the notice. Our changes will be in accordance with applicable data protection laws.

We recommend that you check for updates to this notice from time to time but we will notify you directly about changes to this notice or the way we use your personal data when we are legally required to do so.


Effective as of February 17, 2023