Tandem Diabetes Care, Inc. ("Tandem," "us," "we," or "our") takes your privacy very seriously. This Notice of Privacy Practices tells you how Tandem collects and uses information about you.

Contents

What Does Tandem Do?

Tandem is an insulin delivery and diabetes technology company that designs, manufactures, and supplies medical devices, as well as develops and provides mobile and web-based software and technologies for the management of diabetes. Tandem serves several types of users in a variety of countries, and in some countries, we provide our Products through authorized distribution partners.

Back to Top >>

What Personal Information Does Tandem Collect and Why?

In general, we will use the personal information we collect about you with your consent or as permitted or required by applicable privacy laws and only for the purposes described in this Privacy Notice or for purposes that we explain to you at the time we collect your personal information. Your consent may be express or implied, depending on the circumstances and the sensitivity of the personal information we seek to collect, use, or disclose. We may also use your personal information for other purposes that are not incompatible with the purposes we have disclosed to you (such as conducting our business operations, scientific or historical research purposes, data security purposes, data anonymization purposes, or statistical purposes) if and where this is permitted by applicable data protection laws. Your provision of personal data to us is entirely voluntary. If you chose not to provide your personal data, you may not be able to use our Products or to engage in our Promotional or Educational Activities.

Specifically, the personal information we collect depends on whether you are:

• the current, potential, or former user of one of our Products (collectively referred to as “Product User” or “Product Users”).
• a Product User's parent, guardian, or trusted individual who acts on behalf of a Product User (collectively referred to as “Representative” or “Representatives”).
• a Product User's parent, guardian, or trusted individual who uses Tandem Technologies to follow, track, or help manage a Product User’s diabetes therapy data, such as glucose levels (collectively referred to as a “Follower” or "Followers").
• a health care provider or a clinic administrator appointed by a health care provider (collectively referred to as “HCP” or “HCPs”).
• an individual or entity that contracts with Tandem to provide goods or services for Tandem, including without limitation, distribution partners, consultants, pump trainers and contracted diabetes education centers or clinics (referred to as “Contractor” or “Contractors”).

If you are an employee of Tandem, we will provide you with any required notices during your employment. If you are applying for a job at Tandem, we will provide you with any required notices during your application process.

PRODUCT USER

New or Prospective Patient Information.  In connection with your establishment of a potential customer-company relationship with Tandem or your request that Tandem establish your Tandem account, we may collect personal information over the phone or via electronic or paper forms and communications, such as our Patient Information Forms and Health and Product Questionnaires. We collect your name, date of birth, gender, email, physical, shipping and billing addresses, telephone number, emergency contact information, insurance or other public health benefit information, Tandem username and password, and/or your HCP contact information. We may also collect special categories of personal information in the form of your health information, biometrics, medical history, pregnancy status, current diabetes therapy information, lab charts, diagnosis and prescription history, and glucose and insulin data. New or Prospective Patient Information also includes any personal information, including personal health information, of another you provide to us while acting as a Representative.  Our use of this personal information may include:

• Establishing and managing your Tandem account and potential access to Tandem Products.
• Establishing, performing, or maintaining an agreement or contract with you.
• Providing you marketing information about our Products that may interest you, subject to applicable marketing laws.
• Inviting your participation in Promotional or Educational Activities, subject to applicable marketing laws.
• Processing and responding to your Requests for Responses.
• Complying with applicable law.
• Establishing, exercising, or defending our legal claims.
• Carrying out any other purpose(s) set forth in any additional consent you provide

Order Information. Tandem may collect your personal information in connection with processing and billing you for your orders, or otherwise fulfilling and providing you with Products you request, purchase, acquire, register for and/or use.This personal information may include your New or Prospective Patient Information, financial information, lot and serial numbers of Products associated with your Tandem account, and any personal information you include in an open text field on our Website or in our Technologies. We may also collect your credit card information, including credit card number, card expiration data, and CVV code, if you purchase a product or accessory directly from us, or if you are interested in enrolling in a payment plan. We do not store your full credit card number, and we use a secure third-party vendor to handle your credit card processing. Order Information additionally includes your contact information, Tandem username and password, and personal health information of any person on whose behalf you order or pay for Products. We may use your Order Information for:

• Fulfilling your order, tracking shipments and confirming delivery, processing payment (by you, your insurer, or other third-party), and managing our inventory.
• Establishing, performing, or maintaining an agreement or contract with you.
• Providing you marketing information about our Products that may interest you, subject to applicable marketing laws.
• Inviting your participation in Promotional or Educational Activities, subject to applicable marketing laws.
• Processing and responding to your Requests for Responses.
• Processing, billing, and fulfilling your orders for Products.
• Complying with applicable law.
• Establishing, exercising, or defending our legal claims.
• Carrying out any other purpose(s) set forth in any additional consent you provide.

Use Information. In connection with your use of our Products, including our Technologies, or if you provide us your pump for evaluation/troubleshooting, we may collect your personal information and health information. Use Information includes health information generated from your use of the Products individually or collectively, both automatically and that which you input or provide. Use Information includes Product identification information such as a serial number, as well as a log of pump operations and your direct and indirect interactions with the pump stored on or transmitted between the pump and the Technologies or between the pump and any third-party products that communicate with the pump such as continuous glucose monitoring devices, glycemic controllers, or other connected applications or products. Use Information also includes settings, inputs, parameters, and thresholds you set to apply to the pump or any other Product and your interactions with these settings and resulting notifications.Use Information also includes contact information regarding your designated Followers and HCPs, Order Information associated with your Products, and information about your settings and interactions with the Products. We may also collect personal information that is more "technical" in nature when you use our Products. This data may include, without limitation, the pump serial number, current and updated software versions of your pump(s), clinic IDs of your HCPs, and other globally unique identifiers. Use Information additionally includes contact information, Tandem username and password, and health information of any person on whose behalf you order or pay for Products. Our use of this personal information may include:

• Establishing, performing, or maintaining an agreement or contract with you.
• Providing you marketing information about our Products that may interest you, subject to applicable marketing laws.
• Inviting your participation in Promotional or Educational Activities, subject to applicable marketing laws.
• Processing and responding to your Requests for Responses.
• Processing, billing, and fulfilling your orders for Products.
• Complying with applicable law.
• Establishing, exercising, or defending our legal claims.
• Carrying out any other purpose(s) set forth in any additional consent you provide.
• Providing technical support that you request for your Tandem Products.
• Operating and managing our business (including developing, maintaining, and supporting our Products).

Product Training Information. In connection with your safe and effective use of the Products, you may receive product training from Tandem or one of our Contractors on how to use our Products. This Product training may be provided one-on-one or in a group setting. Product training may be offered online, in-person, through virtual communication platforms, or through other channels. The personal information we collect from you during training may include your name, date of birth, Product serial number, pump software version, contact information of your HCP, information about your current health and health history, and information related to your use of our Products and the Product training received. Our use of this personal information may include:

• Confirming and tracking your participation in Product training.
• Establishing, performing, or maintaining an agreement or contract with you.
• Providing you marketing information about our Products that may interest you, subject to applicable marketing laws.
• Inviting your participation in Promotional or Educational Activities, subject to applicable marketing laws.
• Processing and responding to your Requests for Responses.
• Processing, billing, and fulfilling your orders for Products.
• Complying with applicable law.
• Establishing, exercising, or defending our legal claims.
• Carrying out any other purpose(s) set forth in any additional consent you provide.
• Providing training support for the safe and effective use that you request for your Tandem Products.

Requests for Responses Information. In connection with your contacting or communicating with us through any means to ask a question, request information, submit a complaint, or seek customer support from us, we may collect your name, the reason for your inquiry, information necessary so that we may address the reason for your inquiry, and any other personal information you voluntarily provide us. Our use this of this personal information may include:

• Processing, logging, and responding to your contact or communication and taking any related necessary action to address your contact or communication.
• Providing you marketing information about our Products that may interest you, subject to applicable marketing laws.
• Inviting your participation in Promotional or Educational Activities, subject to applicable marketing laws.
• Complying with applicable law.
• Establishing, exercising, or defending our legal claims.
• Carrying out any other purpose(s) set forth in any additional consent you provide.
• Operating and managing our business (including developing, maintaining, and supporting our Products).

Automatically Collected Information. When you visit our Website, use our Products, or participate in Promotional and Educational Activities, we may collect certain information automatically. In some countries, this information may be considered personal information under applicable data protection laws. Automatically Collected Information may include, for example, your IP address, device type, device operating system, unique device identification numbers, browser-type, broad geographic location (e.g., country or county), which Tandem-hosted webpages you visited and when, and other similar technical information.We may also collect information about how you or your device has interacted with our Products, Promotional and Educational Activities, and our Website, including the pages accessed and links clicked. Some of this information may be collected using Cookies and similar tracking technology, as explained and further defined under the heading “Cookies and Similar Tracking Technology” below. Our use this information may include:

• Performing analytical analyses on the use of our Website, Products, and Promotional or Educational Activities.
• Establishing, performing, or maintaining an agreement or contract with you.
• Providing you marketing information about our Products that may interest you, subject to applicable marketing laws.
• Inviting your participation in Promotional or Educational Activities, subject to applicable marketing laws.
• Operating and managing our business (including developing, maintaining, and supporting our Products and Website), subject to applicable opt-in/opt-out/consent regulations.
• Complying with applicable law.
• Establishing, exercising, or defending our legal claims.
• Carrying out any other purpose(s) set forth in any additional consent you provide.

Third-Party Information. In connection with your use of third-party products, software, or applications we may process your personal information or health information when you authorize a third-party to provide information about you to us. This Third-Party Information may include information from manufacturers or suppliers of your previous or future pumps, manufacturers or suppliers of glucose monitors you use or have used, operators of web or mobile-based diabetes management applications or other devices, software or applications that integrate with our Products, or those of our Contractors, insurance providers, or HCPs. The types of information we collect from third parties may include your name, your date of birth, gender, glucose readings, existence of a health condition that may impact your therapy (such as pregnancy status, retinopathy, or neuropathy) eligibility for insurance coverage and payment amounts, evidence that you received Product training, your health care professional’s name and contact information, and/or details of your use of medical devices for diabetes therapy/medical treatment. Our use of this personal information may include:

• Establishing, performing, or maintaining an agreement or contract with you.
• Providing you with Products or functionalities that integrate with designated third-party products.
• Providing you marketing information about our Products that may interest you, subject to applicable marketing laws.
• Inviting your participation in Promotional or Educational Activities, subject to applicable marketing laws.
• Operating and managing our business (including developing, maintaining, and supporting our Products).
• Complying with applicable law.
• Establishing, exercising, or defending our legal claims.
• Carrying out any other purpose(s) set forth in any additional consent you provide.

FOLLOWERS

In addition to personal information we may process about you in your capacity as a Product User, if you sign up for a Follower account we may also collect your name, contact information, username and password, and a Tandem-assigned ID number, as well as Automatically Collected Information, described above. Our use of this personal information may include:

• Providing you with the ability to follow other Product users who have consented to your following.
• Establishing, performing, or maintaining an agreement or contract with you.
• Providing you marketing information about our Products that may interest you, subject to applicable marketing laws.
• Inviting your participation in Promotional or Educational Activities, subject to applicable marketing laws.
• Operating and managing our business (including developing, maintaining, and supporting our Products).
• Processing and responding to your Requests for Responses.
• Complying with applicable law.
• Establishing, exercising, or defending our legal claims.
• Carrying out any other purpose(s) set forth in any additional consent you provide.

HCP USERS

In addition to personal information we may process about you in your capacity as a Product User, in connection with your establishment of a Tandem HCP Account we may also collect personal information including your name, contact information, your assigned HCP Account ID number, Clinic ID number, and Tandem username and password. We may also collect information about your settings and interactions with the Products. Our use of this personal information may include:

• Establishing and managing your Tandem account and potential access to Tandem Products.
• Establishing, performing, or maintaining an agreement or contract with you.
• Providing you marketing information about our Products that may interest you, subject to applicable marketing laws.
• Invite your participation in Promotional or Educational Activities, subject to applicable marketing laws.
• Processing and responding to your Requests for Responses.
• Complying with applicable law.
• Establishing, exercising, or defending our legal claims.
• Carrying out any other purpose(s) set forth in any additional consent you provide.

CONTRACTORS

Depending on where you reside, Tandem may collect your full name, contact details such as phone number, email address, or physical address, Social Security number (in the US), and information collected for purposes of public health (such as body temperature).  We may also collect Contractors’ professional information, such as government- or regulatory-maintained disciplinary records (e.g., exclusion lists); and to the extent voluntarily provide by you, your education history, employment history, and curriculum vitae.

During your engagement with Tandem as a Contractor, we may process your bank account and routing numbers if you chose and are able to be paid via direct deposit, training records, Tandem usernames and passwords and similar online identifiers if access to Tandem’s network is necessary, emergency contact telephone numbers, and tax information.  With regard to the performance of your services, Tandem may collect personal information reported through a whistleblowing hotline or regulatory reporting channel, and content of professional emails to the extent permitted by applicable law.

If you are permitted to use Tandem’s network as part of your job, we may collect system-generated logs regarding internet, email, and telephone use.  Tandem will also collect the date and time of access card use if you are provided with one and CCTV security surveillance footage when you are physically present on Tandem premises.  Our use of this information may include:

• Establishing, performing, or maintaining the terms of an agreement or contract with you.
• Providing you marketing information about our Products that may interest you, subject to applicable marketing laws.
• Inviting your participation in Promotional or Educational Activities, subject to applicable marketing laws.
• Operating and managing our business (including developing, maintaining, and supporting our Products).
• Processing and responding to your Requests for Responses.
• Complying with applicable law.
• Establishing, exercising, or defending our legal claims.
• Carrying out any other purpose(s) set forth in any additional consent you provide.

VISITORS

In addition to information we may process about you in your capacity as a Product User, if you visit our Website, our physical offices, participate in Promotional and Educational Activities, register for a Tandem mailing list, sign up for our newsletter, submit information to us via email or a web form, contact us via post, or call us on the phone, we may collect your name, contact information, the reason you contacted us, any personal information you voluntarily provide us, and any additional information you provided us consent to process. We may also collect CCTV security surveillance footage when you are physically present on Tandem premises.

If you interact or engage with us through Social Media platforms, including but not limited to Facebook, Twitter, LinkedIn, Instagram, or YouTube, we may collect the content of your post (which may include photographs or videos you post), the nature of your interaction (such as a “Like” or a “Retweet”), and your screen name.  Our use of this information may include:

• Establishing, performing, or maintaining an agreement or contract with you.
• Providing you marketing information about our Products that may interest you, subject to applicable marketing laws.
• Inviting your participation in Promotional or Educational Activities, subject to applicable marketing laws.
• Operating and managing our business (including developing, maintaining, and supporting our Products).
• Processing and responding to your Requests for Responses.
• Complying with applicable law.
• Establishing, exercising, or defending our legal claims.
• Carrying out any other purpose(s) set forth in any additional consent you provide.

Back to Top >>

How Does Tandem Collect My Personal Information Interact With Me?

DIRECTLY.

Tandem, and our Contractors, collect personal information about you when you provide it to us directly. For example, when you complete a form on our Website, call a representative on the phone, write us a letter, post on our social media channels, submit payment for a Product, or otherwise provide us personal information about you.

With your consent, or to the extent permitted by law without your consent, we may communicate with you via text message to alert you about a product shipment, to respond to your questions, or to otherwise assist with your receipt and use of the Products. You can withdraw your consent to being contacted via text message at any time by replying “stop” to the text message.

If you contact us by phone, note that your call may be used for training purposes and it will be recorded. Tandem also records telephone calls we make to you unless you tell us not to. These calls are recorded for quality management, improvement, and training.

THROUGH THIRD PARTIES.

Tandem collects personal information about you from third parties when you allow authorized third parties to provide it to us. For example, we may collect information about you from third parties when you integrate a third party’s product with our pump or other Products or otherwise authorize a third party data service to provide information about you to us. We also collect personal information about you from third parties who host social media webpages that we manage, consistent with applicable privacy and data protection regulations.

INDIRECTLY

• Cookies and similar tracking technology

We use cookies and similar tracking technology (collectively, “Cookies”) to collect and use personal information about you.  For further information about what Cookies are, the types of Cookies we use, why we use them, and how you can control them, please see our Cookie Notices here and here.

Back to Top >>

Who Does Tandem Share My Personal Information With?

In general, we share your personal information with people and organizations to accomplish the purposes of our data collection described in this Privacy Notice.  Specifically, we may disclose your personal information to the following categories of recipients.  At times, we may share your data in a way that is not described in this Privacy Notice, and if we do, we will inform you of our data sharing practices at the time we collect the information and obtain your consent prior to such sharing.

• A person or entity with your consent to the disclosure (for example, to enable you as a Product Users to share information about your health status with your HCPs, Representatives, and Followers).
• Your HCPs to assist them with your medical treatment.
• Our Contractors to provide you with Product training.
• Your insurance providers (depending on where you live) to facilitate insurance coverage and payments for our Products.
• Our distributors to distribute Products to you, to provide you with troubleshooting and customer support, and to provide you with user training.
• Our affiliates and subsidiaries, such as Sugarmate, LLC, to perform our joint business operations, and to provide you with applicable Products.
• Third party services providers who provide services to us and/or you, such as logistics providers and carriers, staffing agencies, credit card processors, or cloud service providers
• Third party partners, such as companies that provide glucose monitoring products or services that are compatible with our Products, including our CGM partners.
• To other insulin pump manufacturers and sellers to facilitate your transition from or to our products.
• An actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, reorganization, merger or acquisition of all or part of our business, debt financing, sale of any company assets or similar transactions as well as in the event of bankruptcy or receivership where personal information could be transferred to third parties as a business added. Provided that in each instance we must use your personal information only for the purposes disclosed in this Privacy Notice.
• Any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary or required: (i) as a matter of applicable law or regulation, such as in the event of an insulin pump malfunction, an adverse event arising from use of the pump, in accordance with breach notification requirements, or in relation to a worker’s compensation or other insurance claim; (ii) to exercise, establish or defend our legal rights; (iii) to protect your vital interests or those of any other person; (iv) to help with public health and safety issues; or (v) to work with a medical examiner or funeral director.
• We do not sell your personal information. We do not share your personal information for marketing purposes unless you give us permission to do so. Pursuant to local laws, we may remove the identifiers from your personal information in a way that such information can no longer be used to identify you and we may share this information (called “de-identified” or “anonymized” data) with third parties for any lawful purpose.

Back to Top >>

European Economic Area and UK Residents – Our Legal Basis for Processing Personal Information

If you are an individual residing in the European Economic Area or the U.K., our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. 

We will normally collect personal information from you only (i) where we have your consent to do so, (ii) where we need the personal information to perform a contract with you, or (iii) where the processing is in our legitimate interests and not overridden by your rights.  In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person, e.g., an adverse event relating to the use of a Product.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). 

If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate our Website and provide Promotional and Educational Activities and/or our Products to you and to communicate with you as necessary regarding the same.  In addition, we may rely on our legitimate commercial interest, for instance, when responding to your queries, improving our Products and Technologies, undertaking marketing, protecting against or detecting illegal or unauthorized attempts to process your information, preventing fraudulent Product use, or to protect the physical and electronic security of your data. 

Given the nature of our business, we process special categories of your personal information in the form of health information.  This information includes diabetes therapy data, such as your glucose levels, biometrics, and lab charts.  We will obtain your explicit consent prior to processing such information.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How to contact us” heading below.

Back to Top >>

How Does Tandem Keep My Personal Information Secure?

We use appropriate administrative, technical, physical, and organizational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. Specific measures we use include, but are not limited to, encryption, user access and authentication controls, and event logging. Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed as being 100% secure.

Back to Top >>

 
International Data Transfers

Tandem operates globally and may therefor process or transfer your personal information to countries other than the country in which you reside.  Your personal information may be stored on servers outside of your country of residence.  If so, your personal information will be subject to these countries’ data protection laws, which may be different from the laws of your country.  Those laws may require disclosure of your Personal Information to authorities in that country.

The countries to which your data may be transferred or stored include the United States, Canada, the Netherlands, South Africa, and Australia.

However, we implement appropriate transfer mechanisms and safeguards to require that your personal information will remain protected in accordance with this Privacy Notice. If you live in Canada and would like to receive written information about our policies and practices regarding service providers outside of Canada, please refer to the “How to contact us” heading below.

Back to Top >>

EU-Us Privacy Shield

Tandem has self-certified with the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of "personal data" (as defined under the Privacy Shield Principles) transferred from the European Union, the United Kingdom, and/or Switzerland to the United States, respectively. We have self-certified that we adhere to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement for such personal data, and we are subject to the investigatory and enforcement powers of the Federal Trade Commission. To learn more about the Privacy Shield, view a list of entities who have current certifications under Privacy Shield, or view our certification, please visit http://www.privacyshield.gov/.

If you are from the EEA, UK, or Switzerland, you have the right to request access to the personal information that we hold about you and request that we correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy Shield. If you would like to exercise these rights, please use the contact details provided under the “How to contact us” heading below.  We may request specific information from you to confirm your identity and we will respond to your request in accordance with the Privacy Shield Principles and applicable data protection laws.

As required under the Privacy Shield Principles, when Tandem receives information under the Privacy Shield and then transfers it to a third-party service provider acting as an agent on its behalf, Tandem has certain liability under the Privacy Shield if both (i) the agent processes the information in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage. We will give you an opportunity to opt out where personal data we control about you is to be disclosed to an independent third party or is to be used for a purpose that is materially different from those set out in this Privacy Notice. If you otherwise wish to limit the use or disclosure of your personal information, or wish to exercise these rights, please use the contact details provided under the “How to contact us” heading below.

If you have any questions or complaints about our privacy practices, including questions related to the Privacy Shield, you may contact us via the contact details provided under the “How to contact us” heading below.

We will investigate and attempt to resolve any Privacy Shield-related complaints or disputes within forty-five days of receipt. If you are a resident of the European Union or Switzerland and are dissatisfied with the manner in which we have addressed your concerns about our privacy practices, you may seek further assistance, at no cost to you, from JAMS - https://www.jamsadr.com/eu-us-privacy-shield.  If any request remains unresolved, individuals may have a right to invoke binding arbitration under the Privacy Shield. For more information about binding arbitration, click here: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

If there is any conflict between this section of the Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

Tandem is aware of the judgment of the Court of Justice of the European Union dated 16 July 2020 which invalidated reliance on the Privacy Shield Framework as a basis for lawful exports of personal information to the United States.  We continue to process personal information transferred in line with our obligations under the Privacy Shield Framework, but do not rely on the Privacy Shield Framework as our lawful mechanism to transfer personal information to the United States.

Back to Top >>

Data Retention

We retain personal information we collect from you in accordance with applicable laws and regulations.  In some jurisdictions, we retain your personal information when where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).  In other jurisdictions, we will retain your personal data for as long as necessary to fulfil the purposes for which that personal information was collected.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Back to Top >>

Your Data Protection Rights

You may have the data protection rights listed below.  To exercise these rights, please contact us in writing using the contact details provided under the “How to contact us” heading below:

• 12.1. If you wish to access, request a copy of, correct, or update your personal information, you may do so at any time. In some limited circumstances, we may be allowed to charge you a reasonable fee for the administrative costs of complying with an access request.
• 12.2. In addition, you may object to processing of your personal information and ask us to restrict or limit processing of your personal information. Please note that in some instances, we may say “no” to your request if it would affect your care.
• 12.3. You have the right to opt-out of Promotional and Educational Activities and other marketing communications we send you at any time. You may exercise this right by clicking on the “unsubscribe” or “opt-out” link in the Promotional, Educational, or marketing e-mails we send you. To opt-out of other forms of Promotional and Educational Activities and other marketing communications (such as by post or telephone), then please contact us using the contact details provided below.
• 12.4. Similarly, if we have collected and process your personal information with your consent, then you may withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. Where required by law, we will inform you of the consequences of withdrawing your consent.
• 12.5. You may ask for a paper copy of this Privacy Notice at any time, even if you have agreed to receive the Privacy Notice electronically. We will provide you with a paper copy promptly.
• 12.6. You may request that we contact you in a specific way (for example, home or office phone) or to send mail to a different address. We will say “yes” to all reasonable requests.
• 12.7. You may designate someone to act on your behalf, for example, if you have given someone power of attorney or if someone is your legal guardian, then that person can exercise your rights and make choices about your personal information including your health care data. We will make sure the person has this authority and can act for you before we take any action.
• 12.8. You have the right to complain about our collection and use of your personal information. If you have a complaint, please contact us using the mailing details under the “How to Contact Us” heading below). To contact the applicable regulators in your country:
  • 12.8.1. If you live in the U.S., you can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, visiting www.hhs.gov/hipaa/filing-a-complaint/what-to-expect/index.html, or calling (877) 696-6775. We will not retaliate against you for filing a complaint.
  • 12.8.2.If you live in the EU, you can lodge a complaint with your local data protection authority Contact details for data protection authorities in the European Economic Area are available here.
  • 12.8.3. If you live in the UK, you can lodge a complaint with Information Commissioner’s Office, via the contact details located here.

  You may have other rights in addition to those rights explained above, depending on where you reside.

• 12.9. If you reside in the EU or the UK, you have the following additional privacy rights:
  • 12.9.1 The right to request deletion of your personal information we process.
• 12.10. If you reside in France you have the right to:
  • 12.10.1. Designate a person to carry out specific or general instructions on how to store, delete or communicate the personal data relating to you after your death. If the instructions relate only to the personal data we hold about you, you may choose to directly notify us such instructions.
• 12.11. If you reside in Italy, and are an individual with a direct interest in a deceased user’s personal data , or are a representative of a deceased user acting to protect the deceased user or his/her family interests, then you have the right to:
  • 12.11.1. Exercise the data subject rights listed in subsection 12.1 through 12.8 on behalf of the deceased user.
• 12.12. if you reside in Portugal, you may also have the right to:
  • 12.12.1. Appoint who can exercise your rights or to give instructions not to exercise them at all after your death regarding special categories of personal data (such as health data) or data related with private life, images or communications.
• 12.13. If you are a user who lives in the U.S., you have the following rights under the Health Insurance Portability and Accountability Act ("HIPAA"):
  • 12.13.1. You have the right to request confidential communications. To exercise this right, you can send us a written request (using the mailing address provided under the “How to Contact Us” heading below) asking us to contact you in a specific way (for example, home or office phone) or to send mail to a different address. We will say “yes” to all reasonable requests. Please submit all requests in writing to the address listed below.
  • 12.13.2. You also have the right to get a list of those with whom we’ve shared information. This right does not apply to sharing data for treatment, payment, health care operations, and certain other disclosures (such as any you asked us to make). For all other types of sharing, we will provide you a list of the times we have shared your health information, who we shared it with, and why.
• 12.14. If you are a Canadian resident, you have the following additional right under the Personal Information Protection and Electronic Documents Act ("PIPEDA"):
  • 12.14.1. You have the right to request an account of the use that has been made or is being made of your personal information and an account of the third parties to which it has been disclosed.

Back to Top >>

Children’s Personal Information

From time to time, Tandem may host a web page or pages which are available, in part, to children (the age of a “child” differs among countries and states). However, we do not intend to collect information from these individuals unless the information is either collected from a parent or guardian or collected from a child after Tandem has obtained the parent or guardian’s consent to do so.

While we cannot stop a child from accessing a web page, we do not collect any personal information without making it clear that the person providing the information must be at minimum a specific age.

If you are a parent or guardian and believe your child who is underaged has provided us with personal information that you would like to review or request be deleted please contact us at compliance@tandemdiabetes.com. If we learn that we have personal information from a child under the age of 13 (or, if the territory in which the child resides imposes a higher age threshold, under the age at which the child can give valid consent in that territory) without permission from the child's parent or guardian, we will remove and/or delete that information pending receipt of an appropriate consent.

Back to Top >>

California Consumer Privacy Act Notice

The California Consumer Privacy Act (“CCPA”) applies to California businesses who use California residents’ personal data and gives those residents certain rights relative to their personal data.  To the extent required by the CCPA, Tandem will provide you a CCPA notice upon collection of your personal data.  

Tandem does not sell, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate orally, in writing, or by electronic or other means, a consumer’s personal information to another business or a third party for monetary or other valuable consideration.

Back to Top >>

California Do-Not-Track Disclosures

At this time, our Website does not respond to Do Not Track ("DNT") signals sent from your web browser.  A uniform standard has not yet been adopted to determine how DNT signals should be interpreted and what actions should be taken by websites and third parties that receive them.

Back to Top >>

Updates to This Privacy Notice

We may update this Privacy Notice from time to time as we deem necessary and in our sole discretion. When we update our Privacy Notice, we will provide notice on our Website or as otherwise required by applicable law. We encourage you to periodically review this Privacy Notice to remain informed about how we collect, use, and share personal information.  We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws.

You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the bottom of this Privacy Notice.  Any changes to this Privacy Notice take effect immediately after being posted or otherwise provided by Tandem.

Back to Top >>

How To Contact Us

If you reside in the U.S.:

Tandem Diabetes Care
Attn: Legal Department
11075 Roselle Street
San Diego, CA 92121

Email: compliance@tandemdiabetes.com

If you reside in the European Economic Area, please either contact:

Tandem directly at DPO@tandemdiabetes.com; or

Tandem’s EU Representative at:

Lionheart Squared (Europe) Ltd.
Attn: Data Privacy
2 Pembroke House
Upper Pembroke Street 28-32
Dublin
DO2 EK84
Republic of lreland
Email: TandemDiabetes@LionheartSquared.eu

If you reside in the UK, please either contact:

Tandem directly at DPO@tandemdiabetes.com; or

Tandem’s UK Representative at:

Lionheart Squared Limited
Attn: Data Privacy
17 Glasshouse Studios
Fryern Court Road
Fordingbridge
Hampshire
SP6 1QX
United Kingdom

Email: TandemDiabetes@LionheartSquared.co.uk

The data controller of your personal information is Tandem Diabetes Care, Inc.

Back to Top >>