Applicability of this Notice
The GDPR is a European Union (EU) data privacy law. It applies to businesses that collect, use, store, disclose, or combine (hereafter referred to as “process”) personal data in the EU; and to non-EU businesses that process the personal data of people located in the EU. The GDPR requires data controllers to provide you with this Notice because we may process your personal data when you purchase or use our products and services. This Notice applies to you only in instances in which Tandem is processing your personal data as a controller.
Should you have any complaints about how Tandem used your personal data, you can contact your country’s privacy regulator.
Please also review our Notice of HIPAA Privacy Practices.
Who We Are
If you have any questions about this Policy, or how we collect and use your data, you can write to us at:
Tandem Diabetes Care
ATTN: Legal Dept.
11075 Roselle St.
San Diego, California, United States of America, 92121
Or, call us at +1 858 336-6900
You can also send us an email at email@example.com.
Purposes and Legal Bases of Our Processing
Tandem collects the categories of your personal data explained in the what information do we collect from you section of our Notice of Privacy Practices. Tandem processes your personal data when we have your consent to do so; when the processing is necessary for our legitimate business interests, and when the processing is required by law.
Before processing your health data, we will request that you consent to our use of it. Your health data includes your diabetes care and management information collected when you complete new patient forms and when you transfer your pump data to our t:connect web application.
Legitimate business interest
GDPR also allows us to process your personal data if we have a legitimate interest to do so. Some examples of processing based on Tandem’s legitimate business interests include collecting your responses to online surveys to help us improve our products and services; collecting your email address so we may inform you about and provide you with new products and services; and processing your pump data to perform product safety analyses.
As another example, we collect your online identifiers when you visit our website(s). Online identifiers are data such as your IP address or cookie information. We have a legitimate interest in processing these types of data so that we can, for example, perform system audits, diagnose and correct technical problems; understand how site visitors use our website; optimize our website’s design and users’ experience, and make sure we’re providing you with relevant content.
Legal and regulatory requirements
Some EU Member State laws and regulations require medical device manufacturers like Tandem to report instances where use of its pump results in a serious injury. Accordingly, if Tandem becomes aware that its pump has caused injury, Tandem may be legally mandated to share your personal data with the applicable government authority(ies). This personal data may include your gender, age, weight, pump serial number, and information explaining the serious injury.
Is Your Data Ever Transferred Internationally?
At times, Tandem may transfer your personal data internationally. Some of these transfers may be to a country that has different data protection laws than the EU, such as the U.S. In those instances where your data is transferred to a third party across international borders, we secure the privacy of your data via Standard Contractual Clauses, or other similar means, in accordance with Articles 46-49 of the GDPR.
Your Rights Concerning Your Data
You have legal rights concerning your personal data we collect and use. Subject to some exceptions, these rights include the right to request that we:
- Provide you access your data
- Correct inaccurate and amend incomplete data
- Erase your data
- Restrict our processing of your data
- Provide you or a third party a copy of the data we have
- Withdraw previously-provided consent
- Object to our use of your data when our use is based on our legitimate interests
Because there are exceptions to some of your rights we may say “no” to your request. If we do, we’ll tell you why.
For more information about your rights, or to exercise any of them, please contact us by mail or by email at the addresses provided above in the who we are section.
Collection of Sensitive Personal Data and Children’s Data
We do not regularly or purposefully collect any of your sensitive personal data, except certain healthcare data as explained elsewhere in this Notice. “Sensitive” data includes your:
- racial or ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- genetic data
- biometric data
- data concerning health
- data concerning a natural person's sex life or sexual orientation
As stated above, Tandem does process some of your health data, including health- and diabetes-related information, when you use our products and services. We process this personal data only after we get your explicit consent. You may withdraw your consent at any time by contacting us at the address provided above, in the who we are section.
In addition, if we know that we are processing the personal data of a child under 16 years of age who is covered by the GDPR, we will obtain consent from that child’s parent or guardian as soon as is reasonable before processing or continuing to process the child’s personal data.
What if this Policy changes?
We continually review and when needed, update this Policy. Please check back frequently to make sure you are aware of our updates. We will include the date of the most recent update here:
This policy was last updated on march 12, 2019.