Grifols Canadian Personal Information Protection Policy

Grifols Shared Services North America, Inc. and its affiliates under common ownership and control (collectively, “Grifols,” “we,” “our,” or “us”) undertake to protect the privacy of its customers and users accessing this website located at www.grifolsplasma.ca/en/home (the "Website") and from individuals who visit the Grifols Donation Centers and the affiliated Canadian Plasma Resources centers (each a “Donation Center”), including those who donate plasma and/or whole blood (collectively with the Website, the “Services”).

We provide this Privacy Policy (the “Privacy Policy”) to describe the information we collect, how we use it, and when and with whom we share it. This Privacy Policy applies only to the Services. By accessing or using the Services or otherwise communicating with us in the context of your use of the Services, you agree to this Privacy Policy. If you do not agree to this Privacy Policy, please do not access or use the Services or communicate with us through the Services.

This Privacy Policy applies only to the Services and not other products or services we may offer or provide. Please review the applicable privacy policy for those other products and services to understand how we process personal information collected from those products and services.

1. The Information We Collect

We obtain information about you through the means discussed below when we provide the Services. Please note that we need certain types of information to provide the Services to you. If you do not provide us with such information, or if you ask us to delete that information, you may no longer be able to access or use certain Services.

a. Information you provide directly to us

We may collect information that you provide directly to us, such as when:

  • You access our website, visit and/or donate at a Donation Center, or otherwise use our Services;
  • You request information, support, or technical assistance from us;
  • You transmit user content to us;
  • Donate to our Donation Center; or
  • You otherwise communicate or interact with us.

The information you provide directly to us may concern you or others and may include, but is not limited to:

  • Identifiers and Contact Information. We may collect identifiers and other contact information from you, such as your name, government identifiers, email address, and phone number.
  • Business Information. We may collect information about business entities you are affiliated with, such as business name and business address, including universities you may be affiliated with.
  • Other Donation Center Information. We may collect other information you provide in the context of a visit or donation to a Donation Center. This may include age and health-related information such as your weight, and information about your health habits.

You are not required to provide us with such information, but certain features of the Services may not be accessible or available, absent the provision of the requested information.

b. Information from affiliates and non-affiliated third parties

We may collect information about you or others through our affiliates or through non-affiliated third parties.

We may combine information that we collect from you through the Services with information that we obtain from such third parties and information derived from other products or services we provide.

c. Information we collect automatically

Device/Usage Information. We and our third-party vendors, which include ad networks and analytics companies such as Google Analytics, may use cookies, web beacons, and other tracking technologies to collect information about the computers or devices (including mobile devices) you use to access the Website. As described further below, we may collect and analyze information including but not limited to (a) browser type; (b) ISP or operating system; (c) domain name; (d) access time; (e) referring or exit pages; (f) page views; (g) IP address; (h) unique device identifiers (e.g. IDFA or Android ID); and (i) the type of device that you use. We may also track when and how frequently you access or use the Website, including how you engage with or navigate our website or mobile application. We use this information (including the information collected by our third-party vendors) for analytics (including to determine which portions of the Website are used most frequently and what our users like/do not like), to assist in determining relevant advertising (both on and off the Website), to evaluate the success of our advertising campaigns, and as otherwise described in this Privacy Policy.

Cookies and Other Electronic Technologies. We and our third-party vendors may use cookies, clear GIFs, pixel tags, and other technologies that help us better understand user behavior, personalize preferences, perform research and analytics, and improve the Services. These technologies, for example, may allow us to tailor the Website to your needs, save your password in password-protected areas, track the pages you visit, help us manage content, and compile statistics about usage of our Website. We or our third-party vendors also may use certain of these technologies in emails to our customers to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but your browser may allow you to modify your browser settings to decline cookies if you prefer. If you disable cookies, you may be prevented from taking full advantage of the Website, because the Website may not function properly. As we adopt additional technologies, we may also gather additional information through other methods. Please see our Cookie Policy for additional detail.

Location Information. When you use the Website, we may collect general location information (such as general location inferred from an IP address).

 

2. How We Use Your Information

We use your information for business and commercial purposes, such as:

  • To provide our Services, including the Website;
  • To respond to your questions or inquiries;
  • For research and development, including to develop new and improve existing therapies;
  • To manage and remember your preferences and personalize the Services;
  • To operate our donor program and verify your eligibility to participate in our donor program;
  • To communicate with you and send you notices that may be of interest to you, such as marketing information, donor reminders, and other donor incentive information;
  • To analyze and improve the Services or any other products and services we provide;
  • To comply with our legal obligations or as permitted by law;
  • To protect the safety and/or integrity of our users, employees, third parties, members of the public, and/or our Services;
  • To prevent fraud and enforce our legal terms; and
  • To administer and troubleshoot the Services.

We may aggregate and/or de-identify information collected through the Services. We may use de-identified or aggregated data for any purpose, including without limitation for research and marketing purposes and may also share such data with any third parties.

3. When We Disclose Your Information

We may disclose information in the following ways:

  • Affiliates. We may disclose your information to any Grifols affiliates.
  • Consent/At Your Direction. We may disclose your information to nonaffiliated third parties based on your consent to do so.
  • Vendors. We provide access to or disclose your information with select third parties who perform services on our behalf. They provide a variety of services to us, including data storage, research and development, analytics, billing, marketing, product content and features, customer service, data storage, security, fraud prevention, and legal services.
  • Protection of Grifols and Others. We may disclose certain information if we believe in good faith that doing so is necessary or appropriate to (i) protect or defend the rights, safety, or property of Grifols or third parties, including to defend or enforce our Privacy Policy or any other contractual arrangement; (ii) respond to your requests for customer service; and/or (iii) protect the rights, property or personal safety of Grifols, its agents and affiliates, its employees, users and/or the public.
  • Legal Requirements. We may disclose certain information if we believe in good faith that doing so is necessary or appropriate to comply with any law enforcement, legal, or regulatory process, such as to respond to a warrant, subpoena, court order, or other applicable laws and regulations.
  • Business Transfer. We may disclose certain information, in connection with or during negotiations of any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • Aggregate/Anonymous Information: From time to time, we may disclose aggregate/anonymous information about the Services. The disclosure of such data is unrestricted.

4. Online Analytics and Advertising

Analytics: We may use third-party web analytics services on our Website, such as those of Google Analytics. These vendors use the sort of technology previously described in the “Information we collect automatically” section to help us analyze how users use the Website, including by noting the third-party website from which you arrive, and provide certain features to you. The information (including your IP address) collected by the technology will be disclosed to or collected directly by these vendors, who use the information to evaluate your use of the Website. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here.

If you receive email from us, we may use certain tools, such as clear GIFs to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications.

Advertising: The Website may integrate third-party advertising technologies that allow for the delivery of relevant content and advertising websites you visit and other applications you use. These cookies and other tracking technologies may be placed on your computer, mobile phone, or other device to collect information about your use of the Website in order to (a) inform, optimize, and serve marketing content based on past visits to our websites and other sites and (b) report how our marketing content impressions, other uses of marketing services, and interactions with these marketing impressions and marketing services are related to visits to our websites. We also allow other third parties (e.g., ad networks and ad servers such as Google Analytics) to serve tailored marketing to you and to access their own cookies or other tracking technologies on your computer, mobile phone, or other device you use to access the Website. Cookies may be associated with de-identified data linked to or derived from data you voluntarily have submitted to us (e.g., your email address) that we may share with a vendor in hashed, non-human-readable form. If you are interested in more information about tailored browser advertising and how you can generally control cookies from being put on your computer to deliver tailored marketing, you may visit the Network Advertising Initiative's (“NAI”) Consumer Opt-Out Link  and/or the Digital Advertising Alliance's (“DAA”) Consumer Opt-Out Link to opt-out of receiving tailored advertising from companies that participate in those programs. To opt out of Google Analytics for Display Advertising or customize Google Display Network ads, you can visit the Google Ads Settings page. Please note that to the extent advertising technology is integrated into the Website, you may still receive advertising content even if you opt out of tailored advertising. In that case, the advertising content may not be tailored to your interests. Also, we do not control any of the above opt-out links and are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms. If your browsers are configured to reject cookies when you visit this opt-out page, or you subsequently erase your cookies, use a different computer or change web browsers, your NAI or DAA opt-out may no longer be effective. Additional information is available on NAI's and DAA's websites, accessible by the above links.

5. Children’s Privacy

Our Services are not designed for minors under 18. Only persons 18 years of age or older may use the Services. If we discover that an individual under 18 has provided us with personal information, we will close the account and delete the personal information to the extent required by the Children's Online Privacy Protection Act. We may, where permitted by law, retain certain information internally for purposes described in this Privacy Policy.

6. Security of Your Information

We implement technical, administrative, and physical safeguards to protect the information provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free.

7. Our Data Retention Policies

We generally retain information for so long as it may be relevant to the purposes above and in compliance with applicable law. To dispose of any personal data, we may anonymize it, delete it or take other appropriate steps. Information may persist in copies made for backup and business continuity purposes for an additional period of time.

8. Links to External Sites and Services

The Website may contain links to third-party websites or services. We are not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your information will be subject to the privacy policies of the third-party websites or services, and not this Privacy Policy. We urge you to read the privacy and security policies of these third parties.

9. Consent to Transfer

We currently maintain computer systems in the United States, so your personal information may be processed by us in the United States, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world. For example, data may be accessible to law enforcement and national security authorities under certain circumstances. By using the Services, you agree to this Privacy Policy and you consent to the transfer of all such information to the United States, which may not offer a level of protection equivalent to that required in other countries, and to the processing of that information as described in this Privacy Policy.

10. Your Rights Relating to the Information we Collect

You may enquire about your personal information or request to view your personal information by contacting us (see below for contact information).

We will generally respond to all access requests within 30 days of the receipt of all necessary information. In circumstances where we are not able to provide access, or if additional time is required to fulfill a request, we will advise you in writing.

We may not release certain types of information based upon exemptions specified in applicable laws. Where possible, we will sever the information that will not be disclosed and provide you with access to the remaining information. Should we be unable to provide access to or disclose personal information to you, we will provide you with an explanation, subject to restrictions.

In certain circumstances, such as where the request is excessive or unfounded, we may charge you an administration fee for access to your personal information. We may also charge for additional copies. We will advise you of any fees before proceeding with a request.

Depending on the jurisdiction where you live, you may also benefit from some or all of the following rights:

(a)     Access: You have the right to ask if we hold personal information on you and to request a copy of such information. There are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal personal information about another person, or if we are legally prevented from disclosing such information.

(b)     Accuracy: We aim to keep your personal information accurate, current, and complete. We encourage you to contact us to let us know if any personal information is not accurate or changes, so that we can update your personal information.

(c)     Withdrawal of Consent: If you have provided your consent to the processing of your personal information, you have the right to fully or partly withdraw your consent. To withdraw your consent please contact us (see below for contact information). Once we have received notification that you have withdrawn your consent, we will no longer process your information unless there is another legal ground for the processing.

(d)     Cessation of Dissemination: You have the right to request that we cease disseminating your personal information if the dissemination is contrary to the law or a court order.

You also have the right to request that we cease disseminating your personal information where the following conditions are met:

  1. the dissemination of the information causes you serious injury in relation to your right to have your reputation or privacy respected;
  2. the injury is clearly greater than the public’s interest in knowing the information or the interest of any person’s right to express themselves freely; and
  3. the cessation of dissemination requested does not exceed what is necessary for preventing the perpetuation of the injury.

(e)     De-indexation: You have the right to request that we de-index any hyperlink attached to your name that provides access to information by a technological means if the dissemination is contrary to the law or a court order.

You also have the right to request that we de-index a link providing access to your personal information where the following conditions are met:

  1. the dissemination of the information causes you serious injury in relation to your right to have your reputation or privacy respected;
  2. the injury is clearly greater than the public’s interest in knowing the information or the interest of any person’s right to express themselves freely; and
  3. the cessation of dissemination requested does not exceed what is necessary for preventing the perpetuation of the injury.

(f)      Re-indexation: You also have the right to request that we re-index a link providing access to information where the following conditions are met:

  1. a failure to do so causes you serious injury in relation to your right to have your reputation or privacy respected;
  2. the injury caused by a failure to re-index is greater than the public’s interest in knowing the information or the interest of any person’s right to express themselves freely; and
  3. the re-indexation requested does not exceed what is necessary for preventing the perpetuation of the injury.

(g)     Mobility: You have the right to request that computerized personal information collected from you be communicated to you in a commonly used technological format as well as to any person or body authorized by law to collect such information. This right does not extend to information that was created or inferred from your personal information and we are under no obligation to communicate such information if doing so raises serious practical difficulties.

(h)     Complaints: If you believe that your personal information protection rights may have been violated, you have the right to lodge a complaint with the applicable supervisory authority, or to seek a remedy thought the courts.

11. Changes to Our Privacy Policy

We may change this Privacy Policy to reflect changes in the law, our information practices or the features of the Services. At the top of our Privacy Policy, we will indicate the date of the most recent update. If we make a material change to the Policy, you will be provided with appropriate notice in accordance with legal requirements. By continuing to use the Services, you are confirming that you have read and understood the latest version of this Privacy Policy.

12. How to Contact Us

Our Privacy & Security Officer, North America has been appointed to help develop our personal information protection strategy including the development of this Privacy Policy and related guidelines or policies, as well as compliance with applicable laws.  The Privacy & Security Officer, North America is also responsible for liaising with privacy commissioners and responding to any inquiries you may have concerning this Privacy Policy or more generally about our collection, use and disclosure or your information.  If you have any questions about this Privacy Policy or our practices, please contact us by email or mail at:

Privacy & Security Office, North America

Grifols Shared Services North America, Inc
Attn: Office of the General Counsel
2410 Grifols Way
Los Angeles, CA 90032
US-PrivacyRights@grifols.com

Last updated January 2024