US Supplemental Privacy Notice
Last updated June 2023
Elekta (“Elekta,” “we,” “our,” or “us”) values the integrity of your privacy and the protection of your Personal Data. This US Supplemental Privacy Notice (“Notice”) explains how we collect, store, use, share, transfer, delete, and process information collected from or about you (“Personal Data”). This is defined further below in this Notice. Please review this Notice carefully. To the extent permitted by applicable law, by providing us your Personal Data or otherwise interacting with us, you are agreeing to this Notice.
Residents of California: if you interact with us in a professional capacity or if we undertake employment recruiting activities, the CPRA will apply to your Personal Data.
Purpose of This Privacy Notice
This Notice describes the types of Personal Data that we may collect or process from United States (“US”) residents, how we may use and disclose the Personal Data, and how you may exercise any rights you may have regarding our processing of your Personal Data. We will only process your Personal Data if it is necessary in order for us to:
- Fulfill a contract with you or a relevant party;
- Pursue our legitimate business interests;
- Comply with our legal obligations; or
- If you give your consent
This Notice describes the types of personal data we obtain through the Channels, how we may use that personal data, with whom we may share it, and how you may exercise your rights regarding our processing of the data. The Notice also describes the measures we take to safeguard the personal data we obtain and how you can contact us about our privacy practices. The Online Channels may provide links to other third-party websites and features, or contain third-party cookies, that are not owned or controlled by Elekta.
The Online Channels may provide links to other third-party websites and features, or contain third-party cookies, that are not owned or controlled by Elekta.
Collection of Your Personal Data
Personal Data is defined as any information, electronically or otherwise recorded, that can be used to identify a person or that we can link to or associate with a specific individual. Elekta will process any Personal Data we collect in accordance with applicable laws and as described in this Notice (unless, as explained above, a separate policy or notice governs).
Personal Data may include information considered sensitive in some jurisdictions, such as biometric information, genetic information, health information, financial account information, specific geolocation, ethnic or racial origin, information concerning your sex life or your sexual orientation, social security number, driver's license, state identification card, passport number, and other similar information. Data that could be considered “Sensitive Personal Information” is highlighted with an asterisk (*) below. You may make choices about your Sensitive Personal Information as set forth in the “Your Rights” section of the Notice. For more information about how Elekta collects, discloses, and/or shares Sensitive Personal Information, please see the information below.
Personal Data can include the following:
- Contact information (including: full name or unique pseudonym, address, email address, phone number, contact information for related persons, company or employee ID number, customer number, account number, subscription number, rewards program number, any system identifier such as a username or online credential, social security number*, driver’s license*, state identity card*, passport ID*, or service request ID number)
- Physical Characteristics or Demographics (including: height, weight, hair and eye color, age, gender, marital and family status*, race and ethnicity*, citizenship status*, religion*, languages spoken, information concerning sexuality or sex life*, disability* and household demographic data)
- Financial Information (including: bank account number and its details*, payment card information*, and payment and reimbursement amounts)
- Internet and Online/ Electronic Technical Information (including IP Address)
- Device characteristics (including browser information)
- Web server logs
- Application logs
- Viewing data (site and application usage)
- Cookie IDs in First Party or Third-Party
- Referring/exiting URL
- Time spent on a web page or mobile app
- Other information regarding your interactions with our websites, applications, emails, and advertisements
Other personal information we could collect includes the following: photographs, video images, voice recordings, health information about physical or mental health, disease state or information, medical history, medical treatment or diagnosis, medicines taken*, devices used*, general disease or product interest*, country geolocation data, children’s data (including child’s name*, age*, product usage data*, and other health information*), compliance data from records of privacy and security incidents and breach notifications, professional and/or educational information employer and job title (as well as any information from a resume or CV and education and certification credentials), and a written physical and/or electronic signature.
How We Use Your Personal Data
Where required by applicable law, Elekta will obtain your consent for the processing of your Personal Data for direct marketing purposes. The types of Personal Data we collect and disclose depends on your relationship with Elekta. Elekta will not sell or otherwise disclose personal data about you except as described here or at the time of collection.
As a global organization, Elekta may transfer Personal Data internationally throughout Elekta’s worldwide organization for the purposes described above and in our global Privacy Notice. Elekta may also transfer the Personal Data we collect through the Channels to, and store such data in, other countries, including the U.S., which may have different data protection laws than the country in which the information was provided. If we do so, we will transfer the Personal Data only for the purposes described in this Privacy Notice. To the extent required by applicable law, when we transfer your Personal Data to recipients in other countries, we will take measures to protect that information.
There will be other times when we need to share data. However, before you submit any data to us, we will notify you as to why we are asking for specific Personal Data and obtain your consent before we share it. We may share Personal Data with service providers we have retained to perform services on our behalf (such as payment processing, order fulfillment, customer support, data analytics and conducting surveys). These service providers are contractually required to safeguard the data provided to them and are restricted from using or disclosing such data except as necessary to perform services on our behalf or to comply with legal requirements.
Instances where Elekta may use your Personal Data:
- For everyday business purposes;
- To provide, manage, administer and analyze our programs, products and services;
- To fulfill our business relationship with our customers;
- To conduct marketing activities;
- To provide internal business analysis and market research;
- To communicate about our products, services, events, programs and promotions (such as by sending email alerts, promotional materials, newsletters and other marketing communications);
- To conduct and facilitate surveys and market research initiatives;
- To investigate, and enforce compliance with our policies, product/service terms and conditions, and legal and regulatory requirements.
- To perform data analytics (such as market research, trend analysis, financial analysis and customer segmentation);
- To engage in ad retargeting and evaluate the effectiveness of our marketing efforts (including through our participation in ad networks);
- To provide customer support;
- To process, evaluate and respond to requests, inquiries and applications;
- To create, administer and communicate with you about your account;
- To operate, evaluate and improve our business (such as by administering, enhancing and improving our products and services; developing new products, services and Online Channels; managing our communications and customer relationships; and performing accounting, auditing, billing, reconciliation and collection activities);
- For advertising, including targeted advertising, and product promotion, including to contact you regarding programs, products, services, and topics that may be of interest or useful.
- For record-keeping and compliance reporting;
- To conduct internal business analysis purposes, such as quality control, training and analytics;
- To monitor and conduct investigations, enforce compliance with our policies, comply with and enforce applicable legal requirements, relevant industry standards, contractual obligations and our policies and terms (such as this Privacy Policy and other Online Channels terms of use); and
- To maintain and enhance the safety and security of our products, services, Online Channels, network services, information resources and employees.
How We Protect Your Personal Data
Elekta will retain your Personal Data for as long as it is needed or permitted to fulfill the purpose(s) for which it was collected or obtained, and as outlined in this Privacy Notice. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject that affects the Personal Data; and (iii) whether retention is determined to be necessary or advisable for Elekta due to applicable statutes of limitations, litigation, or other legal or regulatory obligations. Elekta takes reasonable steps to dispose of Personal Data upon the expiration of retention periods taking into consideration these litigation, legal, or regulatory obligations.
We may also de-identify your Personal Data, which means remove certain identifying data from your Personal Data such that the resulting data would not be able to identify you as the subject of the data. The de-identified data will no longer be Personal Data and may no longer be subject to data protection laws. We will not attempt to re-identify you or anyone else from this de-identified data and if we disclose it to third parties, we will require that they commit to not attempting to re-identify you or anyone else from the de-identified data. We will use de-identified data for our business purposes.
We may also combine personal data we obtain through Online Channels with information we obtain through offline channels, as well as other information, for the purposes described above. We may anonymize or aggregate personal data and use it for the purposes described above and for other purposes to the extent permitted by applicable law. We also may use personal data for additional purposes that we identify at the time of collection. We will obtain your consent for these additional uses to the extent required by applicable law.
Where required by applicable law, we will obtain your consent for the processing of your personal data for direct marketing purposes.
Disclosure of Your Personal Data
We may disclose your Personal Data to our Affiliates and Service Providers and to:
- You
- Your healthcare provider(s)
- Your computer and/or devices when you interact with our platforms, websites and applications
- Third parties that provide access to information you make publicly available, such as social media platforms
- Third parties with whom we have joint marketing and similar arrangements
- Third parties who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services
- Third parties who provide website and online security services
- Third parties who provide us with supplemental data or data analytics and market research services
- Third parties who assist with fraud prevention, detection and mitigation
- Other third parties as necessary to complete transactions and provide our products/services, including delivery companies, agents, and manufacturers
- Other third parties (including government agencies) as required by law, such as pursuant to legally binding subpoenas, court orders, and similar instruments
- Service providers such as companies who help manage and coordinate events
- Service providers who host our data centers, help administer phone systems, and provide parts of our physical and electronic infrastructure
- Service providers who use the data to assist in incident management and reporting
- Service providers who provide marketing and data analytics services, such as social media platforms used to deliver our ads, website/email optimization providers, email marketing vendors, and data analytics vendors
- Payment processors, financial institutions, and others as needed to complete transactions and for authentication, security, and fraud prevention
- Our lawyers, auditors, and consultants
- Legal and regulatory bodies as required by law.
Cookies and Tracking
A cookie is a string of information that a website stores on a visitor's computer, and that the visitor's browser provides to the website each time the visitor returns. Elekta uses cookies and tracking pixels to help identify and track visitors, their usage of our websites, and their website access preferences. The cookies we use identify users merely as a number with a de-identified Cookie ID. We review this data in the aggregate to understand how different groups of visitors, for instance all of the visitors from a particular country, are navigating the site and what information is of the highest interest to the largest number of users in that group. If you are uncomfortable regarding cookies usage, you can disable cookies on your computer by clicking “Reject All.” However, if your browser does not accept cookies from one of Elekta's websites, you may not be able to access or use all features of that website.
To the extent permitted by applicable law, including in accordance with your consent where required by applicable law, we may engage in the following activities:
- We may use your contact details to contact you to determine whether you would like to initiate a business relationship with us or to send you marketing emails. If you do not wish to receive such marketing emails, you may opt out by declining to receive such emails when registering or in our subsequent communications by following opt-out or unsubscribe instructions included in the email or at other information collection points on the Online Services.
- We may make customer offers to you based on your activities across different Online Services, including activities on other web or digital properties or your other interactions with Elekta that are not via the Online Services (e.g., regional offers based on the location of your office listed on order forms).
- We also perform statistical analyses of the users of our Online Services to improve the functionality, content, design, and navigation of the Online Services.
Processing Using Website Tracking
On certain portions of our websites, we use Google Analytics and/or Matomo to help us understand how users engage with us. Both Google Analytics and Matomo may track your activity on our sites (i.e., the webpages you have seen and the links you have clicked on) and helps us measure how you interact with the content that we provide. This information is used to compile reports and to help us improve the sites. The reports we receive disclose website trends without identifying individual visitors. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners, and exercise the opt-out provided by Google by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout or reviewing the "Your Rights" link at bottom of this Notice. You can learn about Matomo’s practices by clicking https://matomo.org/matomo-cloud-privacy-policy.
Do-Not-Track Signals
Certain web browsers and other programs may transmit “opt-out” signals, also called a Global Privacy Control (or GPC) signal (we refer to these as “GPC Signals”), to websites with which the browser communicates. In most cases you will need to change your web browser’s settings or add an application to your web browser to enable your browser to send a GPC Signal. Elekta’s websites will recognize GPC Signals for website users differently, based on the location of the user when they access our websites. For users that access our websites from US states that have laws requiring recognition of GPC Signals, we will recognize and apply the GPC Signal to inactivate all of the cookies for that website, except for cookies that are necessary for the website to operate (“Strictly Necessary Cookies”). For users from states not currently requiring recognition of the GPC Signal, our website servers may recognize and apply the GPC Signal for only targeted advertising cookies, but will not apply the GPC Signal to functional, performance or social media cookies.
Behavioral Advertising
Where allowed by law, as described above, we use your Personal Data to provide you with targeted advertisements or marketing communications we believe may be of interest to you. In some jurisdictions, you may have the right to opt out of these types of targeted advertisements. See the Opt-out of Sale or Sharing or Processing of Sensitive Data section of this Notice to do so.
For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page by going to http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of some targeted advertising using the below links:
- Facebook: https://www.facebook.com/settings/?tab=ads
- Google: https://www.google.com/settings/ads/anonymous
Additionally, you can opt-out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
Opt-out of Sale, Sharing, Processing, or Limiting the Use of Sensitive Personal Data
Some of Elekta’s practices may be considered sharing of Personal Data under applicable law. You have the right to opt-out of the sale of Personal Data, opt-out of sharing of Personal Data (for purposes of cross-context behavioral advertising, which in other states is the right to opt-out of targeted advertising), and the right to limit the use and disclosure of Sensitive Personal Data. To exercise these rights, please see the “Your Rights” section below.
Third-Party Services
Service providers acting on our behalf must execute agreements requiring them to maintain confidentiality and to process Personal Data as necessary to perform their functions in a manner consistent with this Notice, other applicable privacy notices, and as explicitly permitted or required by applicable laws, rules, and regulations.
Links to Other Websites
Our Products and Services may contain links to other websites, applications, products, or services that are not owned or operated by Elekta, such as social media websites and applications like Facebook and Twitter. You should carefully review the privacy policies and practices of other websites, products, and services as we cannot control and are not responsible for privacy policies, notices, or practices of third-party websites, applications, products, and services. Please note that providing Personal Data to Elekta is voluntary on your part. If you choose not to provide us certain data, we may however not be able to offer you certain products and services, and you may not be able to access certain features of our Online Channels.
Your Rights
Please note that in many circumstances, we cannot effectively do business with you without processing some Personal Data about you (e.g., your contact information). To the extent that the state in which you live has a data protection law that requires us to offer some or all of the following rights to you, we will provide the following rights to you based on your state’s law:
- Right to opt-out of sharing your Personal Data for cross-context behavioral advertising or, in other states, to opt-out of targeted advertising;
- Right to request access to and receive a copy of your Personal Data, including the providing of your Personal Data directly to another organization, i.e., a right to data portability;
- Right to request to know about the Personal Data we process about you or, in other states, right to request and acknowledge our processing of your Personal Data;
- Right to request that we correct your Personal Data;
- Right to request that we delete your Personal Data;
- Right to request that we limit the processing of your Sensitive Personal Data;
- Right to opt-out of the processing of your Sensitive Personal Data;
- Right to appeal the denial of a request; and
- Right to lodge a complaint with the data protection authority in your jurisdiction.
You may opt-out of sharing your Personal Data or opt-out of targeted advertising for any website you visit by clicking on the Opt-Out Link on our website . Elekta will not discriminate against you for exercising any of the rights described above although we may not be able to continue to provide you Products and/or Services it may otherwise affect the way we are able to interact with you.
If you have any questions or comments about this Notice, the ways in which Elekta collects and uses your information described above, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Email: privacy@elekta.com
When we receive your Personal Data from our customers and process your Personal Data on their behalf, we do so at their request and subject to their instructions. We do not have control over our customers’ privacy and security practices and processes. If your Personal Data has been submitted to us by a Elekta customer and you wish to exercise any of the above-mentioned rights, please contact the relevant customer directly.
For additional information related to privacy rights in your specific state, please review the following privacy regulations:
- California Consumer Privacy Act
- California Online Privacy Protection Act Supplemental Notice
- Virginia Consumer Data Protection Act
- Colorado Privacy Act
- Utah Consumer Privacy Act
- Connecticut Act Concerning Personal Data Privacy and Online Monitoring
- Nevada Revised Statutes Chapter 603A
In the event you wish to make a complaint about how we process your Personal Data, please contact us at privacy@elekta.com and we will handle your request as soon as possible. Even if you make a complaint to us, you may always lodge a complaint with the relevant data protection authority in your location.
Special Note to Patients
If you are a patient, please note that this Notice is distinct from your Healthcare Provider’s (“Provider”) HIPAA Notice of Privacy Practices, which describes how your Provider uses and discloses individually identifiable information about your health that it collects. Elekta collects, uses, and discloses the Personal Data it receives from your Provider in accordance with its HIPAA-required business associate agreements with your Provider.
Changes to This Privacy Notice
This Notice may be updated periodically and without prior notice to you to reflect changes in our information practices. We will indicate at the top of this Notice when it was most recently updated. We reserve the right to change this Notice from time to time.
Contact Us
If you have questions or comments about this Notice or about how your Personal Data is processed, please contact us by one of the methods below:
Email: privacy@elekta.com
Mail: 400 Perimeter Center Terrace, Suite 50, Atlanta, GA 30346
Phone: 1-855-693-5358
We will make every reasonable effort to respond promptly to your requests in accordance with applicable laws. We may, after receiving your request, require additional information from you to honor your request and verify your identity. Please be aware that we may be unable to afford these rights to you under certain circumstances, such as if we are legally prevented from doing so.