Supplemental Privacy Notices
US Supplemental Privacy Notice
USE BY MINORS
The Service is not directed to individuals under the age of 16 and we request that these individuals not provide personal information through the Service. If your child has submitted Personal Information and you would like to request that such Personal Information be removed, please contact us as explained below under Contacting Us.
We may ask you to submit personal information in order for you to benefit from certain features (such as newsletter subscriptions, tips/pointers, or order processing) or to participate in a particular activity (such as sweepstakes or other promotions). You will be informed what information is required and what information is optional.
We may combine the information you submit with other information we have collected from you, whether on or offline, including, for example, your purchase history. We may also combine it with information we receive about you from the following other sources: Johnson & Johnson Operating Companies, publicly available information sources (including information from your publicly available social media profiles), and other third parties.
Unless we specifically request or invite it, we ask that you not send us, and you not disclose, any sensitive personal information (e.g., Social Security numbers, information related to racial or ethnic origin, political opinions, religion or philosophical beliefs, health, sex life or sexual orientation, criminal background, or trade union membership, or biometric or genetic data for the purpose of uniquely identifying an individual) on or through the Service or otherwise to us.
AUTOMATIC INFORMATION COLLECTION AND USE
We and our service providers may also automatically collect and use information in the following ways:
Through your browser: Certain information is collected by most browsers, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, and Internet browser type and version. We may collect similar information, such as your device type and identifier, if you access the Service through a mobile device. We use this information to ensure that the Service functions properly.
IP address: Your IP address is a number that is automatically assigned to your computer by your Internet Service Provider. An IP address is identified and logged automatically in our server log files whenever a user visits the Service, along with the time of the visit and the pages visited. Collecting IP addresses is standard practice and is done automatically by many online services. We use IP addresses for purposes such as calculating Service usage levels, diagnosing server problems, and administering the Service. We may also derive your approximate location from your IP address.
Device Information: We may collect information about your mobile device, such as a unique device identifier, to understand how you use the Service.
HOW WE USE AND DISCLOSE INFORMATION
We use and disclose information you provide to us as described to you at the point of collection. Please see the section entitled “Choices and Access,” below, to learn how you may opt out of certain of our uses and disclosures.
Where required by applicable law, we will obtain your consent to our use of your personal information at the point of information collection. We may also use information from or about you as necessary to perform a contract, to comply with a legal obligation (for example, due to our pharmacovigilance obligations), or for our legitimate business interests. We may also rely on other legal bases, specifically for:
to provide the functionality of the Service to you and providing you with related customer service; to respond to your inquiries and fulfill your requests, such as to send you documents you request or email alerts; to send you important information regarding our relationship with you or regarding the Service, changes to our terms, conditions, and policies and/or other administrative information. We will engage in these activities to manage our contractual relationship with you and/or to comply with a legal obligation.
for data analysis, for example, to improve the efficiency of the Service; for audits, to verify that our internal processes function as intended and are compliant with legal, regulatory, or contractual requirements; for fraud and security monitoring purposes, for example, to detect and prevent cyberattacks or attempts to commit identity theft; for developing new products and services; for enhancing, improving or modifying our website or products and services; for identifying Service usage trends, for example, understanding which parts of our Service are of most interest to users; and for determining the effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our users.We will engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or because we have a legitimate interest.
to better understand you, so that we can personalize our interactions with you and provide you with information and/or offers tailored to your interests; to better understand your preferences so that we can deliver content via the Service that we believe will be relevant and interesting to you.
We will provide personalized services either with your consent or because we have a legitimate interest.
Johnson & Johnson Services, Inc. is the party responsible for the management of the jointly used Personal Information; to our third party partners with whom we offer a cobranded or comarketed promotion; to our third party service providers who provide services such as website hosting and moderating, mobile application hosting, data analysis, payment processing, order fulfillment, infrastructure provision, IT services, customer service, email and direct mail delivery services, auditing, and other services, in order to enable them to provide services; and as permitted by applicable law, to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
In addition, we may use and disclose your information as we believe to be necessary or appropriate: (a) to comply with legal process or applicable law, which may include laws outside your country of residence; (b) as permitted by applicable law to respond to requests from public and government authorities, which may include authorities outside your country of residence; (c) to enforce our terms and conditions; and (d) to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others. We may also use and disclose your information in other ways, after obtaining your consent to do so.
We may use and disclose information we collect automatically as described above, under “Automatic Information Collection and Use.”
In addition, where allowed by applicable law, we may use and disclose information that is not in personally identifiable form for any purpose. If we combine information that is not in personally identifiable form with information that is identifiable (such as combining your name with your geographical location), we will treat the combined information as personal information as long as it is combined.
HOW YOU CAN ACCESS, CHANGE, OR DELETE YOUR PERSONAL INFORMATION
If you would like to review, correct, update, restrict, or delete your personal information, or if you would like to request to receive an electronic copy of your personal information for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law), please contact us via Web Form or call us at 1-800-458-1653. We will respond to your request as soon as reasonably practicable and no later than one month after receipt. If circumstances cause any delay in our response, you will be promptly notified and provided a date for our response.
Your personal information may be stored and processed in any country where we have facilities or service providers, and by using our Service or by providing consent to us (where required by law), your information may be transferred to countries outside of your country of residence, including to the United States, which may provide for different data protection rules than in your country. Appropriate contractual and other measures are in place to protect personal information when it is transferred to our affiliates or third parties in other countries.
Some non-European Economic Area (EEA) countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here https://ec.europa.eu/info/law/law-topic/data-protection_en.) For transfers from the EEA to countries not considered adequate by the European Commission, we have ensured that adequate measures are in place, including by ensuring that the recipient is bound by EU Standard Contractual Clauses, or an EU-approved code of conduct or certification, to protect your Personal Information. You may obtain a copy of these measures by contacting our data protection officer in accordance with the “Contacting Us” section below.
We seek to use reasonable organizational, technical, and administrative measures designed to protect personal information under our control. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you have with us has been compromised), please immediately notify us in accordance with the “Contacting Us” section below.
We will retain your personal information for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you and provide the Service to you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).
For example, if we collect your personal information for marketing analytics purposes, we will store it for a period of one year, with a starting point of retention period, e.g., receipt of the request, closing of the contest, receipt of the complaint.
Please note, however, that this is not an exhaustive list of retention periods. Your personal information may be stored for a longer period using the criteria set forth in the first paragraph of this section, especially points (ii) and (iii).
THIRD PARTY SITES AND SERVICES
LODGING A COMPLAINT WITH A REGULATOR
You may lodge a complaint with a supervisory authority competent for your country or region. Please click here for contact information for such authorities.
Effective: November 22, 2022
This US Supplemental Privacy Notice (“Supplemental Notice”) applies only to information collected about California, Colorado, Virginia, Utah, and Connecticut consumers. It provides information required under the following laws, (collectively, “US State Privacy Laws”):
Some portions of this Supplemental Notice apply only to consumers of particular states. In those instances, we have indicated that such language applies only to those consumers.
To the extent other terms used in this Supplemental Notice are defined terms under the applicable US State Privacy Law, they shall have the meanings afforded to them in those statutes, whether or not capitalized herein. As there are some variations between such definitions in each of the state statutes, the definitions applicable to you are those provided in the statute for the state in which you are a consumer. For example, if you are a Virginia consumer, terms used in this Supplemental Notice that are defined terms in the VCDPA shall have the meanings afforded to them in the VCDPA as this Supplemental Notice applies to you.
B. Collection & Processing of Personal Information
We, and our Vendors, may have collected and processed the following categories of Personal Information about you in the preceding 12 months:
Sensitive personal information, including:
Personal Information that reveals:
Retention of Personal Information. We retain your Personal Information for the period reasonably necessary to provide goods and services to you and for the period reasonably necessary to support our business operational purposes listed in Section E.
C. Categories of Personal Information We Disclose to Vendors & Third Parties
We may disclose the following categories of Personal Information to Vendors and Third Parties:
Sensitive personal information, including:
Personal Information that reveals:
Disclosure for California Consumers: Unless specifically stated, we have not sold or shared Personal Information about California consumers to third parties for their own use in the past twelve months. Relatedly, we do not have actual knowledge that we sell or share Personal Information of California consumers under 16 years of age. However, we may share your personal information with our affiliates and trusted partners in arrangements that may meet the broad definition of “sale” or “share” under California law. In these arrangements, use of the information we share is limited by policies, contracts, or similar restrictions.
For purposes of the CPRA, a “sale” is the disclosure of Personal Information to a Third Party for monetary or other valuable consideration, and a “share” is the disclosure of Personal Information to a Third Party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.
Disclosure for Colorado, Virginia, Utah, and Connecticut Consumers: Unless specifically stated, we do not sell or share Personal Information to Third Parties for their own use. However, we may share or process one or more of the above categories of personal information with our affiliates and trusted partners in arrangements for purposes of targeted advertising, as the terms “sell,” “share,” “process,” and “targeted advertising” are defined in the CPA, VCDPA, UCPA, and CTDPA. In these arrangements, use of the information we share is limited by policies, contracts or similar restrictions.
D. Sources from Which We Collect Personal Information
We collect Personal Information directly from California, Colorado, Virginia, Utah, and Connecticut consumers, as well as from our affiliates, business partners, joint marketing partners, public databases, providers of demographic data, publications, professional organizations, social media platforms, caregivers, third party information providers, affiliates with whom you have a business relationship, service providers with which we have a contractual relationship and to which you have provided your personal information, cookies and other tracking technologies, and Vendors and Third Parties when they share the information with us.
E. Purposes for Processing Personal Information
We, and our Vendors, collect and process the Personal Information (excluding Sensitive Personal Information) described in this Supplemental Notice to:
We, and our Vendors, collect and process the Sensitive Personal Information described in this Supplemental Notice for:
F. Categories of Entities to Whom We Disclose Personal Information
G. Data Subject Rights
You may exercise the data subject rights applicable to you under the applicable US State Privacy Law by clicking here or contacting us at 800-458-1653. While we will make reasonable efforts to accommodate your request, we reserve the right to impose certain restrictions or requirements on your request, if allowed by or required by applicable law.
Consumers in some states may also authorize an agent to make data subject requests on their behalf.
We have provided such information in this Supplemental Notice, and you may request further information about our privacy practices by clicking here or contacting us at 800-458-1653.
H. Other Disclosures
PRIVACY NOTICE FOR NEVADA RESIDENTS
Effective: November 22, 2022
Personal Information Collection and Purposes of Use
We collect certain personal information of Nevada consumers through our Internet websites or other online service. This information includes one or more of the following elements of personally identifiable information:
1. A first and last name.
2. A home or other physical address that includes the name of a street and the name
of a city or town.
3. An electronic mail address.
4. A telephone number.
5. A Social Security Number.
6. An identifier that allows a specific person to be contacted either physically or online.
7. Any other information concerning a person collected from the person through the
Internet website or online service of the operator, and maintained by the operator in
combination with an identifier in a form that makes the information personally identifiable.
We collect this personal information for the following purposes:
Your Privacy Rights
Right to access and/or correct your personal information, or opt out of sale of personal information
If you would like to review, correct, or update your personal information, you or your authorized representative may submit your request at this link or call us at: 1-800-458-1653. We will respond to your verified request as soon as reasonably practicable, but no later than sixty (60) days after receipt. If circumstances cause any delay in our response, you will be promptly notified and provided a date for our response.
We generally do not disclose or share personal information for profit. Under Nevada law, you have the right to direct us to not sell or license your personal information to third parties. To exercise this right, if applicable, you or your authorized representative may submit a request to this link or call us at: 1-800-458-1653. We will respond to your verified request as soon as reasonably practicable, but no later than sixty (60) days after receipt. If circumstances cause any delay in our response, you will be promptly notified and provided a date for our response.