Henry Schein, Inc. (Nasdaq: HSIC) is the world's largest
provider of health care solutions to office-based dental and medical
practitioners, as well as serving health care systems, management services
organizations, dental laboratories, government and institutional health care
clinics, and other alternate care sites. Headquartered in Melville, N.Y., Henry
Schein has operations or affiliates in 32 countries.
Henry Schein operates through a centralized and automated
distribution network, with a large selection of branded products and Henry
Schein private-brand products. The company also offers its customers innovative
technology solutions, including practice management software and e-commerce
solutions, as well as a broad range of financial services.
You can find our contact details at the last section of this
policy.
2. Overview
At Henry Schein, Inc., your privacy is important to us. We
process personal information in different contexts, and we do so by respecting
your privacy, as part of our unwavering commitment to ethical and responsible
practices and as required by law.
This Data Privacy Policy (“Policy”) sets forth the
principles that govern our treatment of personal information across Henry
Schein, Inc. and its controlled subsidiaries and affiliates operating in the
United States (“Henry Schein”). All employees and those with whom we share
personal information must adhere to this Policy.
Henry Schein is committed to protecting personal information
that our employees, customers, prospects, suppliers, and vendors have entrusted
to us. We collect and use personal information in order to perform our business
functions and provide quality health care products and services to our
customers.
This Policy applies to personal information in any format or
medium, relating to employees, customers, vendors and others who do business
with Henry Schein.
3. Categories
of personal information we collect and use
We recognize personal information as any information that
identifies, relates to, describes, is capable of being associated with, or
could reasonably be linked, directly or indirectly, with a particular
individual or household. Depending on
the context of your interactions with Henry Schein, we may collect and use
different types of personal information from current and prospective employees,
contractors, current and prospective customers and vendors.
Categories of Personal Information Collected
Examples
Collected
A. Personal
Identifiers.
A real name,
alias, postal address, unique personal identifier, online identifier,
Internet Protocol address, email address, account name, or other similar
identifiers.
Yes
B. Personal
information categories listed in the California Customer Records statute
(Cal. Civ. Code § 1798.80(e)).
A name,
signature, address, telephone number, employment, employment history, bank
account number, credit card number, debit card number, or any other financial
information. Some personal information included in this category may overlap
with other categories.
Yes
C.
Protected classification characteristics under California or federal law.
Age (40
years or older), race, color, ancestry, national origin, citizenship,
religion or creed, marital status, medical condition, physical or mental
disability, sex (including gender, gender identity, gender expression,
pregnancy or childbirth and related medical conditions), sexual orientation,
veteran or military status, genetic information (including familial genetic
information).
No
D.
Commercial information.
Records
of products or services purchased, obtained, or considered, or other
purchasing or consuming histories or tendencies.
Yes
E. Biometric
information
Genetic,
physiological, behavioral, and biological characteristics, or activity
patterns used to extract a template or other identifier or identifying
information, such as, fingerprints, faceprints, and voiceprints, iris or
retina scans, keystroke, gait, or other physical patterns, and sleep, health,
or exercise data.
No
F. Internet
or other similar network activity
Browsing
history, search history, information on a consumer's interaction with a
website, application, or advertisement.
Yes
G.
Geolocation data
Physical
location or movements.
Yes
H. Sensory
data.
Audio,
electronic, visual, thermal, olfactory, or similar information.
No
I.
Professional or employment related information.
Current
or past job history.
Yes
J.
Non-public education information (per the Family Educational Rights and
Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
Education
records directly related to a student maintained by an educational
institution or party acting on its behalf, such as grades, transcripts, class
lists, student schedules, student identification codes, student financial
information, or student disciplinary records.
No
K.
Inferences drawn from other personal information.
Profile
reflecting a person's preferences, characteristics, psychological trends,
predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
No
4. Categories
of sources of personal information
Henry Schein receives and uses various types of personal
information in order to conduct our day to day business activities. We apply
the data minimization principle in the collection and use of personal
information with the aim to only collect information that is necessary and by
fair means and providing notice and requiring consent when necessary.
We may collect categories of personal information listed
above from the following categories of sources:
Third
party vendors
Our
distributors
When you
browse, or use our website, e-commerce services, or social media pages
Our
business partners (non-vendors)
Publicly-available
non-government and government data
Covered
individuals’ email accounts, chat logs, social media accounts
Covered
individuals’ devices
Directly
from covered individuals
Other
Company entities
Some of this data is collected in the following situations
when:
You apply
for a position, or to do business, with our company
We
establish a contractual employment or commercial relationship
You
provide us with any type of service, as a vendor
When we
provide you with any type of service, product or support
When you
browse, or use our website, e-commerce services, or social media pages
5. Business
uses and purposes for which personal information was collected
The purposes for which we collect and use your personal
information may vary depending on the type of relationship you have with us,
such as if you are one of our employees, customers, or a website user. The use
of personal information for new purposes should be consistent with and meet
privacy expectations described in this policy, otherwise we will request your
authorization.
Generally, we collect, use and disclose your personal
information to provide you products and services and as otherwise related to
the operation of our business. For more
specific detail on our disclosures of personal information, see the next
section “Sharing and Disclosures to Third Parties.” Subject to restrictions and obligations of
applicable laws, Henry Schein and our vendors may use your personal information
for some or all the following business purposes:
Processing
Interactions and Transactions
Managing
Interactions and Transactions
Performing
Services
Research
and Development
Fulfilling
regulatory requirements and Quality Assurance
Security
Debugging
In addition, we may collect, use and disclose your personal
information for the following additional operational business purposes for
which we are providing you notice as permitted by applicable law:
Employees
and candidates:
if you apply for a job via our career center, we use your
personal information to consider you for employment and to administer your
account. If you have an employment or commercial relationship with Henry
Schein, we use your personal information to develop our contractual
relationship, to conduct performance evaluations and to comply with legal
obligations, including tax and labor regulations.
Customers:
we use our customers’ information to maintain our commercial relationship, to
ensure the proper operation of the day-to-day business, to comply with tax and
other regulations, and to administer sales and marketing activities.
Patients
of our customers:
we provide support services to our patients that use our
health care products and services, when required.
Prospective
customers
: information from prospective customers are used to respond to their
requests for information, products or services, and for marketing activities.
Vendors
and suppliers:
if you have a business or professional relationship with Henry
Schein, we will use your information to develop and conduct our business
relationship with you, and to comply with tax and other regulations.
Visitors
of company facilities
: some of our buildings have physical access controls and
video surveillance systems for security purposes.
Website
and social media users:
we collect personal information from visitors and users
of our website and social media pages. We use the information to manage your
account registration, to store your preferences and settings, to provide
interest-based advertising, to conduct statistics and to analyze how you use
our website and online services.
Henry Schein shall use personal information for purposes
disclosed above. To the extent required by law, Henry Schein shall inform the
individual if their personal information will be used for an additional
purpose, and this disclosure shall occur prior to the data being so used, and
the individual shall be given a mechanism to provide their consent.
As permitted by applicable law, we do not treat deidentified
data or aggregate customer information as personal information and we reserve
the right to convert, or permit others to convert, your personal information
into deidentified data or aggregate consumer information. We have no obligation to re-identify such
information to respond to your requests.
Our customers may engage service providers or subcontractors
to enable them to perform services on our behalf. This sub-processing is, for purposes of
clarity, an additional business purpose for which we are providing you notice.
In addition, we may collect, use and disclose your personal
information as required or permitted by applicable law.
6. Sharing
and Disclosures to Third Parties
At times, Henry Schein engages third party contractors,
service providers, and other vendors to help us accomplish our business
objectives. When Henry Schein discloses personal information for a business
purpose, we enter a contract that describes the purpose and requires the
recipient to both keep that personal information confidential and not use it
for any purpose except performing the contract. There are other circumstances
where we are required by law to disclose personal information to third parties
such as public authorities.
Disclosures for Business Purposes
In the preceding twelve (12) months, Henry Schein may have
disclosed the following categories of personal information for a business
purpose:
A. Personal Identifiers;
B. Personal Information Records;
C. Commercial Information;
D. Internet
Usage Information;
E. Geolocation
Data;
F. Professional
or Employment Information;
Notwithstanding anything to the contrary in our other
privacy notices, we restrict use of your personal information shared with our
vendors to business purposes.
Sale:
In the calendar year 2019, we have not sold your personal
information (as the term “sold” is defined by the California Consumer
Protection Act).
We may disclose your personal information for a business
purpose to the following categories of third parties:
Our
subsidiaries and affiliates
Third
parties to whom you authorize us to disclose your personal information in
connection with products or services we provide to you
B2B
Customers
Business
Partners
Customer
Service Representatives
Executive/
Board of Directors
External
Agencies
External
Auditors
Finance/Accounting
Teams
Internal
Auditors
Internal
Employees on need to know basis
Legal,
Compliance and Regulatory-Quality Teams
Operations/Maintenance
Teams
Public
Authorities/ Government Bodies
Sales/Marketing
Teams, representatives or agents
Service
Providers and Vendors, such as for advertising or marketing purposes, internet
service providers, data analytic providers, operating systems and platforms,
and social networks
In the preceding twelve (12) months, Henry Schein may have
disclosed personal information for the following business purposes:
Processing
Interactions and Transactions
Managing
Interactions and Transactions
Performing
Services
Research
and Development
Fulfilling
regulatory requirements and Quality Assurance
Security
Debugging
We engage with third party contractors, service providers
and other vendors for certain services. If the engagement involves the
transmission of personal information, Henry Schein directs the service provider
to treat that data consistent with legal requirements. A contract to protect
the personal information should be executed before any data is disclosed.
In certain circumstances, Henry Schein may be required to
disclose personal information when required by law, when required to protect
our legal rights, or in an emergency situation where the health or security of
an individual is endangered.
We may also disclose personal information in the context of
any sale or transaction involving all or a portion of the business.
7. Our Policy
Towards Children
Our services are not directed to children. If a parent or
guardian becomes aware that his or her child has provided us with personal
information without their consent, please contact us. If we become aware that a
child has registered for a service and has provided us with personal
information, we will delete such information from our files.
8. Security
Henry Schein is committed to security, confidentiality and
integrity of personal information in accordance with legal requirements. We
take commercially reasonable precautions to keep personal information secure
against unauthorized access and use and we periodically review our security
measures. We are committed to processing your data in a secure manner and have
put in place specific technical and organizational measures to prevent the
personal information we hold from being accidentally or deliberately
compromised. Our employees participate in a training and compliance program and are required to safeguard your information.
Henry Schein uses Volusion, Inc. for this site's security
certificates. Please be aware that these protection tools do not protect
information that is not collected through our Web site, such as information
provided to us by e-mail.
We also conduct information risk assessments, we train our
staff to understand the importance of protecting personal information, and we
are responsibly managing access rights within the company. We include both
physical security and IT security in our overall data security approach. We are
diligent in selecting vendors that process personal information on our behalf
so that they also ensure appropriate technical and organizational measures to
protect the data.
Henry Schein makes reasonable efforts to notify individuals
and regulatory authorities, as required by law, if we reasonably believe that
personal information has been stolen, disclosed, altered or infringed by an
unauthorized person.
We also endorse the concept of privacy by design which is an
approach to projects that promotes privacy and data protection compliance from
the outset. This means considering the privacy and security implications for
any new project or process throughout its lifecycle.
9. Your data
protection rights and choices
If you reside or otherwise find yourself in jurisdictions
with data protection laws, Henry Schein is committed to supporting your rights
granted by such applicable data protection laws. Otherwise you can contact us
at any time to discuss your privacy concerns.
Under certain circumstances, you may have the privacy rights
described in this section. Any request
you submit to us is subject to an identification and verification process. We will not fulfill your request unless you
have provided sufficient information for us to reasonably verify you are the
individual about whom we collected personal information.
If you require this notice to be provided in a different
format (e.g audio and Braille), please submit the request to Henry Schein by
either:
If we cannot comply with a request, we will explain the
reasons in our response. We will use
personal information provided in a verifiable request only to verify your identity
or authority to make the request and to track and document request responses.
We will make commercially reasonable efforts to identify
personal information that we collect, process, store, disclose and otherwise
use and to respond to your applicable privacy rights requests. In some cases, we may suggest that you
receive the most recent or a summary of your personal information and give you
the opportunity to elect whether you want the rest. We will typically not charge a fee to fully
respond to your requests; provided, however, that we may charge a reasonable
fee, or refuse to act upon a request, if your request is excessive, repetitive,
unfounded or overly burdensome. If we
determine that the request warrants a fee, or that we may refuse it, we will
give you notice explaining why we made that decision. You will be provided a cost estimate and the
opportunity to accept such fees before we will charge you for responding to
your request.
Pursuant to applicable data protection laws, your privacy
rights may include the following:
Information Rights:
You may have the right to send us a request, no more than
twice in a twelve-month period, for any of the following for the period that is
12 months prior to the request date:
The
categories of personal information we have collected about you.
The
categories of sources from which we collected your personal information.
The
business or commercial purposes for our collecting your personal information.
The
categories of third parties to whom we have shared your personal information.
The
specific pieces of personal information we have collected about you.
A list of
the categories of personal information disclosed for a business purpose in the
prior 12 months, or that no disclosure occurred.
To make a request, email us at [email protected]or call us at 1.800.726.7356.
Obtaining Copies of Personal Information:
You may have the right to obtain a copy, no more than twice
in a twelve-month period, of your personal information that we have collected
and are maintaining. To make a request,
email us at [email protected] or call us at 1.800.726.7365.
Do Not Sell:
We do not sell personal information.
Delete:
Except to the extent we have a basis for retention under
applicable law, you may request pursuant to applicable law that we delete your
personal information that we have collected and are maintaining. Our retention rights include, without
limitation, complete transactions and service you have requested or that are
reasonably anticipated, for security purposes, for legitimate internal business
purposes, including maintaining business records, to comply with law, to
exercise or defend legal claims, and to cooperate with law enforcement. To make a request, email us at [email protected] or call us at 1.800.726.7365.
We will not discriminate against you in a manner prohibited
by applicable law because you exercise your privacy rights. You may have the right to exercise these
rights via an authorized agent who meets the agency requirements of the
applicable law.
10. Changes to
this notice
We reserve the right to modify this Privacy Statement and
related business practices at any time. We will duly inform you of any changes.
The time stamp you see on the policy will indicate the last
date it was revised.
11. Contact
information
If you have any privacy concerns or questions about how your
personal information is used, please feel free to contact us.
If you have any concerns or questions about how your
personal information is used, please contact us at:
