Privacy Policy

General

Baxter Healthcare Corporation Division respects the privacy of every individual who visits this website. This Privacy Statement outlines the information Baxter may collect about you and how we will use that information. This Statement will also instruct you on how you can verify the accuracy of your Personally Identifiable Information submitted to Baxter through our websites and how you can request that we delete your Personally Identifiable Information from our databases.

Personally Identifiable Information

When you visit this website, we will not collect any Personally Identifiable Information about you (such as your name, address, telephone number, or email address) unless you provide it to us voluntarily. In addition, visitors may be invited to submit names, email addresses or addresses of friends in connection with certain promotions, such as offers of product samples or information or the sending of messages through some of our websites. If you opt not to provide us with Personally Identifiable Information no material consequences will result, although you may be unable to participate in certain promotions, or receive product information, offered through this website.

Use of Personally Identifiable Information

By providing us with your Personally Identifiable Information you agree to the use of this information as described in this section. Baxter may store and process your Personally Identifiable Information to better understand your needs and how we may improve our products and services, and we may use your Personally Identifiable Information to contact you. We may also enhance or merge Personally Identifiable Information with data obtained from third parties for the same purposes. Baxter will not give or sell your Personally Identifiable Information to any outside organisation for the organisation's own use without your consent. Your information may be shared with agents or contractors of Baxter in connection with services that these individuals or entities perform for Baxter.

Security

Baxter is committed to keeping secure the data you provide us and will take reasonable precautions to protect your Personally Identifiable Information from loss, misuse or alteration. Agents or contractors of Baxter who have access to your Personally Identifiable Information in connection with providing services for Baxter are required to keep the information confidential and are not permitted to use this information for any other purpose than to carry out the services they are performing for Baxter.

Children

In offering this website Baxter has no intention of collecting any Personally Identifiable Information from children below 18 years of age. Non-Personally-Identifiable Information Collected Automatically In some cases, we may collect information about you that is not personally identifiable. Examples of this type of information include the type of internet browser or computer operating system you are using and the domain name of the website from which you linked to our site or advertisement.

Information We May Place Automatically On Your Computer's Hard Drive

When you view this website or advertisements, we may store some information on your computer. This information will be in the form of a "cookie" or similar file and it will help us in many ways. For example, cookies allow us to tailor a website to better match your interests and preferences. Most internet browsers enable you to erase cookies from your computer hard drive, block all cookies, or receive a warning before a cookie is stored. Please refer to your browser instructions or help screen to learn more about these functions.

Web Beacons

Our webpages contain electronic images (called a "single-pixel gif" or "web beacon") that allow us to count page views or to access our cookies. In general, any electronic image viewed as part of a webpage, including an ad banner, can act as a web beacon. Web beacons are typically very small, 1 by 1 pixel size, banner like files, but their presence can be easily seen within Internet Explorer by clicking on "View" and then on "Source." Web beacons are so small in order not to use valuable space on the computer screen that is better used to display helpful content. We also may include web beacons in HTML-formatted newsletters containing graphics that we send to opt-in subscribers in order to count how many newsletters have been read. In addition, some advertising networks that serve ads on our websites may use web beacons within in their clearly visible banner advertisements. Our web beacons do not collect, gather, monitor or share any personal information about our website visitors. They are just the technique we use to compile our anonymous, aggregated statistics about website usage.

Contacting Us Regarding Your Personally Identifiable Information

If you have submitted Personally Identifiable Information through a Baxter website or interactive advertisement and would like that information deleted from our records, please contact us at surecall@baxter.com or send a letter to Baxter Healthcare Ltd, Surecall (Tick Alert), Wallingford Road, Compton, Newbury, Berkshire RG20 7QW. We will use reasonable efforts to delete your information from our files. You may also contact us via email or mail at the above addresses to request the Personally Identifiable Information that Baxter has collected about you through this website. Baxter will use reasonable efforts to supply you with this information and correct any factual inaccuracies in this information.

Privacy and Security Language

Definitions for purposes of this Agreement:

1. “Service Provider” shall also include any parents, subsidiaries or affiliated companies.

2. "Baxter Information" is proprietary information, Confidential Information or Personal Information.

3. “Personal Information” refers to any information that relates to or is about an identified or identifiable person.

Service Provider acknowledges Baxter Information is confidential and agrees to protect it against unauthorised storage, use or disclosure.

Service Provider shall ensure that only such of its employees or subcontractors who may be required by Service Provider to assist in meeting its obligations under the Agreement shall have access to the Baxter Information. If Service Provider discloses Baxter information to a third party to fulfill obligations set out in this Agreement, the same privacy and security measures as outlined in this Agreement shall be in place by the third party. It is Service Provider's responsibility to ensure the privacy and security of Baxter's Information in onward transfers.

Service Provider warrants that it has appropriate technical and operational processes and procedures in place to protect Baxter Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, including, but not limited to transmission of information over a network, and against all other unlawful forms of processing. Such measures shall ensure a level of security appropriate to the risks represented by the processing and the nature of the information to be protected. If additional training of staff is necessary to ensure the appropriate level of information security, Service Provider shall undertake such training.

Baxter Information shall not be used, disclosed, sold, assigned, leased or otherwise disposed of to any third party without Baxter's prior written consent. Service Provider will maintain restricted and controlled access to any infrastructure where Baxter Information is stored, shared or transported.

Baxter Information provided to Service Provider for processing under this Agreement shall be and remain the property of the Baxter.

Service Provider undertakes to perform the services relating to the Baxter Information in accordance with the relevant United States federal, state and local laws, regulations and directives governing Baxter Information. If, for any reason, Service Provider is unable to comply with any of Baxter's instruction concerning Baxter Information, Service Provider will notify Baxter promptly.

Service Provider hereby agrees to assist Baxter with all requests for information that may be received from the individuals whose information is processed. Service Provider will notify Baxter promptly should such individual request information directly from the Service Provider. Service Provider must notify Baxter of any inquiries, complaints, or claims presented by regulatory authorities or individuals regarding the Personal Information Service Provider may be processing for Baxter.

Service Provider will retain Baxter Information no longer than 30 days after termination of the Agreement and shall return to Baxter all Baxter Information in its possession at the end of the 30 day time period. (If information is to be destroyed rather than returned because return is impractical, use the alternate verbiage: Service Provider will retain Baxter Information no longer than 30 days after termination of the Agreement. Upon termination of the Agreement, Service Provider shall destroy all Baxter Information in a secure manner and certify to Baxter that it has done so.)

Service Provider's security controls shall include: i) maintenance of security related processes for providing access to its internal systems based upon need-to-know; ii) maintenance of a disaster recovery plan in line with operational requirements; iii) timely maintenance of virus protection and software patching procedures, (iv) encryption of browser traffic (for web-based applications); (v) individual accountability and reasonable protection for administrative/root accounts and password management; (vi) providing individual and unique logon IDs (i.e. not shared IDs); (vii) monitoring employee logons (including Service Provider employees) to systems hosting Baxter information; and (viii) encrypting passwords when passwords are stored and/or transmitted.

Service Provider's network shall be monitored for intrusion using commercially available intrusion detection system technology and firewall intrusion monitoring systems.

Baxter will be notified in writing by Service Provider of any unauthorised access to, use of, or impact to Baxter Information in which incident posed a threat to the processing or data security of Baxter Information no later than 48 business hours after Service Provider knew of such incident.

Service Provider shall ensure that all transfers of Baxter Information between Service Provider, Baxter and/or authorised third parties will utilise a secure means of transport as agreed upon by Service Provider and Baxter. At a minimum, Service Provider shall utilise a reasonably secure means of transport that is appropriate to the degree of sensitivity of the information.

For web applications, Service Provider shall employ appropriate DMZ architecture that secures (i.e. firewalls) back end data services from presentation layer services (i.e. web)

Access to Service Provider's data centre will be by key card or comparable authorisation mechanism and will be strictly limited to only computer room staff and those individuals with a routine need to gain access. Service Provider's data centre will have industry standard fire detection and fire suppression systems rated to work with electronic equipment.

Baxter (for itself and/or any independent third party selected by Baxter) and/or any governmental or regulatory entity or body (individually or collectively, an “Auditor”), shall have the right, during normal business hours and with reasonable advance notice (or such shorter period of time as may be required by a governmental or regulatory agency), to perform an audit with respect to Service Provider's performance of its obligations under the Agreement including, without limitation, to: (a) verify the integrity of Baxter Information; (b) examine any Service Provider systems that process, store, support and/or transmit Baxter Information; (c) examine the internal controls implemented by Service Provider as they relate to the services performed hereunder; and (d) examine the security, disaster recovery and back-up practices and procedures as they relate to the services hereunder. To the extent reasonably necessary considering the scope of the audit, Service Provider shall grant the Auditor access to Service Provider's and its subcontractors' facilities, including, but not limited to, computer systems, equipment, software and books, records and other documents that relate to the performance of its services under the Agreement. If an audit conducted pursuant to this Section demonstrates that Service Provider is not in compliance with any of its obligations under the Agreement, Baxter will provide to Service Provider the findings of such audit, and Service Provider will have thirty (30) days in which to cure, or to provide to Baxter a reasonably acceptable plan to cure, any such non-compliance. Service Provider's failure to correct all such failures within the specified time period shall constitute a breach of its obligations under this Agreement.